Rahul Sharma <rahulsharma...@gmail.com> wrote:
Hi All,
I am trying to fix a network-issue in our environment and would like to
know some suggestions on how I can achieve it. Here is the issue:-
I have two subnets(10.10.10.0/25 and 10.10.10.128/26) with separate
gateways for each subnet and I expose the whole to end users as public
network. Diagram1 attached lists the configuration done on horizon.
The setup works fine for some users but it starts failing for the others.
The issue occurs when the router connecting to the public network gets
gateway in one subnet and the floating-ip gets allocated from the second
subnet. Looking at the routes configured within the router, it seems that
the router is unable to route the packets to the correct gateway. Its
sending packets to a wrong gateway which will drop packets as they don't
belong to the right subnet.
# ip netns exec qrouter-8790f703-85ed-44e4-7a96-251b26572457 ip r
default via 10.10.10.1 dev qg-ee39897d-d3 <------ default Gateway
10.10.10.0/25 dev qg-ee39897d-d3 proto kernel scope link src
10.10.10.115 <--- Gateway for Router
10.10.10.128/26 dev qg-ee39897d-d3 scope link
192.168.10.0/24 dev qr-0c9694f8-9d proto kernel scope link src
192.168.10.1
However, one of the floating-ip allocated in 10.10.10.168 which lies in
other subnet. This router will send packets from 10.10.10.128/26subnet to
10.10.10.1 and they will get dropped.
# ip netns exec qrouter-8790f703-85ed-44e4-7a96-251b26572457 ip addr
<stripped version>
165: qg-7523dad9-a7: mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:a3:8a:61 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.115/25 brd 10.10.10.127 scope global qg-ee39897d-d3 <---
Gateway for router
valid_lft forever preferred_lft forever
inet 10.10.10.72/32 brd 10.10.10.72 scope global qg-ee39897d-d3 <---
floating ip in subnet1 (no issues)
valid_lft forever preferred_lft forever
inet 10.10.10.168/32 brd 10.10.10.168 scope global qg-ee39897d-d3 <---
floating ip in subnet2 (issues)
valid_lft forever preferred_lft forever
I went through one comment against a bug:
https://bugs.launchpad.net/neutron/+bug/1312467/comments/12
This is something on the same lines. Is there any solution other than
deleting the public network and exposing it as two separate public
networks because I don't have access to the physical routers/switches and
cannot merge the two subnets into one. Any pointers would be really
helpful.
[Also commented on the bug.]
I believe the setup with two independent gateways on the same NIC is not
supported by L3 agent, though from API perspective everything should be
available already.
I suggest you report the use case as a new RFE.
Ihar
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
