Re: [openstack-dev] [neutron] Add static routes on neutron router to devices in the external network
I think external gateway routes are accepted now.
The code just checks against the CIDRs of all ports belonging to the
router. [1]
1.
https://github.com/openstack/neutron/blob/a2fff6ee728db57f0e862548aac9296899ef0fc7/neutron/db/extraroute_db.py#L106
On Wed, Jul 23, 2014 at 8:12 PM, Carl Baldwin wrote:
> I wondered the same as Kevin. Could you confirm that the vpn gateway is
> directly connected to the external subnet or not? The diagram isn't quite
> clear
>
> Assuming it is directly connected then it is probable that routes through
> the external gateway are not considered, hence the error you received. It
> seems reasonable to me to consider a proposal that would allow this. It
> should be an admin only capability by default since it would be over the
> external (shared) network and not a tenant network. This seems like a new
> feature rather than a bug to me.
>
> As an alternative, could you try configuring your router with the static
> route so that it would send an icmp redirect to the neutron router?
>
> Carl
> On Jul 22, 2014 11:23 AM, "Kevin Benton" wrote:
>
>> The issue (if I understand your diagram correctly) is that the VPN GW
>> address is on the other side of your home router from the neutron router.
>> The nexthop address has to be an address on one of the subnets directly
>> attached to the router. In this topology, the static route should be on
>> your home router.
>>
>> --
>> Kevin Benton
>>
>>
>> On Tue, Jul 22, 2014 at 6:55 AM, Ricardo Carrillo Cruz <
>> ricardo.carrillo.c...@gmail.com> wrote:
>>
>>> Hello guys
>>>
>>> I have the following network setup at home:
>>>
>>> [openstack instances] -> [neutron router] -> [ [home router] [vpn gw]
>>> ]
>>> TENANT NETWORK EXTERNAL NETWORK
>>>
>>> I need my instances to connect to machines that are connected thru the
>>> vpn gw server.
>>> By default, all traffic that comes from openstack instances go thru the
>>> neutron router, and then hop onto the home router.
>>>
>>> I've seen there's an extra routes extension for neutron routers that
>>> would allow me to do that, but apparently I can't add extra routes to
>>> destinations in the external network, only subnets known by neutron.
>>> This can be seen from the neutron CLI command:
>>>
>>>
>>> neutron router-update --routes type=dict list=true
>>> destination=,nexthop=
>>> Invalid format for routes: [{u'nexthop': u'', u'destination':
>>> u''}], the nexthop is not connected with
>>> router
>>>
>>>
>>> Is this use case not being possible to do at all?
>>>
>>> P.S.
>>> I found Heat BP
>>> https://blueprints.launchpad.net/heat/+spec/router-properties-object
>>> that in the description reads this can be done on Neutron, but can't figure
>>> out how.
>>>
>>> Regards
>>>
>>> ___
>>> OpenStack-dev mailing list
>>> OpenStack-dev@lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>>
>> --
>> Kevin Benton
>>
>> ___
>> OpenStack-dev mailing list
>> OpenStack-dev@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
> ___
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Kevin Benton
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Add static routes on neutron router to devices in the external network
I wondered the same as Kevin. Could you confirm that the vpn gateway is
directly connected to the external subnet or not? The diagram isn't quite
clear
Assuming it is directly connected then it is probable that routes through
the external gateway are not considered, hence the error you received. It
seems reasonable to me to consider a proposal that would allow this. It
should be an admin only capability by default since it would be over the
external (shared) network and not a tenant network. This seems like a new
feature rather than a bug to me.
As an alternative, could you try configuring your router with the static
route so that it would send an icmp redirect to the neutron router?
Carl
On Jul 22, 2014 11:23 AM, "Kevin Benton" wrote:
> The issue (if I understand your diagram correctly) is that the VPN GW
> address is on the other side of your home router from the neutron router.
> The nexthop address has to be an address on one of the subnets directly
> attached to the router. In this topology, the static route should be on
> your home router.
>
> --
> Kevin Benton
>
>
> On Tue, Jul 22, 2014 at 6:55 AM, Ricardo Carrillo Cruz <
> ricardo.carrillo.c...@gmail.com> wrote:
>
>> Hello guys
>>
>> I have the following network setup at home:
>>
>> [openstack instances] -> [neutron router] -> [ [home router] [vpn gw] ]
>> TENANT NETWORK EXTERNAL NETWORK
>>
>> I need my instances to connect to machines that are connected thru the
>> vpn gw server.
>> By default, all traffic that comes from openstack instances go thru the
>> neutron router, and then hop onto the home router.
>>
>> I've seen there's an extra routes extension for neutron routers that
>> would allow me to do that, but apparently I can't add extra routes to
>> destinations in the external network, only subnets known by neutron.
>> This can be seen from the neutron CLI command:
>>
>>
>> neutron router-update --routes type=dict list=true
>> destination=,nexthop=
>> Invalid format for routes: [{u'nexthop': u'', u'destination':
>> u''}], the nexthop is not connected with
>> router
>>
>>
>> Is this use case not being possible to do at all?
>>
>> P.S.
>> I found Heat BP
>> https://blueprints.launchpad.net/heat/+spec/router-properties-object
>> that in the description reads this can be done on Neutron, but can't figure
>> out how.
>>
>> Regards
>>
>> ___
>> OpenStack-dev mailing list
>> OpenStack-dev@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Kevin Benton
>
> ___
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Add static routes on neutron router to devices in the external network
The issue (if I understand your diagram correctly) is that the VPN GW
address is on the other side of your home router from the neutron router.
The nexthop address has to be an address on one of the subnets directly
attached to the router. In this topology, the static route should be on
your home router.
--
Kevin Benton
On Tue, Jul 22, 2014 at 6:55 AM, Ricardo Carrillo Cruz <
ricardo.carrillo.c...@gmail.com> wrote:
> Hello guys
>
> I have the following network setup at home:
>
> [openstack instances] -> [neutron router] -> [ [home router] [vpn gw] ]
> TENANT NETWORK EXTERNAL NETWORK
>
> I need my instances to connect to machines that are connected thru the vpn
> gw server.
> By default, all traffic that comes from openstack instances go thru the
> neutron router, and then hop onto the home router.
>
> I've seen there's an extra routes extension for neutron routers that would
> allow me to do that, but apparently I can't add extra routes to
> destinations in the external network, only subnets known by neutron.
> This can be seen from the neutron CLI command:
>
>
> neutron router-update --routes type=dict list=true
> destination=,nexthop=
> Invalid format for routes: [{u'nexthop': u'', u'destination':
> u''}], the nexthop is not connected with
> router
>
>
> Is this use case not being possible to do at all?
>
> P.S.
> I found Heat BP
> https://blueprints.launchpad.net/heat/+spec/router-properties-object that
> in the description reads this can be done on Neutron, but can't figure out
> how.
>
> Regards
>
> ___
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Kevin Benton
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron] Add static routes on neutron router to devices in the external network
Hello guys
I have the following network setup at home:
[openstack instances] -> [neutron router] -> [ [home router] [vpn gw] ]
TENANT NETWORK EXTERNAL NETWORK
I need my instances to connect to machines that are connected thru the vpn
gw server.
By default, all traffic that comes from openstack instances go thru the
neutron router, and then hop onto the home router.
I've seen there's an extra routes extension for neutron routers that would
allow me to do that, but apparently I can't add extra routes to
destinations in the external network, only subnets known by neutron.
This can be seen from the neutron CLI command:
neutron router-update --routes type=dict list=true
destination=,nexthop=
Invalid format for routes: [{u'nexthop': u'', u'destination':
u''}], the nexthop is not connected with
router
Is this use case not being possible to do at all?
P.S.
I found Heat BP
https://blueprints.launchpad.net/heat/+spec/router-properties-object that
in the description reads this can be done on Neutron, but can't figure out
how.
Regards
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
