Re: [openstack-dev] [neutron] Add static routes on neutron router to devices in the external network
I think external gateway routes are accepted now. The code just checks against the CIDRs of all ports belonging to the router. [1] 1. https://github.com/openstack/neutron/blob/a2fff6ee728db57f0e862548aac9296899ef0fc7/neutron/db/extraroute_db.py#L106 On Wed, Jul 23, 2014 at 8:12 PM, Carl Baldwin wrote: > I wondered the same as Kevin. Could you confirm that the vpn gateway is > directly connected to the external subnet or not? The diagram isn't quite > clear > > Assuming it is directly connected then it is probable that routes through > the external gateway are not considered, hence the error you received. It > seems reasonable to me to consider a proposal that would allow this. It > should be an admin only capability by default since it would be over the > external (shared) network and not a tenant network. This seems like a new > feature rather than a bug to me. > > As an alternative, could you try configuring your router with the static > route so that it would send an icmp redirect to the neutron router? > > Carl > On Jul 22, 2014 11:23 AM, "Kevin Benton" wrote: > >> The issue (if I understand your diagram correctly) is that the VPN GW >> address is on the other side of your home router from the neutron router. >> The nexthop address has to be an address on one of the subnets directly >> attached to the router. In this topology, the static route should be on >> your home router. >> >> -- >> Kevin Benton >> >> >> On Tue, Jul 22, 2014 at 6:55 AM, Ricardo Carrillo Cruz < >> ricardo.carrillo.c...@gmail.com> wrote: >> >>> Hello guys >>> >>> I have the following network setup at home: >>> >>> [openstack instances] -> [neutron router] -> [ [home router] [vpn gw] >>> ] >>> TENANT NETWORK EXTERNAL NETWORK >>> >>> I need my instances to connect to machines that are connected thru the >>> vpn gw server. >>> By default, all traffic that comes from openstack instances go thru the >>> neutron router, and then hop onto the home router. >>> >>> I've seen there's an extra routes extension for neutron routers that >>> would allow me to do that, but apparently I can't add extra routes to >>> destinations in the external network, only subnets known by neutron. >>> This can be seen from the neutron CLI command: >>> >>> >>> neutron router-update --routes type=dict list=true >>> destination=,nexthop= >>> Invalid format for routes: [{u'nexthop': u'', u'destination': >>> u''}], the nexthop is not connected with >>> router >>> >>> >>> Is this use case not being possible to do at all? >>> >>> P.S. >>> I found Heat BP >>> https://blueprints.launchpad.net/heat/+spec/router-properties-object >>> that in the description reads this can be done on Neutron, but can't figure >>> out how. >>> >>> Regards >>> >>> ___ >>> OpenStack-dev mailing list >>> OpenStack-dev@lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> >> -- >> Kevin Benton >> >> ___ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Kevin Benton ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Add static routes on neutron router to devices in the external network
I wondered the same as Kevin. Could you confirm that the vpn gateway is directly connected to the external subnet or not? The diagram isn't quite clear Assuming it is directly connected then it is probable that routes through the external gateway are not considered, hence the error you received. It seems reasonable to me to consider a proposal that would allow this. It should be an admin only capability by default since it would be over the external (shared) network and not a tenant network. This seems like a new feature rather than a bug to me. As an alternative, could you try configuring your router with the static route so that it would send an icmp redirect to the neutron router? Carl On Jul 22, 2014 11:23 AM, "Kevin Benton" wrote: > The issue (if I understand your diagram correctly) is that the VPN GW > address is on the other side of your home router from the neutron router. > The nexthop address has to be an address on one of the subnets directly > attached to the router. In this topology, the static route should be on > your home router. > > -- > Kevin Benton > > > On Tue, Jul 22, 2014 at 6:55 AM, Ricardo Carrillo Cruz < > ricardo.carrillo.c...@gmail.com> wrote: > >> Hello guys >> >> I have the following network setup at home: >> >> [openstack instances] -> [neutron router] -> [ [home router] [vpn gw] ] >> TENANT NETWORK EXTERNAL NETWORK >> >> I need my instances to connect to machines that are connected thru the >> vpn gw server. >> By default, all traffic that comes from openstack instances go thru the >> neutron router, and then hop onto the home router. >> >> I've seen there's an extra routes extension for neutron routers that >> would allow me to do that, but apparently I can't add extra routes to >> destinations in the external network, only subnets known by neutron. >> This can be seen from the neutron CLI command: >> >> >> neutron router-update --routes type=dict list=true >> destination=,nexthop= >> Invalid format for routes: [{u'nexthop': u'', u'destination': >> u''}], the nexthop is not connected with >> router >> >> >> Is this use case not being possible to do at all? >> >> P.S. >> I found Heat BP >> https://blueprints.launchpad.net/heat/+spec/router-properties-object >> that in the description reads this can be done on Neutron, but can't figure >> out how. >> >> Regards >> >> ___ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > Kevin Benton > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Add static routes on neutron router to devices in the external network
The issue (if I understand your diagram correctly) is that the VPN GW address is on the other side of your home router from the neutron router. The nexthop address has to be an address on one of the subnets directly attached to the router. In this topology, the static route should be on your home router. -- Kevin Benton On Tue, Jul 22, 2014 at 6:55 AM, Ricardo Carrillo Cruz < ricardo.carrillo.c...@gmail.com> wrote: > Hello guys > > I have the following network setup at home: > > [openstack instances] -> [neutron router] -> [ [home router] [vpn gw] ] > TENANT NETWORK EXTERNAL NETWORK > > I need my instances to connect to machines that are connected thru the vpn > gw server. > By default, all traffic that comes from openstack instances go thru the > neutron router, and then hop onto the home router. > > I've seen there's an extra routes extension for neutron routers that would > allow me to do that, but apparently I can't add extra routes to > destinations in the external network, only subnets known by neutron. > This can be seen from the neutron CLI command: > > > neutron router-update --routes type=dict list=true > destination=,nexthop= > Invalid format for routes: [{u'nexthop': u'', u'destination': > u''}], the nexthop is not connected with > router > > > Is this use case not being possible to do at all? > > P.S. > I found Heat BP > https://blueprints.launchpad.net/heat/+spec/router-properties-object that > in the description reads this can be done on Neutron, but can't figure out > how. > > Regards > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Kevin Benton ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron] Add static routes on neutron router to devices in the external network
Hello guys I have the following network setup at home: [openstack instances] -> [neutron router] -> [ [home router] [vpn gw] ] TENANT NETWORK EXTERNAL NETWORK I need my instances to connect to machines that are connected thru the vpn gw server. By default, all traffic that comes from openstack instances go thru the neutron router, and then hop onto the home router. I've seen there's an extra routes extension for neutron routers that would allow me to do that, but apparently I can't add extra routes to destinations in the external network, only subnets known by neutron. This can be seen from the neutron CLI command: neutron router-update --routes type=dict list=true destination=,nexthop= Invalid format for routes: [{u'nexthop': u'', u'destination': u''}], the nexthop is not connected with router Is this use case not being possible to do at all? P.S. I found Heat BP https://blueprints.launchpad.net/heat/+spec/router-properties-object that in the description reads this can be done on Neutron, but can't figure out how. Regards ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev