Re: [openstack-dev] [neutron] Ensure that configured gateway is on subnet by default
Looking back, perhaps we should remove that flag and only authorize the admin user to be able to set the gateway IP outside of the subnet cidr (for tricky network), like only admin user can create provider network. And require classic users to set gatway IP inside the subnet cidr. Édouard. On Thu, Feb 20, 2014 at 3:15 PM, Édouard Thuleau thul...@gmail.com wrote: Hi, Neutron permits to set a gateway IP outside of the subnet cidr by default. And, thanks to the garyk's patch [1], it's possible to change this default behavior with config flag 'force_gateway_on_subnet'. This flag was added to keep the backward compatibility for people who need to set the gateway outside of the subnet. I think this behavior does not reflect the classic usage of subnets. So I propose to update the default value of the flag 'force_gateway_on_subnet' to True. Any thought? [1] https://review.openstack.org/#/c/19048/ Regards, Édouard. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Ensure that configured gateway is on subnet by default
This would break IPv6. The gateway address, according to RFC 4861[1] Section 4.2 regarding Router Advertisements: Source Address MUST be the link-local address assigned to the interface from which this message is sent. This means that if you configure a subnet with a Globally Unique Address scope, the gateway by definition cannot be in the configured subnet. Please don't force this option, as it will break work going on in the Neutron IPv6 sub-team. -Anthony [1] http://tools.ietf.org/html/rfc4861 Hi, Neutron permits to set a gateway IP outside of the subnet cidr by default. And, thanks to the garyk's patch [1], it's possible to change this default behavior with config flag 'force_gateway_on_subnet'. This flag was added to keep the backward compatibility for people who need to set the gateway outside of the subnet. I think this behavior does not reflect the classic usage of subnets. So I propose to update the default value of the flag 'force_gateway_on_subnet' to True. Any thought? [1] https://review.openstack.org/#/c/19048/ Regards, Édouard. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Ensure that configured gateway is on subnet by default
Ha yes, I completely forget IPv6 case. Sorry and forget that thread. Édouard. On Thu, Feb 20, 2014 at 3:34 PM, Veiga, Anthony anthony_ve...@cable.comcast.com wrote: This would break IPv6. The gateway address, according to RFC 4861[1] Section 4.2 regarding Router Advertisements: Source Address MUST be the link-local address assigned to the interface from which this message is sent. This means that if you configure a subnet with a Globally Unique Address scope, the gateway by definition cannot be in the configured subnet. Please don't force this option, as it will break work going on in the Neutron IPv6 sub-team. -Anthony [1] http://tools.ietf.org/html/rfc4861 Hi, Neutron permits to set a gateway IP outside of the subnet cidr by default. And, thanks to the garyk's patch [1], it's possible to change this default behavior with config flag 'force_gateway_on_subnet'. This flag was added to keep the backward compatibility for people who need to set the gateway outside of the subnet. I think this behavior does not reflect the classic usage of subnets. So I propose to update the default value of the flag 'force_gateway_on_subnet' to True. Any thought? [1] https://review.openstack.org/#/c/19048/ Regards, Édouard. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
