Public bug reported: Hi All
Currently in the neturon floating ip associate code, there is a limitation that if the port's network is not connected to any router, then the floating ip cannot be associated. (neutron) floatingip-associate 52a8cbea-cc3c-4162-8a16-bf7f31a92622 d40331e7-7c16-4ba5-ac38-44d805eb9cc0 External network cb3ac47c-60be-4754-a540-ee03e9b3668c is not reachable from subnet 14c83a82-ca86-45ad-93e4-a14720cfec54. Therefore, cannot associate Port d40331e7-7c16-4ba5-ac38-44d805eb9cc0 with a Floating IP. Neutron server returns request_ids: ['req-91073bb6-a54e-4a6c-8400-4499e53a940d'] (neutron) This behavior is right in normal case, but there is a real case will be blocked: See the attached use case picture, we deployed a pfSense as router, the private-network-1 is not connected to the router but connect to the pfSense as the default gw. And in the router, we added a static route that any traffic going to the private-network-1 nexthop to pfSense. In case, we can not set the floating ip for the vm1. So we suggest, when associating floating ip, neutron should not only check the direct connected subnets, but also check the whether there're static route can cover that port. Thanks, Bali ** Affects: neutron Importance: Undecided Status: New ** Attachment added: "user case with static route" https://bugs.launchpad.net/bugs/1616317/+attachment/4726777/+files/fw%20topo%20after%20fw%20enabled%20vm1-ext.jpeg ** Summary changed: - floatingip cannot be associated when there's static route to the network + floatingip cannot be associated even there's static route to the network -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1616317 Title: floatingip cannot be associated even there's static route to the network Status in neutron: New Bug description: Hi All Currently in the neturon floating ip associate code, there is a limitation that if the port's network is not connected to any router, then the floating ip cannot be associated. (neutron) floatingip-associate 52a8cbea-cc3c-4162-8a16-bf7f31a92622 d40331e7-7c16-4ba5-ac38-44d805eb9cc0 External network cb3ac47c-60be-4754-a540-ee03e9b3668c is not reachable from subnet 14c83a82-ca86-45ad-93e4-a14720cfec54. Therefore, cannot associate Port d40331e7-7c16-4ba5-ac38-44d805eb9cc0 with a Floating IP. Neutron server returns request_ids: ['req-91073bb6-a54e-4a6c-8400-4499e53a940d'] (neutron) This behavior is right in normal case, but there is a real case will be blocked: See the attached use case picture, we deployed a pfSense as router, the private-network-1 is not connected to the router but connect to the pfSense as the default gw. And in the router, we added a static route that any traffic going to the private-network-1 nexthop to pfSense. In case, we can not set the floating ip for the vm1. So we suggest, when associating floating ip, neutron should not only check the direct connected subnets, but also check the whether there're static route can cover that port. Thanks, Bali To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1616317/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp