As a multi-tenant cloud provider we have the requirement of separating
public VM traffic and backup VM traffic to our backup servers on our
physical network whilst also isolating traffic between different

We are using DVR and our compute nodes have different physical
interfaces for public VM traffic and the backup VM traffic.

We are using vlxan for VM networks and have the following setup:

public_external_subnet (vlan provider) mapped to physnet1 (public VM interface)
backup_external_subnet (vlan provider) mapped to physnet2 (backup VM interface)

Then for the project/tenant:

client_public_subnet attached to client_public_router
client_backup_subnet attached to client_backup_router

And then we have an instance with:

eth0 connected to client_public_router with an ip from client_public_subnet on 
eth0 with a floating ip from public_external_subnet
eth1 connected to client_backup_router with an ip from client_backup_subnet on 
eth1 with a floating ip from backup_external_subnet

So what we want to do is have the default route go out eth0 and then
have a static route specifically for our backup server network go out

But this is not possible due to the "if not subnet['gateway_ip']" code
when adding the floating ip on the for the instance backup interface.
When setting the gateway on the private subnet, this will result in the
default gateway being updated for the instance public traffic to be
incorrectly routed out the private interface.

** Changed in: neutron
       Status: Expired => Incomplete

You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.

  Floating IP association without subnet gateway IP

Status in neutron:

Bug description:
  Hi All!

  There is a limitation in neutron/db/ code, that not allows
  associating floatingip on a subnet where the subnet gateway ip in the
  database is not set, but the router has a port and ip on that subnet.
  This limitation excludes usecases where the user do not want to set
  default gateway on the subnet where the floating ip is associated, but
  use special host routes instead.

  A real life use case:
  An instance got two networks, one customer facing provider vlan with public 
internet address, and one GRE based tenant network for operations and 
maintenance. The the external network providing floating ips is from the 
company's intranet (like The default gateway obviously should be 
pointing towards the public interface and special host routes used for private 
address ranges, for example used for the intranet communication. In 
this usecase the user need to assign floating ips on a network where the 
default gateway is not set to reach the instance from the company's network.

  Code part causing the problem:

  def _get_router_for_floatingip(self, context, 
        subnet = self._core_plugin.get_subnet(context, internal_subnet_id)

        if not subnet['gateway_ip']:
             msg = (_('Cannot add floating IP to port on subnet %s '
                              'which has no gateway_ip') % internal_subnet_id)
        raise n_exc.BadRequest(resource='floatingip', msg=msg)

  Simply commenting out the validation on subnet['gateway_ip'] allows
  the user to associate floating ip on networks where no default gateway
  is set, and use without any kind of problem. Of course the virtual
  router still has to have port on that subnet.

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to