As a multi-tenant cloud provider we have the requirement of separating
public VM traffic and backup VM traffic to our backup servers on our
physical network whilst also isolating traffic between different
We are using DVR and our compute nodes have different physical
interfaces for public VM traffic and the backup VM traffic.
We are using vlxan for VM networks and have the following setup:
public_external_subnet (vlan provider) mapped to physnet1 (public VM interface)
backup_external_subnet (vlan provider) mapped to physnet2 (backup VM interface)
Then for the project/tenant:
client_public_subnet attached to client_public_router
client_backup_subnet attached to client_backup_router
And then we have an instance with:
eth0 connected to client_public_router with an ip from client_public_subnet on
eth0 with a floating ip from public_external_subnet
eth1 connected to client_backup_router with an ip from client_backup_subnet on
eth1 with a floating ip from backup_external_subnet
So what we want to do is have the default route go out eth0 and then
have a static route specifically for our backup server network go out
But this is not possible due to the "if not subnet['gateway_ip']" code
when adding the floating ip on the for the instance backup interface.
When setting the gateway on the private subnet, this will result in the
default gateway being updated for the instance public traffic to be
incorrectly routed out the private interface.
** Changed in: neutron
Status: Expired => Incomplete
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
Floating IP association without subnet gateway IP
Status in neutron:
There is a limitation in neutron/db/l3_db.py code, that not allows
associating floatingip on a subnet where the subnet gateway ip in the
database is not set, but the router has a port and ip on that subnet.
This limitation excludes usecases where the user do not want to set
default gateway on the subnet where the floating ip is associated, but
use special host routes instead.
A real life use case:
An instance got two networks, one customer facing provider vlan with public
internet address, and one GRE based tenant network for operations and
maintenance. The the external network providing floating ips is from the
company's intranet (like 10.0.0.0/8). The default gateway obviously should be
pointing towards the public interface and special host routes used for private
address ranges, for example 10.0.0.0/8 used for the intranet communication. In
this usecase the user need to assign floating ips on a network where the
default gateway is not set to reach the instance from the company's network.
Code part causing the problem:
def _get_router_for_floatingip(self, context,
subnet = self._core_plugin.get_subnet(context, internal_subnet_id)
if not subnet['gateway_ip']:
msg = (_('Cannot add floating IP to port on subnet %s '
'which has no gateway_ip') % internal_subnet_id)
raise n_exc.BadRequest(resource='floatingip', msg=msg)
Simply commenting out the validation on subnet['gateway_ip'] allows
the user to associate floating ip on networks where no default gateway
is set, and use without any kind of problem. Of course the virtual
router still has to have port on that subnet.
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : firstname.lastname@example.org
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp