neutron

  1. Bug #1774019
  2. Comment #0

Comment 0 for bug 1774019

Revision history for this message
bjolo (bjorn-lofdahl) wrote :

hi,

When using the command router add subnet <route> <external subnet>, neutron creates a port with the first IP on the subnet. This causes IP conflict with the real GW ip for the network, and the result is that the physical network goes down. In our case it brought down the whole physical fabric.

cloud info:
(openstack) network show internet
+---------------------------+--------------------------------------+
| Field | Value |
 +---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2017-05-10T14:05:08Z |
| description | |
| dns_domain | |
| id | df26cc5b-b122-4506-b948-a213d2b0a7d8 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 9000 |
| name | internet |
| port_security_enabled | True |
| project_id | 1642f7380213486aa6b8fefeb179ffd7 |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 7 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | cbd1f84a-d31e-4bb3-b788-bacab21f9b6f |
| tags | |
| updated_at | 2017-11-27T00:37:31Z |
 +---------------------------+--------------------------------------+

(openstack) subnet show internet-sub1
+-------------------+--------------------------------------+
| Field | Value |
 +-------------------+--------------------------------------+
| allocation_pools | xxx.yyy.zzz.20-xxx.yyy.zzz.254 |
| cidr | xxx.yyy.zzz.0/24 |
| created_at | 2017-05-10T14:28:46Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | xxx.yyy.zzz.1 |
| host_routes | |
| id | cbd1f84a-d31e-4bb3-b788-bacab21f9b6f |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | internet-sub1 |
| network_id | df26cc5b-b122-4506-b948-a213d2b0a7d8 |
| project_id | 1642f7380213486aa6b8fefeb179ffd7 |
| revision_number | 3 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2017-05-16T12:02:39Z |
 +-------------------+--------------------------------------+

way to reproduce:
1. As normal _member_ user, create a router
  (openstack) router create vpn-client-router
2. add the external subnet to the router.
  (openstack) router add subnet vpn-client-router internet-sub1

Actual result:
The port created gets the ip xxx.yyy.zzz.1, which is the same ip as the physical GW IP.

expected result:
First of all, this command should probably return error since the correct command is router set --external-gateway. If it should work, the IP should be in the allocation_pool for the subnet.

version:
openstack pike
neutron 11.0.2
distribution kolla-ansible

bjolo