When using the command router add subnet <route> <external subnet>, neutron creates a port with the first IP on the subnet. This causes IP conflict with the real GW ip for the network, and the result is that the physical network goes down. In our case it brought down the whole physical fabric.
way to reproduce:
1. As normal _member_ user, create a router
(openstack) router create vpn-client-router
2. add the external subnet to the router.
(openstack) router add subnet vpn-client-router internet-sub1
Actual result:
The port created gets the ip xxx.yyy.zzz.1, which is the same ip as the physical GW IP.
expected result:
First of all, this command should probably return error since the correct command is router set --external-gateway. If it should work, the IP should be in the allocation_pool for the subnet.
version:
openstack pike
neutron 11.0.2
distribution kolla-ansible
hi,
When using the command router add subnet <route> <external subnet>, neutron creates a port with the first IP on the subnet. This causes IP conflict with the real GW ip for the network, and the result is that the physical network goes down. In our case it brought down the whole physical fabric.
cloud info: ------- ------- ------- +------ ------- ------- ------- ------- ----+ ------- ------- ------- +------ ------- ------- ------- ------- ----+ zone_hints | | 10T14:05: 08Z | b122-4506- b948-a213d2b0a7 d8 | enabled | True | aa6b8fefeb179ff d7 | network_ type | flat | physical_ network | physnet1 | segmentation_ id | None | d31e-4bb3- b788-bacab21f9b 6f | 27T00:37: 31Z | ------- ------- ------- +------ ------- ------- ------- ------- ----+
(openstack) network show internet
+------
| Field | Value |
+------
| admin_state_up | UP |
| availability_
| availability_zones | nova |
| created_at | 2017-05-
| description | |
| dns_domain | |
| id | df26cc5b-
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 9000 |
| name | internet |
| port_security_
| project_id | 1642f7380213486
| provider:
| provider:
| provider:
| qos_policy_id | None |
| revision_number | 7 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | cbd1f84a-
| tags | |
| updated_at | 2017-11-
+------
(openstack) subnet show internet-sub1 ------- ------+ ------- ------- ------- ------- ------- ---+ ------- ------+ ------- ------- ------- ------- ------- ---+ zzz.20- xxx.yyy. zzz.254 | 10T14:28: 46Z | d31e-4bb3- b788-bacab21f9b 6f | b122-4506- b948-a213d2b0a7 d8 | aa6b8fefeb179ff d7 | 16T12:02: 39Z | ------- ------+ ------- ------- ------- ------- ------- ---+
+------
| Field | Value |
+------
| allocation_pools | xxx.yyy.
| cidr | xxx.yyy.zzz.0/24 |
| created_at | 2017-05-
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | xxx.yyy.zzz.1 |
| host_routes | |
| id | cbd1f84a-
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | internet-sub1 |
| network_id | df26cc5b-
| project_id | 1642f7380213486
| revision_number | 3 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2017-05-
+------
way to reproduce:
1. As normal _member_ user, create a router
(openstack) router create vpn-client-router
2. add the external subnet to the router.
(openstack) router add subnet vpn-client-router internet-sub1
Actual result:
The port created gets the ip xxx.yyy.zzz.1, which is the same ip as the physical GW IP.
expected result:
First of all, this command should probably return error since the correct command is router set --external-gateway. If it should work, the IP should be in the allocation_pool for the subnet.
version:
openstack pike
neutron 11.0.2
distribution kolla-ansible
bjolo