Comment 2 for bug 1805456

Reviewed: https://review.openstack.org/622449
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=97c98a1c6dac5788690504463a5ca33f4b181d6a
Submitter: Zuul
Branch: master

commit 97c98a1c6dac5788690504463a5ca33f4b181d6a
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon Dec 3 18:11:26 2018 +0000

    [DVR] Allow multiple subnets per external network

    An external network can have more than one subnet. Currently only the
    first subnet is added to the FIP namespace routing table. Packets for
    FIPs with addresses in other subnets can't pass through the external
    port because there is no route for those FIP CIDRs.

    This change adds routes for those CIDRs via the external port IP and
    interface.

    These routes doesn't collide with the existing ones, added to provide
    a back path for the packets with a destination IP matching a FIP.

    E.g.:
    $ ip netns exec fip-e1ec0f98-b593-4514-ae08-f1c5cf1c2788 ip route
      (1) 169.254.106.114/31 dev fpr-3937f879-d proto kernel scope link \
          src 169.254.106.115
      (2) 192.168.20.250 via 169.254.106.114 dev fpr-3937f879-d
      (3) 192.168.30.0/24 dev fg-bee060f1-dd proto kernel scope link \
          src 192.168.30.129
      (4) 192.168.20.0/24 via 192.168.30.129 dev fg-bee060f1-dd scope link

    Rule (2) is added when a FIP is assigned. This rule permits ingress
    packets going into the router namespace. This FIP belongs to the second
    subnet of the external network (note the external port CIDR is not the
    same). Rule (4), added by this patch, allows egress packets to exit
    the FIP namespace through the external port. Rule (2), because of the
    prefix length (32), has more priority than rule (4).

    Change-Id: I4d476b47e89fa5709dca2f66ffae72a27d88340a
    Closes-Bug: #1805456