commit 97c98a1c6dac5788690504463a5ca33f4b181d6a
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon Dec 3 18:11:26 2018 +0000
[DVR] Allow multiple subnets per external network
An external network can have more than one subnet. Currently only the
first subnet is added to the FIP namespace routing table. Packets for
FIPs with addresses in other subnets can't pass through the external
port because there is no route for those FIP CIDRs.
This change adds routes for those CIDRs via the external port IP and
interface.
These routes doesn't collide with the existing ones, added to provide
a back path for the packets with a destination IP matching a FIP.
E.g.:
$ ip netns exec fip-e1ec0f98-b593-4514-ae08-f1c5cf1c2788 ip route
(1) 169.254.106.114/31 dev fpr-3937f879-d proto kernel scope link \
src 169.254.106.115
(2) 192.168.20.250 via 169.254.106.114 dev fpr-3937f879-d
(3) 192.168.30.0/24 dev fg-bee060f1-dd proto kernel scope link \
src 192.168.30.129
(4) 192.168.20.0/24 via 192.168.30.129 dev fg-bee060f1-dd scope link
Rule (2) is added when a FIP is assigned. This rule permits ingress
packets going into the router namespace. This FIP belongs to the second
subnet of the external network (note the external port CIDR is not the
same). Rule (4), added by this patch, allows egress packets to exit
the FIP namespace through the external port. Rule (2), because of the
prefix length (32), has more priority than rule (4).
Reviewed: https:/ /review. openstack. org/622449 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=97c98a1c6da c5788690504463a 5ca33f4b181d6a
Committed: https:/
Submitter: Zuul
Branch: master
commit 97c98a1c6dac578 8690504463a5ca3 3f4b181d6a
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon Dec 3 18:11:26 2018 +0000
[DVR] Allow multiple subnets per external network
An external network can have more than one subnet. Currently only the
first subnet is added to the FIP namespace routing table. Packets for
FIPs with addresses in other subnets can't pass through the external
port because there is no route for those FIP CIDRs.
This change adds routes for those CIDRs via the external port IP and
interface.
These routes doesn't collide with the existing ones, added to provide
a back path for the packets with a destination IP matching a FIP.
E.g.: b593-4514- ae08-f1c5cf1c27 88 ip route
$ ip netns exec fip-e1ec0f98-
(1) 169.254.106.114/31 dev fpr-3937f879-d proto kernel scope link \
src 169.254.106.115
(2) 192.168.20.250 via 169.254.106.114 dev fpr-3937f879-d
(3) 192.168.30.0/24 dev fg-bee060f1-dd proto kernel scope link \
src 192.168.30.129
(4) 192.168.20.0/24 via 192.168.30.129 dev fg-bee060f1-dd scope link
Rule (2) is added when a FIP is assigned. This rule permits ingress
packets going into the router namespace. This FIP belongs to the second
subnet of the external network (note the external port CIDR is not the
same). Rule (4), added by this patch, allows egress packets to exit
the FIP namespace through the external port. Rule (2), because of the
prefix length (32), has more priority than rule (4).
Change-Id: I4d476b47e89fa5 709dca2f66ffae7 2a27d88340a
Closes-Bug: #1805456