Armondo I will work on providing more detail for the issue. Received the below from Kevin Benton through the mailing list so wanted to add to the bug for additional feedback.
My opinion is that Neutron probably shouldn't allow grabbing the default gateway if you aren't the owner of the subnet, but that is a fix that might not land for a while depending on their priorities.
In the meantime, I recommend that you create a neutron port as an admin on the public network using the gateway_ip of the network to represent your real gateway router. This will prevent anyone from being able to attach a router using the subnet as a reference since the gateway_ip address will already be in use.
Armondo I will work on providing more detail for the issue. Received the below from Kevin Benton through the mailing list so wanted to add to the bug for additional feedback.
I think you might have uncovered an edge-case that should probably be filed as a bug against Neutron. If a router interface is attached using a reference to a subnet, it always tries to use the address in the "gateway_ip" of the subnet: /github. com/openstack/ neutron/ blob/282d3da614 f24a6385c63a926 a48845d3f6d72a3 /neutron/ db/l3_db. py#L797- L798
https:/
My opinion is that Neutron probably shouldn't allow grabbing the default gateway if you aren't the owner of the subnet, but that is a fix that might not land for a while depending on their priorities.
In the meantime, I recommend that you create a neutron port as an admin on the public network using the gateway_ip of the network to represent your real gateway router. This will prevent anyone from being able to attach a router using the subnet as a reference since the gateway_ip address will already be in use.