← Back to team overview

openstack team mailing list archive

Re: Quantum duplicate subnet creation


Aaron Rosen wrote: 

> Nova (network) does not support overlapping ip addresses so if you use nova security groups directly this won't work.
> This should be fixed in G3 using nova security groups with a nova to quantum security group proxy. Until recently nova
> meta data did not work with overlapping ips but that works now if you use the quantum-meta data agent. If you want
> to use security groups with overlapping ips you can use quantum security groups directly, though this only works with
> the linux bridge plugin currently (soon the ovs and nvp plugin will support this once some patches merge upstream).

Am I understanding the above correctly if I rephrase it as follows:

  The current code indexes subnets solely based on ip address. Overlapping subnet masks actually means that one
   index will eclipse the other.

   With the addition of security groups, the security group becomes the most significant portion of a composite key,
   Thereby eliminating any ambiguity in keying or finding the correct subnet.