← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #21734

[Bug 1048765] Re: snat rule too broad for some network configurations

  Thread PreviousDate PreviousThread Next 
** No longer affects: nova/essex

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1048765

Title:
  snat rule too broad for some network configurations

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  When using an external gateway for fixed ips as mentioned in option 4 here:
  http://docs.openstack.org/trunk/openstack-compute/admin/content/existing-ha-networking-options.html

  It is possible to setup the gateway to route traffic properly, but the
  traffic will be snatted by default by nova-network. In many
  configurations using an external gateway, this is not desired, so
  there should be a way to disable the snat rule and/or limit it.

  There is also an issue with snatting multiple floating ips. Picture
  the following scenario:

  Two floating ip pools 10.1.0.0/24 on vlan10 and 192/168.0.0/24 on vlan11
  vm has 10.1.0.2 and 192.168.0.2
  all traffic will be routed to one of the two ips (depending on the order they were added)

  What should happen:
  traffic to flat_interface should not be snatted
  traffic to vlan10 should be snatted to 10.1.0.2
  traffic to vlan11 should be snatted to 192.168.0.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1048765/+subscriptions
  Thread PreviousDate PreviousThread Next