yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1450521] Re: remove the gateway validation of subnet for router VM's port

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Carl Baldwin <carl.baldwin@xxxxxx>
Date: Wed, 06 May 2015 16:10:48 -0000
Reply-to: Bug 1450521 <1450521@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The reason for not allowing the gateway to be within the allocation
pools was so that Neutron would not allocate the gateway IP address to
just anything. It should be specifically requested for a router port or
a service VM like you've done.

If we allow moving the gateway IP to an IP inside the allocation pool
then when you delete your router's port, another VM could come around
and get allocated the gateway IP inadvertently. So, I don't think this
restriction should be removed.

** Changed in: neutron
Importance: Undecided => Wishlist

** Changed in: neutron
Status: Incomplete => Confirmed

** Changed in: neutron
Status: Confirmed => Won't Fix

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1450521

Title:
remove the gateway validation of subnet for router VM's port

Status in OpenStack Neutron (virtual network service):
Won't Fix

Bug description:
This is a problem about the gateway setting in the subnet when one VM could act as a router/firewall. When one VM works
as a router/firewall in the network, the port where the VM connect to the subnet should be the gateway of the subnet.
But now, we can’t set the gateway to any VM’s port plugged into the subnet because the gateway IP cannot be in the IP allocation pool.

The usage is like this:
1. Create subnet with a IP allocation pool, specifying the gateway as normal.
2. Create a router and attach the interfaces with the subnets. With some vendor router-plugin, it will create a router VM and connect this VM with subnets.
Router VM would get a IP from the pool, but not the gateway IP.
This the limitation comes, gateway IP could not be allocated to VM, and subnet’s gateway could not be updated with IP which has been assigned to some VM.

GatewayConflictWithAllocationPools exception would be emitted.
And this verification code related is https://github.com/openstack/neutron/blob/master/neutron/db/db_base_plugin_v2.py#L1112
It was added by patch for this bug https://bugs.launchpad.net/neutron/+bug/1062061.

Here is an error example:
stack@yalie-Studio-XPS-8000:~/job/dev2/devstack$ neutron subnet-update subnet2 --gateway 10.0.0.3
Gateway ip 10.0.0.3 conflicts with allocation pool 10.0.0.2-10.0.0.254

I think we need to remove this API limitation considering the usage listed.
I am not sure it's a bug, paste it here for more discussion.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1450521/+subscriptions

References

[Bug 1450521] [NEW] remove the gateway validation of subnet for router VM's port
From: yalei wang, 2015-04-30