yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1721305] [NEW] fips between two provider nets can never work

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Doug Wiegley <dougwig@xxxxxxxxxxx>
Date: Wed, 04 Oct 2017 16:22:06 -0000
Reply-to: Bug 1721305 <1721305@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

If you create two provider networks, mark one as shared, and the other
as external and shared, neutron will happily let you associate a
floating ip from the first to the second.

But, provider nets have gateways outside of neutron's control, so the
NAT on the neutron node can never happen.

But, neutron still tries to fire up an ip on the gateway ip, so it
sometimes works, based on who wins the arp race.

The workaround is to disable the gateway on the networks and put in a
static route for 0.0.0.0/gw instead.

But, umm, yuck.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1721305

Title:
  fips between two provider nets can never work

Status in neutron:
  New

Bug description:
  If you create two provider networks, mark one as shared, and the other
  as external and shared, neutron will happily let you associate a
  floating ip from the first to the second.

  But, provider nets have gateways outside of neutron's control, so the
  NAT on the neutron node can never happen.

  But, neutron still tries to fire up an ip on the gateway ip, so it
  sometimes works, based on who wins the arp race.

  The workaround is to disable the gateway on the networks and put in a
  static route for 0.0.0.0/gw instead.

  But, umm, yuck.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1721305/+subscriptions

Follow ups

[Bug 1721305] Re: fips between two provider nets can never work
From: Rodolfo Alonso, 2022-11-28