yahoo-eng-team team mailing list archive

Thread
Date
[Bug 2024921] [NEW] Formalize use of subnet service-type for draining subnets

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: "Dr. Jens Harbott" <2024921@xxxxxxxxxxxxxxxxxx>
Date: Fri, 23 Jun 2023 17:45:41 -0000
Reply-to: Bug 2024921 <2024921@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

As documented in https://docs.openstack.org/neutron/latest/admin/config-
service-subnets.html, subnets can be assigned a service-type which
ensures that they are only used to allocate addresses to a specific
device owner. But the current implementation also allows this feature to
be used to ensure that no addresses at all are assigned from a subnet by
setting the service type to an invalid owner like "compute:bogus" or
"network:drain".

One use case for this is extending or reducing FIP pools in a
deployment. Assume there is a /24 in use as public subnet which is
running full. Adding a second /24 is possible, but will waste some IPs
for network, gateway and broadcast address. So the better solution will
be to add a /23, gradually migrate the existing users away from the /24
and finally remove the old /24. In order for this to be feasible, one
must prevent allocation from the old subnet to happen during the
migration phase. The same applies when an operator wants to reduce the
size of a pool.

Since the above solution is undocumented, it would be useful to make it
documented and thus ensure that this stays a dependable workflow for
operators. Maybe one can also define a well-known "bogus" owner that
could be added in case the verification of device owners was to be made
more strict. Having some functional testing for this scenario might be
an extra bonus.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: rfe

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2024921

Title:
  Formalize use of subnet service-type for draining subnets

Status in neutron:
  New

Bug description:
  As documented in
  https://docs.openstack.org/neutron/latest/admin/config-service-
  subnets.html, subnets can be assigned a service-type which ensures
  that they are only used to allocate addresses to a specific device
  owner. But the current implementation also allows this feature to be
  used to ensure that no addresses at all are assigned from a subnet by
  setting the service type to an invalid owner like "compute:bogus" or
  "network:drain".

  One use case for this is extending or reducing FIP pools in a
  deployment. Assume there is a /24 in use as public subnet which is
  running full. Adding a second /24 is possible, but will waste some IPs
  for network, gateway and broadcast address. So the better solution
  will be to add a /23, gradually migrate the existing users away from
  the /24 and finally remove the old /24. In order for this to be
  feasible, one must prevent allocation from the old subnet to happen
  during the migration phase. The same applies when an operator wants to
  reduce the size of a pool.

  Since the above solution is undocumented, it would be useful to make
  it documented and thus ensure that this stays a dependable workflow
  for operators. Maybe one can also define a well-known "bogus" owner
  that could be added in case the verification of device owners was to
  be made more strict. Having some functional testing for this scenario
  might be an extra bonus.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2024921/+subscriptions