Ask Your Question
0

subnet host routes update

asked 2014-08-13 06:21:35 -0500

foexle gravatar image

Hi guys,

if it possible update the host routes for a subnet ? I tried it

neutron subnet-update 71f4da61-145d-4ad4-817b-d38db1a3e787 --host_routes type=dict list=true destination=10.255.255.0/24,nexthop=10.0.200.254

And look into the subnet

neutron subnet-show 71f4da61-145d-4ad4-817b-d38db1a3e787
+------------------+---------------------------------------------------------------+
| Field            | Value                                                         |
+------------------+---------------------------------------------------------------+
| allocation_pools | {"start": "10.0.200.2", "end": "10.0.200.254"}                |
| cidr             | 10.0.200.0/24                                                 |
| dns_nameservers  | 109.234.108.234                                               |
|                  | 109.234.109.234                                               |
|                  | 8.8.8.8                                                       |
| enable_dhcp      | True                                                          |
| gateway_ip       | 10.0.200.1                                                    |
| host_routes      | {"destination": "10.255.255.0/24", "nexthop": "10.0.200.254"} |
| id               | 71f4da61-145d-4ad4-817b-d38db1a3e787                          |
| ip_version       | 4                                                             |
| name             | testing-sub1                                                  |
| network_id       | 07240086-6011-46c6-a3c3-51edffecc5c6                          |
| tenant_id        | d4e1c14691d841f6b53a24b6c4c42a0e                              |
+------------------+---------------------------------------------------------------+

Looks fine and here the port:

neutron port-show 4da1f23c-9d5e-4406-9ae0-0b810f80a22e
+-----------------------+-------------------------------------------------------------------------------------+
| Field                 | Value                                                                               |
+-----------------------+-------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                |
| allowed_address_pairs |                                                                                     |
| binding:capabilities  | {"port_filter": true}                                                               |
| binding:host_id       | net1                                                                  |
| binding:vif_type      | ovs                                                                                 |
| device_id             | 2539464a-2fcd-4025-863f-87d871c329b7                                                |
| device_owner          | network:router_interface                                                            |
| extra_dhcp_opts       |                                                                                     |
| fixed_ips             | {"subnet_id": "71f4da61-145d-4ad4-817b-d38db1a3e787", "ip_address": "10.0.200.254"} |
| id                    | 4da1f23c-9d5e-4406-9ae0-0b810f80a22e                                                |
| mac_address           | fa:16:3e:5d:aa:e4                                                                   |
| name                  |                                                                                     |
| network_id            | 07240086-6011-46c6-a3c3-51edffecc5c6                                                |
| security_groups       | 0799273c-44f2-4ce0-bed8-6c7c41b8f0c3                                                |
| status                | ACTIVE                                                                              |
| tenant_id             | d4e1c14691d841f6b53a24b6c4c42a0e                                                    |
+-----------------------+-------------------------------------------------------------------------------------+

This port is attached to an other router (not this tenant router). Anyway, i can't see any routes btw. any iptables rules on the gateway / router

ip netns exec qrouter-df1ef401-2cb4-4f8b-86aa-7947c32c4f67 iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
neutron-l3-agent-PREROUTING  all  --  anywhere             anywhere            

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
neutron-l3-agent-OUTPUT  all  --  anywhere             anywhere            

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
neutron-l3-agent-POSTROUTING  all  --  anywhere             anywhere            
neutron-postrouting-bottom  all  --  anywhere             anywhere            

Chain neutron-l3-agent-OUTPUT (1 references)
target     prot opt source               destination         
DNAT       all  --  anywhere             xxxxx         to:10.0.200.5
DNAT       all  --  anywhere             xxxxx         to:10.0.200.10

Chain neutron-l3-agent-POSTROUTING (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ! ctstate DNAT

Chain neutron-l3-agent-PREROUTING (1 references)
target     prot opt source               destination         
REDIRECT   tcp  --  anywhere             169.254.169.254      tcp dpt:http redir ports 9697
DNAT       all  --  anywhere             xxxx         to:10.0.200.5
DNAT       all  --  anywhere             xxxx         to:10.0.200.10

Chain neutron-l3-agent-float-snat (1 references)
target     prot opt source               destination         
SNAT       all  --  10.0.200.5           anywhere             to:xxxx
SNAT       all  --  10.0.200.10          anywhere             to:xxxxx

Chain neutron-l3-agent-snat (1 references)
target     prot opt source               destination         
neutron-l3-agent-float-snat  all  --  anywhere             anywhere            
SNAT       all  --  10.0.200.0/24        anywhere             to:xxxx

Chain neutron-postrouting-bottom (1 references)
target     prot opt source               destination         
neutron-l3-agent-snat  all  --  anywhere             anywhere

xxxx are pub ip's :)

Here the tenant1 router + routes

ip netns exec qrouter-2539464a-2fcd-4025-863f-87d871c329b7 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxxxxx    0.0.0.0         UG    0      0        0 qg-1f8ce973-2a
xxxxxx    0.0.0.0         255.255.255.192 U     0      0        0 qg-1f8ce973-2a
10.0.200.0      0.0.0.0         255.255.255.0   U     0      0        0 qr-4da1f23c-9d
10.255.255.0    0.0.0.0         255.255.255.0   U     0      0        0 qr-9632bfc6-4e

netns exec qrouter-2539464a-2fcd-4025-863f-87d871c329b7 ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0 ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-08-13 07:03:37 -0500

foexle gravatar image

updated 2014-08-13 07:03:48 -0500

All right, it seems to be a restart of all instances in the subnet will solved the problem or adding manually a new route on each instance. The new routes will be inject by cloud-init i think.

route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.0.200.1      0.0.0.0         UG    100    0        0 eth0
    10.0.200.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
    10.255.255.0    10.0.200.254    255.255.255.0   UG    0      0        0 eth0
edit flag offensive delete link more

Comments

I think restarting the dhcp clients on the instances should be enough (or wait or force renew). Assuming they are configured to request static routes. I'm not sure would cloud-init do this.

darragh-oreilly gravatar imagedarragh-oreilly ( 2014-08-13 13:30:27 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-08-13 06:21:35 -0500

Seen: 4,515 times

Last updated: Aug 13 '14