"Gateway is not valid on subnet" when enabling Neutron in Devstack

asked 2014-10-25 17:48:18 -0600

job gravatar image

updated 2014-10-25 21:26:21 -0600

Devstack stable/juno



With this basic config, everyting seemed OK. After that I tried enabling Neutron but when I do ./stack the error appears. I just added to local.conf.

disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service tempest

The gateway and devstack are out of the FLOATING_RANGE subnet by design. It worked with nova-network but, with neutron, It just doesn't. I even tried setting FLOATING_RANGE as the whole subtnet ( but VM didn't get connectivity at all.

One more issue: when I enable neutron, public network is only present in admin project and private network is only present in demo project.

Any piece of advice would be appreciated.


edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2014-10-26 00:21:55 -0600

job gravatar image

updated 2014-10-26 00:24:41 -0600

I ended up defining a gateway inside FLOATING_RANGE subnet.


Then I had to check the default security group to have access to VMs. And finally, I added in the devstack host an IPtables rule for Internet access in the VMs as pointed out in several websites:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


edit flag offensive delete link more

answered 2014-10-25 23:51:15 -0600

SamYaple gravatar image

You can set force_gateway_on_subnet = False in the neutron.conf but I dont think that is what you are trying to do here as it will only help if you do some tricky network things (which I can almost guarantee you are not).

You want to do things different in neutron.

First you need to setup an external network. In the real world this would be an actual slice of the Internet, publicly routable ipv4 addresses. In your test lab it will be Of note on this, you need to actually create the external as with an allocation range start= end= Tweak those values to whatever your network looks like.

Next, you setup an internal network. This will be that network (or whatever you want).

Once you setup your external and internal, then you need a router to attach to the external network and your internal network. From here you have duplicated what is happening behind the scenes with nova-network. Your instances, by default, don't consume an ip from your floating ip range, but you can still assign a floating ip from to on of your 10.0.0.x instances.

If I am not understanding your issue with neutron correctly, let me know.

Unfortunately, I do not know how to do any of this through devstack. My guess would be you want ot create that external network through devstack, and then manually create the internal one.

edit flag offensive delete link more


Thanks, Sam. I think you've got it right. I wanted to do that config once from devstack init, automatically, and to understand how to approach it automatically with Neutron.

job gravatar imagejob ( 2014-10-26 00:18:58 -0600 )edit

answered 2016-01-07 04:50:48 -0600


Late answer, may be useful for others. I believe you should use PUBLIC_NETWORK_GATEWAY in your local.conf. I had ran into similar issue. A quick grep found out how gateway was assigned on line 1296 (as of now).

lib/neutron-legacy:850:            v6_gateway=$(ip -6 a s dev $OVS_PHYSICAL_BRIDGE | grep  IPV6_PUBLIC_NETWORK_GATEWAY | awk '{ print $2 }')
lib/neutron-legacy:1296:    subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
lib/neutron-legacy:1310:    subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2014-10-25 17:48:18 -0600

Seen: 2,769 times

Last updated: Oct 26 '14