© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
1.
If the entity is a router created by neutron, then there is no issue
since the commit takes care of this scenario.
E.g.
ext net1 net2
| | |src1
|---
| | |src3
2.
Your question is more about a SF performing routing/NAT.
E.g. In topoloy below, SF is a Router.
ext |--SF1
| | |--src1
|---
| | |--src3
In such a case, yes, you are right this commit will break things if only the logical-src-port is specified without the prefixes since it will insert the SRC IP address of SF(Router).
However, there are several easy workarounds for this.
1. - Specify the prefixes for the sources (most obvious one).
2. - Specify the SF(Router) interfaces to be router owned. (see below)
root@fs-
+------
| Field | Value |
+------
| admin_state_up | True |
| allowed_
| binding:vnic_type | normal |
| created_at | 2017-02-
| description | |
| device_id | 5f7d0f49-
| device_owner | compute:None |
If the above SF is doing routing or NAT, then change the device owner to be network:
neutron port-update --device-owner network:
root@fs-
+------
| Field | Value |
+------
| admin_state_up | True |
| allowed_
| binding:vnic_type | normal |
| created_at | 2017-02-
| description | |
| device_id | 5f7d0f49-
| device_owner | network:
If the device_owner is a router_interface, the commit will not mess with it (not insert its source IP into the flow classifier)