neutron

Bug #1901992
Comment #5

Comment 5 for bug 1901992

Revision history for this message

Bence Romsics (bence-romsics) wrote on 2020-10-29: Re: Destination 0.0.0.0/0 static route cause snat unable to go external

#5

I guess that default route must be only present in a dvr environment, right?

Because I tried to reproduce it, but couldn't. My current devstack was built with no dvr and that way there's no problem:

$ openstack router create router2
$ router_id="$( openstack router show router2 -f value -c id )"

$ openstack network create net2
$ openstack subnet create --network net2 --use-default-subnet-pool subnet2
$ openstack router add subnet router2 subnet2

# no default route in the first place
$ sudo ip netns exec "qrouter-$router_id" ip route
10.0.0.64/26 dev qr-283bcf49-c2 proto kernel scope link src 10.0.0.65

$ openstack subnet show subnet2
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 10.0.0.66-10.0.0.126 |
| cidr | 10.0.0.64/26 |
| created_at | 2020-10-29T15:17:57Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 10.0.0.65 |
| host_routes | |
| id | 7bfb1bc6-e5d9-4f57-a4f1-118cfbc2eb0b |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | subnet2 |
| network_id | e46a48c2-4458-48c6-ad21-bdf47a9638b5 |
| prefix_length | None |
| project_id | 928bf5e466e245039d17bd2f5c3139bd |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | 4d5019e3-fe19-4433-b491-bc40cb07fe04 |
| tags | |
| updated_at | 2020-10-29T15:17:57Z |
+----------------------+--------------------------------------+

$ openstack router set router2 --no-route --route destination=0.0.0.0/0,gateway=10.0.0.70
$ sudo ip netns exec "qrouter-$router_id" ip route
default via 10.0.0.70 dev qr-283bcf49-c2 proto static·
10.0.0.64/26 dev qr-283bcf49-c2 proto kernel scope link src 10.0.0.65

$ openstack router set router2 --no-route
# no default route as before
$ sudo ip netns exec "qrouter-$router_id" ip route
10.0.0.64/26 dev qr-283bcf49-c2 proto kernel scope link src 10.0.0.65

Would this be the way to reproduce it if I had dvr? I guess I should rebuild my devstack with dvr.

I guess that default route must be only present in a dvr environment, right?

Because I tried to reproduce it, but couldn't. My current devstack was built with no dvr and that way there's no problem:

$ openstack router create router2
$ router_id="$( openstack router show router2 -f value -c id )"

$ openstack network create net2
$ openstack subnet create --network net2 --use-default-subnet-pool subnet2
$ openstack router add subnet router2 subnet2

# no default route in the first place
$ sudo ip netns exec "qrouter-$router_id" ip route
10.0.0.64/26 dev qr-283bcf49-c2 proto kernel scope link src 10.0.0.65

$ openstack subnet show subnet2
+----------------------+--------------------------------------+
| Field                | Value                                |
+----------------------+--------------------------------------+
| allocation_pools     | 10.0.0.66-10.0.0.126                 |
| cidr                 | 10.0.0.64/26                         |
| created_at           | 2020-10-29T15:17:57Z                 |
| description          |                                      |
| dns_nameservers      |                                      |
| dns_publish_fixed_ip | None                                 |
| enable_dhcp          | True                                 |
| gateway_ip           | 10.0.0.65                            |
| host_routes          |                                      |
| id                   | 7bfb1bc6-e5d9-4f57-a4f1-118cfbc2eb0b |
| ip_version           | 4                                    |
| ipv6_address_mode    | None                                 |
| ipv6_ra_mode         | None                                 |
| name                 | subnet2                              |
| network_id           | e46a48c2-4458-48c6-ad21-bdf47a9638b5 |
| prefix_length        | None                                 |
| project_id           | 928bf5e466e245039d17bd2f5c3139bd     |
| revision_number      | 0                                    |
| segment_id           | None                                 |
| service_types        |                                      |
| subnetpool_id        | 4d5019e3-fe19-4433-b491-bc40cb07fe04 |
| tags                 |                                      |
| updated_at           | 2020-10-29T15:17:57Z                 |
+----------------------+--------------------------------------+

$ openstack router set router2 --no-route --route destination=0.0.0.0/0,gateway=10.0.0.70
$ sudo ip netns exec "qrouter-$router_id" ip route
default via 10.0.0.70 dev qr-283bcf49-c2 proto static·
10.0.0.64/26 dev qr-283bcf49-c2 proto kernel scope link src 10.0.0.65

$ openstack router set router2 --no-route
# no default route as before
$ sudo ip netns exec "qrouter-$router_id" ip route                                                                                                                                                                                              
10.0.0.64/26 dev qr-283bcf49-c2 proto kernel scope link src 10.0.0.65

Would this be the way to reproduce it if I had dvr? I guess I should rebuild my devstack with dvr.