diff options
| author | Vishvananda Ishaya <vishvananda@gmail.com> | 2013-02-11 12:08:35 -0800 |
|---|---|---|
| committer | Vishvananda Ishaya <vishvananda@gmail.com> | 2013-02-11 14:27:50 -0800 |
| commit | d0c8f8a061125d6e4c3dce8f7f0741ff57a014b8 (patch) | |
| tree | 7e04c2ab9c56883cca2f88739e7134d733d8ed22 /nova/notifications.py | |
| parent | 3e4637e8e7887567ac7dbc60e997aa780f029c1c (diff) | |
| download | nova-d0c8f8a061125d6e4c3dce8f7f0741ff57a014b8.tar.gz nova-d0c8f8a061125d6e4c3dce8f7f0741ff57a014b8.tar.xz nova-d0c8f8a061125d6e4c3dce8f7f0741ff57a014b8.zip | |
Allow fixed to float ping with external gateway.
If you ping an a floating ip from an instance with only a fixed ip, the
traffic will be sent to the default gateway. If the default gateway has
a route to the floating ip, it will then be sent to the host of the
instance with the floating ip. The source address will be on the fixed
network, so if the floating addresses are on a different network, the
receiving host to drop the packet due to the default rp_filter.
Essentially, the route for the fixed range is on a different interface
so it the kernel assumes the packet is spoofed and drops it.
In order to fix this issue this patch adds a new config option called
force_snat_range. Traffic that originates in fixed_range and has a
destination in force_snat_range will always be routed. This forces
the packet to hit the fallback floating roule and be snatted to
routing_source_ip. This means the traffic will originate from the
proper network and the packet will make it through.
DocImpact
Fixes bug 1122335
Change-Id: I7e31c25d37a5c4fd02c8238aec58a28af3fd7f6a
Diffstat (limited to 'nova/notifications.py')
0 files changed, 0 insertions, 0 deletions