From 734f144f5d47c9b76562d5b5c705428be0963aec Mon Sep 17 00:00:00 2001
From: Henry Gessau <HenryG@gessau.net>
Date: Sat, 17 Sep 2016 19:28:53 -0400
Subject: [PATCH] Neutron L3: account for all default routes

Some systems may have more than one default route.
Set up iptables NAT rules on all v4 default route devices.
Accept RAs on all v6 default route devices.

Closes-Bug: #1624773

Change-Id: If58509297497ea33c6c156f083a4394000bd0561
---
 lib/neutron_plugins/services/l3 | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index 2e96284357..09c08e3280 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -88,8 +88,10 @@ SUBNETPOOL_PREFIX_V6=${SUBNETPOOL_PREFIX_V6:-2001:db8:8000::/48}
 SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-24}
 SUBNETPOOL_SIZE_V6=${SUBNETPOOL_SIZE_V6:-64}
 
-default_route_dev=$(ip route | grep ^default | awk '{print $5}')
-die_if_not_set $LINENO default_route_dev "Failure retrieving default route device"
+default_v4_route_devs=$(ip -4 route | grep ^default | awk '{print $5}')
+die_if_not_set $LINENO default_v4_route_devs "Failure retrieving default IPv4 route devices"
+
+default_v6_route_devs=$(ip -6 route | grep ^default | awk '{print $5}')
 
 function _determine_config_l3 {
     local opts="--config-file $NEUTRON_CONF --config-file $Q_L3_CONF_FILE"
@@ -121,7 +123,9 @@ function _configure_neutron_l3_agent {
             _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False False "inet6"
         fi
     else
-        sudo iptables -t nat -A POSTROUTING -o $default_route_dev -s $FLOATING_RANGE -j MASQUERADE
+        for d in $default_v4_route_devs; do
+            sudo iptables -t nat -A POSTROUTING -o $d -s $FLOATING_RANGE -j MASQUERADE
+        done
     fi
 }
 
@@ -371,11 +375,13 @@ function _neutron_configure_router_v6 {
 
     # This logic is specific to using the l3-agent for layer 3
     if is_service_enabled q-l3 || is_service_enabled neutron-l3; then
-        # Ensure IPv6 RAs are accepted on the interface with the default route.
+        # Ensure IPv6 RAs are accepted on interfaces with a default route.
         # This is needed for neutron-based devstack clouds to work in
         # IPv6-only clouds in the gate. Please do not remove this without
         # talking to folks in Infra.
-        sudo sysctl -w net.ipv6.conf.$default_route_dev.accept_ra=2
+        for d in $default_v6_route_devs; do
+            sudo sysctl -w net.ipv6.conf.$d.accept_ra=2
+        done
         # Ensure IPv6 forwarding is enabled on the host
         sudo sysctl -w net.ipv6.conf.all.forwarding=1
         # Configure and enable public bridge