9.4 KiB
Configurable external gateway modes
By default, when a gateway is attached to a router using the Neutron L3 extension, Network Address Translation (NAT) is enabled for traffic generated by subnets attached to the router. With this extension, the user will have the option of choosing whether SNAT should be enabled or not on a router basis.
This is achieved simply by specifying a boolean attribute,
enable_snat, in the external_gateway_info
attribute of the router resource.
This extension redefines the external_gateway_info attribute:
Table external_gateway_info attributes
| Attribute | Type | Required | Default Value | Validation Constraints and Notes |
|---|---|---|---|---|
network_id |
UUID |
Yes |
N/A |
Must be a valid uuid representative of an external network. |
enable_snat |
Boolean |
No |
True |
{True|False} The default setting is |
SNAT can be enabled or disabled at any time on a Neutron router regardless of the current status of floating IPs. Floating IPs will continue working even when SNAT is disabled.
List routers
GET /routers
Lists neutron routers.
Success and error response codes are not changed with regards to the operation as introduced by the L3 API extension.
When this extension is enabled, this operation also returns the current Source NAT status for configured routers, as follows.
The response for the show router operation is the same, with the obvious exception that a single router is returned.
Example Router list with configurable external gateway modes enabled
{
"routers":
[{
"status": "ACTIVE",
"external_gateway_info":
{"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat": true},
"name": "second_router",
"admin_state_up": true,
"tenant_id": "6b96ff0cb17a4b859e1e575d221683d3",
"id": "7177abc4-5ae9-4bb7-b0d4-89e94a4abf3b"
},
{
"status": "ACTIVE",
"external_gateway_info":
{"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat": false},
"name": "router1",
"admin_state_up": true,
"tenant_id": "33a40233088643acb66ff6eb0ebea679",
"id": "a9254bdb-2613-4a13-ac4c-adc581fba50d"
}]
}Create router with external gateway
POST /routers
Create a new Neutron router
Success and error response codes are not changed with regards to the operation as introduced by the L3 API extension.
Neutron API users can specify whether SNAT should be performed on the
network specified as the router's external gateway by setting
enable_snat in external_gateway_info to either
True or False; the default value is
True.
Example Create router with SNAT disabled
POST /v2.0/routers
Accept: application/json
{
"router":
{
"name": "another_router",
"admin_state_up": true,
"external_gateway_info": {
"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat": false}
}
}
HTTP/1.1 201 OK
Content-Type: application/json; charset=UTF-8
{
"router":
{
"status": "ACTIVE",
"external_gateway_info": {
"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat": false}
"name": "another_router",
"admin_state_up": true,
"tenant_id": "6b96ff0cb17a4b859e1e575d221683d3",
"id": "8604a0de-7f6b-409a-a47c-a1cc7bc77b2e"
}
}Update external gateway information for router
PUT /routers/router_id
Creates a neutron router.
Success and error response codes are not changed with regards to the operation as introduced by the L3 API extension.
Neutron API users can enable or disable SNAT on a router specifying
the enable_snat attribute in the
external_gateway_info attribute for the router resource.
This operation can be either used for updating the SNAT status only, the
external network, or both attributes at the same time. In any case, if
the enable_snat attribute is not specified, it will default
to True. For instance, if the current SNAT status is
disabled, and the router's gateway is updated to a different external
network without specifying enable_snat, SNAT will be
enabled for the new network.
It is important to note that whenever updating a router's external
gateway information, the network_idparameter must be
specified always, even if the final goal is just to enable or disable
SNAT for the router on the same external network.
The rest of this section provides some samples for updating a router's external gateway info with SNAT mode.
Example Disable SNAT for the current external network
{
"router":
{
"name": "another_router",
"admin_state_up": true,
"external_gateway_info": {
"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8"}
}
}{
"router":{
"status":"ACTIVE",
"external_gateway_info":{
"network_id":"3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat":true
},
"name":"another_router",
"admin_state_up":true,
"tenant_id":"6b96ff0cb17a4b859e1e575d221683d3",
"id":"8604a0de-7f6b-409a-a47c-a1cc7bc77b2e"
}
}{
"router":{
"status":"ACTIVE",
"external_gateway_info":{
"network_id":"3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat":false
},
"name":"another_router",
"admin_state_up":true,
"tenant_id":"6b96ff0cb17a4b859e1e575d221683d3",
"id":"8604a0de-7f6b-409a-a47c-a1cc7bc77b2e"
}
}{
"router":{
"external_gateway_info":{
"network_id":"3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat":false
}
}
}Example Change external network and enable SNAT
{
"router":
{
"name": "another_router",
"admin_state_up": true,
"external_gateway_info": {
"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat": false}
}
}{
"router":
{
"status": "ACTIVE",
"external_gateway_info": {
"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat": false},
"name": "another_router",
"admin_state_up": true,
"tenant_id": "6b96ff0cb17a4b859e1e575d221683d3",
"id": "8604a0de-7f6b-409a-a47c-a1cc7bc77b2e"
}
}{
"router":
{
"external_gateway_info": {
"network_id": "002ab3b9-9127-4158-be30-4b45f3814df5"}
}
}{
"router":
{
"status": "ACTIVE",
"external_gateway_info": {
"network_id": "002ab3b9-9127-4158-be30-4b45f3814df5",
"enable_snat": true},
"name": "another_router",
"admin_state_up": true,
"tenant_id": "6b96ff0cb17a4b859e1e575d221683d3",
"id": "8604a0de-7f6b-409a-a47c-a1cc7bc77b2e"
}
}Example Change external network and external-gateway SNAT disabled
{
"router":
{
"name": "another_router",
"admin_state_up": true,
"external_gateway_info": {
"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat": false}
}
}{
"router":
{
"status": "ACTIVE",
"external_gateway_info": {
"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat": false},
"name": "another_router",
"admin_state_up": true,
"tenant_id": "6b96ff0cb17a4b859e1e575d221683d3",
"id": "8604a0de-7f6b-409a-a47c-a1cc7bc77b2e"
}
}{
"router":
{
"external_gateway_info": {
"network_id": "002ab3b9-9127-4158-be30-4b45f3814df5",
"enable_snat": false}
}
}{
"router":
{
"status": "ACTIVE",
"external_gateway_info": {
"network_id": "002ab3b9-9127-4158-be30-4b45f3814df5",
"enable_snat": false},
"name": "another_router",
"admin_state_up": true,
"tenant_id": "6b96ff0cb17a4b859e1e575d221683d3",
"id": "8604a0de-7f6b-409a-a47c-a1cc7bc77b2e"
}
}