This is a specification is to allow administrators to set the external IP addresses assigned to tenant routers to a given IP. blueprint specify-router-ext-ip Change-Id: I25fdb45c7f1242f9c97fb2bc41e15833285d8157
5.3 KiB
Allow the external IP address of a router to be specified
https://blueprints.launchpad.net/neutron/+spec/specify-router-ext-ip
There currently is no way to specify the IP address given to a router on its external port. This blueprint allows external IPs to be set and the action is restricted to admin-only by default.
This spec was originally approved for Juno, however due to time constraints and conflicts with all of the DVR work ongoing at the end of the cycle, the code was reduced to a read-only version at the deadline.
The remaining code to finish the work is already complete and has received several reviews.[1] It affects about 100 lines of the L3 code so it has a small footprint and shouldn't take too much additional effort of reviewers to merge.
Problem Description
The current router API doesn't allow any control over the IP address given to the external interface on router objects. This makes it difficult for scenarios where tenant routers have to be assigned a well-known address that receives special treatment on the provider network.
Or, even if the address was originally randomly assigned, there is no way to delete the router, move it to another project, and preserve the previously assigned address.
Proposed Change
Allow the external IP to be specified for a router in the external_gateway_info passed to router_update. By default, this will be restricted by policy.json to an admin-only operation.
The format of this will be the standard fixed_ips format used when specifying an IP address for a normal port so it offers the flexibility of specifying a subnet_id instead of an IP directly.
Requested addresses will be permitted to be any address inside any of the subnets associated with the external network except for the gateway addresses. They will not be affected by allocation pool ranges.
If an address is already in use, the API will return a Conflict error (HTTP 409).
Alternatives
N/A
Data Model Impact
N/A
REST API Impact
'external_fixed_ips' is a field under 'external_gateway_info' that contains the external IP address of the router interface. This field already exists in the current API due to the previous partial implementation that allows the addresses to be read. The only difference is that the field can now be updated by an admin (or other user with the privileges defined in policy.json).
Attribute Name | Type | Access | Default Value | Validation/ Conversion | Description |
---|---|---|---|---|---|
external_fixed_ips | fixed_ip format for ports | RO, owner RW, admin | generated | Same as fixed_ips field validation for normal ports. | External IP addresses |
Right now only one fixed IP may be specified, but this may be adjusted in the future if routers support multiple external IPs.
Security Impact
N/A if the default policy.json is left unmodified. If it's modified to allow all users to set an IP, standard users will be allowed to ignore the allocation ranges defined on the external subnet.
Notifications Impact
N/A
IPv6 Impact
The IP validation will use the same validation that is used for any port IP address so this change should be IPv6 compatible.
Other End User Impact
N/A
Performance Impact
N/A
Other Deployer Impact
N/A
Developer Impact
N/A
Community Impact
The community will rejoice in elation that such an amazing feature is even possible, let alone implemented, in software.
Implementation
Assignee(s)
kevinbenton
Work Items
- Make the changes to the L3 db code, API, and policy.
- Update neutronclient
Dependencies
N/A
Testing
Tempest Tests
N/A
Functional Tests
N/A
API Tests
Unit tests should be adequate since there will be no new behavior outside of the IP address assignment, which is well contained in the neutron code.
Documentation Impact
User Documentation
Indicate that tenants can see their router's external IP and that admins can specify router IPs.
Developer Documentation
The developer API documentation will need to be updated to indicate that the external router IP can now be set.
References
Related bugs: