An external network can have more than one subnet. Currently only the
first subnet is added to the FIP namespace routing table. Packets for
FIPs with addresses in other subnets can't pass through the external
port because there is no route for those FIP CIDRs.
This change adds routes for those CIDRs via the external port IP and
interface.
These routes doesn't collide with the existing ones, added to provide
a back path for the packets with a destination IP matching a FIP.
E.g.:
$ ip netns exec fip-e1ec0f98-b593-4514-ae08-f1c5cf1c2788 ip route
(1) 169.254.106.114/31 dev fpr-3937f879-d proto kernel scope link \
src 169.254.106.115
(2) 192.168.20.250 via 169.254.106.114 dev fpr-3937f879-d
(3) 192.168.30.0/24 dev fg-bee060f1-dd proto kernel scope link \
src 192.168.30.129
(4) 192.168.20.0/24 via 192.168.30.129 dev fg-bee060f1-dd scope link
Rule (2) is added when a FIP is assigned. This rule permits ingress
packets going into the router namespace. This FIP belongs to the second
subnet of the external network (note the external port CIDR is not the
same). Rule (4), added by this patch, allows egress packets to exit
the FIP namespace through the external port. Rule (2), because of the
prefix length (32), has more priority than rule (4).
Change-Id: I4d476b47e89fa5709dca2f66ffae72a27d88340a
Closes-Bug: #1805456