Static routes

OpenContrail allows the user to specify a static route with a next-hop of an instance interface. The route is advertised within the virtual-network that the interface is associated with. This script can be used to manipulate the static routes configured on an interface.

I wrote it in order to setup a cluster in which overlay networks are used hierarchically. The bare-metal nodes are running OpenStack using OpenContrail as the neutron plugin; a set of OpenStack VMs are running a second overlay network using OpenContrail which kubernetes as the compute scheduler.

In order to provide external access for the kubernetes cluster, one of the kubernetes node VMs was configured as an OpenContrail software gateway.

This is easily achievable by editing /etc/contrail/contrail-vrouter-agent.conf to include the following snippet:

# Name of the routing_instance for which the gateway is being configured

# Gateway interface name

# Virtual network ip blocks for which gateway service is required. Each IP
# block is represented as ip/prefix. Multiple IP blocks are represented by
# separating each with a space

The vow interface can then be created via the following sequence of shell commands:

ip link add vgw type vhost
ip link set vgw address 00:00:5e:00:01:00
ip link set vgw up
ip route add dev vgw

The interface-route script can then be used to add a static route to the IP prefix configured in the software gateway interface. This route should be added to an interface (e.g. neutron port) associated with the VM that is running the software gateway functionality and in a network that is externally connected.

This allows the nested overlay to be accessed from outside the cluster. For redundancy, multiple VMs can be configured with a gateway interface and the corresponding static route.


One thought on “Static routes

  1. Nested power!
    Just a remark, the Neutron API permits to define static routes associated to a subnet [1] and that was implemented into the Neutron Contrail plugin [2] like you did in your script. Be careful, it’s optional and disable by default [3].


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s