Static routes
Static routing can be used if there is a device on the cloud subnet that acts as a router. For example, global router, cloud router, or cloud server.
Static routes can be configured:
- from the private subnets;
- subnets of the global router;
- subnets of cross-project networks — only through OpenStack CLI;
- public subnets — only through the OpenStack CLI.
Examples of solved problems
Internet access for a network connected to a global router
For example, a cloud private network is connected to a global router and you need to:
- configure internet access for the cloud servers that reside on this cloud private network;
- configure internet access for the Managed Kubernetes cluster private network to deploy nodes;
- Use the public address for a cloud server or for a load balancer on a private network;
- Use the cloud router as a gateway to access the internet for servers or hosts from other pools and services.
Sending traffic via cloud server (proxy)
If you need to send traffic to other networks, you can use the cloud server as a gateway and configure static routing. For example:
- configure access to the Internet from a subnet;
- configure connectivity to the external infrastructure via VPN.
Configure static routing
- Create static routes.
- Write static routes on cloud server.
- Modify cloud server network configuration files.
- Write static routes on Managed Kubernetes cluster nodes.
- Write static routes in a cloud database cluster.
- Optional: write-static-routes-on-cloud-load-balancer.
1. Create static routes
You can use as the source subnet:
- a private subnet;
- subnet of the global router;
- subnet of cross-project networks — only through OpenStack CLI;
- public subnet — only through the OpenStack CLI.
You cannot set a metric (route weight or cost) for a static route, so you cannot create two or more routes with the same source subnet and destination subnet.
- Control panel
- OpenStack CLI
- In Control Panel, go to Cloud Platform → Network.
- Open the Private Networks tab.
- Open the private network card → Static Routes tab.
- Press Create Route.
- Select the source subnet. You can select a private subnet or a global router subnet.
- Enter the CIDR of the destination subnet, which is the subnet to which traffic will be routed.
- Enter the gateway (next-hop), which is the IP address through which all cloud servers from the source subnet will route traffic to the destination subnet. You can enter any source subnet address.
- Press Add.
-
Create a static route:
openstack subnet set /
--host-route destination=<destination_subnet_cidr>,gateway=<next_hop_ip> /
<subnet_uuid>Specify:
<destination_subnet_cidr>
— CIDR of the destination subnet to which the traffic will be routed;<next_hop_ip>
— gateway (next-hop) — the IP address through which all cloud servers from the source subnet will route traffic to the destination subnet. You can enter any source subnet address;<subnet_uuid>
— ID or name of the source subnet, can be viewed withopenstack subnet list
. You can select a private subnet, a global router subnet, a cross-project subnet, and a public subnet.
-
If you have previously created a static route and want to delete it and write a new one at the same time, use the
--no-host-route
parameter:openstack subnet set /
--no-host-route /
--host-route destination=<destination_subnet_cidr>, gateway=<next_hop_ip> /
<subnet_id> -
Verify that a static route is added — the
destination
(destination subnet) andgateway
(gateway) parameters in the command output:openstack subnet show <subnet_id>
2. Write static routes on the cloud server
If there are cloud servers in the source subnet, after creating a static route, you need to update the routing rules — write routes on all cloud servers in the subnet. The algorithm depends on whether DHCP is enabled on the source subnet.
- See if the source subnet's DHCP is enabled. In Control Panel, go to Cloud Platform → Network. Open the network card → Subnets tab → DHCP toggle switch.
- Configure static routes depending on whether DHCP is enabled or disabled on the source subnet:
- DHCP enabled
- DHCP disabled
If DHCP is enabled on the source subnet, static routes will be automatically written to the servers within 24 hours after the routes are created.
write routes at once
You can write routes all at once, use one of the options:
-
sequentially turn cloud server off and on;
-
re-request information from the DHCP server on the cloud server:
dhclient eth0
Here
eth0
is the interface name.New routes will be added without deleting old routes;
-
turn off, turn on the port, and re-request information from the DHCP server on the cloud server:
INTERFACE=eth0; ip link set $INTERFACE down && ip link set $INTERFACE up && dhclient $INTERFACE
Here
eth0
is the interface name.New routes will be added without deleting old routes.
If DHCP is disabled on the source subnet, the algorithm for configuring static routes depends on whether the cloud-init or cloudbase-init agent is installed in the images from which the source subnet's cloud servers are created. Agents are pre-installed in all pre-built images of the cloud platform, as well as in self-uploaded compatible Linux images.
- Cloud-init установлен
- Cloud-init не установлен
If cloud-init or cloudbase-init is installed in the server image, change the network configuration files on all cloud servers in the source subnet.
- If you first configured static routes for a subnet and then created cloud servers in it, the configuration files of the servers will automatically contain all static route settings.
- If you created cloud servers first and then configured static routes, in Control Panel go to Cloud Platform → Servers.
- Open the cloud server page → Ports tab.
- If the Port Configuration block specifies the When Server Restart option, sequentially shut down and power on each cloud server on the source subnet.
- If the Port Configuration block specifies the Manual on server network configuration file option, change network configuration files on all cloud servers in the source subnet.
3. Modify cloud server network configuration files
You must manually assign static routes to a cloud server on the source subnet if DHCP is disabled on the subnet and:
- cloud server is created from an image without cloud-init or cloudbase-init agent;
- Before creating a static route on the source subnet, a cloud server was created from a cloud-init or cloudbase-init agent image, with Manual in the network configuration file on the server specified in the Port Configuration block of the server.
If you enable DHCP on a subnet in the future, the writed static routes may no longer work — DHCP applies its own settings to all servers.
- Ubuntu
- Debian
- CentOS
- Windows
-
Open the CLI.
-
Disable network configuration. To do this, create the
99-disable-network-config.cfg
file:echo "network: {config: disabled}" >> /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
-
Open the configuration file:
vi /etc/network/interfaces.d/50-cloud-init.cfg
-
At the end of the data block of the corresponding network interface, add the desired route:
up route add -net <ip> netmask <netmask> gw <gateway>
Specify:
<ip>
is the subnet to which the route is needed (for example,192.168.1.0
);<netmask>
is the subnet mask to which the route is needed (for example,255.255.255.0
);<gateway>
is the gateway for the current server's subnet, which is specified on the global router.
-
If you need to write multiple routes, add them sequentially in the same block.
-
Open the CLI.
-
Open the network settings file:
vi /etc/network/interfaces
-
At the end of the data block of the corresponding network interface, add the desired route:
up route add -net <ip> netmask <netmask> gw <gateway>
down route del -net <ip> netmask <netmask> gw <gateway>Specify:
<ip>
is the subnet to which the route is needed (for example,192.168.1.0
);<netmask>
is the subnet mask to which the route is needed (for example,255.255.255.0
);<gateway>
is the gateway for the current server's subnet, which is specified on the global router.
-
If you need to write multiple routes, add them sequentially in the same block.
-
Save the file.
-
Restart the network:
sudo /etc/init.d/networking restart
-
Open the CLI.
-
Disable network configuration. To do this, create the
99-disable-network-config.cfg
file:echo "network: {config: disabled}" >> /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
-
Add the desired route:
echo "<ip/mask> via <gateway>" > /etc/sysconfig/network-scripts/route-eth0
Specify:
<ip/mask>
— the subnet to which the route is needed, specifying the mask (for example,192.168.1.0.0/24
);<gateway>
is the gateway for the current server's subnet, which is specified on the global router.
-
If you need to add multiple routes, specify them in one command. Specify each route on a new line, e.g.:
echo "192.168.1.0.0/24 via 192.168.0.1
192.168.2.0/24 via 192.168.0.1" >> /etc/sysconfig/network-scripts/route-eno2 -
Restart the network:
systemctl restart network
-
Add the required routes one at a time:
route -p ADD <ip> MASK <netmask> <gateway> METRIC <x>
Specify:
<ip>
is the subnet to which the route is needed (for example,192.168.1.0
);<netmask>
is the subnet mask to which the route is needed (for example,255.255.255.0
);<gateway>
is the gateway for the current server's subnet, which is specified on the global router.<x>
is a number that specifies the priority of the specified gateway, 1 being the highest priority.
4. Write static routes in a Managed Kubernetes cluster
If the source subnet has Managed Kubernetes cluster nodes, after creating a static route, update the routing rules — sequentially disable and enable all cluster nodes.
5. write static routes in a cloud database cluster
If the source subnet has a cloud database cluster, update the routing rules after creating a static route:
- create a ticket;
- or recreate the cloud database cluster, such as restoring it from a backup. See Restore cluster (example for PostgreSQL) for details.
6. Optional: write static routes on cloud load balancer
If the source subnet has cloud load balancers and static routing is needed for your network configuration, after creating the static route, update the routing rules — perform emergency switchover balancer amphora: