From 1d5af38ed751c768e59b80bed8f8981a4fd19c87 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Wed, 8 Nov 2017 12:08:02 +0200 Subject: [PATCH] NSX|V prevent adding illegal routes The nsx-v backend does not suport adding a route where the nexthop is part of the destination. This patch skips it (instead of failing at the backend) and also skips a tempest test that tries the same thing Change-Id: I41181d43cffbf0e5cbb63069ed864683834c77b9 --- devstack/nsx_v/devstackgaterc | 1 + vmware_nsx/plugins/nsx_v/vshield/edge_utils.py | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/devstack/nsx_v/devstackgaterc b/devstack/nsx_v/devstackgaterc index 2b22085fb1..56d275e390 100644 --- a/devstack/nsx_v/devstackgaterc +++ b/devstack/nsx_v/devstackgaterc @@ -23,6 +23,7 @@ r="^(?!.*" r="$r(?:tempest\.api\.network\.test_ports\.PortsTestJSON\.test_create_update_port_with_second_ip.*)" r="$r|(?:tempest\.api\.network\.test_floating_ips\.FloatingIPTestJSON\.test_create_update_floatingip_with_port_multiple_ip_address.*)" +r="$r|(?:tempest\.api\.network\.test_routers\.RoutersTest\.test_update_delete_extra_route.*)" # End list of exclusions. r="$r)" diff --git a/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py b/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py index fadc402d60..5cd52a7984 100644 --- a/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py +++ b/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py @@ -2225,6 +2225,14 @@ def update_routes(edge_manager, context, router_id, routes, nexthop=None): else: vnic_binding = nsxv_db.get_edge_vnic_binding( context.session, edge_id, route['network_id']) + if (netaddr.IPAddress(route['nexthop']) in + netaddr.IPNetwork(route['destination'])): + # check that the nexthop is not in the destination + LOG.error("Cannot add route with nexthop %(nexthop)s " + "contained in the destination: %(dest)s.", + {'dest': route['destination'], + 'nexthop': route['nexthop']}) + continue if vnic_binding and vnic_binding.get('vnic_index'): edge_routes.append({ 'vnic_index': vnic_binding['vnic_index'],