Joyent networking issues

[Menno Smits]

On 15 December 2014 at 01:18, John Meinel <john at arbash-meinel.com> wrote:
>
> That sounds like you're just excluding the entire 10.0.* range from going
> via the Gateway, which is fine, but then why isn't the subnet mask 10.0/16
> in the first place ? Or maybe it even needs to be 10.0.0.0/8 ?
>

The internal IPs and netmasks being used by instances are assigned by
Joyent. Juju isn't deciding on the netmasks - Joyent is assigns various
10.x.x.x/21 networks. When 2 machines end up on different internal networks
then traffic destined for the other networks goes out the public interface
and gets dropped at the next hop (probably by anti-spoofing configuration
on a router/firewall).



> Probably the big concern for something like 10.0.0.0/8 would be if/when
> we do overlay networks and then there are separate 10.? networks that
> shouldn't be routed the same.
>

Agreed that this is a concern but at least if a single 10/8 route is added,
any more specific routes for 10.x.x.x that also get added for overlay
networks will take precedence (Linux uses the most specific route). Not
ideal though.

Joyent support has gotten back to me and have repeated what I already found
in that forum post: that a static route should be added. They also mention:
"this is a known bug in previous platform images(the underlying cloudOS).
The operations team is working to update the impacted images, but the
solution is to add route statements to allow access to the respective
VLANS."  I presume the "bug" as far as they're concerned is that the routes
aren't added automatically.

After discussing with Tim, I'm going to make a change to have cloud-init
create the static route for Joyent deployments, with a ticket to track the
fact that this hack is in place.

- Menno












>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju-dev/attachments/20141215/66d6326e/attachment.html>