Static Routes for Private Subnets
You can configure static routes to provide network connectivity between cloud servers on different subnets that are not connected by a router.
Static routes can only be configured from a private subnet. You cannot select the following as source subnets:
- public subnets;
- subnets on cross-project networks in subprojects (where the network was «shared» to);
- Selectel global router (formerly L3VPN).
Creating a Static Route in the Control Panel
You can only create a static route on a private network that has at least one subnet.
To create a static route, from the Control panel:
- Go to the Network section.
- Open the Private networks tab.
- Select the required network and open the Static routes tab in its card.
- Click Create route.
- Select the Source subnet — you can select any subnet created in the source network.
- Specify the Destination subnet (destination) — the subnet that traffic will be directed to. You can enter any private or public subnet.
- Enter the Gateway (next-hop) — the address through which all servers from the source subnet will route traffic to the destination subnet. You can enter any source subnet address.
- Click Add.
- After creating a static route, be sure to configure them on the subnet servers.
Please note that you cannot set a metric (weight or cost of the route) for a static route, therefore you cannot create two or more routes with the same source and destination subnets.
Configuring Static Routes on Servers
After creating a static route, you need to apply it to the servers on the source subnet. Route configuration depends on whether DHCP is enabled or disabled on the source subnet.
If DHCP is Enabled on the Subnet
You can enable DHCP on the Subnets tab in the network card.
If DHCP is enabled on the subnet, then static routes will be automatically registered on the subnet servers within 24 hours after creation. If you need to apply the new settings faster, use one of the options:
- start and stop the server sequentially;
- use the dhclient eth0 command, where eth0 is the interface name. This command re-requests all information from the DHCP server — new routes will be added, while the old ones will not be deleted;
- use the INTERFACE=eth0; ip link set $INTERFACE down && ip link set $INTERFACE up && dhclient $INTERFACE command, where eth0 is the interface name. This command disables and enables the port, and then re-requests all information from the DHCP server. In this case, the old routes will be deleted, and the new ones will be added.
If DHCP is Disabled on the Subnet
To automatically configure static routes on servers, you can enable DHCP on the Subnets tab in the network card.
If you want DHCP to be disabled, then configuring static routes on the servers depends on whether the cloud-init or cloudbase-init agent has been configured in the images from that the servers on the original subnet were created from. These agents are preinstalled in all pre-built images available in the Cloud platform, as well as in uploaded compatible Linux images.
The cloud-init or cloudbase-init agent is installed in the server image
In this case, the agent will be responsible for the network configuration. Its work depends on the moment at which the static routes are configured:
-
if static routes were configured for a subnet first, and then servers were created in it, then all the settings for static routes will be automatically registered in the server configuration files;
-
if the servers were created first, and then static routes were configured, then further actions depend on which option is selected on the Settings tab on the server page. If the following option is selected:
- on the Ports tab inside the card of the server, then to configure static routes on the server, you need to sequentially stop and start each server on the source subnet;
- manually in the network configuration file on the server, then you need to go to the configuration file of each server on the source subnet and register static routes manually, because the agent will not be able to apply the settings.
You can switch options during operation. Switching options is not available for Linux servers with the scarlet-init agent.
The cloud-init or cloudbase-init agent is not installed in the server image
In this case, we do not recommend configuring static routes through the Control panel, because the settings will not be automatically applied to the servers on the subnet. Static routes must be registered in the configuration file of each server on the subnet.
If DHCP is enabled later on, then all manual settings may stop working. This is because DHCP applies its own settings to all servers, which may conflict with the settings specified in the configuration file.
Configuring Static Routes for Managed Database and Kubernetes Clusters
Managed Database
For new database clusters, all created static routes configured on the cluster subnet will be applied automatically.
Kubernetes
On the Kubernetes cluster nodes, static routes will be applied in the same way as for regular cloud servers.
To apply new routes on existing cluster nodes, contact technical support.
Creating a Static Route through CLI
Learn more about getting started with the OpenStack CLI.
You can only create a static route on a private network with at least one subnet. You can create them according to the Managing networks through CLI instructions.
Open a list of all subnets in the project:
openstack subnet list
The subnet list will look as follows:
+---------------------+----------------+----------------------+----------------+
| ID | Name | Network | Subnet |
+---------------------+----------------+----------------------+----------------+
| 2da17a11-ef95-4e90- | 192.168.0.0/24 | b201e006-10b8-1abc-a | 192.168.0.0/24 |
| a4da-5cb1e169d7b0 | | 1c9-daa78407a1a1 | |
+---------------------+----------------+----------------------+----------------+
Display subnet details:
openstack subnet show <subnet id>
The command output shows that nothing is specified in host_routes — no static route has been created:
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.0.2-192.168.0.254 |
| cidr | 192.168.0.0/24 |
| created_at | 2021-04-09T07:54:37Z |
| description | |
| dns_nameservers | 188.93.16.19, 188.93.17.19 |
| dns_publish_fixed_ip | None |
| enable_dhcp | False |
| gateway_ip | 192.168.0.1 |
| host_routes | |
| id | 2da17a11-ef95-4e90-a4da-5cb1e169d7b0 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | 192.168.0.0/24 |
| network_id | b201e006-10b8-1abc-a1c9-daa78407a1a1 |
| prefix_length | None |
| project_id | 4ae1020346104d56aa9341a777bb01da |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2021-04-09T07:54:37Z |
+----------------------+--------------------------------------+
Create a static route. For example, you want all virtual machines from the 192.168.0.0/24 subnet to have access to the 192.168.19.0/24 subnet through the 192.168.0.20 gateway:
openstack subnet set --host-route destination=192.168.19.0/24,gateway=192.168.0.20 <subnet id>
Make sure that the destination subnet and gateway are added in the host_routes parameter:
openstack subnet show <subnet id>
Output:
+----------------------+-------------------------------------------------------+
| Field | Value |
+----------------------+-------------------------------------------------------+
| allocation_pools | 192.168.0.2-192.168.0.254 |
| cidr | 192.168.0.0/24 |
| created_at | 2021-04-09T07:54:37Z |
| description | |
| dns_nameservers | 188.93.16.19, 188.93.17.19 |
| dns_publish_fixed_ip | None |
| enable_dhcp | False |
| gateway_ip | 192.168.0.1 |
| host_routes | destination='192.168.19.0/24', gateway='192.168.0.20' |
| id | 2da17a11-ef95-4e90-a4da-5cb1e169d7b0 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | 192.168.0.0/24 |
| network_id | b201e006-10b8-1abc-a1c9-daa78407a1a1 |
| prefix_length | None |
| project_id | 4ae1020346104d56aa9341a777bb01da |
| revision_number | 1 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2021-04-09T08:10:09Z |
+----------------------+-------------------------------------------------------+
If a Static Route Was Created Earlier
If you need to delete the old static route and register a new one immediately, you must specify --no-host-route along with the --host-route parameter:
openstack subnet set --no-host-route --host-route destination=192.168.24.0/24,gateway=192.168.0.40 <subnet id>
Check the updated host_routes parameter:
openstack subnet show <subnet id>
Output:
+----------------------+-------------------------------------------------------+
| Field | Value |
+----------------------+-------------------------------------------------------+
| allocation_pools | 192.168.0.2-192.168.0.254 |
| cidr | 192.168.0.0/24 |
| created_at | 2021-04-09T07:54:37Z |
| description | |
| dns_nameservers | 188.93.16.19, 188.93.17.19 |
| dns_publish_fixed_ip | None |
| enable_dhcp | False |
| gateway_ip | 192.168.0.1 |
| host_routes | destination='192.168.24.0/24', gateway='192.168.0.40' |
| id | 2da17a11-ef95-4e90-a4da-5cb1e169d7b0 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | 192.168.0.0/24 |
| network_id | b201e006-10b8-1abc-a1c9-daa78407a1a1 |
| prefix_length | None |
| project_id | 4ae1020346104d56aa9341a777bb01da |
| revision_number | 2 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2021-04-09T08:11:08Z |
+----------------------+-------------------------------------------------------+
Creating a Static Route through Terraform
Using Terraform, you can create and configure static routes on the servers — an example on GitHub.