On 15 December 2014 at 01:18, John Meinel <[email protected]> wrote: > > That sounds like you're just excluding the entire 10.0.* range from going > via the Gateway, which is fine, but then why isn't the subnet mask 10.0/16 > in the first place ? Or maybe it even needs to be 10.0.0.0/8 ? >
The internal IPs and netmasks being used by instances are assigned by Joyent. Juju isn't deciding on the netmasks - Joyent is assigns various 10.x.x.x/21 networks. When 2 machines end up on different internal networks then traffic destined for the other networks goes out the public interface and gets dropped at the next hop (probably by anti-spoofing configuration on a router/firewall). > Probably the big concern for something like 10.0.0.0/8 would be if/when > we do overlay networks and then there are separate 10.? networks that > shouldn't be routed the same. > Agreed that this is a concern but at least if a single 10/8 route is added, any more specific routes for 10.x.x.x that also get added for overlay networks will take precedence (Linux uses the most specific route). Not ideal though. Joyent support has gotten back to me and have repeated what I already found in that forum post: that a static route should be added. They also mention: "this is a known bug in previous platform images(the underlying cloudOS). The operations team is working to update the impacted images, but the solution is to add route statements to allow access to the respective VLANS." I presume the "bug" as far as they're concerned is that the routes aren't added automatically. After discussing with Tim, I'm going to make a change to have cloud-init create the static route for Joyent deployments, with a ticket to track the fact that this hack is in place. - Menno >
-- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
