Static routes

Static routes

Static routing can be used if there is a device on the cloud subnet that acts as a router. For example, global router, cloud router, or cloud server.

Static routes can be configured:

from the private subnets;
subnets of the global router;
subnets of cross-project networks — only through OpenStack CLI;
public subnets — only through the OpenStack CLI.

Examples of solved problems⁠

Internet access for a network connected to a global router⁠

For example, a cloud private network is connected to a global router and you need to:

configure internet access for the cloud servers that reside on this cloud private network;
configure internet access for the Managed Kubernetes cluster private network to deploy nodes;
Use the public address for a cloud server or for a load balancer on a private network;
Use the cloud router as a gateway to access the internet for servers or hosts from other pools and services.

Sending traffic via cloud server (proxy)⁠

If you need to send traffic to other networks, you can use the cloud server as a gateway and configure static routing. For example:

configure access to the Internet from a subnet;
configure connectivity to the external infrastructure via VPN.

Configure static routing⁠

Create static routes.
Write static routes on cloud server.
Modify cloud server network configuration files.
Write static routes on Managed Kubernetes cluster nodes.
Write static routes in a cloud database cluster.
Optional: write-static-routes-on-cloud-load-balancer.

1. Create static routes⁠

You can use as the source subnet:

a private subnet;
subnet of the global router;
subnet of cross-project networks — only through OpenStack CLI;
public subnet — only through the OpenStack CLI.

You cannot set a metric (route weight or cost) for a static route, so you cannot create two or more routes with the same source subnet and destination subnet.

Control panel
OpenStack CLI

In Control Panel, go to Cloud Platform → Network.
Open the Private Networks tab.
Open the private network card → Static Routes tab.
Press Create Route.
Select the source subnet. You can select a private subnet or a global router subnet.
Enter the CIDR of the destination subnet, which is the subnet to which traffic will be routed.
Enter the gateway (next-hop), which is the IP address through which all cloud servers from the source subnet will route traffic to the destination subnet. You can enter any source subnet address.
Press Add.

Open OpenStack CLI.
Create a static route:
```
openstack subnet set /
  --host-route destination=<destination_subnet_cidr>,gateway=<next_hop_ip> /
  <subnet_uuid>
```
Specify:
- <destination_subnet_cidr> — CIDR of the destination subnet to which the traffic will be routed;
- <next_hop_ip> — gateway (next-hop) — the IP address through which all cloud servers from the source subnet will route traffic to the destination subnet. You can enter any source subnet address;
- <subnet_uuid> — ID or name of the source subnet, can be viewed with openstack subnet list. You can select a private subnet, a global router subnet, a cross-project subnet, and a public subnet.
If you have previously created a static route and want to delete it and write a new one at the same time, use the --no-host-route parameter:
```
openstack subnet set /
  --no-host-route /
  --host-route destination=<destination_subnet_cidr>, gateway=<next_hop_ip> /
  <subnet_id>
```
Verify that a static route is added — the destination (destination subnet) and gateway (gateway) parameters in the command output:
```
openstack subnet show <subnet_id>
```

2. Write static routes on the cloud server⁠

If there are cloud servers in the source subnet, after creating a static route, you need to update the routing rules — write routes on all cloud servers in the subnet. The algorithm depends on whether DHCP is enabled on the source subnet.

See if the source subnet's DHCP is enabled. In Control Panel, go to Cloud Platform → Network. Open the network card → Subnets tab → DHCP toggle switch.
Configure static routes depending on whether DHCP is enabled or disabled on the source subnet:

DHCP enabled
DHCP disabled

If DHCP is enabled on the source subnet, static routes will be automatically written to the servers within 24 hours after the routes are created.

write routes at once⁠

You can write routes all at once, use one of the options:

sequentially turn cloud server off and on;
re-request information from the DHCP server on the cloud server:
```
dhclient eth0
```
Here eth0 is the interface name.

New routes will be added without deleting old routes;
turn off, turn on the port, and re-request information from the DHCP server on the cloud server:
```
INTERFACE=eth0; ip link set $INTERFACE down && ip link set $INTERFACE up && dhclient $INTERFACE
```
Here eth0 is the interface name.

New routes will be added without deleting old routes.

3. Modify cloud server network configuration files⁠

You must manually assign static routes to a cloud server on the source subnet if DHCP is disabled on the subnet and:

cloud server is created from an image without cloud-init or cloudbase-init agent;
Before creating a static route on the source subnet, a cloud server was created from a cloud-init or cloudbase-init agent image, with Manual in the network configuration file on the server specified in the Port Configuration block of the server.

carefully

If you enable DHCP on a subnet in the future, the writed static routes may no longer work — DHCP applies its own settings to all servers.

Ubuntu
Debian
CentOS
Windows

Connect to server.
Open the CLI.

Disable network configuration. To do this, create the 99-disable-network-config.cfg file:

echo "network: {config: disabled}" >> /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg

Open the configuration file:

vi /etc/network/interfaces.d/50-cloud-init.cfg

At the end of the data block of the corresponding network interface, add the desired route:
```
up route add -net <ip> netmask <netmask> gw <gateway>
```
Specify:
- <ip> is the subnet to which the route is needed (for example, 192.168.1.0);
- <netmask> is the subnet mask to which the route is needed (for example, 255.255.255.0);
- <gateway> is the gateway for the current server's subnet, which is specified on the global router.
If you need to write multiple routes, add them sequentially in the same block.
Reboot server.

Connect to server.
Open the CLI.
Open the network settings file:
```
vi /etc/network/interfaces
```
At the end of the data block of the corresponding network interface, add the desired route:
```
up route add -net <ip> netmask <netmask> gw <gateway>
down route del -net <ip> netmask <netmask> gw <gateway>
```
Specify:
- <ip> is the subnet to which the route is needed (for example, 192.168.1.0);
- <netmask> is the subnet mask to which the route is needed (for example, 255.255.255.0);
- <gateway> is the gateway for the current server's subnet, which is specified on the global router.
If you need to write multiple routes, add them sequentially in the same block.
Save the file.
Restart the network:
```
sudo /etc/init.d/networking restart
```

Connect to server.
Open the CLI.

Disable network configuration. To do this, create the 99-disable-network-config.cfg file:

echo "network: {config: disabled}" >> /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg

Add the desired route:
```
echo "<ip/mask> via <gateway>" > /etc/sysconfig/network-scripts/route-eth0
```
Specify:
- <ip/mask> — the subnet to which the route is needed, specifying the mask (for example, 192.168.1.0.0/24);
- <gateway> is the gateway for the current server's subnet, which is specified on the global router.

If you need to add multiple routes, specify them in one command. Specify each route on a new line, e.g.:

echo "192.168.1.0.0/24 via 192.168.0.1
192.168.2.0/24 via 192.168.0.1" >> /etc/sysconfig/network-scripts/route-eno2

Restart the network:
```
systemctl restart network
```

Connect to server.
Add the required routes one at a time:
```
route -p ADD <ip> MASK <netmask> <gateway> METRIC <x>
```
Specify:
- <ip> is the subnet to which the route is needed (for example, 192.168.1.0);
- <netmask> is the subnet mask to which the route is needed (for example, 255.255.255.0);
- <gateway> is the gateway for the current server's subnet, which is specified on the global router.
- <x> is a number that specifies the priority of the specified gateway, 1 being the highest priority.

4. Write static routes in a Managed Kubernetes cluster⁠

If the source subnet has Managed Kubernetes cluster nodes, after creating a static route, update the routing rules — sequentially disable and enable all cluster nodes.

5. write static routes in a cloud database cluster⁠

If the source subnet has a cloud database cluster, update the routing rules after creating a static route:

create a ticket;
or recreate the cloud database cluster, such as restoring it from a backup. See Restore cluster (example for PostgreSQL) for details.

6. Optional: write static routes on cloud load balancer⁠

If the source subnet has cloud load balancers and static routing is needed for your network configuration, after creating the static route, update the routing rules — perform emergency switchover balancer amphora:

create a ticket;
or recreate load balancer.

Examples of solved problems⁠​

Internet access for a network connected to a global router⁠​

Sending traffic via cloud server (proxy)⁠​

Configure static routing⁠​

1. Create static routes⁠​

2. Write static routes on the cloud server⁠​

write routes at once⁠​

3. Modify cloud server network configuration files⁠​

4. Write static routes in a Managed Kubernetes cluster⁠​

5. write static routes in a cloud database cluster⁠​

6. Optional: write static routes on cloud load balancer⁠​