Skip to content

Static Routes with nexthop non-functional for private gateways#12859

Open
bhouse-nexthop wants to merge 1 commit intoapache:4.22from
bhouse-nexthop:fix-static-route-pbr
Open

Static Routes with nexthop non-functional for private gateways#12859
bhouse-nexthop wants to merge 1 commit intoapache:4.22from
bhouse-nexthop:fix-static-route-pbr

Conversation

@bhouse-nexthop
Copy link

@bhouse-nexthop bhouse-nexthop commented Mar 18, 2026

Description

Static routes were only being added to the main routing table, but policy-based routing (PBR) is active on VPC routers. This caused traffic coming in from specific interfaces to not find the static routes, as they use interface-specific routing tables (Table_ethX).

This fix:

  • Adds a helper method to find which interface a gateway belongs to by matching the gateway IP against configured interface subnets
  • Modifies route add/delete operations to update both the main table and the appropriate interface-specific PBR table
  • Uses existing CsAddress databag metadata to avoid OS queries
  • Handles both add and revoke operations for proper cleanup
  • Adds comprehensive logging for troubleshooting

Fixes #12857

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • Build/CI
  • Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

See #12857 for the tested scenario

How did you try to break this feature and the system with this change?

@boring-cyborg
Copy link

boring-cyborg bot commented Mar 18, 2026

Congratulations on your first Pull Request and welcome to the Apache CloudStack community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md)
Here are some useful points:

@bhouse-nexthop bhouse-nexthop changed the title Fix static routes to be added to PBR tables in VPC routers Static Routes with nexthop non-functional for private gateways Mar 18, 2026
@bhouse-nexthop bhouse-nexthop force-pushed the fix-static-route-pbr branch 2 times, most recently from f51b1ab to 1141a7a Compare March 18, 2026 18:35
@bhouse-nexthop bhouse-nexthop marked this pull request as ready for review March 18, 2026 19:03
@bhouse-nexthop bhouse-nexthop changed the base branch from main to 4.22 March 18, 2026 19:13
@bhouse-nexthop bhouse-nexthop changed the base branch from 4.22 to main March 18, 2026 19:14
@bhouse-nexthop @bradh352
Fix static routes to be added to PBR tables in VPC routers
8a60b80 
Static routes were only being added to the main routing table, but
policy-based routing (PBR) is active on VPC routers. This caused
traffic coming in from specific interfaces to not find the static
routes, as they use interface-specific routing tables (Table_ethX).

This fix:
- Adds a helper method to find which interface a gateway belongs to
  by matching the gateway IP against configured interface subnets
- Modifies route add/delete operations to update both the main table
  and the appropriate interface-specific PBR table
- Uses existing CsAddress databag metadata to avoid OS queries
- Handles both add and revoke operations for proper cleanup
- Adds comprehensive logging for troubleshooting

Fixes apache#12857
@bhouse-nexthop bhouse-nexthop changed the base branch from main to 4.22 March 18, 2026 19:18
@DaanHoogland DaanHoogland added this to the 4.22.1 milestone Mar 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment