Currently we allow users to create additional workloads besides the primary workload network at enablement time. However, HAProxy has no ability to route to these additional workload networks, which means that if service type=LB are created, but that service lives on a network that is not the primary workload network or frontend network, then the packets will not be able to reach their destinations.
Solution
This change adds an additional field in the OVF wizard called Additional Workload Networks that allows the user to specify a comma-delimited list of networks (specified in CIDR format) to program in its routing table. Route rules are created to reach these networks via the workload networks, because it is a requirement that all workload networks are routable to each other. By using the workload network as the default gateway, we expect the router will deliver the packets to their correct destination.
This change also fixes some minor bugs in the logic to generate the route tables and associated config files.
Testing
Verified services that live on the additional workload networks besides the primary and frontend networks were reachable and could obtain load balancer frontend IP addresses.
Problem
Currently we allow users to create additional workloads besides the primary workload network at enablement time. However, HAProxy has no ability to route to these additional workload networks, which means that if service type=LB are created, but that service lives on a network that is not the primary workload network or frontend network, then the packets will not be able to reach their destinations.
Solution
This change adds an additional field in the OVF wizard called Additional Workload Networks that allows the user to specify a comma-delimited list of networks (specified in CIDR format) to program in its routing table. Route rules are created to reach these networks via the workload networks, because it is a requirement that all workload networks are routable to each other. By using the workload network as the default gateway, we expect the router will deliver the packets to their correct destination.
This change also fixes some minor bugs in the logic to generate the route tables and associated config files.
Testing
Verified services that live on the additional workload networks besides the primary and frontend networks were reachable and could obtain load balancer frontend IP addresses.