Fix static routes to be added to PBR tables in VPC routers

bhouse-nexthop · bradh352 · commit 8a60b8019546 · 2026-03-18T15:16:45.000-04:00
Static routes were only being added to the main routing table, but policy-based routing (PBR) is active on VPC routers. This caused traffic coming in from specific interfaces to not find the static routes, as they use interface-specific routing tables (Table_ethX). This fix: - Adds a helper method to find which interface a gateway belongs to by matching the gateway IP against configured interface subnets - Modifies route add/delete operations to update both the main table and the appropriate interface-specific PBR table - Uses existing CsAddress databag metadata to avoid OS queries - Handles both add and revoke operations for proper cleanup - Adds comprehensive logging for troubleshooting Fixes #12857
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsStaticRoutes.py b/systemvm/debian/opt/cloud/bin/cs/CsStaticRoutes.py
@@ -20,6 +20,7 @@
 import logging
 from . import CsHelper
 from .CsDatabag import CsDataBag
+from .CsRoute import CsRoute
 
 
 class CsStaticRoutes(CsDataBag):
@@ -31,13 +32,68 @@ def process(self):
                 continue
             self.__update(self.dbag[item])
 
+    def __find_device_for_gateway(self, gateway_ip):
+        """
+        Find which ethernet device the gateway IP belongs to by checking
+        if the gateway is in any of the configured interface subnets.
+        Returns device name (e.g., 'eth2') or None if not found.
+        """
+        try:
+            # Get all configured interfaces from the address databag
+            interfaces = self.config.address().get_interfaces()
+
+            for interface in interfaces:
+                if not interface.is_added():
+                    continue
+
+                # Check if gateway IP is in this interface's subnet
+                if interface.ip_in_subnet(gateway_ip):
+                    return interface.get_device()
+
+            logging.debug("No matching device found for gateway %s" % gateway_ip)
+            return None
+        except Exception as e:
+            logging.error("Error finding device for gateway %s: %s" % (gateway_ip, e))
+            return None
+
     def __update(self, route):
+        network = route['network']
+        gateway = route['gateway']
+
         if route['revoke']:
-            command = "ip route del %s via %s" % (route['network'], route['gateway'])
+            # Delete from main table
+            command = "ip route del %s via %s" % (network, gateway)
             CsHelper.execute(command)
+
+            # Delete from PBR table if applicable
+            device = self.__find_device_for_gateway(gateway)
+            if device:
+                cs_route = CsRoute()
+                table_name = cs_route.get_tablename(device)
+                command = "ip route del %s via %s table %s" % (network, gateway, table_name)
+                CsHelper.execute(command)
+                logging.info("Deleted static route %s via %s from PBR table %s" % (network, gateway, table_name))
         else:
-            command = "ip route show | grep %s | awk '{print $1, $3}'" % route['network']
+            # Add to main table (existing logic)
+            command = "ip route show | grep %s | awk '{print $1, $3}'" % network
             result = CsHelper.execute(command)
             if not result:
-                route_command = "ip route add %s via %s" % (route['network'], route['gateway'])
+                route_command = "ip route add %s via %s" % (network, gateway)
                 CsHelper.execute(route_command)
+                logging.info("Added static route %s via %s to main table" % (network, gateway))
+
+            # Add to PBR table if applicable
+            device = self.__find_device_for_gateway(gateway)
+            if device:
+                cs_route = CsRoute()
+                table_name = cs_route.get_tablename(device)
+                # Check if route already exists in the PBR table
+                check_command = "ip route show table %s | grep %s | awk '{print $1, $3}'" % (table_name, network)
+                result = CsHelper.execute(check_command)
+                if not result:
+                    # Add route to the interface-specific table
+                    route_command = "ip route add %s via %s dev %s table %s" % (network, gateway, device, table_name)
+                    CsHelper.execute(route_command)
+                    logging.info("Added static route %s via %s to PBR table %s" % (network, gateway, table_name))
+            else:
+                logging.info("Static route %s via %s added to main table only (no matching interface found for PBR table)" % (network, gateway))
