1 files changed, 22 insertions, 4 deletions

diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml
index 7869ebfc..1361d969 100644
--- a/network/config/bond-with-vlans/controller-v6.yaml
+++ b/network/config/bond-with-vlans/controller-v6.yaml
@@ -40,6 +40,11 @@ parameters:
     description: The ovs_options string for the bond interface. Set things like
                  lacp=active and/or bond_mode=balance-slb using this option.
     type: string
+    constraints:
+      - allowed_pattern: "^((?!balance.tcp).)*$"
+        description: |
+          The balance-tcp bond mode is known to cause packet loss and
+          should not be used in BondInterfaceOvsOptions.
   ExternalNetworkVlanID:
     default: 10
     description: Vlan ID for the external network traffic.
@@ -64,10 +69,6 @@ parameters:
     default: 60
     description: Vlan ID for the management network traffic.
     type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
   ControlPlaneSubnetCidr: # Override this via parameter_defaults
     default: '24'
     description: The subnet CIDR of the control plane network.
@@ -75,6 +76,14 @@ parameters:
   ControlPlaneDefaultRoute: # Override this via parameter_defaults
     description: The default route of the control plane network.
     type: string
+  ExternalInterfaceDefaultRoute:
+    default: '10.0.0.1'
+    description: default route for the external network
+    type: string
+  ManagementInterfaceDefaultRoute: # Commented out by default in this template
+    default: unset
+    description: The default route of the management network.
+    type: string
   DnsServers: # Override this via parameter_defaults
     default: []
     description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -106,6 +115,7 @@ resources:
                 -
                   ip_netmask: 169.254.169.254/32
                   next_hop: {get_param: EC2MetadataIp}
+                # IPv4 Default Route
                 -
                   default: true
                   next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -134,6 +144,7 @@ resources:
                     -
                       ip_netmask: {get_param: ExternalIpSubnet}
                   routes:
+                    # IPv6 Default Route
                     -
                       default: true
                       next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -166,6 +177,9 @@ resources:
                     -
                       ip_netmask: {get_param: TenantIpSubnet}
                 # Uncomment when including environments/network-management.yaml
+                # If setting default route on the Management interface, comment
+                # out the default route on the External interface. This will
+                # make the External API unreachable from remote subnets.
                 #-
                 #  type: vlan
                 #  device: bond1
@@ -173,6 +187,10 @@ resources:
                 #  addresses:
                 #    -
                 #      ip_netmask: {get_param: ManagementIpSubnet}
+                #  routes:
+                #    -
+                #      default: true
+                #      next_hop: {get_param: ManagementInterfaceDefaultRoute}
 
 outputs:
   OS::stack_id: