1 files changed, 21 insertions, 7 deletions

diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml
index 472e539d..ecbf2efb 100644
--- a/network/config/single-nic-vlans/controller-v6.yaml
+++ b/network/config/single-nic-vlans/controller-v6.yaml
@@ -59,10 +59,6 @@ parameters:
     default: 60
     description: Vlan ID for the management network traffic.
     type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
   ControlPlaneSubnetCidr: # Override this via parameter_defaults
     default: '24'
     description: The subnet CIDR of the control plane network.
@@ -70,6 +66,14 @@ parameters:
   ControlPlaneDefaultRoute: # Override this via parameter_defaults
     description: The default route of the control plane network.
     type: string
+  ExternalInterfaceDefaultRoute:
+    default: '10.0.0.1'
+    description: default route for the external network
+    type: string
+  ManagementInterfaceDefaultRoute: # Commented out by default in this template
+    default: unset
+    description: The default route of the management network.
+    type: string
   DnsServers: # Override this via parameter_defaults
     default: []
     description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
@@ -102,6 +106,7 @@ resources:
                 -
                   ip_netmask: 169.254.169.254/32
                   next_hop: {get_param: EC2MetadataIp}
+                # IPv4 Default Route
                 -
                   default: true
                   next_hop: {get_param: ControlPlaneDefaultRoute}
@@ -115,9 +120,10 @@ resources:
                   type: vlan
                   vlan_id: {get_param: ExternalNetworkVlanID}
                   addresses:
-                  -
-                    ip_netmask: {get_param: ExternalIpSubnet}
+                    -
+                      ip_netmask: {get_param: ExternalIpSubnet}
                   routes:
+                    # IPv6 Default Route
                     -
                       default: true
                       next_hop: {get_param: ExternalInterfaceDefaultRoute}
@@ -145,12 +151,20 @@ resources:
                   addresses:
                     -
                       ip_netmask: {get_param: TenantIpSubnet}
-                #-  # Uncomment when including environments/network-management.yaml
+                # Uncomment when including environments/network-management.yaml
+                # If setting default route on the Management interface, comment
+                # out the default route on the External interface. This will
+                # make the External API unreachable from remote subnets.
+                #-
                 #  type: vlan
                 #  vlan_id: {get_param: ManagementNetworkVlanID}
                 #  addresses:
                 #    -
                 #      ip_netmask: {get_param: ManagementIpSubnet}
+                #  routes:
+                #    -
+                #      default: true
+                #      next_hop: {get_param: ManagementInterfaceDefaultRoute}
 
 outputs:
   OS::stack_id: