Stop calling CreateDefaultRouteToExternal for UDNs by default

trozet · trozet · commit bf5b8d41d2d1 · 2025-06-10T11:33:44.000-04:00
This is unnecessary because there is another UDN path that will call
this code:

secondary_layer2/3_controller -&gt; addUpdateLocalNodeEvent -&gt;
ensureRouterPoliciesForNetwork -&gt; CreateDefaultRouteToExternal

Signed-off-by: Tim Rozet &lt;trozet@redhat.com&gt;
diff --git a/go-controller/pkg/ovn/egressip.go b/go-controller/pkg/ovn/egressip.go
@@ -2050,28 +2050,10 @@ func (e *EgressIPController) addEgressNode(node *corev1.Node) error {
 			// NOTE3: When the node gets deleted we do not remove this route intentionally because
 			// on IC if the node is gone, then the ovn_cluster_router is also gone along with all
 			// the routes on it.
-			processNetworkFn := func(ni util.NetInfo) error {
-				if ni.TopologyType() == types.Layer2Topology || len(ni.Subnets()) == 0 {
-					return nil
-				}
-				if err := libovsdbutil.CreateDefaultRouteToExternal(e.nbClient, ni.GetNetworkScopedClusterRouterName(),
-					ni.GetNetworkScopedGWRouterName(node.Name), ni.Subnets()); err != nil {
-					return fmt.Errorf("failed to create route to external for network %s: %v", ni.GetNetworkName(), err)
-				}
-				return nil
-			}
 			ni := e.networkManager.GetNetwork(types.DefaultNetworkName)
-			if ni == nil {
-				return fmt.Errorf("failed to get default network from NAD controller")
-			}
-			if err := processNetworkFn(ni); err != nil {
-				return fmt.Errorf("failed to process default network: %v", err)
-			}
-			if !isEgressIPForUDNSupported() {
-				return nil
-			}
-			if err := e.networkManager.DoWithLock(processNetworkFn); err != nil {
-				return fmt.Errorf("failed to process all user defined networks route to external: %v", err)
+			if err := libovsdbutil.CreateDefaultRouteToExternal(e.nbClient, ni.GetNetworkScopedClusterRouterName(),
+				ni.GetNetworkScopedGWRouterName(node.Name), ni.Subnets()); err != nil {
+				return fmt.Errorf("failed to create route to external for network %s: %v", ni.GetNetworkName(), err)
 			}
 		}
 	}
diff --git a/go-controller/pkg/ovn/egressip_udn_l3_test.go b/go-controller/pkg/ovn/egressip_udn_l3_test.go
@@ -17,6 +17,7 @@ import (
 	k8stypes "k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/retry"
 	"k8s.io/klog/v2"
+	"k8s.io/utils/ptr"
 
 	ovncnitypes "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/cni/types"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/config"
@@ -98,6 +99,7 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 		config.OVNKubernetesFeature.EnableMultiNetwork = true
 		config.Gateway.Mode = config.GatewayModeShared
 		config.OVNKubernetesFeature.EgressIPNodeHealthCheckPort = 1234
+		config.Gateway.V4MasqueradeSubnet = dummyMasqueradeSubnet().String()
 
 		app = cli.NewApp()
 		app.Name = "test"
@@ -1195,9 +1197,11 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 				// Add pod IPs to UDN cache
 				iUDN, nUDN, _ := net.ParseCIDR(v4Pod1IPNode1Net1 + "/23")
 				nUDN.IP = iUDN
+				secConInfo.bnc.zone = node1.Name
 				secConInfo.bnc.logicalPortCache.add(&egressPodUDNLocal, "", util.GetNADName(nad.Namespace, nad.Name), "", nil, []*net.IPNet{nUDN})
 				_, err = fakeOvn.fakeClient.EgressIPClient.K8sV1().EgressIPs().Create(context.TODO(), &eIP, metav1.CreateOptions{})
 				gomega.Expect(err).NotTo(gomega.HaveOccurred())
+				gomega.Expect(secConInfo.bnc.WatchNodes()).To(gomega.Succeed())
 				egressSVCServedPodsASv4, _ := buildEgressServiceAddressSets(nil)
 				egressIPServedPodsASCDNv4, _ := buildEgressIPServedPodsAddressSets([]string{podV4IP}, ovntypes.DefaultNetworkName, DefaultNetworkControllerName)
 				egressNodeIPsASv4, _ := buildEgressIPNodeAddressSets([]string{node1IPv4, node2IPv4})
@@ -1325,6 +1329,19 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 						Name:     ovntypes.GWRouterToJoinSwitchPrefix + ovntypes.GWRouterPrefix + networkName1_ + node1.Name,
 						Networks: []string{nodeLogicalRouterIfAddrV4},
 					},
+					&nbdb.NAT{
+						UUID: networkName1_ + node1Name + "-masqueradeNAT-UUID",
+						ExternalIDs: map[string]string{
+							"k8s.ovn.org/topology": "layer3",
+							"k8s.ovn.org/network":  networkName1,
+						},
+						ExternalIP:  "169.254.169.14",
+						LogicalIP:   node1UDNSubnet.String(),
+						LogicalPort: ptr.To("rtos-" + networkName1_ + node1Name),
+						Match:       "eth.dst == 0a:58:14:80:00:02",
+						Type:        nbdb.NATTypeSNAT,
+						Options:     map[string]string{"stateless": "false"},
+					},
 					&nbdb.LogicalRouter{
 						Name:        netInfo.GetNetworkScopedClusterRouterName(),
 						UUID:        netInfo.GetNetworkScopedClusterRouterName() + "-UUID",
@@ -1333,6 +1350,7 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 							fmt.Sprintf("%s-no-reroute-reply-traffic", netInfo.GetNetworkName()),
 							getReRoutePolicyUUID(eipNamespace2, podName2, IPFamilyValueV4, netInfo.GetNetworkName())},
 						StaticRoutes: []string{fmt.Sprintf("%s-reroute-static-route-UUID", netInfo.GetNetworkName())},
+						Nat:          []string{networkName1_ + node1Name + "-masqueradeNAT-UUID"},
 					},
 					&nbdb.LogicalRouter{
 						UUID:        netInfo.GetNetworkScopedGWRouterName(node1.Name) + "-UUID",
@@ -1345,14 +1363,57 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 					&nbdb.LogicalSwitchPort{
 						UUID:      "k8s-" + networkName1_ + node1Name + "-UUID",
 						Name:      "k8s-" + networkName1_ + node1Name,
-						Addresses: []string{"fe:1a:b2:3f:0e:fb " + util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()},
+						Addresses: []string{"0a:58:14:80:00:02 " + util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()},
+					},
+					&nbdb.LogicalSwitchPort{
+						UUID:      "stor-" + networkName1_ + node1Name + "-UUID",
+						Name:      "stor-" + networkName1_ + node1Name,
+						Addresses: []string{"router"},
+						Options:   map[string]string{"router-port": "rtos-" + networkName1_ + node1Name},
+						Type:      "router",
+					},
+					&nbdb.ACL{
+						UUID:      netInfo.GetNetworkScopedSwitchName(node1.Name) + "-NetpolNode-UUID",
+						Direction: nbdb.ACLDirectionToLport,
+						Action:    nbdb.ACLActionAllowRelated,
+						ExternalIDs: map[string]string{
+							"k8s.ovn.org/name":             networkName1_ + node1Name,
+							"ip":                           util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String(),
+							"k8s.ovn.org/id":               fmt.Sprintf("%s-network-controller:NetpolNode:%s:%s", networkName1, networkName1_+node1Name, util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()),
+							"k8s.ovn.org/owner-controller": networkName1 + "-network-controller",
+							"k8s.ovn.org/owner-type":       "NetpolNode",
+						},
+						Match:    fmt.Sprintf("ip4.src==%s", util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()),
+						Meter:    ptr.To(ovntypes.OvnACLLoggingMeter),
+						Priority: ovntypes.PrimaryUDNAllowPriority,
+						Tier:     ovntypes.DefaultACLTier,
 					},
 					&nbdb.LogicalSwitch{
 						UUID:        netInfo.GetNetworkScopedSwitchName(node1.Name) + "-UUID",
 						Name:        netInfo.GetNetworkScopedSwitchName(node1.Name),
-						Ports:       []string{"k8s-" + networkName1_ + node1Name + "-UUID"},
+						Ports:       []string{"k8s-" + networkName1_ + node1Name + "-UUID", "stor-" + networkName1_ + node1Name + "-UUID"},
 						ExternalIDs: map[string]string{ovntypes.NetworkExternalID: netInfo.GetNetworkName(), ovntypes.TopologyExternalID: ovntypes.Layer3Topology},
 						QOSRules:    []string{fmt.Sprintf("%s-QoS-UUID", netInfo.GetNetworkName())},
+						OtherConfig: map[string]string{
+							"exclude_ips": util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String(),
+							"subnet":      node1UDNSubnet.String(),
+						},
+						ACLs: []string{netInfo.GetNetworkScopedSwitchName(node1.Name) + "-NetpolNode-UUID"},
+					},
+					&nbdb.LogicalSwitch{
+						UUID: netInfo.GetNetworkScopedSwitchName(node1.Name) + "TRANSIT-UUID",
+						Name: networkName1_ + ovntypes.TransitSwitch,
+						ExternalIDs: map[string]string{
+							ovntypes.NetworkExternalID:     netInfo.GetNetworkName(),
+							ovntypes.TopologyExternalID:    ovntypes.Layer3Topology,
+							ovntypes.NetworkRoleExternalID: ovntypes.NetworkRolePrimary},
+						OtherConfig: map[string]string{
+							"mcast_snoop":              "true",
+							"mcast_querier":            "false",
+							"mcast_flood_unregistered": "true",
+							"interconn-ts":             networkName1_ + ovntypes.TransitSwitch,
+							"requested-tnl-key":        "16711685",
+						},
 					},
 					getNoReRouteReplyTrafficPolicyForController(netInfo.GetNetworkName(), DefaultNetworkControllerName),
 					getDefaultQoSRule(false, netInfo.GetNetworkName(), DefaultNetworkControllerName),
@@ -1457,6 +1518,19 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 						Name:     ovntypes.GWRouterToJoinSwitchPrefix + ovntypes.GWRouterPrefix + networkName1_ + node1.Name,
 						Networks: []string{nodeLogicalRouterIfAddrV4},
 					},
+					&nbdb.NAT{
+						UUID: networkName1_ + node1Name + "-masqueradeNAT-UUID",
+						ExternalIDs: map[string]string{
+							"k8s.ovn.org/topology": "layer3",
+							"k8s.ovn.org/network":  networkName1,
+						},
+						ExternalIP:  "169.254.169.14",
+						LogicalIP:   node1UDNSubnet.String(),
+						LogicalPort: ptr.To("rtos-" + networkName1_ + node1Name),
+						Match:       "eth.dst == 0a:58:14:80:00:02",
+						Type:        nbdb.NATTypeSNAT,
+						Options:     map[string]string{"stateless": "false"},
+					},
 					&nbdb.LogicalRouter{
 						Name:        netInfo.GetNetworkScopedClusterRouterName(),
 						UUID:        netInfo.GetNetworkScopedClusterRouterName() + "-UUID",
@@ -1465,6 +1539,7 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 							fmt.Sprintf("%s-no-reroute-reply-traffic", netInfo.GetNetworkName()),
 						},
 						StaticRoutes: []string{fmt.Sprintf("%s-reroute-static-route-UUID", netInfo.GetNetworkName())},
+						Nat:          []string{networkName1_ + node1Name + "-masqueradeNAT-UUID"},
 					},
 					&nbdb.LogicalRouter{
 						UUID:        netInfo.GetNetworkScopedGWRouterName(node1.Name) + "-UUID",
@@ -1475,14 +1550,57 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 					&nbdb.LogicalSwitchPort{
 						UUID:      "k8s-" + networkName1_ + node1Name + "-UUID",
 						Name:      "k8s-" + networkName1_ + node1Name,
-						Addresses: []string{"fe:1a:b2:3f:0e:fb " + util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()},
+						Addresses: []string{"0a:58:14:80:00:02 " + util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()},
+					},
+					&nbdb.LogicalSwitchPort{
+						UUID:      "stor-" + networkName1_ + node1Name + "-UUID",
+						Name:      "stor-" + networkName1_ + node1Name,
+						Addresses: []string{"router"},
+						Options:   map[string]string{"router-port": "rtos-" + networkName1_ + node1Name},
+						Type:      "router",
+					},
+					&nbdb.ACL{
+						UUID:      netInfo.GetNetworkScopedSwitchName(node1.Name) + "-NetpolNode-UUID",
+						Direction: nbdb.ACLDirectionToLport,
+						Action:    nbdb.ACLActionAllowRelated,
+						ExternalIDs: map[string]string{
+							"k8s.ovn.org/name":             networkName1_ + node1Name,
+							"ip":                           util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String(),
+							"k8s.ovn.org/id":               fmt.Sprintf("%s-network-controller:NetpolNode:%s:%s", networkName1, networkName1_+node1Name, util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()),
+							"k8s.ovn.org/owner-controller": networkName1 + "-network-controller",
+							"k8s.ovn.org/owner-type":       "NetpolNode",
+						},
+						Match:    fmt.Sprintf("ip4.src==%s", util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()),
+						Meter:    ptr.To(ovntypes.OvnACLLoggingMeter),
+						Priority: ovntypes.PrimaryUDNAllowPriority,
+						Tier:     ovntypes.DefaultACLTier,
 					},
 					&nbdb.LogicalSwitch{
 						UUID:        netInfo.GetNetworkScopedSwitchName(node1.Name) + "-UUID",
 						Name:        netInfo.GetNetworkScopedSwitchName(node1.Name),
-						Ports:       []string{"k8s-" + networkName1_ + node1Name + "-UUID"},
+						Ports:       []string{"k8s-" + networkName1_ + node1Name + "-UUID", "stor-" + networkName1_ + node1Name + "-UUID"},
 						ExternalIDs: map[string]string{ovntypes.NetworkExternalID: netInfo.GetNetworkName(), ovntypes.TopologyExternalID: ovntypes.Layer3Topology},
 						QOSRules:    []string{fmt.Sprintf("%s-QoS-UUID", netInfo.GetNetworkName())},
+						OtherConfig: map[string]string{
+							"exclude_ips": util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String(),
+							"subnet":      node1UDNSubnet.String(),
+						},
+						ACLs: []string{netInfo.GetNetworkScopedSwitchName(node1.Name) + "-NetpolNode-UUID"},
+					},
+					&nbdb.LogicalSwitch{
+						UUID: netInfo.GetNetworkScopedSwitchName(node1.Name) + "TRANSIT-UUID",
+						Name: networkName1_ + ovntypes.TransitSwitch,
+						ExternalIDs: map[string]string{
+							ovntypes.NetworkExternalID:     netInfo.GetNetworkName(),
+							ovntypes.TopologyExternalID:    ovntypes.Layer3Topology,
+							ovntypes.NetworkRoleExternalID: ovntypes.NetworkRolePrimary},
+						OtherConfig: map[string]string{
+							"mcast_snoop":              "true",
+							"mcast_querier":            "false",
+							"mcast_flood_unregistered": "true",
+							"interconn-ts":             networkName1_ + ovntypes.TransitSwitch,
+							"requested-tnl-key":        "16711685",
+						},
 					},
 					getNoReRouteReplyTrafficPolicyForController(netInfo.GetNetworkName(), DefaultNetworkControllerName),
 					getDefaultQoSRule(false, netInfo.GetNetworkName(), DefaultNetworkControllerName),
@@ -2415,6 +2533,8 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 				gomega.Expect(err).NotTo(gomega.HaveOccurred())
 				secConInfo, ok := fakeOvn.secondaryControllers[networkName1]
 				gomega.Expect(ok).To(gomega.BeTrue())
+				secConInfo.bnc.zone = node1.Name
+				gomega.Expect(secConInfo.bnc.WatchNodes()).To(gomega.Succeed())
 				// Add pod IPs to UDN cache
 				iUDN, nUDN, _ := net.ParseCIDR(v4Pod1IPNode1Net1 + "/23")
 				nUDN.IP = iUDN
@@ -2553,6 +2673,19 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 						Name:     ovntypes.GWRouterToJoinSwitchPrefix + ovntypes.GWRouterPrefix + networkName1_ + node1.Name,
 						Networks: []string{nodeLogicalRouterIfAddrV4},
 					},
+					&nbdb.NAT{
+						UUID: networkName1_ + node1Name + "-masqueradeNAT-UUID",
+						ExternalIDs: map[string]string{
+							"k8s.ovn.org/topology": "layer3",
+							"k8s.ovn.org/network":  networkName1,
+						},
+						ExternalIP:  "169.254.169.14",
+						LogicalIP:   node1UDNSubnet.String(),
+						LogicalPort: ptr.To("rtos-" + networkName1_ + node1Name),
+						Match:       "eth.dst == 0a:58:14:80:00:02",
+						Type:        nbdb.NATTypeSNAT,
+						Options:     map[string]string{"stateless": "false"},
+					},
 					&nbdb.LogicalRouter{
 						Name:        netInfo.GetNetworkScopedClusterRouterName(),
 						UUID:        netInfo.GetNetworkScopedClusterRouterName() + "-UUID",
@@ -2561,6 +2694,7 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 							fmt.Sprintf("%s-no-reroute-reply-traffic", netInfo.GetNetworkName()),
 							getReRoutePolicyUUID(eipNamespace2, podName2, IPFamilyValueV4, netInfo.GetNetworkName())},
 						StaticRoutes: []string{fmt.Sprintf("%s-reroute-static-route-UUID", netInfo.GetNetworkName())},
+						Nat:          []string{networkName1_ + node1Name + "-masqueradeNAT-UUID"},
 					},
 					&nbdb.LogicalRouter{
 						UUID:        netInfo.GetNetworkScopedGWRouterName(node1.Name) + "-UUID",
@@ -2573,14 +2707,58 @@ var _ = ginkgo.Describe("EgressIP Operations for user defined network with topol
 					&nbdb.LogicalSwitchPort{
 						UUID:      "k8s-" + networkName1_ + node1Name + "-UUID",
 						Name:      "k8s-" + networkName1_ + node1Name,
-						Addresses: []string{"fe:1a:b2:3f:0e:fb " + util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()},
+						Addresses: []string{"0a:58:14:80:00:02 " + util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()},
+					},
+					&nbdb.LogicalSwitchPort{
+						UUID:      "stor-" + networkName1_ + node1Name + "-UUID",
+						Name:      "stor-" + networkName1_ + node1Name,
+						Addresses: []string{"router"},
+						Options:   map[string]string{"router-port": "rtos-" + networkName1_ + node1Name},
+						Type:      "router",
+					},
+					&nbdb.ACL{
+						UUID:      netInfo.GetNetworkScopedSwitchName(node1.Name) + "-NetpolNode-UUID",
+						Direction: nbdb.ACLDirectionToLport,
+						Action:    nbdb.ACLActionAllowRelated,
+						ExternalIDs: map[string]string{
+							"k8s.ovn.org/name":             networkName1_ + node1Name,
+							"ip":                           util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String(),
+							"k8s.ovn.org/id":               fmt.Sprintf("%s-network-controller:NetpolNode:%s:%s", networkName1, networkName1_+node1Name, util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()),
+							"k8s.ovn.org/owner-controller": networkName1 + "-network-controller",
+							"k8s.ovn.org/owner-type":       "NetpolNode",
+						},
+						Match:    fmt.Sprintf("ip4.src==%s", util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String()),
+						Meter:    ptr.To(ovntypes.OvnACLLoggingMeter),
+						Priority: ovntypes.PrimaryUDNAllowPriority,
+						Tier:     ovntypes.DefaultACLTier,
 					},
 					&nbdb.LogicalSwitch{
 						UUID:        netInfo.GetNetworkScopedSwitchName(node1.Name) + "-UUID",
 						Name:        netInfo.GetNetworkScopedSwitchName(node1.Name),
-						Ports:       []string{"k8s-" + networkName1_ + node1Name + "-UUID"},
+						Ports:       []string{"k8s-" + networkName1_ + node1Name + "-UUID", "stor-" + networkName1_ + node1Name + "-UUID"},
 						ExternalIDs: map[string]string{ovntypes.NetworkExternalID: netInfo.GetNetworkName(), ovntypes.TopologyExternalID: ovntypes.Layer3Topology},
 						QOSRules:    []string{fmt.Sprintf("%s-QoS-UUID", netInfo.GetNetworkName())},
+						OtherConfig: map[string]string{
+							"exclude_ips": util.GetNodeManagementIfAddr(node1UDNSubnet).IP.String(),
+							"subnet":      node1UDNSubnet.String(),
+						},
+						ACLs: []string{netInfo.GetNetworkScopedSwitchName(node1.Name) + "-NetpolNode-UUID"},
+					},
+					&nbdb.LogicalSwitch{
+						UUID: netInfo.GetNetworkScopedSwitchName(node1.Name) + "TRANSIT-UUID",
+						Name: networkName1_ + ovntypes.TransitSwitch,
+						ExternalIDs: map[string]string{
+							ovntypes.NetworkExternalID:     netInfo.GetNetworkName(),
+							ovntypes.TopologyExternalID:    ovntypes.Layer3Topology,
+							ovntypes.NetworkRoleExternalID: ovntypes.NetworkRolePrimary,
+						},
+						OtherConfig: map[string]string{
+							"mcast_snoop":              "true",
+							"mcast_querier":            "false",
+							"mcast_flood_unregistered": "true",
+							"interconn-ts":             networkName1_ + ovntypes.TransitSwitch,
+							"requested-tnl-key":        "16711685",
+						},
 					},
 					getNoReRouteReplyTrafficPolicyForController(netInfo.GetNetworkName(), DefaultNetworkControllerName),
 					getDefaultQoSRule(false, netInfo.GetNetworkName(), DefaultNetworkControllerName),
diff --git a/go-controller/pkg/ovn/secondary_layer3_network_controller.go b/go-controller/pkg/ovn/secondary_layer3_network_controller.go
@@ -107,7 +107,6 @@ func (h *secondaryLayer3NetworkControllerEventHandler) AddResource(obj interface
 		if !ok {
 			return fmt.Errorf("could not cast %T object to *kapi.Node", obj)
 		}
-
 		if h.oc.isLocalZoneNode(node) {
 			var nodeParams *nodeSyncs
 			if fromRetryLoop {
@@ -704,7 +703,6 @@ func (oc *SecondaryLayer3NetworkController) addUpdateLocalNodeEvent(node *corev1
 	var hostSubnets []*net.IPNet
 	var errs []error
 	var err error
-
 	_, _ = oc.localZoneNodes.LoadOrStore(node.Name, true)
 
 	if noHostSubnet := util.NoHostSubnet(node); noHostSubnet {
