neutron

IPv6 Subnets configured to use external router should not be allowed to associate to Neutron Router.

Bug #1393527 reported by Sridhar Gaddam on 2014-11-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Undecided	Sridhar Gaddam	neutron 2015.1.0 "kilo"

Bug Description

IPv6 subnet attributes have various possibilities as described in the following BP.
http://specs.openstack.org/openstack/neutron-specs/specs/juno/ipv6-radvd-ra.html#rest-api-impact

Currently Neutron allows attaching a subnet (configured to use an external router, by only setting ipv6_address_mode = slaac and leaving ipv6_ra_mode unset) to Neutron Router.
Ideally Neutron should not allow this operation and should return an appropriate error message to the user.

Please refer to the following thread for more details:
https://review.openstack.org/#/c/134530/2/neutron/db/securitygroups_rpc_base.py

See original description

Tags:

Sridhar Gaddam (sridhargaddam) on 2014-11-17

Changed in neutron:
assignee:	nobody → Sridhar Gaddam (sridhargaddam)

Sridhar Gaddam (sridhargaddam) on 2014-11-18

tags:

added: ipv6

Sean M. Collins (scollins) on 2014-11-18

description:

updated

Sridhar Gaddam (sridhargaddam) on 2014-11-20

Changed in neutron:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-24: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/136733

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-07: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/136733
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=e5713f932482210107dcfd7bac6a78524c8bad26
Submitter: Jenkins
Branch: master

commit e5713f932482210107dcfd7bac6a78524c8bad26
Author: sridhargaddam <email address hidden>
Date: Mon Nov 24 10:17:36 2014 +0000

Validate IPv6 subnet while associating to Router

    Currently Neutron allows attaching a subnet (configured to use an external
    router, by only setting ipv6_address_mode and leaving ipv6_ra_mode unset)
    to Neutron Router. Ideally Neutron should not allow this operation and
    should return an appropriate error message to the user.

    APIImpact
    Closes-Bug: #1393527
    Change-Id: I9d597e6f5e8aea63222bb9f5ed8289e4ce28bbc3

Changed in neutron:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2015-02-05

Changed in neutron:
milestone:	none → kilo-2
status:	Fix Committed → Fix Released

Revision history for this message

Eran Kuris (ekuris) wrote on 2015-03-18:

Sridhar , can you explain please what is the correct neutron command that I need to type to associate Stateless subnet to external router ?

for example this command is not valid according to the bug :
1. Create tenant_a Provider Stateless DHCPv6 network:
a. Create IPv6 internal network (name it tenant_a_provider_stateless).
# neutron net-create tenant_a_provider_stateless --router:external True

b. Create IPv6 Provider Stateless DHCPv6 subnet and attached to tenant_a_provider_stateless

# neutron subnet-create <tenant_a_provider_stateless_id> 2001:db4:0::2/64 --name tenant_a_provider_stateless_subnet --ipv6-address-mode dhcpv6-stateless --gateway fe80::6664:9bff:fe17:b40 --dns-nameserver 2001:4860:4860::8888 --ip-version 6
** according the bug we should get an error message
as I understand I should add this value :
-ipv6-ra-mode=dhcpv6-stateless
full command :
# neutron subnet-create <tenant_a_provider_stateless_id> 2001:db4:0::2/64 --name tenant_a_provider_stateless_subnet --ipv6-address-mode dhcpv6-stateless -ipv6-ra-mode=dhcpv6-stateless --gateway fe80::6664:9bff:fe17:b40 --dns-nameserver 2001:4860:4860::8888 --ip-version 6

Revision history for this message

Sridhar Gaddam (sridhargaddam) wrote on 2015-03-19:

@Eran, step 1 and 2 above is fine. This bug addresses the following situation.
Now if you try to associate the subnet to a neutron router, you will be getting an error (i.e., Step 4 below).

Step 3: neutron router-create ipv6-router
Step 4: neutron router-interface-add ipv6-router tenant_a_provider_stateless_subnet
Bad router request: IPv6 subnet cb5629e8-1762-45d3-8102-cf691503ef83 configured to receive RAs from an external router cannot be added to Neutron Router.

Thierry Carrez (ttx) on 2015-04-30

Changed in neutron:
milestone:	kilo-2 → 2015.1.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.