cloud-init writes route6-$DEVICE config with a HEX netmask. ip route does not like : Error: inet6 prefix is expected rather than "fd00:fd00:fd00::/ffff:ffff:ffff:ffff::".

Bug #1959148 reported by Harald Jensås
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Confirmed
Wishlist
Unassigned
cloud-init
Fix Released
Undecided
Harald Jensås

Bug Description

Description of problem:
The routes put in route6-$DEVICE by cloud-init is in an invalid format.

The schema[1] for network_matadata uses a non-converntinal format for the IPv6 netmask. It is stored as an IPv6 address, similar to how IPv4 netmasks are written 255.255.255.0 the IPv6 netmask is written as FFFF:FFFF:FFFF:FFFF:: in the network metadata.

cloud-init does not translate this. So you end up with:

cat /etc/sysconfig/network-scripts/route6-ens3
# Created by cloud-init on instance boot automatically, do not edit.
#
::/:: via fd00:fd00:fd00:2::fffe dev ens3
fd00:fd00:fd00:1::/ffff:ffff:ffff:ffff:: via fd00:fd00:fd00:2::fffe dev ens3
fd00:fd00:fd00::/ffff:ffff:ffff:ffff:: via fd00:fd00:fd00:2::fffe dev ens3

The result is that the routes are ignored since it is not a valid inet6 prefix.

[1] https://docs.openstack.org/nova/latest/_downloads/9119ca7ac90aa2990e762c08baea3a36/network_data.json

Actual results:
Jan 26 14:12:45 overcloud-novacompute-0 NetworkManager[1027]: <warn> [1643206365.7973] ifcfg-rh: ignoring invalid route at "::/:: via fd00:fd00:fd00:2::fffe dev ens3" (/etc/sysconfig/network-scripts/route6-ens3:3): Argument for "::/::" is not ADDR/PREFIX format
Jan 26 14:12:45 overcloud-novacompute-0 NetworkManager[1027]: <warn> [1643206365.7977] ifcfg-rh: ignoring invalid route at "fd00:fd00:fd00:1::/ffff:ffff:ffff:ffff:: via fd00:fd00:fd00:2::fffe dev ens3" (/etc/sysconfig/network-scripts/route6-ens3:4): Argument for "fd00:fd00:fd00:1::/ffff:ffff:ffff:ffff::" is not ADDR/PREFIX format
Jan 26 14:12:45 overcloud-novacompute-0 NetworkManager[1027]: <warn> [1643206365.7979] ifcfg-rh: ignoring invalid route at "fd00:fd00:fd00::/ffff:ffff:ffff:ffff:: via fd00:fd00:fd00:2::fffe dev ens3" (/etc/sysconfig/network-scripts/route6-ens3:5): Argument for "fd00:fd00:fd00::/ffff:ffff:ffff:ffff::" is not ADDR/PREFIX format

ip -6 route add fd00:fd00:fd00::/ffff:ffff:ffff:ffff:: via fd00:fd00:fd00::1
Error: inet6 prefix is expected rather than "fd00:fd00:fd00::/ffff:ffff:ffff:ffff::".

Expected results:
The netmask should be the decimal number in CIDR annotation.

Revision history for this message
Harald Jensås (harald-jensas) wrote :
Changed in cloud-init:
assignee: nobody → Harald Jensås (harald-jensas)
status: New → In Progress
Revision history for this message
Harald Jensås (harald-jensas) wrote :

Adding Nova, since this coming from Openstack Nova Compute network metadata.

See: https://docs.openstack.org/nova/latest/user/metadata.html#openstack-format-metadata
The Schema: https://docs.openstack.org/nova/latest/_downloads/9119ca7ac90aa2990e762c08baea3a36/network_data.json

To quote the network_data.json schema:

    "l3_ipv6_netmask": {
      "$id": "#/definitions/l3_ipv6_netmask",
      "type": "string",
      "pattern": "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7})|(::))$",
      "title": "L3 IPv6 network mask",
      "examples": [
        "ffff:ffff:ffff:ffff::"
      ]
    },

Openstack Nova is using 'netaddr', and it can do this:

>>> route_addr = netaddr.IPNetwork('2bd0::/63')
>>> route_addr
IPNetwork('2bd0::/63')
>>> route_addr.netmask
IPAddress('ffff:ffff:ffff:fffe::')

Here is the Nova code building the network_metadata, it shared code for IPv4 and IPv6.
https://opendev.org/openstack/nova/src/branch/master/nova/virt/netutils.py#L311-L319

I think, ideally Nova should put the "prefix" in netmask for IPv6, or the schema should be extended to include "prefix" in `l3_ipv6_network`, `l3_ipv6_network_route`. We do not belive using an IPv6 address as netmask is a valid syntax for IPv6, see: https://github.com/canonical/cloud-init/pull/1215#issuecomment-1025068132.

Revision history for this message
Brett Holman (holmanb) wrote :

Thanks for reporting and working on this Harald. I agree it would be ideal if Nova could use CIDR/prefix length notation.

Revision history for this message
Harald Jensås (harald-jensas) wrote :

Brett, I agree that it would be good if the use of this non-standard IPv6 mask is changed as well.
But I still think it makes sense to fix the sysconfig renderer in cloud-init. cloud-init already does the conversion in several renderers, for example Eni and NetPlan. It is only the sysconfig renderer that does not render functional route6-$DEV files.

James Falcon (falcojr)
Changed in cloud-init:
status: In Progress → Fix Committed
Revision history for this message
Brett Holman (holmanb) wrote : Fixed in cloud-init version 22.1.

This bug is believed to be fixed in cloud-init in version 22.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Fix Committed → Fix Released
Revision history for this message
Balazs Gibizer (balazs-gibizer) wrote :

As this has been fixed in cloud-init side I mark this as whislist in nova.

Changed in nova:
status: New → Confirmed
importance: Undecided → Wishlist
Revision history for this message
James Falcon (falcojr) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.