← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1466322] [NEW] IPv6 subnet creation fails if the gateway is of the "*::ffff:ffff:ffff:ffff" pattern

 

Public bug reported:

(Tested on Juno, Kilo and the master branch)

Description:
When creating an IPv6 subnet that contains a gateway of the form "*::ffff:ffff:ffff:ffff" (for example "2210::ffff:ffff:ffff:ffff"), the creation fails with the following log message:

/var/log/neutron/server.log:2015-06-17 10:22:55.425 23147 INFO
neutron.api.v2.resource [req-ce44caf0-2208-4294-afd4-abb753559264 None]
create failed (client error): Invalid input for operation: Gateway is
not valid on subnet.

Steps to reproduce (through Horizon):
1. Create a network
2. Create an IPv6 subnet with the following parameters:
* Network address: "2210::/64"
* IP Version: "IPv6"
* Gateway IP: "2210::ffff:ffff:ffff:ffff"
(make sure that the gateway is not disabled)

Expected behavior:
Subnet creation succeeds

Actual behavior:
An error message containing "Error: Failed to create subnet "2210::/64" for network "None": Invalid input for operation: Gateway is not valid on subnet."

Via CLI:
neutron net-create sharednet1 --shared --provider:network_type flat --provider:physical_network RegionOne
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 023705c7-1893-4bdc-a688-a4971a6a6afb |
| name                      | sharednet1                           |
| provider:network_type     | flat                                 |
| provider:physical_network | RegionOne                            |
| provider:segmentation_id  |                                      |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 8a1dbfa3c4d040698b134f2a44c5ee59     |
+---------------------------+--------------------------------------+
neutron subnet-create --ip-version 6 sharednet1 2210::/64 --gateway 2210::ffff:ffff:ffff:ffff
Bad Request (HTTP 400) (Request-ID: req-6cc1dd2b-3d57-47e6-97bb-170b8f243e07)

neutron server.log shows:
2015-06-18 05:39:42.145 9919 INFO neutron.api.v2.resource [req-6cc1dd2b-3d57-47e6-97bb-170b8f243e07 None] create failed (client error): Invalid input for operation: Gateway is not valid on subnet.


The root cause of the issue is the netaddr.IPNetwork.broadcast method. It returns a broadcast address for IPv6 using the same logic that is valid for IPv4 addresses (the last address of the CIDR, which is wrong of course since there's no broadcast address for IPv6).

This issue can be fixed in netaddr (the broadcast method can return None
in case of an IPv6 CIDR) but until this is fixed (issue was raised to
the netaddr developer) this can be fixed in neutron by adding a simple
check to the check_subnet_ip (ipam/utils.py) so that the broadcast
address will be checked only in case of an IPv4 CIDR.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1466322

Title:
  IPv6 subnet creation fails if the gateway is of the
  "*::ffff:ffff:ffff:ffff" pattern

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  (Tested on Juno, Kilo and the master branch)

  Description:
  When creating an IPv6 subnet that contains a gateway of the form "*::ffff:ffff:ffff:ffff" (for example "2210::ffff:ffff:ffff:ffff"), the creation fails with the following log message:

  /var/log/neutron/server.log:2015-06-17 10:22:55.425 23147 INFO
  neutron.api.v2.resource [req-ce44caf0-2208-4294-afd4-abb753559264
  None] create failed (client error): Invalid input for operation:
  Gateway is not valid on subnet.

  Steps to reproduce (through Horizon):
  1. Create a network
  2. Create an IPv6 subnet with the following parameters:
  * Network address: "2210::/64"
  * IP Version: "IPv6"
  * Gateway IP: "2210::ffff:ffff:ffff:ffff"
  (make sure that the gateway is not disabled)

  Expected behavior:
  Subnet creation succeeds

  Actual behavior:
  An error message containing "Error: Failed to create subnet "2210::/64" for network "None": Invalid input for operation: Gateway is not valid on subnet."

  Via CLI:
  neutron net-create sharednet1 --shared --provider:network_type flat --provider:physical_network RegionOne
  Created a new network:
  +---------------------------+--------------------------------------+
  | Field                     | Value                                |
  +---------------------------+--------------------------------------+
  | admin_state_up            | True                                 |
  | id                        | 023705c7-1893-4bdc-a688-a4971a6a6afb |
  | name                      | sharednet1                           |
  | provider:network_type     | flat                                 |
  | provider:physical_network | RegionOne                            |
  | provider:segmentation_id  |                                      |
  | router:external           | False                                |
  | shared                    | True                                 |
  | status                    | ACTIVE                               |
  | subnets                   |                                      |
  | tenant_id                 | 8a1dbfa3c4d040698b134f2a44c5ee59     |
  +---------------------------+--------------------------------------+
  neutron subnet-create --ip-version 6 sharednet1 2210::/64 --gateway 2210::ffff:ffff:ffff:ffff
  Bad Request (HTTP 400) (Request-ID: req-6cc1dd2b-3d57-47e6-97bb-170b8f243e07)

  neutron server.log shows:
  2015-06-18 05:39:42.145 9919 INFO neutron.api.v2.resource [req-6cc1dd2b-3d57-47e6-97bb-170b8f243e07 None] create failed (client error): Invalid input for operation: Gateway is not valid on subnet.

  
  The root cause of the issue is the netaddr.IPNetwork.broadcast method. It returns a broadcast address for IPv6 using the same logic that is valid for IPv4 addresses (the last address of the CIDR, which is wrong of course since there's no broadcast address for IPv6).

  This issue can be fixed in netaddr (the broadcast method can return
  None in case of an IPv6 CIDR) but until this is fixed (issue was
  raised to the netaddr developer) this can be fixed in neutron by
  adding a simple check to the check_subnet_ip (ipam/utils.py) so that
  the broadcast address will be checked only in case of an IPv4 CIDR.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1466322/+subscriptions


Follow ups

References