yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1535226] [NEW] Subnets with duplicated CIDRs could be added to one router if multiple commands are executed at the same time

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Lujin Luo <luo.lujin@xxxxxxxxxxxxxx>
Date: Mon, 18 Jan 2016 08:39:17 -0000
Reply-to: Bug 1535226 <1535226@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

I have three controller nodes and the Neutron servers on these
controllers are set behind Pacemaker and HAProxy to realize
active/active HA using DevStack. MariaDB Galera cluster is used as my
database backend.I am using the latest codes.

If one router is going to add two subnets as interface, however these two subnets' CIDRs are duplicated, the expected result is the later API request would fail with error message like this
Bad router request: Cidr 192.166.100.0/24 of subnet bee7663c-f0a0-4120-b556-944af7ca40cf overlaps with cidr 192.166.0.0/16 of subnet 697c82cf-82fd-4187-b460-7046c81f13dc.

But when we run the two commands at the same time, both commands would
work and the router would end up with two ports, which have duplicated
CIDRs. I have tested for more than 20 times and in only once have I
received the expected error message.

How to reproduce

Step 1: Create a router
$ neutron router-create router-subnet-test

Step 2: Create two internal networks
$ neutron net-create net1
$ neutron net-create net2

Step 3: Add one subnet to each of these two networks
$ neutron subnet-create --name subnet1 net1 192.166.100.0/24
$ neutron subnet-create --name subnet2 net2 192.166.0.0/16

Here, we are creating two subnets on different networks with duplicated
CIDRs.

Step 4: Add the two subnets as one router's interface at the same time
On controller1:
$ neutron router-interface-add router-subnet-test subnet1
On controller2:
$ neutron router-interface-add router-subnet-test subnet2

Both commands would work and we could see that the router now has two ports, which have duplicated CIDRs
http://paste.openstack.org/show/483838/

In [1], we do have a method to _check_for_dup_router_subnet, but when
two API requests arrive at the same time, both checks would validate.

[1]
https://github.com/openstack/neutron/blob/master/neutron/db/l3_db.py#L590

** Affects: neutron
     Importance: Undecided
     Assignee: Lujin Luo (luo-lujin)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Lujin Luo (luo-lujin)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1535226

Title:
  Subnets with duplicated CIDRs could be added to one router if multiple
  commands are executed at the same time

Status in neutron:
  New

Bug description:
  I have three controller nodes and the Neutron servers on these
  controllers are set behind Pacemaker and HAProxy to realize
  active/active HA using DevStack. MariaDB Galera cluster is used as my
  database backend.I am using the latest codes.

  If one router is going to add two subnets as interface, however these two subnets' CIDRs are duplicated, the expected result is the later API request would fail with error message like this
  Bad router request: Cidr 192.166.100.0/24 of subnet bee7663c-f0a0-4120-b556-944af7ca40cf overlaps with cidr 192.166.0.0/16 of subnet 697c82cf-82fd-4187-b460-7046c81f13dc.

  But when we run the two commands at the same time, both commands would
  work and the router would end up with two ports, which have duplicated
  CIDRs. I have tested for more than 20 times and in only once have I
  received the expected error message.

  How to reproduce

  Step 1: Create a router
  $ neutron router-create router-subnet-test

  Step 2: Create two internal networks
  $ neutron net-create net1
  $ neutron net-create net2

  Step 3: Add one subnet to each of these two networks
  $ neutron subnet-create --name subnet1 net1 192.166.100.0/24
  $ neutron subnet-create --name subnet2 net2 192.166.0.0/16

  Here, we are creating two subnets on different networks with
  duplicated CIDRs.

  Step 4: Add the two subnets as one router's interface at the same time
  On controller1:
  $ neutron router-interface-add router-subnet-test subnet1
  On controller2:
  $ neutron router-interface-add router-subnet-test subnet2

  Both commands would work and we could see that the router now has two ports, which have duplicated CIDRs
  http://paste.openstack.org/show/483838/

  In [1], we do have a method to _check_for_dup_router_subnet, but when
  two API requests arrive at the same time, both checks would validate.

  [1]
  https://github.com/openstack/neutron/blob/master/neutron/db/l3_db.py#L590

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1535226/+subscriptions