← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #49967

[Bug 1575225] [NEW] Neutron only permits IPv6 MLDv1 not v2

  Thread PreviousDate PreviousThread Next 
Public bug reported:

IPv6 Multicast Listener Discovery (MLD) v2 [1] is used on recent version
of Linux, currently Neutron only permits MLDv1 in the
ICMPV6_ALLOWED_TYPES, so duplicate address discovery (DAD) doesn't not
actually detect duplicate addresses should Neutron actually enforce
ICMPv6 source addresses (bug/1502933). While Neutron should not assign
duplicate addresses, instances where duplicate addresses are possible on
provider networks between instances and external devices and on user
assign addresses when using allowed address pairs.

Here is a dump showing duplicate address detection on a recent Linux
kernel:

$ uname -r
4.4.0-0.bpo.1-amd64
$ sudo ip link add veth0 type veth peer name veth1
$ sudo ip link set veth1 up
$ sudo tcpdump -npel -i veth1 &
[1] 15528
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
$ sudo ip link set veth0 up
$

09:47:38.853762 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:38.853774 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:39.113772 b2:29:3a:34:bc:eb > 33:33:ff:34:bc:eb, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff34:bceb: ICMP6, neighbor solicitation, who has fe80::b029:3aff:fe34:bceb, length 24
09:47:39.141766 5e:9b:3c:4f:a3:e0 > 33:33:ff:4f:a3:e0, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff4f:a3e0: ICMP6, neighbor solicitation, who has fe80::5c9b:3cff:fe4f:a3e0, length 24
09:47:39.505764 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:39.717759 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:40.113807 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:40.113827 b2:29:3a:34:bc:eb > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::b029:3aff:fe34:bceb > ff02::2: ICMP6, router solicitation, length 16
09:47:40.121756 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:40.141811 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:40.141836 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::5c9b:3cff:fe4f:a3e0 > ff02::2: ICMP6, router solicitation, length 16
09:47:40.149763 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28


1. https://www.ietf.org/rfc/rfc3810.txt

** Affects: neutron
     Importance: Undecided
     Assignee: Dustin Lundquist (dlundquist)
         Status: In Progress


** Tags: ipv6

** Description changed:

- IPv6 Multicast Listener Discovery (MLD) v2 is used on recent version of
- Linux, currently Neutron only permits MLDv1 in the ICMPV6_ALLOWED_TYPES,
- so duplicate address discovery (DAD) doesn't not actually detect
- duplicate addresses should Neutron actually enforce ICMPv6 source
- addresses (bug/1502933). While Neutron should not assign duplicate
- addresses, instances where duplicate addresses are possible on provider
- networks between instances and external devices and on user assign
- addresses when using allowed address pairs.
+ IPv6 Multicast Listener Discovery (MLD) v2 [1] is used on recent version
+ of Linux, currently Neutron only permits MLDv1 in the
+ ICMPV6_ALLOWED_TYPES, so duplicate address discovery (DAD) doesn't not
+ actually detect duplicate addresses should Neutron actually enforce
+ ICMPv6 source addresses (bug/1502933). While Neutron should not assign
+ duplicate addresses, instances where duplicate addresses are possible on
+ provider networks between instances and external devices and on user
+ assign addresses when using allowed address pairs.
  
  Here is a dump showing duplicate address detection on a recent Linux
  kernel:
  
  $ uname -r
  4.4.0-0.bpo.1-amd64
  $ sudo ip link add veth0 type veth peer name veth1
  $ sudo ip link set veth1 up
  $ sudo tcpdump -npel -i veth1 &
  [1] 15528
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
  $ sudo ip link set veth0 up
  $
  
  09:47:38.853762 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:38.853774 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:39.113772 b2:29:3a:34:bc:eb > 33:33:ff:34:bc:eb, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff34:bceb: ICMP6, neighbor solicitation, who has fe80::b029:3aff:fe34:bceb, length 24
  09:47:39.141766 5e:9b:3c:4f:a3:e0 > 33:33:ff:4f:a3:e0, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff4f:a3e0: ICMP6, neighbor solicitation, who has fe80::5c9b:3cff:fe4f:a3e0, length 24
  09:47:39.505764 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:39.717759 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:40.113807 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:40.113827 b2:29:3a:34:bc:eb > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::b029:3aff:fe34:bceb > ff02::2: ICMP6, router solicitation, length 16
  09:47:40.121756 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:40.141811 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:40.141836 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::5c9b:3cff:fe4f:a3e0 > ff02::2: ICMP6, router solicitation, length 16
  09:47:40.149763 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
+ 
+ 
+ 1. https://www.ietf.org/rfc/rfc3810.txt

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1575225

Title:
  Neutron only permits IPv6 MLDv1 not v2

Status in neutron:
  In Progress

Bug description:
  IPv6 Multicast Listener Discovery (MLD) v2 [1] is used on recent
  version of Linux, currently Neutron only permits MLDv1 in the
  ICMPV6_ALLOWED_TYPES, so duplicate address discovery (DAD) doesn't not
  actually detect duplicate addresses should Neutron actually enforce
  ICMPv6 source addresses (bug/1502933). While Neutron should not assign
  duplicate addresses, instances where duplicate addresses are possible
  on provider networks between instances and external devices and on
  user assign addresses when using allowed address pairs.

  Here is a dump showing duplicate address detection on a recent Linux
  kernel:

  $ uname -r
  4.4.0-0.bpo.1-amd64
  $ sudo ip link add veth0 type veth peer name veth1
  $ sudo ip link set veth1 up
  $ sudo tcpdump -npel -i veth1 &
  [1] 15528
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
  $ sudo ip link set veth0 up
  $

  09:47:38.853762 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:38.853774 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:39.113772 b2:29:3a:34:bc:eb > 33:33:ff:34:bc:eb, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff34:bceb: ICMP6, neighbor solicitation, who has fe80::b029:3aff:fe34:bceb, length 24
  09:47:39.141766 5e:9b:3c:4f:a3:e0 > 33:33:ff:4f:a3:e0, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff4f:a3e0: ICMP6, neighbor solicitation, who has fe80::5c9b:3cff:fe4f:a3e0, length 24
  09:47:39.505764 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:39.717759 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:40.113807 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:40.113827 b2:29:3a:34:bc:eb > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::b029:3aff:fe34:bceb > ff02::2: ICMP6, router solicitation, length 16
  09:47:40.121756 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:40.141811 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
  09:47:40.141836 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::5c9b:3cff:fe4f:a3e0 > ff02::2: ICMP6, router solicitation, length 16
  09:47:40.149763 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28


  1. https://www.ietf.org/rfc/rfc3810.txt

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1575225/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next