yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #52269
[Bug 1575225] Re: Neutron only permits IPv6 MLDv1 not v2
Ok my bad, then the OSSA task needs to be removed. Thanks!
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1575225
Title:
Neutron only permits IPv6 MLDv1 not v2
Status in neutron:
In Progress
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
IPv6 Multicast Listener Discovery (MLD) v2 [1] is used on recent
version of Linux, currently Neutron only permits MLDv1 in the
ICMPV6_ALLOWED_TYPES, so duplicate address discovery (DAD) doesn't not
actually detect duplicate addresses should Neutron actually enforce
ICMPv6 source addresses (bug/1502933). While Neutron should not assign
duplicate addresses, instances where duplicate addresses are possible
on provider networks between instances and external devices and on
user assign addresses when using allowed address pairs.
Here is a dump showing duplicate address detection on a recent Linux
kernel:
$ uname -r
4.4.0-0.bpo.1-amd64
$ sudo ip link add veth0 type veth peer name veth1
$ sudo ip link set veth1 up
$ sudo tcpdump -npel -i veth1 &
[1] 15528
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
$ sudo ip link set veth0 up
$
09:47:38.853762 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:38.853774 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:39.113772 b2:29:3a:34:bc:eb > 33:33:ff:34:bc:eb, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff34:bceb: ICMP6, neighbor solicitation, who has fe80::b029:3aff:fe34:bceb, length 24
09:47:39.141766 5e:9b:3c:4f:a3:e0 > 33:33:ff:4f:a3:e0, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff4f:a3e0: ICMP6, neighbor solicitation, who has fe80::5c9b:3cff:fe4f:a3e0, length 24
09:47:39.505764 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:39.717759 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:40.113807 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:40.113827 b2:29:3a:34:bc:eb > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::b029:3aff:fe34:bceb > ff02::2: ICMP6, router solicitation, length 16
09:47:40.121756 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:40.141811 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
09:47:40.141836 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::5c9b:3cff:fe4f:a3e0 > ff02::2: ICMP6, router solicitation, length 16
09:47:40.149763 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
1. https://www.ietf.org/rfc/rfc3810.txt
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1575225/+subscriptions
References
