yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #58244
[Bug 1638130] [NEW] SLaaC or DHCPv6 stateless doesn't work on isolated Neutron networks
Public bug reported:
On an isolated IPv6 network no router advertisements are sent, so the
instances are unable to discover what prefix to use. To enabled
instances to discover which prefixes are on-link router advertisements
with a router lifetime of zero should be sent (from the DHCP namespace)
https://tools.ietf.org/html/rfc4861#page-43. Dnsmasq seems to support
this via --ra-param option:
--ra-param=<interface>,[high|low],[[<ra-interval>],<router lifetime>]
Set non-default values for router advertisements sent via an interface. The priority field for the router may be altered from the default of medium with eg --ra-param=eth0,high. The interval between router advertisements may be set (in seconds) with --ra-param=eth0,60. The lifetime of the route may be changed or set to zero, which allows a router to advertise prefixes but not a route via itself. --ra-parm=eth0,0,0 (A value of zero for the interval means the default value.) All three parameters may be set at once. --ra-param=low,60,1200 The interface field may include a wildcard.
Alternatively radvd could be used within the DHCP namespace.
Steps to reproduce:
$ openstack network create isolated-ipv6
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2016-10-31T20:14:13Z |
| description | |
| headers | |
| id | 7044aa9b-937f-4f7d-9073-00512f88a066 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| mtu | 1450 |
| name | isolated-ipv6 |
| port_security_enabled | True |
| project_id | 6d80770322b64b8ba57038788004e93e |
| project_id | 6d80770322b64b8ba57038788004e93e |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 11 |
| revision_number | 3 |
| router:external | Internal |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | [] |
| updated_at | 2016-10-31T20:14:13Z |
+---------------------------+--------------------------------------+
$ openstack subnet create --ip-version 6 --ipv6-ra-mode slaac --ipv6-address-mode slaac --network 7044aa9b-937f-4f7d-9073-00512f88a066 --subnet-range fddd:fd72:8298::/64 isolated-ipv6-subnet
+-------------------+--------------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------------+
| allocation_pools | fddd:fd72:8298::2-fddd:fd72:8298:0:ffff:ffff:ffff:ffff |
| cidr | fddd:fd72:8298::/64 |
| created_at | 2016-10-31T20:17:44Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | fddd:fd72:8298::1 |
| headers | |
| host_routes | |
| id | 96bf9b9f-736b-46c3-86f0-029c6d5f6e92 |
| ip_version | 6 |
| ipv6_address_mode | slaac |
| ipv6_ra_mode | slaac |
| name | isolated-ipv6-subnet |
| network_id | 7044aa9b-937f-4f7d-9073-00512f88a066 |
| project_id | 6d80770322b64b8ba57038788004e93e |
| project_id | 6d80770322b64b8ba57038788004e93e |
| revision_number | 2 |
| service_types | |
| subnetpool_id | None |
| updated_at | 2016-10-31T20:17:44Z |
+-------------------+--------------------------------------------------------+
$ openstack server create --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --nic net-id=7044aa9b-937f-4f7d-9073-00512f88a066 test-server
+--------------------------------------+----------------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | iTkyyFge6Z5C |
| config_drive | |
| created | 2016-10-31T20:19:34Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | f494a313-df9e-494e-a203-ced29d3e9759 |
| image | cirros-0.3.4-x86_64-uec (2eee9b4a-a5d9-4de0-bc35-350093dab3b9) |
| key_name | None |
| name | test-server |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 6d80770322b64b8ba57038788004e93e |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2016-10-31T20:19:34Z |
| user_id | 8666967e103a43bfb90aed2e107946a6 |
+--------------------------------------+----------------------------------------------------------------+
Connect to the instance console and verify no IPv6 address aside from a
link-local address is assigned.
** Affects: neutron
Importance: Undecided
Status: New
** Tags: ipv6
** Tags added: ipv6
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1638130
Title:
SLaaC or DHCPv6 stateless doesn't work on isolated Neutron networks
Status in neutron:
New
Bug description:
On an isolated IPv6 network no router advertisements are sent, so the
instances are unable to discover what prefix to use. To enabled
instances to discover which prefixes are on-link router advertisements
with a router lifetime of zero should be sent (from the DHCP
namespace) https://tools.ietf.org/html/rfc4861#page-43. Dnsmasq seems
to support this via --ra-param option:
--ra-param=<interface>,[high|low],[[<ra-interval>],<router lifetime>]
Set non-default values for router advertisements sent via an interface. The priority field for the router may be altered from the default of medium with eg --ra-param=eth0,high. The interval between router advertisements may be set (in seconds) with --ra-param=eth0,60. The lifetime of the route may be changed or set to zero, which allows a router to advertise prefixes but not a route via itself. --ra-parm=eth0,0,0 (A value of zero for the interval means the default value.) All three parameters may be set at once. --ra-param=low,60,1200 The interface field may include a wildcard.
Alternatively radvd could be used within the DHCP namespace.
Steps to reproduce:
$ openstack network create isolated-ipv6
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2016-10-31T20:14:13Z |
| description | |
| headers | |
| id | 7044aa9b-937f-4f7d-9073-00512f88a066 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| mtu | 1450 |
| name | isolated-ipv6 |
| port_security_enabled | True |
| project_id | 6d80770322b64b8ba57038788004e93e |
| project_id | 6d80770322b64b8ba57038788004e93e |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 11 |
| revision_number | 3 |
| router:external | Internal |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | [] |
| updated_at | 2016-10-31T20:14:13Z |
+---------------------------+--------------------------------------+
$ openstack subnet create --ip-version 6 --ipv6-ra-mode slaac --ipv6-address-mode slaac --network 7044aa9b-937f-4f7d-9073-00512f88a066 --subnet-range fddd:fd72:8298::/64 isolated-ipv6-subnet
+-------------------+--------------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------------+
| allocation_pools | fddd:fd72:8298::2-fddd:fd72:8298:0:ffff:ffff:ffff:ffff |
| cidr | fddd:fd72:8298::/64 |
| created_at | 2016-10-31T20:17:44Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | fddd:fd72:8298::1 |
| headers | |
| host_routes | |
| id | 96bf9b9f-736b-46c3-86f0-029c6d5f6e92 |
| ip_version | 6 |
| ipv6_address_mode | slaac |
| ipv6_ra_mode | slaac |
| name | isolated-ipv6-subnet |
| network_id | 7044aa9b-937f-4f7d-9073-00512f88a066 |
| project_id | 6d80770322b64b8ba57038788004e93e |
| project_id | 6d80770322b64b8ba57038788004e93e |
| revision_number | 2 |
| service_types | |
| subnetpool_id | None |
| updated_at | 2016-10-31T20:17:44Z |
+-------------------+--------------------------------------------------------+
$ openstack server create --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --nic net-id=7044aa9b-937f-4f7d-9073-00512f88a066 test-server
+--------------------------------------+----------------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | iTkyyFge6Z5C |
| config_drive | |
| created | 2016-10-31T20:19:34Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | f494a313-df9e-494e-a203-ced29d3e9759 |
| image | cirros-0.3.4-x86_64-uec (2eee9b4a-a5d9-4de0-bc35-350093dab3b9) |
| key_name | None |
| name | test-server |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 6d80770322b64b8ba57038788004e93e |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2016-10-31T20:19:34Z |
| user_id | 8666967e103a43bfb90aed2e107946a6 |
+--------------------------------------+----------------------------------------------------------------+
Connect to the instance console and verify no IPv6 address aside from
a link-local address is assigned.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1638130/+subscriptions
Follow ups
