← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #61365

[Bug 1663077] [NEW] [ipv6] when slaas is setup as ipv6_address_mode ipv6-icmp packets are rejected by iptables

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Mitaka and Newton

Setting up subnet with ipv6 addressing for provider network (baremetal external router providing RA).
Expecting the advertising packets to be able to reach out to instance so that the instance can pick the subnet from the external router.

What happens:
Iptables on the compute node is only set up to allow certain types of ipv6-icmp:

-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j RETURN
-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j RETURN
-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j RETURN
-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN

while RA type is 134.
The list of available types most likely has to be extended in the Neutron constants or some deeper logic has to be implemented.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1663077

Title:
  [ipv6] when slaas is setup as ipv6_address_mode ipv6-icmp packets are
  rejected by iptables

Status in neutron:
  New

Bug description:
  Mitaka and Newton

  Setting up subnet with ipv6 addressing for provider network (baremetal external router providing RA).
  Expecting the advertising packets to be able to reach out to instance so that the instance can pick the subnet from the external router.

  What happens:
  Iptables on the compute node is only set up to allow certain types of ipv6-icmp:

  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j RETURN
  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j RETURN
  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j RETURN
  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN

  while RA type is 134.
  The list of available types most likely has to be extended in the Neutron constants or some deeper logic has to be implemented.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1663077/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next