yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1722126] [NEW] Incorrect IPv6 lease entries cause DHCPNAKs from Dnsmasq in dual stack DHCPv6 stateful network configuration

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Oladimeji Fayomi <fayomidimeji@xxxxxxxxx>
Date: Sun, 08 Oct 2017 22:59:49 -0000
Reply-to: Bug 1722126 <1722126@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

In a dual stack network with DHCPv6 stateful network configuration, Neutron DHCP Agent
uses the IPv4 lease entry format to write IPv6 lease entries in the fake lease file
used to bootstrap Dnsmasq after agent is restarted or migrated from one node to the
other. As a result, the lease file gets corrupted and overwritten by Dnsmasq after encountering the
invalid IPv6 lease entries and this causes a DHCPNAK when IPv4 clients try to renew
their leases with the Dnsmasq process.

>From the Dnsmasq mailing list, a lease entry for DHCPv4 consists of these fields
seperated by spaces:

- The expiration time (seconds since unix epoch) or duration
(if dnsmasq is compiled with HAVE_BROKEN_RTC) of the lease.
0 means infinite.

- The link address, in format XX-YY:YY:YY[...], where XX is the ARP
hardware type. "XX-" may be omitted for Ethernet.

- The IPv4 address

- The hostname (sent by the client or assigned by dnsmasq)
or '*' for none.

- The client identifier (colon-separated hex bytes)
or '*' for none.

While a DHCPv6 lease entry has these fields:

- The expiration time or duration

- The IAID as a Big Endian decimal number, prefixed by T for
IA_TAs (temporary addresses).

- The IPv6 address

- The hostname or '*'

- The client DUID (colon-separated hex bytes) or '*' if unknown.[1]

For DHCPv6, there must also be exactly one special entry indicating
the DUID of the server. This line contains two fields:

- The string "duid".

- The DUID of the server.

See http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010595.html for
more info about the discussion.

Symptoms:
---------
Currently, the _output_init_lease_file function in neutron/agent/linux/dhcp.py
writes lease entries for both IPv4 and IPv6 like this:

1506979604 fa:16:3e:07:b4:26 10.0.1.128 * *
1506979604 fa:16:3e:07:b4:26 [2404:130:21:4000::24c] * *
1506979604 fa:16:3e:20:20:a9 10.0.1.83 * *
1506979604 fa:16:3e:26:cf:8a 10.0.1.135 * *

** Affects: neutron
Importance: Undecided
Status: New

** Tags: agent dhcp neutron

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1722126

Title:
Incorrect IPv6 lease entries cause DHCPNAKs from Dnsmasq in dual stack
DHCPv6 stateful network configuration

Status in neutron:
New

Bug description:
In a dual stack network with DHCPv6 stateful network configuration, Neutron DHCP Agent
uses the IPv4 lease entry format to write IPv6 lease entries in the fake lease file
used to bootstrap Dnsmasq after agent is restarted or migrated from one node to the
other. As a result, the lease file gets corrupted and overwritten by Dnsmasq after encountering the
invalid IPv6 lease entries and this causes a DHCPNAK when IPv4 clients try to renew
their leases with the Dnsmasq process.

From the Dnsmasq mailing list, a lease entry for DHCPv4 consists of these fields
seperated by spaces: