← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #81708

[Bug 1864225] [NEW] IP allocation for stateless IPv6 does not filter on segment when fixed-ips contain a subnet_id

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Network 45b993b2-5224-409e-9756-0be190a19cf5 with two segments and two
subnets:

$ openstack network segment list --network provider -f yaml
- ID: 612f96f0-7682-49f7-bfc2-c52437f6e948
  Name: provider-segment1
  Network: 45b993b2-5224-409e-9756-0be190a19cf5
  Network Type: flat
  Segment: null
- ID: 9632dc77-d8d1-4d2b-afab-23568f1d475f
  Name: provider-segment2
  Network: 45b993b2-5224-409e-9756-0be190a19cf5
  Network Type: flat
  Segment: null

$ openstack subnet list --network provider -f yaml
- ID: 926269c1-b05e-4b48-bafe-6be8e9cbd12c
  Name: provider-subnet1
  Network: 45b993b2-5224-409e-9756-0be190a19cf5
  Subnet: dead:beef:1::/64
- ID: cdec94ce-8e3b-4c5b-aba2-13271f8b8b91
  Name: provider-subnet2
  Network: 45b993b2-5224-409e-9756-0be190a19cf5
  Subnet: dead:beef:2::/64

$ openstack subnet show -c segment_id -c ipv6_address_mode \
    -c ipv6_ra_mode -c address_mode provider-subnet1
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| ipv6_address_mode | dhcpv6-stateless                     |
| ipv6_ra_mode      | dhcpv6-stateless                     |
| segment_id        | 612f96f0-7682-49f7-bfc2-c52437f6e948 |
+-------------------+--------------------------------------+

$ openstack subnet show -c segment_id -c ipv6_address_mode \
    -c ipv6_ra_mode -c address_mode provider-subnet2
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| ipv6_address_mode | dhcpv6-stateless                     |
| ipv6_ra_mode      | dhcpv6-stateless                     |
| segment_id        | 9632dc77-d8d1-4d2b-afab-23568f1d475f |
+-------------------+--------------------------------------+


The two subnets have stateless address mode and are on different segments.

When creating port, openstack port create --network provider test-port1
ip allocation is deffered because segments are used and no host id is
provided.

When creating a port with a subnet specified in fixed-ips the implicit
address allocation for stateless subnets will allocate an address in
both subnets.

$ openstack port create --network provider \
  --fixed-ip=subnet=provider-subnet1 test-port1 \
  -c fixed_ips -f yaml
fixed_ips:
- ip_address: dead:beef:1:0:f816:3eff:fe9f:4907
  subnet_id: 926269c1-b05e-4b48-bafe-6be8e9cbd12c
- ip_address: dead:beef:2:0:f816:3eff:fe9f:4907
  subnet_id: cdec94ce-8e3b-4c5b-aba2-13271f8b8b91


Upon trying to bind this port later as part of provisioning with Ironic, this fails because fixed_ips included invalid subnet.
---
Failed to provision instance 3340fad9-93a6-4915-a87f-5f79cb647e03: Failed to prepare to deploy: Unable to set binding:host_id for neutron port c83d24aa-4167-4d37-9d1a-833290d55d83. Error: Invalid input for operation: Failed to create port on network 94543fd0-3a89-4d15-ad0c-ee1da99a63a4, because fixed_ips included invalid subnet 9c463bf7-0d6b-498e-a8b5-2c6c8bef7b56
---

This happens because all subnets are returned as candidates when fixed_ips is specified, despite that host id is not included:
https://opendev.org/openstack/neutron/src/branch/master/neutron/objects/subnet.py#L330-L337
Then addresses for all stateless subnets in the candidates are allocated:
https://opendev.org/openstack/neutron/src/branch/master/neutron/db/ipam_pluggable_backend.py#L256

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1864225

Title:
  IP allocation for stateless IPv6 does not filter on segment when
  fixed-ips contain a subnet_id

Status in neutron:
  New

Bug description:
  Network 45b993b2-5224-409e-9756-0be190a19cf5 with two segments and two
  subnets:

  $ openstack network segment list --network provider -f yaml
  - ID: 612f96f0-7682-49f7-bfc2-c52437f6e948
    Name: provider-segment1
    Network: 45b993b2-5224-409e-9756-0be190a19cf5
    Network Type: flat
    Segment: null
  - ID: 9632dc77-d8d1-4d2b-afab-23568f1d475f
    Name: provider-segment2
    Network: 45b993b2-5224-409e-9756-0be190a19cf5
    Network Type: flat
    Segment: null

  $ openstack subnet list --network provider -f yaml
  - ID: 926269c1-b05e-4b48-bafe-6be8e9cbd12c
    Name: provider-subnet1
    Network: 45b993b2-5224-409e-9756-0be190a19cf5
    Subnet: dead:beef:1::/64
  - ID: cdec94ce-8e3b-4c5b-aba2-13271f8b8b91
    Name: provider-subnet2
    Network: 45b993b2-5224-409e-9756-0be190a19cf5
    Subnet: dead:beef:2::/64

  $ openstack subnet show -c segment_id -c ipv6_address_mode \
      -c ipv6_ra_mode -c address_mode provider-subnet1
  +-------------------+--------------------------------------+
  | Field             | Value                                |
  +-------------------+--------------------------------------+
  | ipv6_address_mode | dhcpv6-stateless                     |
  | ipv6_ra_mode      | dhcpv6-stateless                     |
  | segment_id        | 612f96f0-7682-49f7-bfc2-c52437f6e948 |
  +-------------------+--------------------------------------+

  $ openstack subnet show -c segment_id -c ipv6_address_mode \
      -c ipv6_ra_mode -c address_mode provider-subnet2
  +-------------------+--------------------------------------+
  | Field             | Value                                |
  +-------------------+--------------------------------------+
  | ipv6_address_mode | dhcpv6-stateless                     |
  | ipv6_ra_mode      | dhcpv6-stateless                     |
  | segment_id        | 9632dc77-d8d1-4d2b-afab-23568f1d475f |
  +-------------------+--------------------------------------+

  
  The two subnets have stateless address mode and are on different segments.

  When creating port, openstack port create --network provider test-
  port1 ip allocation is deffered because segments are used and no host
  id is provided.

  When creating a port with a subnet specified in fixed-ips the implicit
  address allocation for stateless subnets will allocate an address in
  both subnets.

  $ openstack port create --network provider \
    --fixed-ip=subnet=provider-subnet1 test-port1 \
    -c fixed_ips -f yaml
  fixed_ips:
  - ip_address: dead:beef:1:0:f816:3eff:fe9f:4907
    subnet_id: 926269c1-b05e-4b48-bafe-6be8e9cbd12c
  - ip_address: dead:beef:2:0:f816:3eff:fe9f:4907
    subnet_id: cdec94ce-8e3b-4c5b-aba2-13271f8b8b91

  
  Upon trying to bind this port later as part of provisioning with Ironic, this fails because fixed_ips included invalid subnet.
  ---
  Failed to provision instance 3340fad9-93a6-4915-a87f-5f79cb647e03: Failed to prepare to deploy: Unable to set binding:host_id for neutron port c83d24aa-4167-4d37-9d1a-833290d55d83. Error: Invalid input for operation: Failed to create port on network 94543fd0-3a89-4d15-ad0c-ee1da99a63a4, because fixed_ips included invalid subnet 9c463bf7-0d6b-498e-a8b5-2c6c8bef7b56
  ---

  This happens because all subnets are returned as candidates when fixed_ips is specified, despite that host id is not included:
  https://opendev.org/openstack/neutron/src/branch/master/neutron/objects/subnet.py#L330-L337
  Then addresses for all stateless subnets in the candidates are allocated:
  https://opendev.org/openstack/neutron/src/branch/master/neutron/db/ipam_pluggable_backend.py#L256

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1864225/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next