← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #81947

[Bug 1864225] Re: IP allocation for stateless IPv6 does not filter on segment when fixed-ips contain a subnet_id

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/709444
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7e09e72661b0b3a0f898c20d451e204aa7a17194
Submitter: Zuul
Branch:    master

commit 7e09e72661b0b3a0f898c20d451e204aa7a17194
Author: Harald Jensås <hjensas@xxxxxxxxxx>
Date:   Thu Feb 27 02:38:13 2020 +0100

    Filter subnets on fixed_ips segment
    
    For v6_stateless IP addresses for all stateless
    subnets within a network are implicitly included.
    
    When using segments implicitly allocating addresses
    across subnets on different segments is incorrect.
    IPs from subnets on differnt segments was allocated
    when no host binding information was available
    but a subnet_id in fixed_ips request was present.
    
    This change adds filtering based on segment_id when
    fixed_ips are used. If fixed_ips are not all on the
    same segment exception FixedIpsSubnetsNotOnSameSegment
    is raised.
    
    Related: rhbz#1803989
    Related-Bug: #1864333
    Related-Bug: #1865138
    Closes-Bug: #1864225
    Change-Id: I336ae76283f29dd226344fb454aaa0e4aac030ea


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1864225

Title:
  IP allocation for stateless IPv6 does not filter on segment when
  fixed-ips contain a subnet_id

Status in neutron:
  Fix Released

Bug description:
  Network 45b993b2-5224-409e-9756-0be190a19cf5 with two segments and two
  subnets:

  $ openstack network segment list --network provider -f yaml
  - ID: 612f96f0-7682-49f7-bfc2-c52437f6e948
    Name: provider-segment1
    Network: 45b993b2-5224-409e-9756-0be190a19cf5
    Network Type: flat
    Segment: null
  - ID: 9632dc77-d8d1-4d2b-afab-23568f1d475f
    Name: provider-segment2
    Network: 45b993b2-5224-409e-9756-0be190a19cf5
    Network Type: flat
    Segment: null

  $ openstack subnet list --network provider -f yaml
  - ID: 926269c1-b05e-4b48-bafe-6be8e9cbd12c
    Name: provider-subnet1
    Network: 45b993b2-5224-409e-9756-0be190a19cf5
    Subnet: dead:beef:1::/64
  - ID: cdec94ce-8e3b-4c5b-aba2-13271f8b8b91
    Name: provider-subnet2
    Network: 45b993b2-5224-409e-9756-0be190a19cf5
    Subnet: dead:beef:2::/64

  $ openstack subnet show -c segment_id -c ipv6_address_mode \
      -c ipv6_ra_mode -c address_mode provider-subnet1
  +-------------------+--------------------------------------+
  | Field             | Value                                |
  +-------------------+--------------------------------------+
  | ipv6_address_mode | dhcpv6-stateless                     |
  | ipv6_ra_mode      | dhcpv6-stateless                     |
  | segment_id        | 612f96f0-7682-49f7-bfc2-c52437f6e948 |
  +-------------------+--------------------------------------+

  $ openstack subnet show -c segment_id -c ipv6_address_mode \
      -c ipv6_ra_mode -c address_mode provider-subnet2
  +-------------------+--------------------------------------+
  | Field             | Value                                |
  +-------------------+--------------------------------------+
  | ipv6_address_mode | dhcpv6-stateless                     |
  | ipv6_ra_mode      | dhcpv6-stateless                     |
  | segment_id        | 9632dc77-d8d1-4d2b-afab-23568f1d475f |
  +-------------------+--------------------------------------+

  
  The two subnets have stateless address mode and are on different segments.

  When creating port, openstack port create --network provider test-
  port1 ip allocation is deffered because segments are used and no host
  id is provided.

  When creating a port with a subnet specified in fixed-ips the implicit
  address allocation for stateless subnets will allocate an address in
  both subnets.

  $ openstack port create --network provider \
    --fixed-ip=subnet=provider-subnet1 test-port1 \
    -c fixed_ips -f yaml
  fixed_ips:
  - ip_address: dead:beef:1:0:f816:3eff:fe9f:4907
    subnet_id: 926269c1-b05e-4b48-bafe-6be8e9cbd12c
  - ip_address: dead:beef:2:0:f816:3eff:fe9f:4907
    subnet_id: cdec94ce-8e3b-4c5b-aba2-13271f8b8b91

  
  Upon trying to bind this port later as part of provisioning with Ironic, this fails because fixed_ips included invalid subnet.
  ---
  Failed to provision instance 3340fad9-93a6-4915-a87f-5f79cb647e03: Failed to prepare to deploy: Unable to set binding:host_id for neutron port c83d24aa-4167-4d37-9d1a-833290d55d83. Error: Invalid input for operation: Failed to create port on network 94543fd0-3a89-4d15-ad0c-ee1da99a63a4, because fixed_ips included invalid subnet 9c463bf7-0d6b-498e-a8b5-2c6c8bef7b56
  ---

  This happens because all subnets are returned as candidates when fixed_ips is specified, despite that host id is not included:
  https://opendev.org/openstack/neutron/src/branch/master/neutron/objects/subnet.py#L330-L337
  Then addresses for all stateless subnets in the candidates are allocated:
  https://opendev.org/openstack/neutron/src/branch/master/neutron/db/ipam_pluggable_backend.py#L256

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1864225/+subscriptions

References

  Thread PreviousDate PreviousThread Next