← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #93479

[Bug 2006949] Re: SLAAC and stateless DHCP are not working with stateless SG

  Thread PreviousDate PreviousThread Next 
It was fixed in OVN with https://github.com/ovn-
org/ovn/commit/071cd7385f4aaf6e0e4635aa16a84e174b53d4ef

** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2006949

Title:
  SLAAC and stateless DHCP are not working with stateless SG

Status in neutron:
  Fix Released

Bug description:
  Bug originally found by Alex Katz and reported in the bugzilla:
  https://bugzilla.redhat.com/show_bug.cgi?id=2149731

  Description of problem:
  When a stateless security group is attached to the instance it fails to get an IPv6 address using SLAAC or stateless DHCP. An explicit rule is required to allow ICMPv6 traffic.

  Checked with the custom security group (only egress traffic is
  allowed) as well as with the default security group (egress and
  ingress from the same SG are allowed).


  Version-Release number of selected component (if applicable):
  RHOS-17.1-RHEL-9-20221115.n.2
  Red Hat Enterprise Linux release 9.1 (Plow)

  How reproducible:
  100%

  
  Steps to Reproduce:
  openstack network create net_dual_slaac
  openstack subnet create --subnet-range 10.100.1.0/24 --network net_dual_slaac subnet_dual_slaac
  openstack subnet create --subnet-range 2001:0:0:1::0/64 --ip-version 6 --ipv6-ra-mode slaac --ipv6-address-mode slaac --network net_dual_slaac subnet_dual_slaac_ipv6
  openstack router create router_test_boot
  EXT_NET=`openstack network list --external -f value -c Name`
  openstack router set --external-gateway $EXT_NET router_test_boot
  openstack router add subnet router_test_boot subnet_dual_slaac
  openstack security group create --stateless test_sg
  openstack server create --image <IMG> --flavor <FLAV> --network net_dual_slaac --security-group test_sg vm_1

  Actual results:
  only IPv4 address appear on the instance

  
  Expected results:
  IPv6 address is expected

  Additional info:
  can be worked around by adding icmpv6 rule:
  # openstack security group rule create --ingress --protocol icmpv6 test_sg

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2006949/+subscriptions

References

  Thread PreviousDate PreviousThread Next