← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2111891] [NEW] IPv6 Subnet-Router anycast address inappropriately used for gateway_ip when specifying --subnet-range

 

Public bug reported:

When creating an IPv6 subnet and using the --subnet-range option, the
gateway_ip address gets set to the all-zeroes Subnet-Router anycast
address (cf. RFC 4291 section 2.6.1).

This is not ideal, because this address is only usable by nodes which
are not themselves routers. In other words, if one does "sysctl
net/ipv6/conf/all/forwarding=1" on the VM, it will lose external
connectivity. This is because setting this sysctl makes the VM a router,
which in turn means that it considers the Subnet-Router anycast address
as a local address, essentially making itself its own default gateway,
which obviously does not work.

This how to easily reproduce:

❯ openstack subnet create --use-default-subnet-pool --subnet-range 2a02:c0:1000:abcd::/64 --ip-version 6 --network testnet testsubnet -c cidr -c gateway_ip 
+------------+------------------------+
| Field      | Value                  |
+------------+------------------------+
| cidr       | 2a02:c0:1000:abcd::/64 |
| gateway_ip | 2a02:c0:1000:abcd::    |
+------------+------------------------+

Note that this does not happen if not using --subnet-range, instead
letting Neutron pick a prefix from the pool. In that case, the address
used for gateway_ip is the "1" address (Subnet-Router+1):

❯ openstack subnet create --use-default-subnet-pool --ip-version 6 --network testnet testsubnet -c cidr -c gateway_ip 
+------------+------------------------+
| Field      | Value                  |
+------------+------------------------+
| cidr       | 2a02:c0:1000:abcc::/64 |
| gateway_ip | 2a02:c0:1000:abcc::1   |
+------------+------------------------+

This is a more sensible default behaviour, and I believe it should be
used when --subnet-range is in use as well.

Observed on OpenStack 2025.1.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2111891

Title:
  IPv6 Subnet-Router anycast address inappropriately used for gateway_ip
  when specifying --subnet-range

Status in neutron:
  New

Bug description:
  When creating an IPv6 subnet and using the --subnet-range option, the
  gateway_ip address gets set to the all-zeroes Subnet-Router anycast
  address (cf. RFC 4291 section 2.6.1).

  This is not ideal, because this address is only usable by nodes which
  are not themselves routers. In other words, if one does "sysctl
  net/ipv6/conf/all/forwarding=1" on the VM, it will lose external
  connectivity. This is because setting this sysctl makes the VM a
  router, which in turn means that it considers the Subnet-Router
  anycast address as a local address, essentially making itself its own
  default gateway, which obviously does not work.

  This how to easily reproduce:

  ❯ openstack subnet create --use-default-subnet-pool --subnet-range 2a02:c0:1000:abcd::/64 --ip-version 6 --network testnet testsubnet -c cidr -c gateway_ip 
  +------------+------------------------+
  | Field      | Value                  |
  +------------+------------------------+
  | cidr       | 2a02:c0:1000:abcd::/64 |
  | gateway_ip | 2a02:c0:1000:abcd::    |
  +------------+------------------------+

  Note that this does not happen if not using --subnet-range, instead
  letting Neutron pick a prefix from the pool. In that case, the address
  used for gateway_ip is the "1" address (Subnet-Router+1):

  ❯ openstack subnet create --use-default-subnet-pool --ip-version 6 --network testnet testsubnet -c cidr -c gateway_ip 
  +------------+------------------------+
  | Field      | Value                  |
  +------------+------------------------+
  | cidr       | 2a02:c0:1000:abcc::/64 |
  | gateway_ip | 2a02:c0:1000:abcc::1   |
  +------------+------------------------+

  This is a more sensible default behaviour, and I believe it should be
  used when --subnet-range is in use as well.

  Observed on OpenStack 2025.1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2111891/+subscriptions