OpenStack Compute (nova)

hairpin mode on vnet bridge ports causes false positives on IPv6 duplicate address detection

Bug #1229625 reported by Bernhard M. Wiedemann on 2013-09-24

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Medium	Bernhard M. Wiedemann	OpenStack Compute (nova) 2014.1 "icehouse"
	Havana	Fix Released	Medium	Kevin Bringard	OpenStack Compute (nova) 2013.2.4

Bug Description

This is bug 1011134 again happening in a cloud that does not have the ipv6 flag set,
so the previous patch from https://review.openstack.org/14017
is not used.
Guest VMs will try to configure IPv6 link-local addrs even without the outer parts supporting it
and can throw errors when they see inbound packets with their own MAC address.

Note: I think, this bug can not be unit-tested as it requires a complex setup including running a VM in a cloud.

Tags:

OpenStack Infra (hudson-openstack) on 2013-09-24

Changed in nova:
assignee:	nobody → Bernhard M. Wiedemann (ubuntubmw)
status:	New → In Progress

GuoHui Liu (guohliu) on 2013-09-24

tags:

added: network

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-08: Fix merged to nova (master)

Reviewed: https://review.openstack.org/45389
Committed: http://github.com/openstack/nova/commit/9c044d2c94812e18cf84927fbf719cd073fe6c4f
Submitter: Jenkins
Branch: master

commit 9c044d2c94812e18cf84927fbf719cd073fe6c4f
Author: Bernhard M. Wiedemann <email address hidden>
Date: Fri Sep 6 09:47:49 2013 +0200

Always filter out multicast from reflection

    Instances will try IPv6 neighbour discovery via multicast
    even in an IPv4-only cloud and can throw errors
    if they see inbound packets from their own MAC address

Closes-bug: #1229625

Change-Id: I3539e788fe07519d87ce7c3800c5d38b7bd99d3b

Changed in nova:
status:	In Progress → Fix Committed

Russell Bryant (russellb) on 2013-12-03

Changed in nova:
milestone:	none → icehouse-1

Thierry Carrez (ttx) on 2013-12-04

Changed in nova:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in nova:
milestone:	icehouse-1 → 2014.1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-05: Fix proposed to nova (stable/havana)

Fix proposed to branch: stable/havana
Review: https://review.openstack.org/112026

Kevin Bringard (kbringard) on 2014-08-18

tags:

added: havana-backport-potential

Alan Pevec (apevec) on 2014-09-18

Changed in nova:
importance:	Undecided → Medium

Alan Pevec (apevec) on 2014-09-18

tags:

removed: havana-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-19: Fix merged to nova (stable/havana)

Reviewed: https://review.openstack.org/112026
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=3dc8676ab6f216af5d22ac1df1a4b34bccb1c27e
Submitter: Jenkins
Branch: stable/havana

commit 3dc8676ab6f216af5d22ac1df1a4b34bccb1c27e
Author: Bernhard M. Wiedemann <email address hidden>
Date: Fri Sep 6 09:47:49 2013 +0200

Always filter out multicast from reflection

    Instances will try IPv6 neighbour discovery via multicast
    even in an IPv4-only cloud and can throw errors
    if they see inbound packets from their own MAC address

Closes-bug: #1229625

Change-Id: I3539e788fe07519d87ce7c3800c5d38b7bd99d3b
(cherry picked from commit 9c044d2c94812e18cf84927fbf719cd073fe6c4f)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.