Can not add router interface to SLAAC network

Bug #1382076 reported by Sagi (Sergey) Shnaidman
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Sridhar Gaddam
Juno
Fix Released
Undecided
Unassigned

Bug Description

Looks like after resolving of https://bugs.launchpad.net/neutron/+bug/1330826 it's impossible now to connect router to subnet with SLAAC addressing.

Steps to reproduce:

$ neutron net-create netto
$ neutron subnet-create --ip_version 6 --ipv6-address-mode slaac --ipv6-ra-mode slaac netto 2021::/64
$ neutron router-create netrouter
$ neutron router-interface-add {router_id} {subnet_id}

The error is:
Invalid input for operation: IPv6 address 2021::1 can not be directly assigned to a port on subnet 8cc737a7-bac1-4fbc-b03d-dfdac7194c08 with slaac address mode.

** The same behaviour if you set gateway explicitly to fixed IP address like 2022::7:
$ neutron subnet-create --ip_version 6 --gateway 2022::7 --ipv6-address-mode slaac --ipv6-ra-mode slaac netto 2022::/64
$ neutron router-interface-add {router_id} {subnet_id}
Invalid input for operation: IPv6 address 2022::7 can not be directly assigned to a port on subnet f4ebf914-9749-49e4-9498-5c10c7bf9a5d with slaac address mode.

*** The same behaviour if we use dhcpv6-stateless instead of SLAAC.

1. It should be legal possibility to add port with fixed IP to SLAAC/stateless networks.
2. When router add its interface to SLAAC subnet it should receive its own SLAAC address by default, if fixed IP address is not specified explicitly.

Revision history for this message
Baodong (Robert) Li (baoli) wrote :

Looks like we have more work to do in this area. Neutron allocates a gateway_ip when creating a subnet, in the same time creating allocation_pool for this subnet.

The issue with allowing fixed_ip in SLAAC subnet is that it's not possible to give this address to the VM. But this is not an issue with the gateway_ip in the case of neutron router. So the fix could be
 -- create the gateway_ip with eui64, and don't allow --gateway-ip to be specified in the case of slaac subnet.
 -- honor it, but check the owner of the IP when testing the ip address. And if the owner is the router, accept it; otherwise, error.

Consider https://review.openstack.org/#/c/101433/14 which tried to use eui64 for all the ports in a slaac subnet, but apparently the router port is missed out. Therefore solution 1 seems to be preferred.

In any case, allocation pool is not necessary to be maintained for a SLAAC subnet.

Changed in neutron:
assignee: nobody → Sridhar Gaddam (sridhargaddam)
Changed in neutron:
importance: Undecided → Medium
Changed in neutron:
status: New → In Progress
Revision history for this message
Sridhar Gaddam (sridhargaddam) wrote :

@baoli, regarding the comment: "create the gateway_ip with eui64, and don't allow --gateway-ip to be specified in the case of slaac subnet."
I'm afraid, we cannot do this, as the subnet could be for a provider network where the router is an external router and user may be interested in configuring the --gateway-ip of the external router.

Revision history for this message
Sridhar Gaddam (sridhargaddam) wrote :

Neutron allocates the gateway_ip (if not specified) to the first IP address in the subnet CIDR and the gateway_ip is stored as part of subnet details.
So, by the time the request to attach the subnet gateway to the router is received, the gateway_ip is already allocated/reserved in the subnet.

For this particular Bug, there are two cases to consider...
1. When the gateway_ip is not specified as part of subnet creation.
2. Gateway_ip is specified and is part of subnet CIDR.

For the first case, IMO it would be ideal if Neutron does not reserve any gateway_ip address in create_subnet and allocate (based on EUI-64 addressing - as MAC address is allocated only during port creation) it only when the request to attach to the router interface is seen.
On the other hand, if the user creates the subnet with gateway_ip which is part of subnet CIDR, we can modify Neutron to check the port owner and if it happens to be the router, accept it.

I'm planning to submit a patch with this change and would like to hear the comments. Thanks.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/129865

Revision history for this message
Sagi (Sergey) Shnaidman (sshnaidm) wrote :

Thanks, Sridhar. I agree with your solution.

However I still don't understand why it's not allowed to have static IP ("fixed" in terms of neutron) in SLAAC networks, but it looks like related to 1330826 discussion.

Kyle Mestery (mestery)
Changed in neutron:
milestone: none → kilo-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/129865
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=95accb535017f1384b38b12eb78f0e58287d8e08
Submitter: Jenkins
Branch: master

commit 95accb535017f1384b38b12eb78f0e58287d8e08
Author: sridhargaddam <email address hidden>
Date: Tue Oct 21 10:08:10 2014 +0000

    Allow to add router interface to IPv6 SLAAC network

    This patch will allow an IPv6 subnet configured with SLAAC
    (or dhcpv6-stateless) to be attached to a router interface.

    Closes-Bug: #1382076
    Change-Id: If0c48a7287a828eef4a0f0b0859d4f898d2937bd

Changed in neutron:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/133411

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/juno)

Reviewed: https://review.openstack.org/133411
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=6efe68b58fae2c08543b9f8e13fe7e1acd33a01e
Submitter: Jenkins
Branch: stable/juno

commit 6efe68b58fae2c08543b9f8e13fe7e1acd33a01e
Author: sridhargaddam <email address hidden>
Date: Tue Oct 21 10:08:10 2014 +0000

    Allow to add router interface to IPv6 SLAAC network

    This patch will allow an IPv6 subnet configured with SLAAC
    (or dhcpv6-stateless) to be attached to a router interface.

    Closes-Bug: #1382076
    Change-Id: If0c48a7287a828eef4a0f0b0859d4f898d2937bd
    (cherry picked from commit 95accb535017f1384b38b12eb78f0e58287d8e08)

tags: added: in-stable-juno
Thierry Carrez (ttx)
Changed in neutron:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in neutron:
milestone: kilo-1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.