neutron

IPv6 Router Advertisements are blocked in secgroups when using radvd based networks

Bug #1402407 reported by Nir Magnezi
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Ihar Hrachyshka
neutron 2015.1.0 "kilo"
Juno
Fix Released
Undecided
Unassigned
neutron 2014.2.2

Bug Description

Description of problem:
=======================
Discovered in: https://bugzilla.redhat.com/show_bug.cgi?id=1173987

I Created n radvd IPv6 subnet with:
1. ipv6_ra_mode: dhcpv6-stateless
2. ipv6_address_mode: dhcpv6-stateless

Version-Release number of selected component (if applicable):
=============================================================
openstack-neutron-2014.2.1-2

How reproducible:
=================
100%

Steps to Reproduce:
===================
1. Create an IPv4 neutron network (might not be mandatory but this is how I did it):
   # neutron net-create internal_ipv4_a --shared

2. Create an IPv4 subnet:
   # neutron subnet-create <IPv4_net_id> 192.168.1.0/24 --name internal_ipv4_a_subnet --ip-version 4

3. Create an IPv6 neutron network:
   # neutron net-create tenant_a_radvd_stateless --shared --provider:network_type=gre --provider:segmentation_id=123

4. Create an IPv6 subnet:
   # neutron subnet-create <IPv6_net_id> 2001:1234:1234::/64 --name internal_ipv6_subnet --ipv6-ra-mode dhcpv6-stateless --ipv6-address-mode dhcpv6-stateless --dns-nameserver 2001:4860:4860::8888 --ip-version 6

5. Create a neutron router:
   # neutron router-create router1

6. Attach subnets to the router
   # neutron router-interface-add <router_id> <ipv4_subnet>
   # neutron router-interface-add <router_id> <ipv6_subnet>

7. boot an instance with that network
   # nova boot tenant_a_instance_radvd_stateless --flavor m1.small --image <image_id> --key-name keypair --security-groups default --nic net-id=<ipv4_net_id> --nic net-id=<ipv6_net_id>

Actual results:
===============
1. RAs reach the instance qbr but not to the instance tap device.
2. Instance did not obtain IPv6 address.

Expected results:
=================
IPv6 Router Advertisements should reach the instance.

Additional info:
================
1. Compute node and L3 agent deployed on different servers.
2. Communication between the nodes (RAs) done via GRE tunnels.
3. This worked before openstack-neutron-2014.2-11
4. Tested with RHEL7

See original description
Numan Siddique (numansiddique)
Changed in neutron:
assignee: nobody → Numan Siddique (numansiddique)
Eugene Nikanorov (enikanorov)
tags: added: ipv6
Changed in neutron:
importance: Undecided → Medium
description: updated
Ihar Hrachyshka (ihar-hrachyshka)
Changed in neutron:
assignee: Numan Siddique (numansiddique) → Ihar Hrachyshka (ihar-hrachyshka)
Revision history for this message
Ihar Hrachyshka (ihar-hrachyshka) wrote :

Subnets do not have gateway_ip set, so no RA rules are set for them. This should be solved by: https://review.openstack.org/#/c/135872/ that is already merged (we just need to backport it to Juno; backport is also requested: https://review.openstack.org/142002).

Changed in neutron:
status: New → Fix Committed
Thierry Carrez (ttx)
Changed in neutron:
milestone: none → kilo-1
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/juno)

Reviewed: https://review.openstack.org/142002
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=2f97180833958da7b99b51232561df7201bb3caf
Submitter: Jenkins
Branch: stable/juno

commit 2f97180833958da7b99b51232561df7201bb3caf
Author: sridhargaddam <email address hidden>
Date: Thu Nov 20 07:39:54 2014 +0000

    Auto allocate gateway_ip even for SLAAC subnets

    For a SLAAC subnet that is created without specifying the gateway_ip,
    Neutron currently allocates (If0c48a7287a828eef4a0f0b0859d4f898d2937bd)
    the gateway_ip at a later stage (i.e., neutron router_interface_add).
    In order to keep the API consistent between IPv4 and IPv6, it is
    recommended to allocate the gateway_ip during subnet_create stage itself.

    Closes-Bug: #1402407
    Closes-Bug: #1394112
    Partial-Bug: #1377985
    Change-Id: I965232930502c21b605fe360bb138bb6ea73d2b0
    (cherry picked from commit 66dcb8b935a00e7f7566802d662ebb1f265eab1f)

tags: added: in-stable-juno
Thierry Carrez (ttx)
Changed in neutron:
milestone: kilo-1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.