Wrong IP prefix length checking

Bug #1643912 reported by Slobodan Blatnjak
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Invalid
Medium
Sahil Sabharwal

Bug Description

A virtual network + a subnet with a CIDR of 2001:db8:1111:2222:3333:4444::/64 can be created. This CIDR network is invalid, since more than 64 bits are given.

Contrail must check that the network including prefix length is valid.

Impacts on this on the components (vrouter, ...) have not been assessed.

We miss that verification on both client and server side.

Successfully created two networks with following subnets (3.0.2):

Subnet(s)
CIDR Gateway DNS DHCP Allocation Pools
2001:db8:1111:2222:3333:4444::/64 2001:db8:1111:2222::1 Enabled Enabled -
Name IPv6A

Subnet(s)
CIDR Gateway DNS DHCP Allocation Pools
2001:db8:1111:2222:3333:4445::/64 2001:db8:1111:2222:3333:4445:0:1 Enabled Enabled -

Tags: config dt
Jeba Paulaiyan (jebap)
Changed in juniperopenstack:
milestone: none → r4.0
importance: Undecided → Medium
Changed in juniperopenstack:
assignee: nobody → Sachin Bansal (sbansal)
Sachin Bansal (sbansal)
Changed in juniperopenstack:
assignee: Sachin Bansal (sbansal) → ssabharwal@juniper.net (ssabharwal)
Revision history for this message
Sahil Sabharwal (ssabharwal) wrote :

Hi Slobodan,
  So just to make sure that we are on the same page, the check the you want us to add is for validating the prefix length. For eg. the network(IPv6) with prefix length greater than 64 bits can not be created.

Thanks,
Sahil

Revision history for this message
Slobodan Blatnjak (sblatnjak) wrote :

Yes, subnet prefix always contains 64 bits. In 2001:db8:1111:2222:3333:4444::/64 we have more than 64 bits.

Revision history for this message
Sachin Bansal (sbansal) wrote :

Slobodan,

Even though there are more than 64 bits, the prefix is valid. It is also accepted by python netaddr:
>>> import netaddr
>>> x=netaddr.IPNetwork('2001:db8:1111:2222:3333:4444::/64')
>>> str(x)
'2001:db8:1111:2222:3333:4444::/64'

Do you see any functionality impact?

Changed in juniperopenstack:
status: New → Invalid
Revision history for this message
Slobodan Blatnjak (sblatnjak) wrote :

Hi Sachin,

There is no functionality impact reported.

check_subnet_overlap works. Tried to add new subnet '2001:db8:1111:2222:3334:4445::/64' to the same network which has '2001:db8:1111:2222:3333:4444::/64' and got:
Error: Overlapping addresses: [IPNetwork('2001:db8:1111:2222:3333:4444::/64'), IPNetwork('2001:db8:1111:2222:3334:4445::/64')]

You can close the bug.
Will ask DT for case closure.

Thanks,
Slobodan

Revision history for this message
Slobodan Blatnjak (sblatnjak) wrote :

Hi Sachin,

Checked with DT, they would like to see this fixed.

Although there is no functional impact, the impact on operations is there, for exampling, when looking at the GUI output, people may be led into wrong assumptions.

Also, typos cannot be detected.

Thanks,
Slobodan

Changed in juniperopenstack:
status: Invalid → In Progress
information type: Public → Public Security
information type: Public Security → Public
Revision history for this message
Sachin Bansal (sbansal) wrote :

We don’t see this as a bug. The prefix mentioned above is also accepted as valid by the netaddr package.

Changed in juniperopenstack:
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.