slaac no longer works on IPv6 tenant subnets
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Low
|
Brian Haley |
Bug Description
Nova instances no longer get an IPv6 address using slaac on tenant subnets.
Using a standard devstack install with "SERVICE_
[ml2]
tenant_
extension_drivers = port_security
mechanism_drivers = openvswitch,
network:
+------
| Field | Value |
+------
| admin_state_up | UP |
| availability_
| availability_zones | nova |
| created_at | 2020-07-
| description | |
| dns_domain | None |
| id | e8258754-
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| location | cloud='', project.
| | project.
| | project.
| | project.
| | zone= |
| mtu | 1450 |
| name | lb-mgmt-net |
| port_security_
| project_id | 08c84a34e4c34da
| provider:
| provider:
| provider:
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | 2f17a970-
| tags | |
| updated_at | 2020-07-
+------
Subnet:
+------
| Field | Value |
+------
| allocation_pools | fd00:0:
| cidr | fd00:0:0:42::/64 |
| created_at | 2020-07-
| description | |
| dns_nameservers | |
| dns_publish_
| enable_dhcp | True |
| gateway_ip | fd00:0:0:42:: |
| host_routes | |
| id | 2f17a970-
| ip_version | 6 |
| ipv6_address_mode | slaac |
| ipv6_ra_mode | slaac |
| location | cloud='', project.
| | project.
| | project.
| | project.
| name | lb-mgmt-subnet |
| network_id | e8258754-
| prefix_length | None |
| project_id | 08c84a34e4c34da
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-07-
+------
Security group:
+------
| Field | Value |
+------
| created_at | 2020-07-
| description | lb-mgmt-sec-grp |
| id | e1a03546-
| location | cloud='', project.
| | project.
| | project.
| | project.
| name | lb-mgmt-sec-grp |
| project_id | 08c84a34e4c34da
| revision_number | 4 |
| rules | created_
| | ethertype='IPv4', |
| | id='806d16f3-
| | updated_
| | created_
| | ethertype='IPv6', |
| | id='c1fa3d4f-
| | port_range_
| | remote_
| | created_
| | ethertype='IPv6', |
| | id='d9e6ea44-
| | protocol=
| | updated_
| | created_
| | ethertype='IPv6', |
| | id='e47a799d-
| | port_range_
| | protocol='tcp', remote_
| | updated_
| | created_
| | ethertype='IPv6', id='fddd23d8-
| | bad470e3eeb8', updated_
| stateful | True |
| tags | [] |
| updated_at | 2020-07-
+------
Boot a nova instance on this network/subnet:
+------
| Field | Value |
+------
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-
| OS-EXT-
| OS-EXT-
| OS-EXT-
| OS-EXT-
| OS-EXT-
| OS-EXT-STS:vm_state | active |
| OS-SRV-
| OS-SRV-
| accessIPv4 | |
| accessIPv6 | |
| addresses | lb-mgmt- |
| | net=fd00:
| config_drive | True |
| created | 2020-07-
| flavor | m1.amphora |
| | (8e2df9bb-
| hostId | 4569b0d1a044a24
| | acf551c6dd13220daa |
| id | 418b4304-
| image | amphora-x64-haproxy |
| | (4d1800d5-
| key_name | octavia_ssh_key |
| name | amphora-
| | 67fff6 |
| progress | 0 |
| project_id | 08c84a34e4c34da
| properties | |
| security_groups | name='lb-
| status | ACTIVE |
| updated | 2020-07-
| user_id | 4316f8b3e21d4de
| volumes_attached | |
+------
This all looks ok, but the instance will never receive an IP address on the fd00::42: subnet like it has in the past.
The dnsmasq process for this subnet:
nobody 30554 1 0 15:55 ? 00:00:00 dnsmasq --no-hosts --pid-file=
The only running radvd process has the following config file:
interface qr-1518a0f2-75
{
AdvSendAdvert on;
MinRtrAdvInt
MaxRtrAdvInt
AdvLinkMTU 1450;
prefix fdf2:3712:3235::/64
{
AdvOnLink on;
};
};
NetNS information:
ip netns exec qdhcp-e8258754-
root@devstack:
1: lo: <LOOPBACK,
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
13: tap610b5474-94: <BROADCAST,
link/ether fa:16:3e:bf:e4:a6 brd ff:ff:ff:ff:ff:ff
inet6 fd00::42:
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
tcpdump:
tcpdump -nli tap610b5474-94
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap610b5474-94, link-type EN10MB (Ethernet), capture size 262144 bytes
17:31:21.407531 IP6 fd00::42:
17:31:23.435505 IP6 fd00::42:
17:31:24.451503 IP6 fd00::42:
17:31:25.471526 IP6 fd00::42:
It appears to me that there is nothing on the network responding to the neighbor solicitations for SLAAC.
Adding a router to the subnet starts a radvd and the nova instance gets an IP address.
I guess something changed that subnets without a router don't have slaac support? Isn't dnsmasq supposed to be providing slaac (I would have expected to see ra-only in the dnsmasq command line)? Are there no tests for slaac subnets?