neutron

Validate if fixed_ip given for port isn't the same as subnet's gateway_ip

Bug #1938788 reported by Slawek Kaplonski
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Won't Fix
High
Slawek Kaplonski

Bug Description

Currently when new port is created with fixed_ip given, neutron is not validating if that fixed_ip address isn't the same as subnet's gateway IP. That may cause problems, like e.g.:

$ openstack subnet show <subnet-id>
| allocation_pools | 10.0.0.2-10.0.0.254
| cidr | 10.0.0.0/24
| enable_dhcp | True
...
| gateway_ip | 10.0.0.1

$ nova boot --flavor test --image test --nic net-id=<network-id>,v4-fixed-ip=10.0.0.1 test-vm1

The instance will be created successfully, but after that, network communication issue could be happened since the gateway ip conflict.

So Neutron should forbid creation of the port with gateway's ip address if it is not router's port (device_owner isn't set for one of the router device owners).

Tags: l3-ipam-dhcp
Slawek Kaplonski (slaweq)
Changed in neutron:
assignee: nobody → Slawek Kaplonski (slaweq)
status: New → Triaged
tags: added: l3-ipam-dhcp
Oleg Bondarev (obondarev)
Changed in neutron:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/803334

Changed in neutron:
status: Triaged → In Progress
Revision history for this message
Oleg Bondarev (obondarev) wrote :

May it be some valid use case, where one would like to handle subnet gateway on a VM (VNF)?

Oleg Bondarev (obondarev)
Changed in neutron:
status: In Progress → Opinion
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (master)

Change abandoned by "Slawek Kaplonski <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/803334
Reason: After thinking more about it and after talking with Rodolfo, I think it is valid use case to set subnet's gateway on the vm e.g. to filter/log/monitor traffic going from all other vms in network. So this patch is not needed at all. Thx Oleg and Rodolfo for review and help with that.

Revision history for this message
Slawek Kaplonski (slaweq) wrote :

After thinking more about it and after talking with Rodolfo, I think it is valid use case to set subnet's gateway on the vm e.g. to filter/log/monitor traffic going from all other vms in network. So this patch is not needed at all. Thx Oleg and Rodolfo for review and help with that.

Changed in neutron:
status: Opinion → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.