Detailed bug description:
When creating a new interface Neutron creates interface and brings link up without disabling default IPv6 binding. By default Linux brings IPv6 link local addresses to all interfaces, this is different behavior than IPv4 where an administrator must explicitly configure an address on the interface.
The is significantly exposed in LinuxBridgeManager ensure_vlan() and ensure_vxlan() where a new VLAN or VXLAN interface is created and set link up before being enslaved in the bridge. In the case of compute node joining and existing network, there is a time window in which VLAN or VXLAN interface is created and has connectivity to the tenant network before it has been enslaved in bridge. Under normal circumstances this time window is less than the time needed to preform IPv6 duplicate address detection, but under high load this assumption may not hold.
I recommend explicitly disabling IPv6 via sysctl on each interface which will be attached to a bridge prior bringing the interface link up. This is already done for the bridge interfaces themselves, but should be done for all Neutron configured interfaces in the default namespace.
This issue was referenced in
https://bugs.launchpad.net/neutron/+bug/1459856
Related issue addressed being addressed in Nova: https://review.openstack.org/#/c/198054/
Expected results:
IPv6 disabled on Neutron ports.
Mitaka patch:
https://review.openstack.org/#/c/268373/5
Kilo backport:
https://review.openstack.org/#/c/296659/3
Patch: https:/