metadata IP 169.254.169.254 routing breaks RFC3927 and does not work on Windows starting from WS 2008
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Unassigned |
Bug Description
The Quantum L3 Linux Agent handles metadata IP access with the following rule:
-A quantum-
obtained with: sudo ip netns exec qrouter-<router-id> iptables-save
169.254.x.x link local addresses are described in RFC3927 whose section 2.6.2 clearly states:
"The host MUST NOT send a packet with an IPv4 Link-Local destination address to any router for forwarding."
And on section 2.7:
"An IPv4 packet whose source and/or destination address is in the 169.254/16 prefix MUST NOT be sent to any router for forwarding, and any network device receiving such a packet MUST NOT forward it, regardless of the TTL in the IPv4 header."
Ref: http://
Linux does not enforce this rule, but Windows starting with 2008 and Vista does, which means that the metadata IP 169.254.169.254 is not accessible from a Windows guest (tested on Windows Server 2012 on Hyper-V).
The current workaround consists in adding explicitly a static route on the Windows guest with:
route add 169.254.169.254 mask 255.255.255.255 <router-ip>
summary: |
metadata IP 169.254.169.254 routing breaks RFC3927 and does not work on - Windows starting from + Windows starting from WS 2008 |
Changed in neutron: | |
status: | Confirmed → Fix Released |
The metadata service already supports passing the static metadata route via DHCP. Have you enabled this support?