neutron

SLAAC/DHCPv6-stateless subnets can be deleted with router ports still in-use

Bug #1424760 reported by Andrew Boik
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
Andrew Boik
neutron 2015.1.0 "kilo"

Bug Description

SLAAC and DHCPv6-stateless subnets can be deleted using the subnet-delete command even when they still have associated internal router ports. This causes the subnet to be deleted from the Neutron database, yet in reality the subnet still exists with radvd continuing to advertise the prefix to clients on the network. Calling subnet-delete on a subnet that still has internal router ports should result in an error.

=======================
=======================
Steps to reproduce:
=======================
=======================

====================================
1. Create a slaac or dhcpv6-stateless subnet
====================================

dboik@dboik-VirtualBox:/opt/stack/neutron/neutron$ neutron subnet-create --ip-version 6 --ipv6-ra-mode slaac --ipv6-address-mode slaac --name subv6 private cafe::/64
Created a new subnet:
+-------------------+----------------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------------+
| allocation_pools | {"start": "cafe::2", "end": "cafe::ffff:ffff:ffff:fffe"} |
| cidr | cafe::/64 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | cafe::1 |
| host_routes | |
| id | f878a81c-3fdf-46f1-9719-fdbdb314d822 |
| ip_version | 6 |
| ipv6_address_mode | slaac |
| ipv6_ra_mode | slaac |
| name | subv6 |
| network_id | 77b850fd-8f87-4001-aa2e-6375a87b9598 |
| tenant_id | dc748d64a2fc4ec798e9a16d5f6cb444 |
+-------------------+----------------------------------------------------------+

====================================
2. Create a router interface using this subnet
====================================

dboik@dboik-VirtualBox:/opt/stack/neutron/neutron$ neutron router-interface-add router1 subv6
Added interface e86154dd-fee6-435d-8065-55cf4b2ae860 to router router1.

dboik@dboik-VirtualBox:/opt/stack/neutron/neutron$ neutron router-port-list router1
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------------+
| 31640bf5-5533-4ca4-b04c-d9808be385b2 | | fa:16:3e:96:41:b7 | {"subnet_id": "46659d0b-230f-49a0-8fea-2156a67f099f", "ip_address": "2001:420:2c50:200a::1"}
| e86154dd-fee6-435d-8065-55cf4b2ae860 | | fa:16:3e:c3:5a:3e | {"subnet_id": "f878a81c-3fdf-46f1-9719-fdbdb314d822", "ip_address": "cafe::1"} |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------------+

=================
3. Delete the subnet
=================

dboik@dboik-VirtualBox:/opt/stack/neutron/neutron$ neutron subnet-delete subv6
Deleted subnet: subv6

dboik@dboik-VirtualBox:/opt/stack/neutron/neutron$ neutron router-port-list router1
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------------+
| 31640bf5-5533-4ca4-b04c-d9808be385b2 | | fa:16:3e:96:41:b7 | {"subnet_id": "46659d0b-230f-49a0-8fea-2156a67f099f", "ip_address": "2001:420:2c50:200a::1"} |
| e86154dd-fee6-435d-8065-55cf4b2ae860 | | fa:16:3e:c3:5a:3e | |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------------+

Subnet is deleted from the router port in Neutron. Subnet still exists in the router namespace:
dboik@dboik-VirtualBox:/opt/stack/neutron/neutron$ sudo ip netns exec qrouter-72222950-cbad-487a-9b43-18f739bf492e ifconfig
lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

qg-31640bf5-55 Link encap:Ethernet HWaddr fa:16:3e:96:41:b7
          inet6 addr: fe80::f816:3eff:fe96:41b7/64 Scope:Link
          inet6 addr: 2001:420:2c50:200a::1/64 Scope:Global
          UP BROADCAST RUNNING MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B) TX bytes:1134 (1.1 KB)

qr-e86154dd-fe Link encap:Ethernet HWaddr fa:16:3e:c3:5a:3e
          inet6 addr: fe80::f816:3eff:fec3:5a3e/64 Scope:Link
          inet6 addr: cafe::1/64 Scope:Global
          UP BROADCAST RUNNING MTU:1500 Metric:1
          RX packets:46 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5060 (5.0 KB) TX bytes:1294 (1.2 KB)

RADVD continues to advertise this prefix.

See original description
Andrew Boik (drewboik)
Changed in neutron:
assignee: nobody → Andrew Boik (drewboik)
description: updated
Andrew Boik (drewboik)
Changed in neutron:
status: New → In Progress
Revision history for this message
Andrew Boik (drewboik) wrote :

Review: https://review.openstack.org/158508

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/158508
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=e80ab8113edf54e5d3623f55bdbd11ab19cac1eb
Submitter: Jenkins
Branch: master

commit e80ab8113edf54e5d3623f55bdbd11ab19cac1eb
Author: Andrew Boik <email address hidden>
Date: Mon Feb 23 12:06:09 2015 -0800

    Raise error upon deleting subnet with router ports

    Fixes an issue where SLAAC and DHCPV6-stateless subnets can be
    deleted even if they are attached to an internal router port.
    This patch raises an exception whenever a subnet is deleted
    that has existing IP Allocations on an internal router port.

    Change-Id: I0a16156274b5736236654fca6700ef2d67f4519b
    Closes-Bug: #1424760

Changed in neutron:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in neutron:
milestone: none → kilo-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in neutron:
milestone: kilo-3 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.