neutron

  1. Bug #1575225
  2. Activity log

Activity log for bug #1575225

Date Who What changed Old value New value Message
2016-04-26 14:55:48 Dustin Lundquist bug added bug
2016-04-26 14:56:30 Dustin Lundquist description IPv6 Multicast Listener Discovery (MLD) v2 is used on recent version of Linux, currently Neutron only permits MLDv1 in the ICMPV6_ALLOWED_TYPES, so duplicate address discovery (DAD) doesn't not actually detect duplicate addresses should Neutron actually enforce ICMPv6 source addresses (bug/1502933). While Neutron should not assign duplicate addresses, instances where duplicate addresses are possible on provider networks between instances and external devices and on user assign addresses when using allowed address pairs. Here is a dump showing duplicate address detection on a recent Linux kernel: $ uname -r 4.4.0-0.bpo.1-amd64 $ sudo ip link add veth0 type veth peer name veth1 $ sudo ip link set veth1 up $ sudo tcpdump -npel -i veth1 & [1] 15528 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes $ sudo ip link set veth0 up $ 09:47:38.853762 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:38.853774 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:39.113772 b2:29:3a:34:bc:eb > 33:33:ff:34:bc:eb, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff34:bceb: ICMP6, neighbor solicitation, who has fe80::b029:3aff:fe34:bceb, length 24 09:47:39.141766 5e:9b:3c:4f:a3:e0 > 33:33:ff:4f:a3:e0, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff4f:a3e0: ICMP6, neighbor solicitation, who has fe80::5c9b:3cff:fe4f:a3e0, length 24 09:47:39.505764 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:39.717759 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:40.113807 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:40.113827 b2:29:3a:34:bc:eb > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::b029:3aff:fe34:bceb > ff02::2: ICMP6, router solicitation, length 16 09:47:40.121756 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:40.141811 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:40.141836 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::5c9b:3cff:fe4f:a3e0 > ff02::2: ICMP6, router solicitation, length 16 09:47:40.149763 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 IPv6 Multicast Listener Discovery (MLD) v2 [1] is used on recent version of Linux, currently Neutron only permits MLDv1 in the ICMPV6_ALLOWED_TYPES, so duplicate address discovery (DAD) doesn't not actually detect duplicate addresses should Neutron actually enforce ICMPv6 source addresses (bug/1502933). While Neutron should not assign duplicate addresses, instances where duplicate addresses are possible on provider networks between instances and external devices and on user assign addresses when using allowed address pairs. Here is a dump showing duplicate address detection on a recent Linux kernel: $ uname -r 4.4.0-0.bpo.1-amd64 $ sudo ip link add veth0 type veth peer name veth1 $ sudo ip link set veth1 up $ sudo tcpdump -npel -i veth1 & [1] 15528 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes $ sudo ip link set veth0 up $ 09:47:38.853762 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:38.853774 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:39.113772 b2:29:3a:34:bc:eb > 33:33:ff:34:bc:eb, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff34:bceb: ICMP6, neighbor solicitation, who has fe80::b029:3aff:fe34:bceb, length 24 09:47:39.141766 5e:9b:3c:4f:a3:e0 > 33:33:ff:4f:a3:e0, ethertype IPv6 (0x86dd), length 78: :: > ff02::1:ff4f:a3e0: ICMP6, neighbor solicitation, who has fe80::5c9b:3cff:fe4f:a3e0, length 24 09:47:39.505764 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:39.717759 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:40.113807 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:40.113827 b2:29:3a:34:bc:eb > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::b029:3aff:fe34:bceb > ff02::2: ICMP6, router solicitation, length 16 09:47:40.121756 b2:29:3a:34:bc:eb > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::b029:3aff:fe34:bceb > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:40.141811 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 09:47:40.141836 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::5c9b:3cff:fe4f:a3e0 > ff02::2: ICMP6, router solicitation, length 16 09:47:40.149763 5e:9b:3c:4f:a3:e0 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::5c9b:3cff:fe4f:a3e0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 1. https://www.ietf.org/rfc/rfc3810.txt
2016-04-26 14:57:56 OpenStack Infra neutron: status New In Progress
2016-04-26 14:57:56 OpenStack Infra neutron: assignee Dustin Lundquist (dlundquist)
2016-04-26 14:58:22 Dustin Lundquist tags ipv6
2016-05-17 19:22:21 Tristan Cacqueray bug task added ossa
2016-05-17 19:23:24 Tristan Cacqueray ossa: status New Incomplete
2016-06-13 15:33:33 Tristan Cacqueray ossa: status Incomplete Won't Fix
2016-06-16 20:14:38 Sean M. Collins neutron: importance Undecided Wishlist
2016-07-05 17:42:45 Armando Migliaccio neutron: status In Progress Incomplete
2016-07-05 17:42:52 Armando Migliaccio neutron: assignee Dustin Lundquist (dlundquist)
2016-09-04 04:19:17 Launchpad Janitor neutron: status Incomplete Expired