spans beyond the subnet reported incorrectly in ipam

Bug #1580927 reported by john on 2016-05-12
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Mamatisa Nurmatov

Bug Description

summary: When needing to create a point to point connection via a subnet, generally and /31 is the recommended cidr. Neutron supports /31 via disabling dhcp and gateway on a subnet. However, IPam does not provide the allocation pool of the subnet properly and a VM cannot be created.

Steps to reproduce

root@ubuntu:~# neutron subnet-create --disable-dhcp --no-gateway --cidr= --name bug-subnet 69c5342a-5526-4257-880a-f8fd2e633de9
Created a new subnet:
| Field | Value |
| allocation_pools | |
| cidr | |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | |
| host_routes | |
| id | 63ce4e26-9838-4fa3-b2d5-e59f88f5b7ce |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | bug-subnet |
| network_id | 69c5342a-5526-4257-880a-f8fd2e633de9 |
| subnetpool_id | |
| tenant_id | ca02fc470acc4a27b468dff32ee850b2 |
root@ubuntu:~# neutron subnet-update --allocation-pool start=,end= bug-subnet
The allocation pool spans beyond the subnet cidr

Recommended Fix:

in db/ :: function: validate_allocation_pools
~~lines: 276

           if start_ip < subnet_first_ip or end_ip > subnet_last_ip:
      "Found pool larger than subnet "
                             "CIDR:%(start)s - %(end)s"),
                         {'start': start_ip, 'end': end_ip})
                raise n_exc.OutOfBoundsAllocationPool(

This if block should have a special case for ipv4 /31 and /32 for "<= and >=" :
                start_ip <= subnet_first_ip or end_ip >= subnet_last_ip

tags: added: l3-ipam-dhcp
Changed in neutron:
status: New → Confirmed
importance: Undecided → Low
Brian Haley (brian-haley) wrote :

Can you create a patch with the change you proposed? I can try and make sure the relevant people get added to review it. Thanks.

Does it create gw and dhcp port for the subnet too? Actually We've been using /32bit network. If you guy want, i can share the code

wujun (wujun) on 2016-05-18
Changed in neutron:
assignee: nobody → wujun (wujun)
wujun (wujun) wrote :

I think it is not a bug. When needing to create a point to point connection via a subnet, /30 is the recommended cidr.
Because the first IP address is considered as Network ID, and the last IP address is considered as broadcast address, the other IP address can be allocated, in a given subnet.

Changed in neutron:
status: Confirmed → Invalid
john (g-john-p) wrote :

/31 is an allowed network CIDR and is used as industry standard practice and is an IETF standard

/30 (as well as /24 for that matter) is a separate use case

/32 is also supported in OpenStack.

Please reconsider applying our patch.

Brian Haley (brian-haley) wrote :

Yes, a /31 is valid since you can specify, for example with /sbin/ip, to not use a broadcast address. We actually do this in the DVR code.

@John - with Openstack being an open-source project, we rely on a community of developers to propose patches that fix bugs, add features, etc. If you are able to check-out the code, make this change, and submit it for review it would greatly speed-up getting it accepted. The following links have information on how to do this:

Otherwise you will have to wait for another developer to (hopefully) prioritize this into their schedule.

john (g-john-p) wrote :

@Brian - We will provide the fix. We just wanted to validate that the community will accept our patch.

thanks ...

wujun (wujun) on 2016-05-19
Changed in neutron:
status: Invalid → Confirmed

Fix proposed to branch: master

Changed in neutron:
status: Confirmed → In Progress

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Needs a new owner.

Changed in neutron:
status: In Progress → Incomplete
assignee: wujun (wujun) → nobody
tags: added: low-hanging-fruit
Changed in neutron:
assignee: nobody → Nakul Dahiwade (nakul-dahiwade)
Changed in neutron:
status: Incomplete → In Progress
Changed in neutron:
assignee: Nakul Dahiwade (nakul-dahiwade) → nobody
Tyler Britten (9-me-9) wrote :

This issue actually spans to *any* CIDR. The first/last addresses are not required to be allocated to net/broadcast.

For example, static (forwarded) public blocks from a provider- for a /29 they treat all 8 ips as useable. Same with a /30- all 4 are useable IPs. as long as the addresses are within the CIDR, neutron should allow it.

summary: - spans beyond the subnet for /31 and /32 in IPam
+ spans beyond the subnet reported incorrectly
summary: - spans beyond the subnet reported incorrectly
+ spans beyond the subnet reported incorrectly in ipam
Tyler Britten (9-me-9) wrote :

To add references, RFC 1812 (

In this model, hosts and routers make no assumptions about the use of addressing in the internet.

Tyler Britten (9-me-9) on 2016-08-12
Changed in neutron:
assignee: nobody → Tyler Britten (9-me-9)
Tyler Britten (9-me-9) wrote :

Updated with some further testing. Assigning the first (net) address works, assigning the last (broadcast) does not.

Changed in neutron:
assignee: Tyler Britten (9-me-9) → nobody
milestone: none → wallaby-2
Changed in neutron:
milestone: wallaby-2 → wallaby-3
Changed in neutron:
assignee: nobody → Mamatisa Nurmatov (isabek)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers