IPv6 not working with iptables
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Expired
|
Undecided
|
Unassigned |
Bug Description
Hi,
Running rocky on Ubuntu 18.04 deployed by juju, using ML2, ovs, iptables. IPv6 appears to be broken because of missing MARK-related rules in the qrouter netns.
The iptables and ip6tables rules generated by neutron are https:/
For egress (traffic leaving an instance) to work, the following additional rule is needed :
sudo ip6tables -t mangle -I neutron-
The following patch should fix the problem : https:/
For ingress, the following is needed :
sudo ip6tables -t mangle -A neutron-
Haven't had the time to dig out in the code where exactly the bug is.
Is IPv6 working for anyone with this setup ? Are these commands the right fix ? (I'm just mimicking what IPv4 does)
I've looked at unit tests for my patch above, and IPv6 testing is extremely limited.
My IPv6 subnet got created with :
$ openstack subnet create --network net_instances --ip-version 6 --ipv6-
Thanks
tags: | added: l3-ipam-dhcp |
Changed in neutron: | |
status: | New → Incomplete |
I think that rule will get added when a prefix-delegated subnet is added to the external interface, or when you add a prefix from a configured address pool. I don't think modifying that code is exactly correct at first glance.
Maybe you can describe more details about your config so we can re-create it?