Wrong IPV6 address provided by openstack server create

Bug #1827489 reported by Martin Kopec on 2019-05-03
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Brian Haley

Bug Description

IPV6 address of an interface doesn't have to be derived from its MAC address. The newer kernels have addr_gen_mode option which controls the behavior of IPV6 calculation, see https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

I've encountered the problem when I booted up an image (RHEL8 in my case) which had the addr_gen_mode option set to 1 (means that IPV6 address is randomized) by default. OpenStack (I had Rocky deployment) didn't recognize this and 'openstack server create' returned wrong address which lead to tempest failures because thanks to the 'openstack server create' output the tests expected different addresses on the interfaces.

Steps to reproduce:

$ openstack server create --image <rhel8> --flavor <flavor> --network <network1> --network <network2> --key-name <key_name> instance_name
| Field | Value |
<output omitted>
| accessIPv4 | |
| accessIPv6 | |
| addresses | tempest-network-smoke--884367252=; tempest-network-smoke--18828977=2003::f816:3eff:febb:7456 |
<output omitted>

Then ssh to the instance and hit 'ip a' command:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
      valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:48:e8:b5 brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic noprefixroute eth0
      valid_lft 86363sec preferred_lft 86363sec
    inet6 fe80::f816:3eff:fe48:e8b5/64 scope link
      valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:bb:74:56 brd ff:ff:ff:ff:ff:ff
    inet6 2003::b47f:f400:ecca:2a55/64 scope global dynamic noprefixroute
      valid_lft 86385sec preferred_lft 14385sec
    inet6 fe80::7615:8d57:775d:fae/64 scope link noprefixroute
      valid_lft forever preferred_lft forever

Notice that eth1 interface has an ipv6 address which seems not to be derived from its mac address. Also notice that the output of 'openstack server create' returned wrong address, a different one than it's actually set for eth1. It expected that the ipv6 address would be derived from the mac address but it wasn't.

'openstack server create' should be able to detect the option in the image and behave accordingly.

Changed in neutron:
importance: Undecided → High
Brian Haley (brian-haley) wrote :

I proposed https://review.opendev.org/#/c/656949/ to update the neutron docs with additional information on this, I can link this bug if we feel that is enough information to make this clearer.

Changed in neutron:
assignee: nobody → Brian Haley (brian-haley)
status: New → In Progress

Reviewed: https://review.opendev.org/656949
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=252acc069465febdbd7b9662695cd11c48a07e1c
Submitter: Zuul
Branch: master

commit 252acc069465febdbd7b9662695cd11c48a07e1c
Author: Brian Haley <email address hidden>
Date: Fri May 3 09:49:18 2019 -0400

    Update guest IPv6 information in docs

    Based on some recent questions on IPv6 address generation in
    guests, update the relevant section in the docs to make it
    more up-to-date.

    Partial-bug: #1827489

    Change-Id: Ibbf4d5458293c9c0269f6a80f5519caa175994ec

Changed in neutron:
importance: High → Low
tags: added: doc ipv6 stein-backport-potential
tags: added: pike-backport-potential queens-backport-potential rocky-backport-potential
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers