neutron

Neutron create IPv6 subnet error. Gateway is not valid on subnet.

Bug #1840737 reported by Evgeny on 2019-08-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Invalid	Undecided	Unassigned

Bug Description

Hello!
I try create subnet ipv6, but i got error: Gateway is not valid on subnet.

neutron subnet-create --debug --disable-dhcp --tenant-id b060ad4bdf256ab02 --ip-version 6 --gateway 2a0a:4180::2 --ipv6-address-mode slaac --name test-ipv6-subnet test-ipv6-net 2a0a:4180::2/127

Output of this command:

DEBUG: stevedore.extension found extension EntryPoint.parse('v2token = keystoneauth1.loading._plugins.identity.v2:Token')
DEBUG: stevedore.extension found extension EntryPoint.parse('none = keystoneauth1.loading._plugins.noauth:NoAuth')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3oauth1 = keystoneauth1.extras.oauth1._loading:V3OAuth1')
DEBUG: stevedore.extension found extension EntryPoint.parse('admin_token = keystoneauth1.loading._plugins.admin_token:AdminToken')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3oidcauthcode = keystoneauth1.loading._plugins.identity.v3:OpenIDConnectAuthorizationCode')
DEBUG: stevedore.extension found extension EntryPoint.parse('v2password = keystoneauth1.loading._plugins.identity.v2:Password')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3samlpassword = keystoneauth1.extras._saml2._loading:Saml2Password')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3password = keystoneauth1.loading._plugins.identity.v3:Password')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3adfspassword = keystoneauth1.extras._saml2._loading:ADFSPassword')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3oidcaccesstoken = keystoneauth1.loading._plugins.identity.v3:OpenIDConnectAccessToken')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3oidcpassword = keystoneauth1.loading._plugins.identity.v3:OpenIDConnectPassword')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3kerberos = keystoneauth1.extras.kerberos._loading:Kerberos')
DEBUG: stevedore.extension found extension EntryPoint.parse('token = keystoneauth1.loading._plugins.identity.generic:Token')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3oidcclientcredentials = keystoneauth1.loading._plugins.identity.v3:OpenIDConnectClientCredentials')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3tokenlessauth = keystoneauth1.loading._plugins.identity.v3:TokenlessAuth')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3token = keystoneauth1.loading._plugins.identity.v3:Token')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3totp = keystoneauth1.loading._plugins.identity.v3:TOTP')
DEBUG: stevedore.extension found extension EntryPoint.parse('password = keystoneauth1.loading._plugins.identity.generic:Password')
DEBUG: stevedore.extension found extension EntryPoint.parse('v3fedkerb = keystoneauth1.extras.kerberos._loading:MappedKerberos')
DEBUG: stevedore.extension found extension EntryPoint.parse('token_endpoint = openstackclient.api.auth_plugin:TokenEndpoint')
DEBUG: stevedore.extension found extension EntryPoint.parse('table = cliff.formatters.table:TableFormatter')
DEBUG: stevedore.extension found extension EntryPoint.parse('json = cliff.formatters.json_format:JSONFormatter')
DEBUG: stevedore.extension found extension EntryPoint.parse('shell = cliff.formatters.shell:ShellFormatter')
DEBUG: stevedore.extension found extension EntryPoint.parse('value = cliff.formatters.value:ValueFormatter')
DEBUG: stevedore.extension found extension EntryPoint.parse('yaml = cliff.formatters.yaml_format:YAMLFormatter')
DEBUG: neutronclient.neutron.v2_0.subnet.CreateSubnet run(Namespace(allocation_pools=None, cidr=u'2a0a:4180::2/127', columns=[], description=None, disable_dhcp=True, dns_nameservers=None, enable_dhcp=False, formatter='table', gateway=u'2a0a:4180::2', host_routes=None, ip_version=6, ipv6_address_mode=u'slaac', ipv6_ra_mode=None, max_width=0, name=u'test-ipv6-noc', network_id=u'test-ipv6-noc', no_gateway=False, noindent=False, prefix='', prefixlen=None, request_format='json', segment=None, subnetpool=None, tenant_id=u'b060ad44b2cd4592bdfc50948256ab02', use_default_subnetpool=False, variables=[]))
DEBUG: keystoneauth.session REQ: curl -g -i -X GET http://IP:35357/v3 -H "Accept: application/json" -H "User-Agent: neutron keystoneauth1/3.1.0 python-requests/2.18.4 CPython/2.7.13"
DEBUG: keystoneauth.session RESP: [200] Date: Mon, 19 Aug 2019 15:05:15 GMT Server: Apache/2.4.25 (Debian) Content-Length: 249 Vary: X-Auth-Token x-openstack-request-id: req-f1a1b245-e748-432c-a434-d006a2c0dec9 Content-Type: application/json
RESP BODY: {"version": {"status": "stable", "updated": "2016-10-06T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.7", "links": [{"href": "http://IP:5000/v3/", "rel": "self"}]}}

DEBUG: keystoneauth.session GET call to None for http://IP:35357/v3 used request id req-f1a1b245-e748-432c-a434-d006a2c0dec9
DEBUG: keystoneauth.identity.v3.base Making authentication request to http://IP:5000/v3/auth/tokens
DEBUG: keystoneauth.identity.v3.base {"token": {"is_domain": false, "methods": ["password"], "roles": [{"id": "1cc071e66c754cffaa456624dca80c3c", "name": "KeystoneServiceAdmin"}, {"id": "96a5102c060745f48cb7f11f4dd15e0e", "name": "admin"}, {"id": "eec10b49110b42c1b1ae38054da43b19", "name": "Member"}, {"id": "e9542ded1ad14d9a9073ea36590c8089", "name": "ResellerAdmin"}, {"id": "29cc1e73fb0349cf92da70c6cd812109", "name": "heat_stack_owner"}, {"id": "792b0c1402b74cc1b2dbedd51b503b5d", "name": "KeystoneAdmin"}], "expires_at": "2019-08-19T16:05:15.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "b060ad44b2cd4592bdfc50948256ab02", "name": "admin"}, "catalog": [{"endpoints": [{"url": "http://IP:5000/v3", "interface": "public", "region": "regionOne", "region_id": "regionOne", "id": "573228e3a6d340a7856ade99ee558112"}, {"url": "http://IP2:35357/v3", "interface": "admin", "region": "regionOne", "region_id": "regionOne", "id": "b081314a073742f68cc64fce3d3733fb"}, {"url": "http://IP2:5000/v3", "interface": "internal", "region": "regionOne", "region_id": "regionOne", "id": "cdb0e99c1fe945448455f66f76def4bb"}], "type": "identity", "id": "09b4417a945d4e90ba4f0331234ee479", "name": "keystone"}, {"endpoints": [{"url": "http://IP2:9696", "interface": "internal", "region": "regionOne", "region_id": "regionOne", "id": "4ae854ab528c403c92c18febfcf4ecb0"}, {"url": "http://IP:9696", "interface": "public", "region": "regionOne", "region_id": "regionOne", "id": "b2056afa28c348189a974adfe34f92bd"}, {"url": "http://IP2:9696", "interface": "admin", "region": "regionOne", "region_id": "regionOne", "id": "d33f500c99b84dd6bed1058d1d69887e"}], "type": "network", "id": "4cbf6038675144c8a2a3b17493dfce66", "name": "neutron"}, {"endpoints": [], "type": "volume", "id": "6569b1453a5340cbaa6ff0c808b65040", "name": "cinder"}, {"endpoints": [{"url": "http://IP2:8774/v2.1/b060ad44b2cd4592bdfc50948256ab02", "interface": "internal", "region": "regionOne", "region_id": "regionOne", "id": "2a39332209a74834889eefe337350f19"}, {"url": "http://IP2:8774/v2.1/b060ad44b2cd4592bdfc50948256ab02", "interface": "admin", "region": "regionOne", "region_id": "regionOne", "id": "a872011dbcfc42bc93345d7453b5c4bb"}, {"url": "http://IP:8774/v2.1/b060ad44b2cd4592bdfc50948256ab02", "interface": "public", "region": "regionOne", "region_id": "regionOne", "id": "dab4625418ef462989bba44cb24198f0"}], "type": "compute", "id": "968b98b276b24442978c689bd5aeec23", "name": "nova"}, {"endpoints": [{"url": "http://IP:9292", "interface": "public", "region": "regionOne", "region_id": "regionOne", "id": "086ecbad7b3241b89dfc56c3d72a6369"}, {"url": "http://IP2:9292", "interface": "internal", "region": "regionOne", "region_id": "regionOne", "id": "2c2595c67a454cedb6f7af97c2222788"}, {"url": "http://IP2:9292", "interface": "admin", "region": "regionOne", "region_id": "regionOne", "id": "9319dfcf61b941638f23b5e9ada41cd5"}], "type": "image", "id": "b7188f1d89bb4ff6b9b3c9e03fa7a7a7", "name": "glance"}, {"endpoints": [{"url": "http://IP2:8776/v2/b060ad44b2cd4592bdfc50948256ab02", "interface": "internal", "region": "regionOne", "region_id": "regionOne", "id": "21b9119e9f09418b8338ae2d60673e28"}, {"url": "http://IP:8776/v2/b060ad44b2cd4592bdfc50948256ab02", "interface": "public", "region": "regionOne", "region_id": "regionOne", "id": "70f47c4ef7544ea88c047b64415908db"}, {"url": "http://IP2:8776/v2/b060ad44b2cd4592bdfc50948256ab02", "interface": "admin", "region": "regionOne", "region_id": "regionOne", "id": "9fae60bbbcbb4ab192ff02473a7bd036"}], "type": "volumev2", "id": "c1efc02af42d4e2c9189d03f19412184", "name": "cinderv2"}], "user": {"domain": {"id": "default", "name": "Default"}, "id": "56641995162a4d0c95d5849df9797831", "name": "admin"}, "audit_ids": ["fH-Ji6ujTZ27wFteVwz1cA"], "issued_at": "2019-08-19T15:05:15.000000Z"}}
DEBUG: keystoneauth.session REQ: curl -g -i -X GET http://IP:9696/v2.0/networks.json?fields=id&name=test-ipv6-noc -H "User-Agent: python-neutronclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}efffdb21dfa3807c64a4d0d3eada61dec61894ef"
DEBUG: keystoneauth.session RESP: [200] Content-Type: application/json Content-Length: 62 X-Openstack-Request-Id: req-3a766988-6b22-4953-8403-7232f2c1de63 Date: Mon, 19 Aug 2019 15:05:15 GMT
RESP BODY: {"networks": [{"id": "f848e892-0911-4f87-b10d-709573fb5205"}]}

DEBUG: keystoneauth.session GET call to network for http://IP:9696/v2.0/networks.json?fields=id&name=test-ipv6-noc used request id req-3a766988-6b22-4953-8403-7232f2c1de63
DEBUG: neutronclient.v2_0.client GET call to neutron for http://IP:9696/v2.0/networks.json?fields=id&name=test-ipv6-noc used request id req-3a766988-6b22-4953-8403-7232f2c1de63
DEBUG: keystoneauth.session REQ: curl -g -i -X POST http://IP:9696/v2.0/subnets.json -H "User-Agent: python-neutronclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}efffdb21dfa3807c64a4d0d3eada61dec61894ef" -d '{"subnet": {"name": "test-ipv6-noc", "enable_dhcp": false, "network_id": "f848e892-0911-4f87-b10d-709573fb5205", "tenant_id": "b060ad44b2cd4592bdfc50948256ab02", "gateway_ip": "2a0a:4180::2", "ip_version": 6, "ipv6_address_mode": "slaac", "cidr": "2a0a:4180::2/127"}}'
DEBUG: keystoneauth.session RESP: [400] Content-Type: application/json Content-Length: 131 X-Openstack-Request-Id: req-b2f7eb7c-a32b-4767-84cb-0edd03fb8a1a Date: Mon, 19 Aug 2019 15:05:15 GMT
RESP BODY: {"NeutronError": {"message": "Invalid input for operation: Gateway is not valid on subnet.", "type": "InvalidInput", "detail": ""}}

DEBUG: keystoneauth.session POST call to network for http://IP:9696/v2.0/subnets.json used request id req-b2f7eb7c-a32b-4767-84cb-0edd03fb8a1a
DEBUG: neutronclient.v2_0.client Error message: {"NeutronError": {"message": "Invalid input for operation: Gateway is not valid on subnet.", "type": "InvalidInput", "detail": ""}}
DEBUG: neutronclient.v2_0.client POST call to neutron for http://IP:9696/v2.0/subnets.json used request id req-b2f7eb7c-a32b-4767-84cb-0edd03fb8a1a
ERROR: neutronclient.shell Invalid input for operation: Gateway is not valid on subnet.
Neutron server returns request_ids: ['req-b2f7eb7c-a32b-4767-84cb-0edd03fb8a1a']
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/neutronclient/shell.py", line 877, in run_subcommand
    return run_command(cmd, cmd_parser, sub_argv)
  File "/usr/lib/python2.7/dist-packages/neutronclient/shell.py", line 114, in run_command
    return cmd.run(known_args)
  File "/usr/lib/python2.7/dist-packages/neutronclient/neutron/v2_0/__init__.py", line 324, in run
    return super(NeutronCommand, self).run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 92, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/neutronclient/neutron/v2_0/__init__.py", line 407, in take_action
    data = obj_creator(body)
  File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 793, in create_subnet
    return self.post(self.subnets_path, body=body)
  File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 365, in post
    headers=headers, params=params)
  File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 300, in do_request
    self._handle_fault_response(status_code, replybody, resp)
  File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 275, in _handle_fault_response
    exception_handler_v20(status_code, error_body)
  File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 91, in exception_handler_v20
    request_ids=request_ids)
BadRequest: Invalid input for operation: Gateway is not valid on subnet.
Neutron server returns request_ids: ['req-b2f7eb7c-a32b-4767-84cb-0edd03fb8a1a']

Network at which i try create subnet:

Nova version:

root@os-host1:~# nova-manage version
14.0.0

OS version:

root@os-host1:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.0 (stretch)
Release: 9.0
Codename: stretch

Kernel version:

root@os-host1:~# uname -a
Linux os-host1 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 GNU/Linux

Neutron version:
root@os-host1:~# neutron --version
6.0.0

Neutron client:

root@os-host1:~# pip list | grep neutron
neutron (9.1.1)
neutron-lib (0.4.0)
python-neutronclient (6.0.0)

This online calc show me that gateway is correct

http://www.gestioip.net/cgi-bin/subnet_calculator.cgi

I would be appreciate for any help! Thanks!

Tags:

Revision history for this message

LIU Yulong (dragon889) wrote on 2019-08-20:

A really old neutron version.
But anyway, IMO, you met this bug: https://bugs.launchpad.net/neutron/+bug/1682094
This is the error comes from:
https://github.com/openstack/neutron/blob/master/neutron/db/db_base_plugin_v2.py#L611-L616

According to the exception, I did the following tests:
>>> ip = netaddr.IPAddress("2a0a:4180::2")
>>> net = netaddr.IPNetwork("2a0a:4180::2/127")
>>> (ip in net and (ip == net.network or (net.version == 4 and ip == net[-1])))
True
>>> ip == net.network
True
>>> (ip in net and (net.version == 4 and ip in (net.network, net[-1]))) <---- current check
False
>>> ip in net
True

So you should update this function to such style:
https://github.com/openstack/neutron/blob/master/neutron/ipam/utils.py#L40-L51

Since this verison 9.1.1 of neutron had been marked as EOL long time ago, I will marked this bug to invalid.

Changed in neutron:
status:	New → Invalid

Revision history for this message

Evgeny (edemin) wrote on 2019-08-21:

Hello LIU Yulong!

I changed file /usr/lib/python2.7/dist-packages/neutron/ipam/utils.py as shown here https://github.com/openstack/neutron/blob/master/neutron/ipam/utils.py#L40-L51, then restart neutron-server, but still got same error.

It's file after made changes

root@os-host1:~# grep -A 12 -rn "check_gateway" /usr/lib/python2.7/dist-packages/neutron/ipam/utils.py
32:def check_gateway_invalid_in_subnet(cidr, gateway):
33- """Check whether the gw IP address is invalid on the subnet."""
34- ip = netaddr.IPAddress(gateway)
35- net = netaddr.IPNetwork(cidr)
36- # Check whether the gw IP is in-valid on subnet.
37- # If gateway is in the subnet, it cannot be the
38- # 'network' or the 'broadcast address (only in IPv4)'.
39- # If gateway is out of subnet, there is no way to
40- # check since we don't have gateway's subnet cidr.
41- return (ip in net and
42- (net.version == constants.IP_VERSION_4 and
43- ip in (net.network, net[-1])))
44-

What is my mistake? Thanks!

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.