Neutron allows to create two subnets with same CIDR in a network through heat
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Rodolfo Alonso |
Bug Description
If I use heat to create a network, with overlapping subnet CIDR, we will not get an error from Neutron that there is an overlap.
There is an example heat template attached. In my environment, Out of 10 times only two times Neutron reported error of overlapping and in all other cases the stack create was successful.
stack@ubuntu:~$ openstack stack list
+------
| ID | Stack Name | Project | Stack Status | Creation Time | Updated Time |
+------
| 26f32175-
| 158c6c2f-
| cab371f6-
| 480cd3db-
| e4409fc6-
| 45552045-
| ec3f2c27-
| 15050524-
| da6b235a-
| c596b822-
+------
Output from the neutron net-list which validates this:
stack@ubuntu:~$ neutron net-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+------
| id | name | tenant_id | subnets |
+------
| 0396cfc9-
| | | | 8b032907-
| 130af1a9-
| | | | 233674e8-
| 2938ccd5-
| | | | 79e6d335-
| 3af1150b-
| 46f8d80e-
| | | | b5630214-
| 480a1606-
| | | | 6697c90f-
| 4e7cdf4d-
| 53c05f05-
| | | | 235d7d7b-
| 679b54e0-
| | | | 89a37360-
| 7a4ced41-
| 9812fb31-
| | | | 556ec8c2-
| e7ab5e15-
| | | | 7bf86a4e-
| e8af1dad-
| | | | 730dde9f-
+------
It can be reproduced on neutron from Stein to the master on the standard devstack setup with heat. In neutron.conf I have api_workers = 2
Mostly there is some missing locking on network which is causing this issue.
If any further information is needed on this bug please let me know. I hople I have included the relevant info.
information type: | Public → Public Security |
information type: | Public Security → Private Security |
information type: | Private Security → Public |
description: | updated |
description: | updated |
Changed in neutron: | |
importance: | Undecided → High |
tags: | added: api |
tags: | added: l3-ipam-dhcp |
tags: | added: neutron-proactive-backport-potential |
tags: | removed: neutron-proactive-backport-potential |
Does anyone have the environment setup with heat to triage it and confirm this bug. Seems to be easily reproduceable.