neutron

[RFE] Add support for configuring dnsmasq with multiple IPv6 addresses in same subnet on same port

Bug #1861032 reported by Harald Jensås
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
Harald Jensås

Bug Description

To enable network boot and Ironic provisioning a patch has been proposed to dnsmasq. The patch add's the possibility to provide list's of individual addresses as well as prefixed ranges of ipv6 addresses for a dhcp-host reservation.

When dnsmasq recieve a request matching the clid or mac address is recieved the server will iterate over all candidate addresses until it find's one that is not already leased to a different clid/iaid and advertise this address.

Using multiple reservations for a single host makes it possible to maintain a static leases only configuration which support network booting systems with UEFI firmware that request a new address (a new SOLICIT with a new IA_NA option using a new IAID) for different boot modes, for instance 'PXE over IPv6', and 'HTTP-Boot over IPv6'. Open Virtual Machine Firmware (OVMF) and most UEFI firmware build on the EDK2 code base exhibit this behaviour.

A new configuration syntax is introduces in dnsmasq in patch: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q1/013743.html

For example:

 --dhcp-host=52:54:00:3f:5c:c0,[fd12:3456::aa02][fd12:3456::aa04],host1

The above will make the two addresses fd12:3456::aa02 and fd12:3456::aa04 available to the host with hardware address 52:54:00:3f:5c:c0.

This RFE is to add functionality to the dnsmasq dhcp-agent implementation to write the new configuration format in the dnsmasq hosts file.

Given a neutron port:

    "ports": [
        {
            "dns_assignment": [
               {
                  "hostname": "myport02",
                   "ip_address": "fd12:3456::aa02",
                   "fqdn": "myport02.my-domain.org"
               },
               {
                  "hostname": "myport04",
                   "ip_address": "fd12:3456::aa04",
                   "fqdn": "myport04.my-domain.org"
               },
            ],
            "fixed_ips": [
                {
                    "ip_address": "fd12:3456::aa02",
                    "subnet_id": "008ba151-0b8c-4a67-98b5-0d2b87666062"
                },
                {
                    "ip_address": "fd12:3456::aa04",
                    "subnet_id": "008ba151-0b8c-4a67-98b5-0d2b87666062"
                }

            ],
            "id": "d80b1a3b-4fc1-49f3-952e-1e2ab7081d8b",
            "mac_address": "fa:16:3e:58:42:ed",
            "network_id": "70c1db1f-b701-45bd-96e0-a313ee3430b3",

        },
    ]
}

Current behaviour
-----------------
  dhcp-host=fa:16:3e:58:42:ed,myport02.my-domain.org,[fd12:3456::aa02]
  dhcp-host=fa:16:3e:58:42:ed,myport04.my-domain.org,[fd12:3456::aa04]

  NOTE, this configuration means dnsmasq will only ever lease fd12:3456::aa04. As it will always find that as the first valid configuration for mac fa:16:3e:58:42:ed. In other words, the _current behaviour is broken_.

New behaviour
-------------
  dhcp-host=fa:16:3e:58:42:ed,myport02.my-domain.org,[fd12:3456::aa02][fd12:3456::aa04]

  This will allow dnsmasq to lase both addresses when requests from the client mac using different IAID's is recieved.

OpenStack Infra (hudson-openstack)
Changed in neutron:
assignee: nobody → Harald Jensås (harald-jensas)
status: New → In Progress
Slawek Kaplonski (slaweq)
tags: added: rfe-triaged
Revision history for this message
Slawek Kaplonski (slaweq) wrote :

Hi Harald, just to be sure, is this kind of follow-up after https://bugs.launchpad.net/neutron/+bug/1855854 ?

Revision history for this message
Harald Jensås (harald-jensas) wrote :

Hi Slawek, Yes this is a follow-up after https://bugs.launchpad.net/neutron/+bug/1855854. As in it's a different solution to solve the issue with network boot and in extension Ironic provisioning on IPv6 with DHCPv6-Stateful.

I had hoped that my patch to dnsmasq would have been accepted by now, but I am still waiting for the project maintainer.

Revision history for this message
Slawek Kaplonski (slaweq) wrote :

Just to clarify if my udnerstanding is good. This rfe can only be proceeded on Neutron's side when http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q1/013743.html will be merged and released on dnsmasq's side, right?
And also this RFE is only about changing the way how neutron's dnsmasq driver is preparing config file for dnsmasq process for network. There is no any db/api/rpc changes needed here, am I right?

Revision history for this message
Slawek Kaplonski (slaweq) wrote :

Oh, and one more thing I forgot. This rfe is now on the triaged list so we will try to discuss it on our next drivers meeting (Friday 7.02.2020)

Revision history for this message
Harald Jensås (harald-jensas) wrote :

Hi Slaweq,

I will most likely join the meeting tomorrow. If I forget to join the meetings channel feel free to ping me in #openstack-neutron.

Yes, we need http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q1/013743.html, or the maintainers version of it in dnsmasq first. I have an early patch up: https://review.opendev.org/704436 Since this depend on new functionality in dnsmasq I opted to enable via a config option, which by default disable it. Previous versions of dnsmasq will error on parsing the new configuration format.

Yes, the RFE is only about changing the dnsmasq driver to write a dnsmasq hosts file that will work with the new feature in dnsmasq.

No db/api/rpc changes required.

Revision history for this message
Slawek Kaplonski (slaweq) wrote :

We approved this rfe on our last drivers team meeting http://eavesdrop.openstack.org/meetings/neutron_drivers/2020/neutron_drivers.2020-02-07-14.00.log.html#l-15

Two notes to this rfe:
1. This can be implemented in Neutron on when related changes will be merged and released in dnsmasq so this will be probably implemented in V cycle soonest,
1. Brian Haley volunteered to propose doc with gaps between ovn and other backends, please add note about this to such doc when it will be available.

tags: added: rfe-approved
removed: rfe-triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/710881

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/704436
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=592c2f8d91c3172c75cc5a2464350891b0a303f1
Submitter: Zuul
Branch: master

commit 592c2f8d91c3172c75cc5a2464350891b0a303f1
Author: Harald Jensås <email address hidden>
Date: Fri Jan 17 12:29:10 2020 +0100

    DHCPv6 - Use addr6_list in dnsmasq

    Adds a new bool option dnsmasq_enable_addr6_list, when
    enabled configuration for dnsmasq will be created with a
    single dhcp-host entry specifying a list of ip addresses
    allocated for a port.

    Previously the dnsmasq dhcp-agent driver would write a
    separate dhcp-host entry for each fixed-ip of a port in
    the dnsmasq hosts file. The result of the previous
    behaviour is that dnsmasq will only use one of the config
    entries, i.e the first one matching the mac identifier.

    The trade-off is that only a single dns_assignment will
    be used for IPv6 addresses within the same subnet. (But
    in practice, this was always the case since only the
    first config entry would be used by dnsmasq.)

    Why is this neccecary:
      This is done to enable ironic provisioning over IPv6
      using DHCPv6-stateful. For background info, please
      read dnsmasq-discuss thread:
    http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q1/thread.html#13671

    Closes-Bug: #1861032
    Change-Id: I833840e7daed2efa7efaece27cfd1ba28e0feb90

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/713290

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/713290
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=03e88cd72a8f547133563e4a7a0f099c303be6b0
Submitter: Zuul
Branch: stable/train

commit 03e88cd72a8f547133563e4a7a0f099c303be6b0
Author: Harald Jensås <email address hidden>
Date: Fri Jan 17 12:29:10 2020 +0100

    DHCPv6 - Use addr6_list in dnsmasq

    Adds a new bool option dnsmasq_enable_addr6_list, when
    enabled configuration for dnsmasq will be created with a
    single dhcp-host entry specifying a list of ip addresses
    allocated for a port.

    Previously the dnsmasq dhcp-agent driver would write a
    separate dhcp-host entry for each fixed-ip of a port in
    the dnsmasq hosts file. The result of the previous
    behaviour is that dnsmasq will only use one of the config
    entries, i.e the first one matching the mac identifier.

    The trade-off is that only a single dns_assignment will
    be used for IPv6 addresses within the same subnet. (But
    in practice, this was always the case since only the
    first config entry would be used by dnsmasq.)

    Why is this neccecary:
      This is done to enable ironic provisioning over IPv6
      using DHCPv6-stateful. For background info, please
      read dnsmasq-discuss thread:
    http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q1/thread.html#13671

    Conflicts:
        neutron/cmd/sanity/checks.py

    Closes-Bug: #1861032
    Change-Id: I833840e7daed2efa7efaece27cfd1ba28e0feb90
    (cherry picked from commit 592c2f8d91c3172c75cc5a2464350891b0a303f1)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/710881
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=42ad50db1e51207f24532822fac170a57c79e0b3
Submitter: Zuul
Branch: master

commit 42ad50db1e51207f24532822fac170a57c79e0b3
Author: Brian Haley <email address hidden>
Date: Mon Mar 2 17:27:43 2020 -0500

    Add known gaps between ML2/OVS and OVN

    These were listed in the spec, but let's add them to the
    documentation so they are easier to find.

    Change-Id: I48a38460cf6e74dffa7ecb780d2f90b4403c62bd
    Related-bug: #1861032

Bernard Cafarelli (bcafarel)
tags: added: neutron-proactive-backport-potential
Slawek Kaplonski (slaweq)
tags: removed: neutron-proactive-backport-potential
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.