IP allocation for stateless IPv6 does not filter on segment when fixed-ips contain a subnet_id
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Harald Jensås |
Bug Description
Network 45b993b2-
$ openstack network segment list --network provider -f yaml
- ID: 612f96f0-
Name: provider-segment1
Network: 45b993b2-
Network Type: flat
Segment: null
- ID: 9632dc77-
Name: provider-segment2
Network: 45b993b2-
Network Type: flat
Segment: null
$ openstack subnet list --network provider -f yaml
- ID: 926269c1-
Name: provider-subnet1
Network: 45b993b2-
Subnet: dead:beef:1::/64
- ID: cdec94ce-
Name: provider-subnet2
Network: 45b993b2-
Subnet: dead:beef:2::/64
$ openstack subnet show -c segment_id -c ipv6_address_mode \
-c ipv6_ra_mode -c address_mode provider-subnet1
+------
| Field | Value |
+------
| ipv6_address_mode | dhcpv6-stateless |
| ipv6_ra_mode | dhcpv6-stateless |
| segment_id | 612f96f0-
+------
$ openstack subnet show -c segment_id -c ipv6_address_mode \
-c ipv6_ra_mode -c address_mode provider-subnet2
+------
| Field | Value |
+------
| ipv6_address_mode | dhcpv6-stateless |
| ipv6_ra_mode | dhcpv6-stateless |
| segment_id | 9632dc77-
+------
The two subnets have stateless address mode and are on different segments.
When creating port, openstack port create --network provider test-port1 ip allocation is deffered because segments are used and no host id is provided.
When creating a port with a subnet specified in fixed-ips the implicit address allocation for stateless subnets will allocate an address in both subnets.
$ openstack port create --network provider \
--fixed-
-c fixed_ips -f yaml
fixed_ips:
- ip_address: dead:beef:
subnet_id: 926269c1-
- ip_address: dead:beef:
subnet_id: cdec94ce-
Upon trying to bind this port later as part of provisioning with Ironic, this fails because fixed_ips included invalid subnet.
---
Failed to provision instance 3340fad9-
---
This happens because all subnets are returned as candidates when fixed_ips is specified, despite that host id is not included:
https:/
Then addresses for all stateless subnets in the candidates are allocated:
https:/
Changed in neutron: | |
importance: | Undecided → High |
status: | New → Confirmed |
tags: | added: ipv6 |
tags: | added: neutron-proactive-backport-potential |
Fix proposed to branch: master /review. opendev. org/709444
Review: https:/