neutron

When deleting an stateless subnet port can get allocation on subnet with invalid segment

Bug #1865138 reported by Harald Jensås
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
Harald Jensås

Bug Description

A provider network with 3 stateless subnet, on different segments.
(NOTE, this output is from a dev environment with WIP fixes for bug/1864333 and bug/1864333)

$ for subnet in $(openstack subnet list --network providernet -f value -c ID); do openstack subnet show $subnet -f yaml -c segment_id -c cidr -c id; done
cidr: deaf:beef:3::/64
id: 954a1b8c-5fe7-4dcc-84bd-df24c371e651
segment_id: 632b2bab-5402-4a4d-9433-783d7051d8aa
cidr: deaf:beef:1::/64
id: ebae0025-a701-4b22-aa66-00ec48025b30
segment_id: d1930254-36c9-4490-94f7-d095a25cf3b0
cidr: deaf:beef:2::/64
id: ec2a9675-a286-4c8b-983d-2f762939cb5b
segment_id: 1586a525-e250-4003-bae4-819e18e70c0e

$ openstack port list --network providernet -f yaml -c "Fixed IP Addresses"
- Fixed IP Addresses:
  - ip_address: deaf:beef:2:0:f816:3eff:fe03:eb71
    subnet_id: ec2a9675-a286-4c8b-983d-2f762939cb5b
- Fixed IP Addresses:
  - ip_address: deaf:beef:3:0:f816:3eff:fe48:bb26
    subnet_id: c052289a-f8a0-464b-9413-717628fca4c2
- Fixed IP Addresses:
  - ip_address: deaf:beef:1:0:f816:3eff:fea1:1aab
    subnet_id: ebae0025-a701-4b22-aa66-00ec48025b30
- Fixed IP Addresses: [] <-- Deffered allocation

$ openstack subnet delete subnet3

After deleting subnet3, the port who was on this subnet get's an allocation on subnet_id: ebae0025-a701-4b22-aa66-00ec48025b30 which is not the correct segment for this host.

$ openstack port list --network providernet -f yaml -c "Fixed IP Addresses"
- Fixed IP Addresses:
  - ip_address: deaf:beef:2:0:f816:3eff:fe03:eb71
    subnet_id: ec2a9675-a286-4c8b-983d-2f762939cb5b
- Fixed IP Addresses:
  - ip_address: deaf:beef:1:0:f816:3eff:fe48:bb26 <-- Allocation on invalid segment.
    subnet_id: ebae0025-a701-4b22-aa66-00ec48025b30
- Fixed IP Addresses:
  - ip_address: deaf:beef:1:0:f816:3eff:fea1:1aab
    subnet_id: ebae0025-a701-4b22-aa66-00ec48025b30
- Fixed IP Addresses: []

I belive the correct behaviour here would be to remove the allocation from the deleted segment and set allocaton 'deferred' on the port. Or raise SubnetInUse exception on subnet delete because there is no other auto-address subnet that can satisfy the in-use port.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/710546

Changed in neutron:
assignee: nobody → Harald Jensås (harald-jensas)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/710547

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/711192

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/709444
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7e09e72661b0b3a0f898c20d451e204aa7a17194
Submitter: Zuul
Branch: master

commit 7e09e72661b0b3a0f898c20d451e204aa7a17194
Author: Harald Jensås <email address hidden>
Date: Thu Feb 27 02:38:13 2020 +0100

    Filter subnets on fixed_ips segment

    For v6_stateless IP addresses for all stateless
    subnets within a network are implicitly included.

    When using segments implicitly allocating addresses
    across subnets on different segments is incorrect.
    IPs from subnets on differnt segments was allocated
    when no host binding information was available
    but a subnet_id in fixed_ips request was present.

    This change adds filtering based on segment_id when
    fixed_ips are used. If fixed_ips are not all on the
    same segment exception FixedIpsSubnetsNotOnSameSegment
    is raised.

    Related: rhbz#1803989
    Related-Bug: #1864333
    Related-Bug: #1865138
    Closes-Bug: #1864225
    Change-Id: I336ae76283f29dd226344fb454aaa0e4aac030ea

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.opendev.org/710546
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=3d3dc60408148cf16bc19cccb76b8652f980fa1c
Submitter: Zuul
Branch: master

commit 3d3dc60408148cf16bc19cccb76b8652f980fa1c
Author: Harald Jensås <email address hidden>
Date: Fri Feb 28 03:09:05 2020 +0100

    subnet create - segment aware auto-addr allocation

    When creating additional subnets with ipv6 auto-addressing
    ip allocation was added to existing ports without filtering
    on current allocation's segment.

    This adds fitering to only add auto-address allocation when
    the new subnet is on the same segment as the ports current
    ipam allocations.

    Related: rhbz#1803989
    Related-Bug: #1864225
    Related-Bug: #1865138
    Closes-Bug: #1864333
    Change-Id: I75ae14c64db076434ca9897ba9a6d97702e233ad

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/710547
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f987486febb9fbe88232bb9139508981b92147f1
Submitter: Zuul
Branch: master

commit f987486febb9fbe88232bb9139508981b92147f1
Author: Harald Jensås <email address hidden>
Date: Fri Feb 28 22:55:13 2020 +0100

    Deny delete last slaac subnet with allocation on segment

    When a port has only one IP allocation on auto-allocation
    subnet which is associated with a segment, do not allow
    the delete of the subnet. Raise SubnetInUse exception instead.

    Related: rhbz#1803989
    Related-Bug: #1864225
    Related-Bug: #1864333
    Closes-Bug: #1865138
    Change-Id: I9fb0f05ede42afa1a349635b1936028edf540a1f

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/711192
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=c8f2a309836e152c4f08cc8e5735409f992177af
Submitter: Zuul
Branch: master

commit c8f2a309836e152c4f08cc8e5735409f992177af
Author: Harald Jensås <email address hidden>
Date: Wed Mar 4 10:41:35 2020 +0100

    Reno only - Make stateless allocation segment aware

    This add's a releasenote for changes:
     * https://review.opendev.org/709444
     * https://review.opendev.org/710546
     * https://review.opendev.org/710547

    Related-Bug: #1864225
    Related-Bug: #1864333
    Related-Bug: #1865138
    Change-Id: Idc7819340b37bee8ae7841d14d0143fb18ac362a

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/train)

Related fix proposed to branch: stable/train
Review: https://review.opendev.org/714092

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Related fix proposed to branch: stable/train
Review: https://review.opendev.org/714093

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/714094

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/train)

Related fix proposed to branch: stable/train
Review: https://review.opendev.org/714095

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/714617

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/train)

Related fix proposed to branch: stable/train
Review: https://review.opendev.org/715152

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/714092
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=16687e39b698bd2d95d343b403fa861de0b6648c
Submitter: Zuul
Branch: stable/train

commit 16687e39b698bd2d95d343b403fa861de0b6648c
Author: Harald Jensås <email address hidden>
Date: Thu Feb 27 02:38:13 2020 +0100

    Filter subnets on fixed_ips segment

    For v6_stateless IP addresses for all stateless
    subnets within a network are implicitly included.

    When using segments implicitly allocating addresses
    across subnets on different segments is incorrect.
    IPs from subnets on differnt segments was allocated
    when no host binding information was available
    but a subnet_id in fixed_ips request was present.

    This change adds filtering based on segment_id when
    fixed_ips are used. If fixed_ips are not all on the
    same segment exception FixedIpsSubnetsNotOnSameSegment
    is raised.

    Related: rhbz#1803989
    Related-Bug: #1864333
    Related-Bug: #1865138
    Closes-Bug: #1864225
    Change-Id: I336ae76283f29dd226344fb454aaa0e4aac030ea
    (cherry picked from commit 7e09e72661b0b3a0f898c20d451e204aa7a17194)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.opendev.org/714093
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=c4264b7ded8e5ac3cf5d96eebf5f170d5ea5f9ad
Submitter: Zuul
Branch: stable/train

commit c4264b7ded8e5ac3cf5d96eebf5f170d5ea5f9ad
Author: Harald Jensås <email address hidden>
Date: Fri Feb 28 03:09:05 2020 +0100

    subnet create - segment aware auto-addr allocation

    When creating additional subnets with ipv6 auto-addressing
    ip allocation was added to existing ports without filtering
    on current allocation's segment.

    This adds fitering to only add auto-address allocation when
    the new subnet is on the same segment as the ports current
    ipam allocations.

    Related: rhbz#1803989
    Related-Bug: #1864225
    Related-Bug: #1865138
    Closes-Bug: #1864333
    Change-Id: I75ae14c64db076434ca9897ba9a6d97702e233ad
    (cherry picked from commit 3d3dc60408148cf16bc19cccb76b8652f980fa1c)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/714094
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=259049e25e6bb3cfb84fc75972456c548d00ed9e
Submitter: Zuul
Branch: stable/train

commit 259049e25e6bb3cfb84fc75972456c548d00ed9e
Author: Harald Jensås <email address hidden>
Date: Fri Feb 28 22:55:13 2020 +0100

    Deny delete last slaac subnet with allocation on segment

    When a port has only one IP allocation on auto-allocation
    subnet which is associated with a segment, do not allow
    the delete of the subnet. Raise SubnetInUse exception instead.

    Related: rhbz#1803989
    Related-Bug: #1864225
    Related-Bug: #1864333
    Closes-Bug: #1865138
    Change-Id: I9fb0f05ede42afa1a349635b1936028edf540a1f
    (cherry picked from commit f987486febb9fbe88232bb9139508981b92147f1)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/714095
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=26ddb076b848e1585582fcee635fbdea337bfde5
Submitter: Zuul
Branch: stable/train

commit 26ddb076b848e1585582fcee635fbdea337bfde5
Author: Harald Jensås <email address hidden>
Date: Wed Mar 4 10:41:35 2020 +0100

    Reno only - Make stateless allocation segment aware

    This add's a releasenote for changes:
     * https://review.opendev.org/709444
     * https://review.opendev.org/710546
     * https://review.opendev.org/710547

    Related-Bug: #1864225
    Related-Bug: #1864333
    Related-Bug: #1865138
    Change-Id: Idc7819340b37bee8ae7841d14d0143fb18ac362a
    (cherry picked from commit c8f2a309836e152c4f08cc8e5735409f992177af)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/714617
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=2ccddef913e7a0eee4e304dea27b6aa0f58c1c3c
Submitter: Zuul
Branch: master

commit 2ccddef913e7a0eee4e304dea27b6aa0f58c1c3c
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Mar 24 08:30:40 2020 +0000

    Improve port retrieval when validating auto address

    Improve port retrieval in method
    "_validate_auto_address_subnet_delete". Instead of requesting each
    port individually, a single DB query is executed to retrieve all
    the ports with IP allocation in a in a subnet.

    Change-Id: I7875142ebecd17663e17847fb14997200d7ae5c8
    Related-Bug: #1865138

Bernard Cafarelli (bcafarel)
tags: added: neutron-proactive-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/715152
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f23fa9af8b2111dc098ef941c42c10a3b030233e
Submitter: Zuul
Branch: stable/train

commit f23fa9af8b2111dc098ef941c42c10a3b030233e
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Mar 24 08:30:40 2020 +0000

    Improve port retrieval when validating auto address

    Improve port retrieval in method
    "_validate_auto_address_subnet_delete". Instead of requesting each
    port individually, a single DB query is executed to retrieve all
    the ports with IP allocation in a in a subnet.

    Change-Id: I7875142ebecd17663e17847fb14997200d7ae5c8
    Related-Bug: #1865138
    (cherry picked from commit 2ccddef913e7a0eee4e304dea27b6aa0f58c1c3c)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/stein)

Related fix proposed to branch: stable/stein
Review: https://review.opendev.org/751194

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/751195

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/rocky)

Related fix proposed to branch: stable/rocky
Review: https://review.opendev.org/751197

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/751198

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/queens)

Related fix proposed to branch: stable/queens
Review: https://review.opendev.org/751201

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/751202

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/stein)

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: stable/stein
Review: https://review.opendev.org/751194
Reason: It seems like there is more dependencies for that patch and I don't think we really need to backport it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: stable/stein
Review: https://review.opendev.org/751195
Reason: It seems like there is more dependencies for that patch and I don't think we really need to backport it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/rocky)

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: stable/rocky
Review: https://review.opendev.org/751197
Reason: It seems like there is more dependencies for that patch and I don't think we really need to backport it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: stable/rocky
Review: https://review.opendev.org/751198
Reason: It seems like there is more dependencies for that patch and I don't think we really need to backport it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/queens)

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: stable/queens
Review: https://review.opendev.org/751201
Reason: It seems like there is more dependencies for that patch and I don't think we really need to backport it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: stable/queens
Review: https://review.opendev.org/751202
Reason: It seems like there is more dependencies for that patch and I don't think we really need to backport it.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.