VM gets wrong ipv6 address from neutron-dhcp-agent after ipv6 address on port was changed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
Unassigned |
Bug Description
I run into a problem when neutron dhcp-agent is still replying to the old address confirmation.
Simple steps to reproduce:
- create a port with IPv6 address in dhcpv6-stateful subnet
- create a VM with cloud-init inside
- change the IPv6 port address
- reboot the VM
Here are my commands:
$ openstack subnet create --subnet-range 2001:db8:123::/64 --ip-version 6 --ipv6-address-mode dhcpv6-stateful --network public subv6
$ openstack subnet list --network public
+------
| ID | Name | Network | Subnet |
+------
| 6d9a7fb5-
| 76db898c-
+------
$
$ openstack port create my-port --network public --fixed-ip ip-address=
$ openstack server create test --flavor m1.small --port my-port --image CentOS-
Check IPv6 address inside VM (it's correct):
[centos@test ~]$ ip a s eth0
2: eth0: <BROADCAST,
link/ether fa:16:3e:2e:66:ac brd ff:ff:ff:ff:ff:ff
inet 10.136.17.163/22 brd 10.136.19.255 scope global dynamic eth0
valid_lft 86371sec preferred_lft 86371sec
inet6 2001:db8:
valid_lft 7473sec preferred_lft 7173sec
inet6 fe80::f816:
valid_lft forever preferred_lft forever
[centos@test ~]$
Change IPv6 address and reboot the VM:
$ openstack port set my-port --no-fixed-ip --fixed-ip ip-address=
$ openstack server reboot test
[centos@test ~]$ ip a s eth0
2: eth0: <BROADCAST,
link/ether fa:16:3e:2e:66:ac brd ff:ff:ff:ff:ff:ff
inet 10.136.17.163/22 brd 10.136.19.255 scope global dynamic eth0
valid_lft 86382sec preferred_lft 86382sec
inet6 2001:db8:
valid_lft 7482sec preferred_lft 7182sec
inet6 fe80::f816:
valid_lft forever preferred_lft forever
[centos@test ~]$
^^ you can see the VM got the old IPv6 address and actually all traffic is blocked by port-security feature. If I remove a lease file and re-spawn a dhclient, all is fine:
[centos@test ~]$ ps axf | grep dhcl
780 ? Ss 0:00 /sbin/dhclient -1 -q -lf /var/lib/
868 ? Ss 0:00 /sbin/dhclient -6 -1 -lf /var/lib/
1371 pts/0 S+ 0:00 \_ grep --color=auto dhcl
[centos@test ~]$ sudo kill -9 868
[centos@test ~]$ sudo ip addr del 2001:db8:
[centos@test ~]$ sudo rm -rf /var/lib/
[centos@test ~]$ sudo /sbin/dhclient -6 -1 -lf /var/lib/
[centos@test ~]$ ip a s eth0
2: eth0: <BROADCAST,
link/ether fa:16:3e:2e:66:ac brd ff:ff:ff:ff:ff:ff
inet 10.136.17.163/22 brd 10.136.19.255 scope global dynamic eth0
valid_lft 86319sec preferred_lft 86319sec
inet6 2001:db8:
valid_lft 7481sec preferred_lft 7181sec
inet6 fe80::f816:
valid_lft forever preferred_lft forever
[centos@test ~]$
I found some logic with dhcpv6 leases removing here:
https:/
but it looks like it doesn't help in case of DHCPCONFIRM client request:
In the dnsmasq logs I see the following DHCPCONFIRM-
Feb 1 16:49:12 dnsmasq-
Feb 1 16:49:12 dnsmasq-
Feb 1 16:49:15 dnsmasq-
Feb 1 16:49:15 dnsmasq-
description: | updated |
summary: |
- VM gets wrong ipv6 address from dhcp-agent after ipv6 address on port - was changed + VM gets wrong ipv6 address from neutron-dhcp-agent after ipv6 address on + port was changed |
tags: | added: ipv6 l3-ipam-dhcp |
Thanks for the bug report, I tried but can't reproduce your issue. MULTICAST, UP,LOWER_ UP> mtu 1450 qdisc fq_codel state UP group default qlen 1000 123::222/ 128 scope global dynamic noprefixroute 3eff:fec2: 32df/64 scope link
I used latest master (though as I see there was no code change around that code path), Ubuntu 18.04.5 as test VM
After rebooting the test VM, I have the correct address:
ubuntu@test:~$ ip a
....
2: ens2: <BROADCAST,
link/ether fa:16:3e:c2:32:df brd ff:ff:ff:ff:ff:ff
inet 192.171.0.5/27 brd 192.171.0.31 scope global dynamic ens2
valid_lft 86201sec preferred_lft 86201sec
inet6 2001:db8:
valid_lft 86202sec preferred_lft 86202sec
inet6 fe80::f816:
valid_lft forever preferred_lft forever
Just a small headsup: from https:/ /docs.openstack .org/neutron/ latest/ admin/config- ipv6.html# ipv6-ra- mode-and- ipv6-address- mode-combinatio ns only this combination is support for subnet creation with "dhcpv6-stateful":
openstack subnet create --ip-version 6 --ipv6-address-mode dhcpv6-stateful --ipv6-ra-mode dhcpv6-stateful....
As I checked the api-ref (and in my env) by not directly setting it (--ipv6-ra-mode dhcpv6-stateful) when creating the subnet the value will be null, and that is not supported by the reference implementation (what is in openstack/neutron repo)