Disallow users to allocate gateway ip of external subnets as floating ip
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
Medium
|
Unassigned |
Bug Description
Currently a user can allocate the gateway ip of an external network as a floating ip. This is possible, as the only validation on a user specified ip address is done by the ipam module, which checks that an ip is in the range of the subnet(s) and that it is not already allocated. Because OpenStack has no port for the external gateway the subnet of an external network is marked as free.
This is a problem because now a user can allocate an IP address that might be otherwise in use (externally of OpenStack / inside a provider network). Depending on the network plugins used, the user could either end up with an unusable floating ip or (in the worst case) create something that arps for this IP and redirects traffic away from the original gateway, causing an outage. Therefore I propose we forbid users from allocating floatingips that are also the gateway ip in a floating ip network. Note that OpenStack would not allocate the gateway ip itself, as it only allocates from the subnet's allocation pool by default.
To fix this I'd propose we either explicitly deny using the gateway ip or require the user-specified IP for a subnet to be from the allocation pool. I'd be happy to provide a patch once we have decided how to approach this.
This can be recreated with a simple cli command: openstack floating ip create $fip_network --floating-
A similar bug was filed and fixed for putting routers into provider networks: https:/
Breaking testcase (neutron/
class L3NatTestCaseBa
def test_create_
with self.subnet(
Preliminary discussion in IRC:
https:/
Changed in neutron: | |
importance: | Undecided → Medium |
tags: | added: l3-ipam-dhcp |
Hello Sebastian:
First of all, let me pointing out that [1] was not the same problem as in this bug. In [1], the router port had an IP address outside the subnet CIDR; that was an error. This is not the case here, were the FIP receives an IP address in this range.
IMO, we should allow this. The GW IP is not a Neutron resource (an IP allocation, associated to a port). This is a parameter of the subnet. We could write a warning message in the logs, that's all. The user should be able to assign this IP to a FIP (for whatever use case I can't image now). Of course, that's my own opinion only.
Regards.
[1]https:/ /bugs.launchpad .net/neutron/ +bug/1757482