neutron

Race condition when adding two subnet with same cidr to router

Bug #1987666 reported by Fernando Royo
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Fernando Royo

Bug Description

When two subnets with the same cidr are connected to a router, the second request should fail with an error like this:

BadRequest: resources._ipv4_gateway_interface: Bad router request: Cidr 10.100.130.0/24 of subnet 41626435-77b8-4858-9594-a6709e2de5c5 overlaps with cidr 10.100.130.0/24 of subnet cd6566de-add9-4129-9f5e-5b99cc57194c

But if those connections are triggered simultaneously, both subnets finally are connected to the router without raising the previous BadRequest.

A simple script like this allow to replicate the situation described:

echo "create resources"
openstack router create r0
openstack network create n0-A
openstack subnet create sn0-A --network n0-A --subnet-range 10.100.0.0/24
openstack network create n0-B
openstack subnet create sn0-B --network n0-B --subnet-range 10.100.0.0/24

echo "connect subnets to routers"
openstack router add subnet r0 sn0-A&
openstack router add subnet r0 sn0-B

as result:

(overcloud) [stack@undercloud-0 ~]$ openstack router show r0 -c interfaces_info -f value; done
[{'port_id': '171028ae-3a0d-4690-86fd-09bf3cf9fabe', 'ip_address': '10.100.0.1', 'subnet_id': 'b1f1cfb0-3d8d-41ae-b5e4-4839f4c5d7a4'}, {'port_id': '46596629-a1bc-49d6-903e-45cd27ba6b22', 'ip_address': '10.100.0.1', 'subnet_id': '1f463853-487e-4aeb-b0ec-cd43048bf692'}]

Slawek Kaplonski (slaweq)
Changed in neutron:
status: New → Confirmed
importance: Undecided → Medium
Fernando Royo (froyoredhat)
Changed in neutron:
assignee: nobody → Fernando Royo (froyoredhat)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/859143

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/859143
Committed: https://opendev.org/openstack/neutron/commit/1abb77d7a63cde2aa9640351f663870c14430919
Submitter: "Zuul (22348)"
Branch: master

commit 1abb77d7a63cde2aa9640351f663870c14430919
Author: Fernando Royo <email address hidden>
Date: Fri Sep 23 20:53:09 2022 +0200

    Check subnet overlapping after add router interface

    When simultaneous attempts are made to add an interface
    to the same router including overlapping networks in cidrs,
    both attempts are successful. There is a check to avoid this
    overlap but is performed when creating the network interface
    and it is done over the ports already attached to the router,
    so at this moment the check is not able to detect the
    overlapping. Furthermore, the create_port operation over the
    ML2 plugin must be executed in isolated transactions, so
    trying to control the execution context or adding additional
    steps to the transaction is not feasible.

    This patch checks once the RouterPort is created on the
    neutron database if there is more than one overlapping port,
    triggering in that case the exception that will remove the
    the culprit of overlapping.

    Closes-Bug: #1987666
    Change-Id: I7cec8b53e72e7abf34012906e6adfecf079525af

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron/+/863271

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/neutron/+/863275

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/neutron/+/863852

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/neutron/+/863861

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/neutron/+/863862

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/neutron/+/863863

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/victoria)

Change abandoned by "Fernando Royo <email address hidden>" on branch: stable/victoria
Review: https://review.opendev.org/c/openstack/neutron/+/863861
Reason: strong gap comparing to master branch, many backports required not just test scope

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/ussuri)

Change abandoned by "Fernando Royo <email address hidden>" on branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/neutron/+/863863
Reason: strong gap comparing to master branch, many backports required not just test scope

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/train)

Change abandoned by "Fernando Royo <email address hidden>" on branch: stable/train
Review: https://review.opendev.org/c/openstack/neutron/+/863862
Reason: strong gap comparing to master branch, many backports required not just test scope

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/neutron/+/864297

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/863271
Committed: https://opendev.org/openstack/neutron/commit/71801fba9143b4e341037695c9a95a6ddc722766
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 71801fba9143b4e341037695c9a95a6ddc722766
Author: Fernando Royo <email address hidden>
Date: Fri Sep 23 20:53:09 2022 +0200

    Check subnet overlapping after add router interface

    When simultaneous attempts are made to add an interface
    to the same router including overlapping networks in cidrs,
    both attempts are successful. There is a check to avoid this
    overlap but is performed when creating the network interface
    and it is done over the ports already attached to the router,
    so at this moment the check is not able to detect the
    overlapping. Furthermore, the create_port operation over the
    ML2 plugin must be executed in isolated transactions, so
    trying to control the execution context or adding additional
    steps to the transaction is not feasible.

    This patch checks once the RouterPort is created on the
    neutron database if there is more than one overlapping port,
    triggering in that case the exception that will remove the
    the culprit of overlapping.

    Closes-Bug: #1987666
    Change-Id: I7cec8b53e72e7abf34012906e6adfecf079525af
    (cherry picked from commit 1abb77d7a63cde2aa9640351f663870c14430919)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/yoga)

Change abandoned by "Bernard Cafarelli <email address hidden>" on branch: stable/yoga
Review: https://review.opendev.org/c/openstack/neutron/+/863275
Reason: Abandoning for proper cherry-pick

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/neutron/+/864542

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/864297
Committed: https://opendev.org/openstack/neutron/commit/789a46df615dc5cf7687f643e364e008e043508b
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 789a46df615dc5cf7687f643e364e008e043508b
Author: Fernando Royo <email address hidden>
Date: Fri Sep 23 20:53:09 2022 +0200

    Check subnet overlapping after add router interface

    When simultaneous attempts are made to add an interface
    to the same router including overlapping networks in cidrs,
    both attempts are successful. There is a check to avoid this
    overlap but is performed when creating the network interface
    and it is done over the ports already attached to the router,
    so at this moment the check is not able to detect the
    overlapping. Furthermore, the create_port operation over the
    ML2 plugin must be executed in isolated transactions, so
    trying to control the execution context or adding additional
    steps to the transaction is not feasible.

    This patch checks once the RouterPort is created on the
    neutron database if there is more than one overlapping port,
    triggering in that case the exception that will remove the
    the culprit of overlapping.

    Note: Added clean of l3_obj.RouterPort to avoid errors on
    setUp of test class L3TestCase, pick from [1]. Also added
    cfg allow_overlapping_ips to True for fullstack job, this one
    had been deprecated and enabled by default in newer releases
    but added in order to run the backported tests over this
    stable branch.

    Conflicts:
           neutron/db/l3_db.py
    (manually cherry picked from commit 1abb77d7a63cde2aa9640351f663870c14430919)

    [1] https://review.opendev.org/c/openstack/neutron/+/804846/18/neutron/tests/unit/db/test_l3_db.py#612

    Closes-Bug: #1987666
    Change-Id: I7cec8b53e72e7abf34012906e6adfecf079525af
    (cherry picked from commit 1abb77d7a63cde2aa9640351f663870c14430919)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/yoga)

Change abandoned by "Fernando Royo <email address hidden>" on branch: stable/yoga
Review: https://review.opendev.org/c/openstack/neutron/+/864542
Reason: in favor of https://review.opendev.org/c/openstack/neutron/+/863275

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/863275
Committed: https://opendev.org/openstack/neutron/commit/2032397cf816f49e11dad68d5beb6e0b3dd96192
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 2032397cf816f49e11dad68d5beb6e0b3dd96192
Author: Fernando Royo <email address hidden>
Date: Fri Sep 23 20:53:09 2022 +0200

    Check subnet overlapping after add router interface

    When simultaneous attempts are made to add an interface
    to the same router including overlapping networks in cidrs,
    both attempts are successful. There is a check to avoid this
    overlap but is performed when creating the network interface
    and it is done over the ports already attached to the router,
    so at this moment the check is not able to detect the
    overlapping. Furthermore, the create_port operation over the
    ML2 plugin must be executed in isolated transactions, so
    trying to control the execution context or adding additional
    steps to the transaction is not feasible.

    This patch checks once the RouterPort is created on the
    neutron database if there is more than one overlapping port,
    triggering in that case the exception that will remove the
    the culprit of overlapping.

    Conflicts:
          neutron/db/l3_db.py
    (manually cherry picked from commit 1abb77d7a63cde2aa9640351f663870c14430919)

    Closes-Bug: #1987666
    Change-Id: I7cec8b53e72e7abf34012906e6adfecf079525af
    (cherry picked from commit 1abb77d7a63cde2aa9640351f663870c14430919)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/863852
Committed: https://opendev.org/openstack/neutron/commit/98abcb6eac1c705c9cf328ef323dc0307adef61c
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 98abcb6eac1c705c9cf328ef323dc0307adef61c
Author: Fernando Royo <email address hidden>
Date: Fri Sep 23 20:53:09 2022 +0200

    Check subnet overlapping after add router interface

    When simultaneous attempts are made to add an interface
    to the same router including overlapping networks in cidrs,
    both attempts are successful. There is a check to avoid this
    overlap but is performed when creating the network interface
    and it is done over the ports already attached to the router,
    so at this moment the check is not able to detect the
    overlapping. Furthermore, the create_port operation over the
    ML2 plugin must be executed in isolated transactions, so
    trying to control the execution context or adding additional
    steps to the transaction is not feasible.

    This patch checks once the RouterPort is created on the
    neutron database if there is more than one overlapping port,
    triggering in that case the exception that will remove the
    the culprit of overlapping.

    Note: Added clean of l3_obj.RouterPort to avoid errors on
    setUp of test class L3TestCase, pick from [1]. Also added
    cfg allow_overlapping_ips to True for fullstack job, this one
    had been deprecated and enabled by default in newer releases
    but added in order to run the backported tests over this
    stable branch.

    Conflicts:
           neutron/db/l3_db.py
           neutron/tests/unit/db/test_l3_db.py
    (manually cherry picked from commit 1abb77d7a63cde2aa9640351f663870c14430919)

    [1] https://review.opendev.org/c/openstack/neutron/+/804846/18/neutron/tests/unit/db/test_l3_db.py#612

    Closes-Bug: #1987666
    Change-Id: I7cec8b53e72e7abf34012906e6adfecf079525af
    (cherry picked from commit 1abb77d7a63cde2aa9640351f663870c14430919)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 19.5.0

This issue was fixed in the openstack/neutron 19.5.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 22.0.0.0rc1

This issue was fixed in the openstack/neutron 22.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 20.3.0

This issue was fixed in the openstack/neutron 20.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 21.1.0

This issue was fixed in the openstack/neutron 21.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron wallaby-eom

This issue was fixed in the openstack/neutron wallaby-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.