neutron

[ipam] Why prevent first ip < (subnet.first + 1) if version of subnet is ipv6

Bug #2040242 reported by Liu Xie on 2023-10-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Invalid	Undecided	Liu Xie

Bug Description

As we know, we can use ipv6 address end with '0' like 2001::.

But when we allocate ipv6 pool use neutron, we could find the error like follows:
neutron net-create net-v6
neutron subnet-create --ip-version 6 --allocation-pool start=2001::,end=2001::2 net-v6 2001::/64
The allocation pool 2001::-2001::2 spans beyond the subnet cidr 2001::/64.
Neutron server returns request_ids: ['req-9a6569ed-52d7-4c3f-ad7e-8986a041a347']

We found that the error info from the func 'validate_allocation_pools':

        else: # IPv6 case
            subnet_first_ip = netaddr.IPAddress(subnet.first + 1)
            subnet_last_ip = netaddr.IPAddress(subnet.last)

        LOG.debug("Performing IP validity checks on allocation pools")
        ip_sets = []
        for ip_pool in ip_pools:
            start_ip = netaddr.IPAddress(ip_pool.first, ip_pool.version)
            end_ip = netaddr.IPAddress(ip_pool.last, ip_pool.version)
            if (start_ip.version != subnet.version or
                    end_ip.version != subnet.version):
                LOG.info("Specified IP addresses do not match "
                         "the subnet IP version")
                raise exc.InvalidAllocationPool(pool=ip_pool)
            if start_ip < subnet_first_ip or end_ip > subnet_last_ip:
                LOG.info("Found pool larger than subnet "
                         "CIDR:%(start)s - %(end)s",
                         {'start': start_ip, 'end': end_ip})
                raise exc.OutOfBoundsAllocationPool(
                    pool=ip_pool,
                    subnet_cidr=subnet_cidr)

Why neutron ipam force first ip of one pool >= (subnet.first + 1) if version of subnet is ipv6 ?

See original description

Tags:

Liu Xie (liushy) on 2023-10-24

summary:

- [ip allocation_pools] Why force first ip < (subnet.first + 1) if
- version of subnet is ipv6
+ [ipam] Why force first ip < (subnet.first + 1) if version of subnet is
+ ipv6

Liu Xie (liushy) on 2023-10-24

Changed in neutron:
assignee:	nobody → Liu Xie (liushy)

Liu Xie (liushy) on 2023-10-24

summary:	- [ipam] Why force first ip < (subnet.first + 1) if version of subnet is - ipv6 + [ipam] Why prevent first ip < (subnet.first + 1) if version of subnet + is ipv6
description:	updated

Lajos Katona (lajos-katona) on 2023-10-26

tags:

added: ipv6 l3-ipam-dhcp

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-10-26: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/899374

Changed in neutron:
status:	New → In Progress

Miguel Lavalle (minsel) on 2023-10-26

Changed in neutron:
importance:	Undecided → Medium
importance:	Medium → Undecided

Revision history for this message

Miguel Lavalle (minsel) wrote on 2023-10-27:

This LP doesn't seem to be a valid bug, based on the feedback provided in the associated code review: https://review.opendev.org/c/openstack/neutron/+/899374. Let's continue the conversation in Gerrit and we can reclassify this LP based on that conversation

Changed in neutron:
status:	In Progress → Invalid

Revision history for this message

Liu Xie (liushy) wrote on 2023-10-27:

OK,
If we create one subnet with CIDR 2003::/64 without a gateway, the response body looks like the following:

neutron subnet-create +------------- | Field | Value +------------- | allocation_pools | cidr | created_at | description | | dns_nameservers | | enable_dhcp | True | gateway_ip | | host_routes | | id | ip_version | 6 | ipv6_address_mode | | ipv6_ra_mode | | name | | network_id | project_id | revision_number | 0 | service_types | | subnetpool_id | | tags | | tenant_id | updated_at +------------- />------+----------------------------------------------------------+
|
/>------+----------------------------------------------------------+
| {"start": "2003::1", "end": "2003::ffff:ffff:ffff:ffff"} |
| 2003::/64 |
| 2023-10-27T03:17:51Z |
|
|
|
|
|
| c27ab9cf-92fb-401c-a9c9-e8a1a7d42f5f |
|
|
|
|
| 4c5da8a5-ab7a-4937-a943-6a4c0413922e |
| 8eae7e2bedcd4df5bf96a895240f148b |
|
|
|
|
| 8eae7e2bedcd4df5bf96a895240f148b |
| 2023-10-27T03:17:51Z |
/>------+----------------------------------------------------------+

We found that the allocation_pools do not contain '2003::'. Why does IPAM delete the first IP of the CIDR?

OK,
If we create one subnet with CIDR 2003::/64 without a gateway, the response body looks like the following:

neutron subnet-create --no-gateway --ip-version 6  net_v6 2003::/64
+-------------------+----------------------------------------------------------+
| Field             | Value                                                    |
+-------------------+----------------------------------------------------------+
| allocation_pools  | {"start": "2003::1", "end": "2003::ffff:ffff:ffff:ffff"} |
| cidr              | 2003::/64                                                |
| created_at        | 2023-10-27T03:17:51Z                                     |
| description       |                                                          |
| dns_nameservers   |                                                          |
| enable_dhcp       | True                                                     |
| gateway_ip        |                                                          |
| host_routes       |                                                          |
| id                | c27ab9cf-92fb-401c-a9c9-e8a1a7d42f5f                     |
| ip_version        | 6                                                        |
| ipv6_address_mode |                                                          |
| ipv6_ra_mode      |                                                          |
| name              |                                                          |
| network_id        | 4c5da8a5-ab7a-4937-a943-6a4c0413922e                     |
| project_id        | 8eae7e2bedcd4df5bf96a895240f148b                         |
| revision_number   | 0                                                        |
| service_types     |                                                          |
| subnetpool_id     |                                                          |
| tags              |                                                          |
| tenant_id         | 8eae7e2bedcd4df5bf96a895240f148b                         |
| updated_at        | 2023-10-27T03:17:51Z                                     |
+-------------------+----------------------------------------------------------+

We found that the allocation_pools do not contain '2003::'. Why does IPAM delete the first IP of the CIDR?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-12-04: Change abandoned on neutron (master)

Change abandoned by "Slawek Kaplonski <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/899374
Reason: This review is > 4 weeks without comment, and failed Zuul jobs the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.