The qbr bridge should not have any IPv6 addresses, either
link-local, or on the tenant's private network due to the
bridge processing Router Advertisements from Neutron and
auto-configuring addresses, since it will allow access to
the hypervisor from a tenant VM.
The bridge only exists to allow the Neutron security group
code to work with OVS, so we can safely disable IPv6 on it.
Reviewed: https:/ /review. openstack. org/274796 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=44401727235 c5a9736c4229f7f c581e6a970ff91
Committed: https:/
Submitter: Jenkins
Branch: stable/liberty
commit 44401727235c5a9 736c4229f7fc581 e6a970ff91
Author: Adam Kacmarsky <email address hidden>
Date: Thu Jul 2 10:13:16 2015 -0600
Disable IPv6 on bridge devices
The qbr bridge should not have any IPv6 addresses, either configuring addresses, since it will allow access to
link-local, or on the tenant's private network due to the
bridge processing Router Advertisements from Neutron and
auto-
the hypervisor from a tenant VM.
The bridge only exists to allow the Neutron security group
code to work with OVS, so we can safely disable IPv6 on it.
Closes-bug: 1470931
Partial-bug: 1302080
Conflicts: tests/unit/ virt/libvirt/ test_vif. py
nova/
Change-Id: Ideecab1c21b240 bcca71973ed74b0 374afb20e5e 43edbd1bddd74b9 6b56ab80e6)
(cherry picked from commit 5ab1b1b1c456b8b