OpenStack Compute (nova)

IPv6 neighbor discovery not getting through qbr bridge

Bug #1663317 reported by David Reno
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Opinion
Undecided
Unassigned

Bug Description

Summary:
========
Newton nova on CentOS 7.3 is setting the qbr bridge to disable IPv6 (virt/libvirt/vif.py:536)

This is preventing IPv6 neighbor discovery from getting through the bridge and thus all IPv6 connectivity.

Details:
========
Version: Newton on CentOS 7.3 minimal (CentOS-7-x86_64-Minimal-1611.iso) as per these instructions: http://docs.openstack.org/newton/install-guide-rdo/

Seemingly relevant sections of nova-compute.log:
ova-compute.log:2017-02-09 10:41:55.878 8393 DEBUG oslo_service.service [req-06596ba4-20c6-40bc-b6a0-37f84aaa2e49 - - - - -] os_vif_linux_bridge.use_ipv6 = True log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2630
nova-compute.log:2017-02-09 11:04:12.281 8393 DEBUG oslo.privsep.daemon [-] Running cmd (subprocess): tee /proc/sys/net/ipv6/conf/qbr91c6f3e4-bd/disable_ipv6 out_of_band /usr/lib/python2.7/site-packages/oslo_privsep/daemon.py:194

David Reno (dcreno)
tags: added: libvirt
Revision history for this message
David Reno (dcreno) wrote :

So this is on purpose apparently (not sure why the config option exists): https://github.com/openstack/nova/commit/5ab1b1b1c456b8b43edbd1bddd74b96b56ab80e6

The question remains why IPv6 neighbor discovery won't go though until I enable IPv6 on the bridge via sysctl.

Revision history for this message
Sylvain Bauza (sylvain-bauza) wrote :

All the discussion can be found in https://bugs.launchpad.net/neutron/+bug/1302080

Basically, it was possible to reach from a guest perspective the hypervisor in case the bridge was also IPv6. The solution was rather to stop using IPv6 for that bridge automatically.

That doesn't mean that you can't use IPv6 IMHO, just that the bridge won't use it automatically.

Anyway, the above bug report I provided to you seems the best for discussing about your problem, I'd like to put this one as Opinion as I'm not sure Nova can help here.

Changed in nova:
status: New → Opinion
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.