DHCP response drops not documented
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
Low
|
Joseph Robinson |
Bug Description
DHCP responses coming from instances are prohibited and dropped, but there is no mention about that in the official documentation. Users planning to use netbooting need to be informed, since netbooting relies on DHCP.
Here are 2 citations from the web explaining that.
"Rule 3 will prevent a VM from acting as a DHCP server since it will drop any packets coming from UDP source port 67 going to UDP port 68 (usually a response to a DHCP request)" from https:/
"The security groups implementation automatically adds iptables rules to prevent instances running DHCP servers on a Quantum network." from https:/
The code implementing that is in /usr/lib/
Look for
def _drop_dhcp_
#Note(nati) Drop dhcp packet from VM
return ['-p udp -m udp --sport 67 --dport 68 -j DROP']
One could say that it is a feature of the security groups, since _drop_dhcp_rule is called by _add_rule_
One could also say that prohibiting "Bring your own DHCP server" is a more high level design detail.
affects: | neutron → openstack-manuals |
tags: |
added: networking-guide removed: neutron |
tags: | added: neutron |
Changed in openstack-manuals: | |
assignee: | nobody → Leon Zachery (lzachery) |
Changed in openstack-manuals: | |
milestone: | kilo → liberty |
Changed in openstack-manuals: | |
milestone: | liberty → mitaka |
Changed in openstack-manuals: | |
milestone: | mitaka → newton |
Changed in openstack-manuals: | |
milestone: | newton → ocata |
Changed in openstack-manuals: | |
assignee: | Lana (loquacity) → Joseph Robinson (joseph-r-email) |
This should be added to an appropriate point in the networking guide