tripleo

Default undercloud control plane network violates rfc5737

Bug #1553222 reported by Adam Young
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Juan Antonio Osorio Robles

Bug Description

The default control plan is 192.0.2.0/24 which is not supposedto be used, it is only for documentation purposes according to rfc5737:

https://tools.ietf.org/html/rfc5737

"Addresses within the TEST-NET-1, TEST-NET-2, and TEST-NET-3 blocks
   SHOULD NOT appear on the public Internet and are used without any
   coordination with IANA or an Internet registry [RFC2050]. Network
   operators SHOULD add these address blocks to the list of non-
   routeable address spaces, and if packet filters are deployed, then
   this address block SHOULD be added to packet filters.

   These blocks are not for local use, and the filters may be used in
   both local and public contexts."

It breaks tools that enforce the filters.

Adam Young (ayoung)
summary: - Default undercloud control plan network violates rfc5737
+ Default undercloud control plane network violates rfc5737
Juan Antonio Osorio Robles (juan-osorio-robles)
Changed in tripleo:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (master)

Fix proposed to branch: master
Review: https://review.openstack.org/289221

Changed in tripleo:
status: New → In Progress
OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Juan Antonio Osorio Robles (juan-osorio-robles) → Ben Nemec (bnemec)
OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Ben Nemec (bnemec) → Juan Antonio Osorio Robles (juan-osorio-robles)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (master)

Reviewed: https://review.openstack.org/320072
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=139f1f36c82607ed575733019e380ddd98e60d39
Submitter: Jenkins
Branch: master

commit 139f1f36c82607ed575733019e380ddd98e60d39
Author: Ben Nemec <email address hidden>
Date: Mon May 23 18:11:14 2016 +0000

    Deprecate default 192.0.2.0/24 CIDR

    This is a non-routable CIDR per RFC 5737, so we shouldn't be using
    it by default. However, if we just change it and don't provide a
    deprecation period we may break users who have deployed with the
    default CIDR, so we should give them a cycle to update their
    configs appropriately.

    This changes the default of network_cidr to None so that we can
    detect when a user has not changed our default, and sets the
    appropriate override to maintain backwards compatibility in that
    case. It also prints a warning about the deprecation at the end
    of the deploy process, when it is most likely to be noticed.

    Change-Id: I931a1f7160a007d367621de5cc1034c56c7741cf
    Partial-Bug: 1553222

Juan Antonio Osorio Robles (juan-osorio-robles)
Changed in tripleo:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on instack-undercloud (master)

Change abandoned by Juan Antonio Osorio Robles (<email address hidden>) on branch: master
Review: https://review.openstack.org/289221

Juan Antonio Osorio Robles (juan-osorio-robles)
Changed in tripleo:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.