[openstack-dev] [neutron] ML2 vlan type driver does not honor network_vlan_ranges

Henry Gessau gessau at cisco.com
Thu Jan 16 21:31:44 UTC 2014 

network_vlan_ranges is a 'pool' of vlans from which to pick a vlans for
tenant networks. Provider networks are not confined to this pool. In fact, I
believe it is a more common use-case that provider vlans are outside the
pool so that they do not conflict with tenant vlan allocation.

-- Henry

On Thu, Jan 16, at 3:45 pm, Paul Ward <wpward at us.ibm.com> wrote:

> In testing some new function I've written, I've unsurfaced the problem that
> the ML2 vlan type driver does not enforce the vlan range specified in the
> network_vlan_ranges option in ml2_conf.ini file.  It is properly enforcing
> the physical network name, and even checking to be sure the segmentation_id
> is valid in the sense that it's not outside the range of ALL valid vlan ids.
>  But it does not actually enforce that segmentation_id is within the vlan
> range specified for the given physical network in network_vlan_ranges.
> 
> The fix I propose is simple.  Add the following check to
> /neutron/plugins/ml2/drivers/type_vlan.py
> (TypeVlanDriver.validate_provider_segment()):
> 
>         range_min, range_max = self.network_vlan_ranges[physical_network][0]
>         if segmentation_id not in range(range_min, range_max):
>             msg = (_("segmentation_id out of range (%(min)s through "
>                      "%(max)s)") %
>                    {'min': range_min,
>                     'max': range_max})
>             raise exc.InvalidInput(error_message=msg)
> 
> This would go near line 182 in
> https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/type_vlan.py.
> 
> One question I have is whether self.network_vlan_ranges[physical_network]
> could actually be an empty list rather than a tuple representing the vlan
> range.  I believe that should always exist, but the documentation is not
> clear on this.  For reference, the corresponding line in ml2_conf.ini is this:
> 
> [ml2_type_vlan]
> network_vlan_ranges = default:1:4093
> 
> Thanks in advance to any that choose to provide some insight here!
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

More information about the OpenStack-dev mailing list