[openstack-dev] [neutron] Neutron should disallow /32 CIDR
wpward at us.ibm.com
Thu Jan 23 20:00:52 UTC 2014
Thank you to all who have participated in this thread. I've just proposed
a fix in gerrit. For those involved thus far, if you could review I would
be greatly appreciative!
Carl Baldwin <carl at ecbaldwin.net> wrote on 01/21/2014 05:27:49 PM:
> From: Carl Baldwin <carl at ecbaldwin.net>
> To: "OpenStack Development Mailing List (not for usage questions)"
> <openstack-dev at lists.openstack.org>,
> Date: 01/21/2014 05:32 PM
> Subject: Re: [openstack-dev] [neutron] Neutron should disallow /32 CIDR
> I think there may be some confusion between the two concepts: subnet
> and allocation pool. You are right that an ipv4 subnet smaller than
> /30 is not useable on a network.
> However, this method is checking the validity of an allocation pool.
> These pools should not include room for a gateway nor broadcast
> address. Their relation to subnets is that the range of ips contained
> in the pool must fit within the allocatable IP space on the subnet
> from which they are allocated. Other than that, they are simple
> ranges; they don't need to be cidr aligned or anything. A pool of a
> single IP is valid.
> I just checked the method's implementation now. It does check that
> the pool fits within the allocatable range of the subnet. I think
> we're good.
> On Tue, Jan 21, 2014 at 3:35 PM, Paul Ward <wpward at us.ibm.com> wrote:
> > Currently, NeutronDbPluginV2._validate_allocation_pools() does some
> > basic checking to be sure the specified subnet is valid. One thing
> > missing is checking for a CIDR of /32. A subnet with one IP address in
> > is unusable as the sole IP address will be allocated to the gateway,
> > thus no IPs are left over to be allocated to VMs.
> > The fix for this is simple. In
> > NeutronDbPluginV2._validate_allocation_pools(), we'd check for start_ip
> > end_ip and raise an exception if that's true.
> > I've opened lauchpad bug report 1271311
> > (https://bugs.launchpad.net/neutron/+bug/1271311) for this, but wanted
> > start a discussion here to see if others find this enhancement to be a
> > valuable addition.
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev