<html><body>
<p><font size="2" face="sans-serif">FWIW, Horizon does prevent the /32 subnet with this message right in the UI: "The subnet in the Network Address is too small (/32)." However, it does NOT prevent a /31 or smaller prefix.</font><br>
<br>
<font size="2" face="sans-serif">Given your statement about routers potentially using a /30 network, I think we should leave the restriction at /30 rather than /29. I'm assuming your statement that some routers use /30 subnets to connect to each other could potentially apply to neutron-created routers.</font><br>
<br>
<font size="2" face="sans-serif">My reasoning behind checking the number of IP addresses in the subnet rather than the actual CIDR prefix length is that I want the code to be IP version agnostic. If we're talking IPv6, then /30 isn't going to be relevant. I'm not overly familiar with IPv6, but is it safe to say it has the same restriction that there must be more than 2 IPs available as the highest IP is the broadcast? Thinking more about this, I think this would be a better check (which still covers both IPv4 and IPv6):</font><br>
<br>
<font size="2" face="sans-serif">if len(list(netaddr.IPNetwork(new_subnet_cidr))) < 3:</font><br>
<font size="2" face="sans-serif"> <raise exception></font><br>
<br>
<font size="2" face="sans-serif">So where I think we're at and need to go:</font><br>
<font size="2" face="sans-serif"> - Concurrence on whether this change is made at all. I'm of the opinion that if a subnet is truly and</font><br>
<font size="2" face="sans-serif"> completely unusable, we should prevent it in neutron rather than rely on horizon since products</font><br>
<font size="2" face="sans-serif"> built on openstack probably don't use horizon. If agreed, proceed to next items.</font><br>
<font size="2" face="sans-serif"> - Change current fix to allow /(N-2) prefixes</font><br>
<font size="2" face="sans-serif"> - Potential horizon changes, in a separate changeset</font><br>
<font size="2" face="sans-serif"> - Change to fail on /(N-1) rather than only /(N)</font><br>
<font size="2" face="sans-serif"> - More descriptive failure message... though I kinda think the current one is sufficient.<br>
<br>
</font><br>
<br>
<tt><font size="2">"CARVER, PAUL" <pc2929@att.com> wrote on 01/23/2014 02:22:06 PM:<br>
<br>
> From: "CARVER, PAUL" <pc2929@att.com></font></tt><br>
<tt><font size="2">> To: "OpenStack Development Mailing List (not for usage questions)" <br>
> <openstack-dev@lists.openstack.org>, </font></tt><br>
<tt><font size="2">> Date: 01/23/2014 02:26 PM</font></tt><br>
<tt><font size="2">> Subject: Re: [openstack-dev] [neutron] Neutron should disallow /32 CIDR</font></tt><br>
<tt><font size="2">> <br>
> Paul Ward: <br>
</font></tt><br>
<tt><font size="2">> Thank you to all who have participated in this thread. I've just <br>
> proposed a fix in gerrit. For those involved thus far, if you could<br>
> review I would be greatly appreciative!<br>
> <br>
> <a href="https://review.openstack.org/#/c/68742/1">https://review.openstack.org/#/c/68742/1</a><br>
> <br>
> I wouldn’t go so far as to say this verification SHOULDN’T be added,<br>
> but neither would I say it should. From a general use case <br>
> perspective I don’t think IPv4 subnets smaller than /29 make sense. <br>
> A /32 is a commonly used subnet length for some use cases (e.g. <br>
> router loopback interface) but may not have an applicable use in a <br>
> cloud network. I have never seen a /31 network used anywhere. Point <br>
> to point links (e.g. T1/Frame Relay/etc) are often /30 but I’ve <br>
> never seen a /30 subnet for anything other than connecting two routers.</font></tt><br>
<tt><font size="2">> </font></tt><br>
<tt><font size="2">> However, does it really benefit the user to specifically block them <br>
> from entering /32 or block them from entering /30, /31, and /32?</font></tt><br>
<tt><font size="2">> </font></tt><br>
<tt><font size="2">> It might not be an equal amount of code, I think a much better <br>
> effort to help the user would be to provide them with a subnet <br>
> calculator directly in Horizon to show them how many usable IPs are <br>
> in the subnet they’re defining. In this case, displaying “Usable <br>
> addresses: 0” right when they enter /32 would be helpful and they <br>
> would figure out for themselves whether they really wanted that mask<br>
> or if they meant something else?</font></tt><br>
<tt><font size="2">> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> OpenStack-dev@lists.openstack.org<br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</font></tt></body></html>