[openstack-dev] [neutron] Neutron should disallow /32 CIDR

Carl Baldwin carl at ecbaldwin.net
Tue Jan 21 23:27:49 UTC 2014


I think there may be some confusion between the two concepts:  subnet
and allocation pool.  You are right that an ipv4 subnet smaller than
/30 is not useable on a network.

However, this method is checking the validity of an allocation pool.
These pools should not include room for a gateway nor broadcast
address.  Their relation to subnets is that the range of ips contained
in the pool must fit within the allocatable IP space on the subnet
from which they are allocated.  Other than that, they are simple
ranges; they don't need to be cidr aligned or anything.  A pool of a
single IP is valid.

I just checked the method's implementation now.  It does check that
the pool fits within the allocatable range of the subnet.  I think
we're good.

Carl

On Tue, Jan 21, 2014 at 3:35 PM, Paul Ward <wpward at us.ibm.com> wrote:
> Currently, NeutronDbPluginV2._validate_allocation_pools() does some very
> basic checking to be sure the specified subnet is valid.  One thing that's
> missing is checking for a CIDR of /32.  A subnet with one IP address in it
> is unusable as the sole IP address will be allocated to the gateway, and
> thus no IPs are left over to be allocated to VMs.
>
> The fix for this is simple.  In
> NeutronDbPluginV2._validate_allocation_pools(), we'd check for start_ip ==
> end_ip and raise an exception if that's true.
>
> I've opened lauchpad bug report 1271311
> (https://bugs.launchpad.net/neutron/+bug/1271311) for this, but wanted to
> start a discussion here to see if others find this enhancement to be a
> valuable addition.
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



More information about the OpenStack-dev mailing list