[openstack-dev] [neutron] Neutron should disallow /32 CIDR

Paul Ward wpward at us.ibm.com
Thu Jan 23 20:00:52 UTC 2014 

Thank you to all who have participated in this thread.  I've just proposed
a fix in gerrit.  For those involved thus far, if you could review I would
be greatly appreciative!

https://review.openstack.org/#/c/68742/1



Carl Baldwin <carl at ecbaldwin.net> wrote on 01/21/2014 05:27:49 PM:

> From: Carl Baldwin <carl at ecbaldwin.net>
> To: "OpenStack Development Mailing List (not for usage questions)"
> <openstack-dev at lists.openstack.org>,
> Date: 01/21/2014 05:32 PM
> Subject: Re: [openstack-dev] [neutron] Neutron should disallow /32 CIDR
>
> I think there may be some confusion between the two concepts:  subnet
> and allocation pool.  You are right that an ipv4 subnet smaller than
> /30 is not useable on a network.
>
> However, this method is checking the validity of an allocation pool.
> These pools should not include room for a gateway nor broadcast
> address.  Their relation to subnets is that the range of ips contained
> in the pool must fit within the allocatable IP space on the subnet
> from which they are allocated.  Other than that, they are simple
> ranges; they don't need to be cidr aligned or anything.  A pool of a
> single IP is valid.
>
> I just checked the method's implementation now.  It does check that
> the pool fits within the allocatable range of the subnet.  I think
> we're good.
>
> Carl
>
> On Tue, Jan 21, 2014 at 3:35 PM, Paul Ward <wpward at us.ibm.com> wrote:
> > Currently, NeutronDbPluginV2._validate_allocation_pools() does some
very
> > basic checking to be sure the specified subnet is valid.  One thing
that's
> > missing is checking for a CIDR of /32.  A subnet with one IP address in
it
> > is unusable as the sole IP address will be allocated to the gateway,
and
> > thus no IPs are left over to be allocated to VMs.
> >
> > The fix for this is simple.  In
> > NeutronDbPluginV2._validate_allocation_pools(), we'd check for start_ip
==
> > end_ip and raise an exception if that's true.
> >
> > I've opened lauchpad bug report 1271311
> > (https://bugs.launchpad.net/neutron/+bug/1271311) for this, but wanted
to
> > start a discussion here to see if others find this enhancement to be a
> > valuable addition.
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140123/a48011fd/attachment.html>

More information about the OpenStack-dev mailing list