Open Stack

During the review[0] of the patch that only allows RAs from known
addresses, Robert Li brought up a bug in Neutron, where a
IPv6 Subnet could be created, with a link local address for the gateway,
that would fail to create the Neutron router because the IP address that
the router's port would be assigned, was a link local
address that was not on the subnet. 

This may or may have been run before force_gateway_on_subnet flag was
introduced. Robert - if you can give us what version of Neutron you were
running that would be helpful.

Here's the full text of what Robert posted in the review, which shows
the bug, which was later filed[1].

>> This is what I've tried, creating a subnet with a LLA gateway address: 
 
>> neutron subnet-create --ip-version 6 --name myipv6sub --gateway fe80::2001:1 mynet 2222:3333::/64
>>
>> Created a new subnet: 
>> +------------------+--------------------------------------------------------------------+
>> | Field | Value |
>> +------------------+--------------------------------------------------------------------+
>> | allocation_pools | {"start": "2222:3333::1", "end": "2222:3333::ffff:ffff:ffff:fffe"} | | cidr | 2222:3333::/64 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | fe80::2001:1 | | host_routes | | | id | a1513aa7-fb19-4b87-9ce6-25fd238ce2fb | | ip_version | 6 | | name | myipv6sub | | network_id | 9c25c905-da45-4f97-b394-7299ec586cff | | tenant_id | fa96d90f267b4a93a5198c46fc13abd9 |
>> +------------------+--------------------------------------------------------------------+
>> 
>> openstack at devstack-16:~/devstack$ neutron router-list

>> +--------------------------------------+---------+-----------------------------------------------------------------------------+ 
>> | id | name | external_gateway_info
>> | +--------------------------------------+---------+-----------------------------------------------------------------------------+ 
>> | 7cf084b4-fafd-4da2-9b15-0d25a3e27e67 | router1 | {"network_id": "02673c3c-35c3-40a9-a5c2-9e5c093aca48", "enable_snat": true} 
>> | 
>> +--------------------------------------+---------+-----------------------------------------------------------------------------+
>>
>> openstack at devstack-16:~/devstack$ neutron router-interface-add 7cf084b4-fafd-4da2-9b15-0d25a3e27e67 myipv6sub
>>
>> 400-{u'NeutronError': {u'message': u'Invalid input for operation: IP address fe80::2001:1 is not a valid IP for the defined subnet.', u'type': u'InvalidInput', u'detail': u''}}
>>

During last week's meeting, we had a bit of confusion near the end of the
meeting[2] about the following bug, and the fix[3].

If I am not mistaken - the fix is so that when you create a v6 Subnet
with a link local address, then create a Neutron router to serve as the
gateway for that subnet - the operation will successfully complete and a
router will be created.

We may need to take a look at the code that create a router - to ensure
that only one gateway port is created, and that the link local address
from the subnet's 'gateway' attribute is used as the address.

This is at least my understanding of the problem as it stands today -
and that this bug and fix does not involve any external gateways or
physical devices that Neutron does not control - this is exclusively
about Neutron routers.


[0]: https://review.openstack.org/#/c/72252/

[1]: https://bugs.launchpad.net/neutron/+bug/1284518

[2]: http://eavesdrop.openstack.org/meetings/neutron_ipv6/2014/neutron_ipv6.2014-03-18-14.02.log.html

[3]: https://review.openstack.org/#/c/76125/


-- 
Sean M. Collins