Bug 1947293

Summary: IPv6 provision addresses range larger then /64 prefix (e.g. /48)
Product: OpenShift Container Platform Reporter: Rei <rhalle>
Component: InstallerAssignee: Caleb Boylan <cboylan>
Installer sub component: OpenShift on Bare Metal IPI QA Contact: Rei <rhalle>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: bnemec, cboylan, imelofer, rbartal, rbryant, sdasu, vvoronko
Version: 4.7Keywords: Triaged
Target Milestone: ---   
Target Release: 4.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
Cause: Insufficient checks and information about the ProvisioningNetworkCIDR Consequence: Misconfiguration Fix: Add documentation to the effect that "ProvisioningNetworkCIDR value in the Provisioning CR should be provided such that IPv6 provisioning networks cannot be larger than a /64 due to a limitation in dnsmasq." Result:
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-27 22:57:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rei 2021-04-08 07:33:42 UTC 
Version:

4.7

Platform:

libvirt

Please specify:
* IPI (automated install with `openshift-install`. If you don't know, then it's IPI)

What happened?

We have this bug before https://bugzilla.redhat.com/show_bug.cgi?id=1925291 that prevent us to deploy OCP with provision network addresses range smaller then /64 (e.g /118) This bug has been solved so we check the opposite case that we define provision network addresses range larger then /64  (e.g /48). this test has been failed in the automation.



What did you expect to happen?

We want to know if there is a reason to support range larger then /64 and if not we need to document this


How to reproduce it (as minimally and precisely as possible)?
Deploy OCP with provision network addresses range larger then /64 (e.g /48)
Comment 1 Caleb Boylan 2021-05-17 18:06:30 UTC 
I reproduced this and the failure is in dnsmasq:

    dnsmasq: prefix length must be at least 64 at line 10 of /etc/dnsmasq.conf

This seems to be a limitation of dnsmasq and ipv6, from the man page:

> For  IPv6,  the  parameters are slightly different: instead of netmask and broadcast address, there is an optional prefix length which must
> be equal to or larger then the prefix length on the local interface. If not given, this defaults to 64. Unlike
> the IPv4 case, the prefix length is not automatically derived from the interface configuration. The minimum size of the prefix length is 64.

As far as I can tell there is no simple way to work around this limitation so I think it's best to document for now.
Comment 3 Rei 2021-06-01 04:03:09 UTC 
I read the description /lgtm
Comment 4 Rei 2021-06-01 04:03:35 UTC 
I read the description /lgtm
Comment 7 errata-xmlrpc 2021-07-27 22:57:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438