RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/
Bug 1149763 - Router Advertisements should be allowed by default
Summary: Router Advertisements should be allowed by default
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: RDO
Classification: Community
Component: openstack-neutron
Version: unspecified
Hardware: Unspecified
OS: Linux
high
high
Target Milestone: ---
: Juno
Assignee: Ihar Hrachyshka
QA Contact: Ofer Blaut
URL:
Whiteboard:
Depends On:
Blocks: 1083891 1148877 1149504 1149505
TreeView+ depends on / blocked
 
Reported: 2014-10-06 14:58 UTC by Nir Magnezi
Modified: 2019-09-10 14:12 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-10-29 14:37:33 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1377985 0 None None None Never

Description Nir Magnezi 2014-10-06 14:58:42 UTC 
Description of problem:
=======================
Router Advertisements are blocked and can't reach instances.
As a direct result of that, All Ipv6 networking won't function for instances.
This was tested both with provider Ipv6 router and radvd.
	 
Version-Release number of selected component (if applicable):
=============================================================
RDO Juno:
openstack-neutron-2014.2-0.7.b3

How reproducible:
=================
100%

Steps to Reproduce:
===================
1. Create Neutron network

2. Create Neutron IPv6 subnet, don't forget to specify:
   a. --ipv6-address-mode
   b. --ipv6_ra_mode
   c. --gateway , in case you create this subnet for provider router. specify the IPv6 link local address.

3. Spawn an instance

4. Check if the instance obtained IPv6 address and default gw. (not expected to work)

5. Use tcpdump to see if Router Advertisements reach the instance.

6. Add a rule to allow all ICMP from fe80::/4

7. Repeat steps 4 & 5, it should work ok now. 

Actual results:
===============
Router Advertisements are blocked and can't reach instances.

Expected results:
=================
Router Advertisements should be allowed by default.
Comment 1 Nir Magnezi 2014-10-06 15:02:12 UTC 
Related patch: https://review.openstack.org/#/c/72252/
Comment 2 Nir Yechiel 2014-10-26 14:04:03 UTC 
As a side note: a rule to allow all ICMP from fe80::/4, would allow all ICMP traffic with IPv6 source address starting with just 'f'/'1111'. The IPv6 link-local scope, which I believe you tried to allow here, is fe80::/10.
Comment 3 Ihar Hrachyshka 2014-10-27 15:35:17 UTC 
I wonder whether I need to set gateway in case of openstack RADVD (slaac/slaac for ipv6 subnet flags). I've created a subnet, made sure ipv6 is enabled (it was disabled in my lab f20 kickstart file, so I needed to modify sysctl.conf to write 0 into disable_ipv6 /proc file), started an instance plugged into the network that contained the subnet, and it correctly received RA from RADVD. tcpdump showed advertisements, and Cirros was able to set proper prefix for eth0.

I suspect we need more clear reproduction steps.
Comment 4 Ihar Hrachyshka 2014-10-29 14:37:33 UTC 
Closing the bug as WORKSFORME. I was able to receive RAs inside an instance on a host with ipv6 enabled (NB: make sure your host is enabled for ipv6 too!)
Comment 5 Nir Magnezi 2014-12-02 06:52:39 UTC 
(In reply to Ihar Hrachyshka from comment #4)
> Closing the bug as WORKSFORME. I was able to receive RAs inside an instance
> on a host with ipv6 enabled (NB: make sure your host is enabled for ipv6
> too!)

Indeed the interface configuration caused that issue.
Note You need to log in before you can comment on or make changes to this bug.