Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1305124 - Default For accept_ra Must Be "0"
Default For accept_ra Must Be "0"
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
urgent Severity urgent
: y3
: 7.0 (Kilo)
Assigned To: Jiri Stransky
Marius Cornea
: Triaged
Depends On:
Blocks: 1305128
  Show dependency treegraph
 
Reported: 2016-02-05 13:06 EST by Dan Sneddon
Modified: 2016-02-18 11:52 EST (History)
8 users (show)

See Also:
Fixed In Version: openstack-tripleo-heat-templates-0.8.6-117.el7ost
Doc Type: Bug Fix
Doc Text:
Compute nodes detected IPv6 router announcements (RA) on the Overcloud's IPv6-based Tenant network. This caused problems with the IPv6 routing table, such as setting the default route to the Neutron router. This fix sets the 'net.ipv6.conf.default.accept_ra' kernel parameter to 0 on all nodes. Now the Compute node no longer accepts router announcements from the Tenant networks.
Story Points: ---
Clone Of:
: 1305128 (view as bug list)
Environment:
Last Closed: 2016-02-18 11:52:41 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 1303758 None CLOSED Compute nodes get IPv6 addresses and default route installed on the qbr interfaces via RAs from the tenant network 2018-09-21 10:24 EDT
OpenStack gerrit 277182 None None None 2016-02-10 05:25 EST
Red Hat Product Errata RHBA-2016:0264 normal SHIPPED_LIVE Red Hat Enterprise Linux OSP 7 director Bug Fix Advisory 2016-02-18 16:41:29 EST

  None (edit)
Description Dan Sneddon 2016-02-05 13:06:05 EST 
Description of problem:
When using IPv6 tenant networks, the compute node will detect the IPv6 router announcements (RAs) from Neutron, which poisons the IPv6 route tables.

Version-Release number of selected component (if applicable):
OSP 7.3 Beta

How reproducible:
100%

Steps to Reproduce:
1. Deploy overcloud
2. Create IPv6 tenant networks
3. Add a router to the network
4. Start an instance on the network

Actual results:
The qbr interface accepts the RA from the Neutron router, and the default route for IPv6 gets set to the Neutron router.

Expected results:
The compute nodes should ignore RAs on the OVS bridges

Additional info:
In order to turn this behavior on/off, you can edit /proc/sys/net/ipv6/conf/default/accept_ra to be "0" instead of "1".

You can also turn it on/off on a per-interface basis, e.g.:
echo "1" > /proc/sys/net/ipv6/conf/eth0/accept_ra

This needs to be tested, so we can determine if RAs will still be accepted on interfaces configured with IPv6, or if we need to set accept_ra to "1" for the individual interfaces.
Comment 2 Dan Sneddon 2016-02-07 12:03:15 EST 
There is a downstream review of the changes needed to fix this bug here:

https://code.engineering.redhat.com/gerrit/#/c/67206/

I tested it, and it appears to work.
Comment 3 Marios Andreou 2016-02-10 05:28:18 EST 
followup after irc chat just now about where this fix lands:

the fix for this bug is included in the fix for bug 1303758 (links to gerrit above the description) - from that bug I can see it is in "Fixed In Version: openstack-tripleo-heat-templates-0.8.6-117.el7ost"
Comment 7 Marius Cornea 2016-02-12 08:31:35 EST 
[root@overcloud-compute-0 ~]# cat /proc/sys/net/ipv6/conf/default/accept_ra
0
Comment 9 errata-xmlrpc 2016-02-18 11:52:41 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0264.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.