Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1309483

Summary: net.ipv6.conf.all.forwarding=0 in router namespace for ipv6 deployments
Product: Red Hat OpenStack Reporter: Marius Cornea <mcornea>
Component: openstack-tripleo-heat-templatesAssignee: Dan Sneddon <dsneddon>
Status: CLOSED ERRATA QA Contact: Marius Cornea <mcornea>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.0 (Kilo)CC: adahms, dbecker, dsneddon, kbasil, lnatapov, mandreou, mburns, mcornea, morazi, nlevinki, rhel-osp-director-maint
Target Milestone: async   
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-0.8.6-122.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-09 20:01:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marius Cornea 2016-02-17 23:30:24 UTC 
Description of problem:
Deployment with SSL+IPv6 with 3 ctrls, 1 compute, 3 ceph nodes. After creating router and attaching ipv6 networks, the router doesn't route ipv6 traffic.

[root@overcloud-controller-1 ~]# ip netns exec qrouter-ed05c20f-49f9-47d5-b433-0c62a845c06d sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 0


Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-0.8.6-121.el7ost.noarch

How reproducible:


Steps to Reproduce:
1. export THT=/home/stack/templates/my-overcloud 
openstack overcloud deploy --templates $THT \
-e $THT/environments/network-isolation-v6-storagev4.yaml \
-e $THT/environments/net-single-nic-with-vlans-v6.yaml \
-e /home/stack/templates/network-environment-v6.yaml \
-e ~/templates/enable-tls.yaml \
-e ~/templates/inject-trust-anchor.yaml \
-e ~/templates/ceph.yaml \
-e ~/templates/firstboot-environment.yaml \
--control-scale 3 \
--compute-scale 2 \
--ceph-storage-scale 3 \
--neutron-disable-tunneling \
--neutron-network-type vlan \
--neutron-network-vlan-ranges datacentre:1000:1100 \
--libvirt-type qemu \
--ntp-server clock.redhat.com \
--timeout 180

2. neutron router-create router01
neutron net-create external --shared  --provider:physical_network datacentre --provider:network_type vlan --provider:segmentation_id 2000 --router:external
neutron subnet-create external 2001:db2::/64 --name external-subnet-ipv6 --gateway 2001:db2::1 --ipv6-address-mode slaac --ip-version 6

neutron net-create tenant --provider:physical_network datacentre --provider:network_type vlan --provider:segmentation_id 2001
neutron subnet-create tenant 192.168.100.0/24 --name tenant-subnet-ipv4 --gateway 192.168.100.1
neutron subnet-create tenant 2001:db3::/64 --name tenant-subnet-ipv6 --gateway 2001:db3::1 --ipv6-ra-mode slaac --ipv6-address-mode slaac --ip-version 6

neutron router-gateway-set router01 external
neutron router-interface-add router01 tenant-subnet-ipv4
neutron router-interface-add router01 tenant-subnet-ipv6

#On the undercloud which acts as the external network gateway add a route to the tenant network:
sudo ip route add 2001:db3::/64 via $router_external_ip

Boot an instance on the tenant net.

Ping the external network gateway from the instance

Actual results:
There is no connectivity from the instance on the tenant net to the external network gateway.

[root@overcloud-controller-1 ~]# ip netns exec qrouter-ed05c20f-49f9-47d5-b433-0c62a845c06d sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 0

After setting net.ipv6.conf.all.forwarding=1 connectivity works.

[root@overcloud-controller-1 ~]# ip netns exec qrouter-ed05c20f-49f9-47d5-b433-0c62a845c06d sysctl net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1


Additional info:
This issue could be have the same root cause as BZ#1309319.
Comment 1 Marius Cornea 2016-02-18 00:10:15 UTC 
This seems to be fixed by the patch in https://bugzilla.redhat.com/show_bug.cgi?id=1309319#c13
Comment 4 Marios Andreou 2016-02-18 16:47:55 UTC 
(looking on request)... @mcornea so to confirm it looks like the root cause for this was like in BZ 1309319 correct? I'll link the reviews here please remove them if that is wrong,

thanks
Comment 5 Marios Andreou 2016-02-18 16:56:27 UTC 
(In reply to marios from comment #4)
> (looking on request)... @mcornea so to confirm it looks like the root cause
> for this was like in BZ 1309319 correct? I'll link the reviews here please
> remove them if that is wrong,
> 
> thanks

sorry for the needinfo spam mcornea, I am going to assume it did, based on https://bugzilla.redhat.com/show_bug.cgi?id=1309319#c14
Comment 10 Andrew Dahms 2016-02-21 23:32:43 UTC 
The doc text in this bug is linked to the issue in BZ#1309319, where the resolution and update has already been described.

Changing 'requires_doc_text' to '-'.
Comment 11 Leonid Natapov 2016-02-22 19:00:24 UTC 
*** Bug 1310602 has been marked as a duplicate of this bug. ***
Comment 13 errata-xmlrpc 2016-03-09 20:01:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0424.html