1378888 – IPv6 Neutron network cannot use the last IP in subnet

Bug 1378888 - IPv6 Neutron network cannot use the last IP in subnet

Summary: IPv6 Neutron network cannot use the last IP in subnet

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	7.0 (Kilo)
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	async
Target Release:	7.0 (Kilo)
Assignee:	Hynek Mlnarik
QA Contact:	Eran Kuris
Docs Contact:
URL:
Whiteboard:
Depends On:	1377701
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-23 13:03 UTC by Benjamin Schmaus
Modified:	2020-05-14 15:19 UTC (History)
CC List:	9 users (show)
Fixed In Version:	openstack-neutron-2015.1.4-5.el7ost
Doc Type:	Bug Fix
Doc Text:	In IPv4, the broadcast address (the last address of the CIDR) cannot be used as an IP address and is rejected as invalid when setting a gateway. In IPv6 there is no broadcast address, yet the same logic was applied to gateway address validation. Consequently, the gateway address could not be set to the last address in IPv6 range. With this update, the broadcast address check is valid only for IPv4, and not for IPv6. As a result, the last address in an IPv6 range can be set as a gateway address.
Clone Of:	1377701
Environment:
Last Closed:	2017-01-19 13:26:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	195014	0	None	None	None	2016-09-23 13:39:29 UTC
Red Hat Product Errata	RHBA-2017:0159	0	normal	SHIPPED_LIVE	openstack-neutron bug fix advisory	2017-01-19 18:19:02 UTC

Comment 5 Eran Kuris 2016-11-30 12:11:37 UTC

looks like the bug still exist.
[root@controller-0 ~]# neutron port-list
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                                        |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------------------+
| 49b5b236-47bc-45bf-b443-4d5487632aa3 |      | fa:16:3e:b6:c7:01 | {"subnet_id": "fdb6b5eb-3585-486d-8c03-60170a001147", "ip_address": "10.0.5.1"}                  |
| 52146efd-3708-4059-b322-d58c12518266 |      | fa:16:3e:d9:76:25 | {"subnet_id": "fdb6b5eb-3585-486d-8c03-60170a001147", "ip_address": "10.0.5.2"}                  |
|                                      |      |                   | {"subnet_id": "31735056-683d-46d2-b951-06b690948e6a", "ip_address": "2005::f816:3eff:fed9:7625"} |
| 9d4fc4ed-28bd-4737-8d0f-cd3127fa8dea |      | fa:16:3e:d8:50:5d | {"subnet_id": "da56188c-c7d1-477a-a100-94623dc0d1d0", "ip_address": "10.0.0.210"}                |
| e3305757-680c-45e1-b6b3-c42cfcf9861c |      | fa:16:3e:91:b7:d8 | {"subnet_id": "31735056-683d-46d2-b951-06b690948e6a", "ip_address": "2005::1"}                   |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------------------+
[root@controller-0 ~]# neutron subnet-show 31735056-683d-46d2-b951-06b690948e6a
+-------------------+----------------------------------------------------------+
| Field             | Value                                                    |
+-------------------+----------------------------------------------------------+
| allocation_pools  | {"start": "2005::2", "end": "2005::ffff:ffff:ffff:ffff"} |
| cidr              | 2005::/64                                                |
| dns_nameservers   |                                                          |
| enable_dhcp       | True                                                     |
| gateway_ip        | 2005::1                                                  |
| host_routes       |                                                          |
| id                | 31735056-683d-46d2-b951-06b690948e6a                     |
| ip_version        | 6                                                        |
| ipv6_address_mode | slaac                                                    |
| ipv6_ra_mode      | slaac                                                    |
| name              | subnet_6                                                 |
| network_id        | ceec23f5-826d-44fe-8d11-e328ced6315f                     |
| subnetpool_id     |                                                          |
| tenant_id         | 044ac10dbee0415793c7b43ac51faba3                         |
+-------------------+----------------------------------------------------------+
[root@controller-0 ~]# neutron subnet-update 31735056-683d-46d2-b951-06b690948e6a --gateway_ip 2005::ffff:ffff:ffff:ffff
Current gateway ip 2005::1 already in use by port e3305757-680c-45e1-b6b3-c42cfcf9861c. Unable to update.
[root@controller-0 ~]# neutron subnet-update 31735056-683d-46d2-b951-06b690948e6a --gateway_ip 2005::2
Current gateway ip 2005::1 already in use by port e3305757-680c-45e1-b6b3-c42cfcf9861c. Unable to update.
[root@controller-0 ~]# rpm -qa |grep openstack-neutron-2015
openstack-neutron-2015.1.4-11.el7ost.noarch

Comment 6 Assaf Muller 2016-11-30 19:36:33 UTC

Eran the bug as I understand it is that previously you could not use the last IP in the subnet for the gateway IP. In your example you already had a gateway IP and tried to update the subnet, but Neutron complained that you could not do that. Can you try creating a new subnet and specifying the gateway IP in the creation request to be the last IP in the subnet? If that is successful, then the bug has been resolved.

Comment 7 Eran Kuris 2016-12-01 07:41:46 UTC

Assaf  I can try that  but according to bug description its not same scenario that you mentioned . 
as you can see the ip gateway exist in show command and than he tried to update the ip gateway. so I think the bug still exist.

Comment 10 Eran Kuris 2016-12-01 09:38:23 UTC

According to Assaf and what I saw in the ENV  the bug is fixed : 

[root@controller-1 heat-admin]# rpm -qa |grep neutron 
openstack-neutron-openvswitch-2015.1.4-11.el7ost.noarch
[stack@undercloud-0 ~]$ neutron subnet-create net-64-2 2005::/64 --name subnet_6 --enable_dhcp true --ipv6-address-mode slaac  --ipv6-ra-mode slaac --ip_version 6 --gateway_ip 2005::ffff:ffff:ffff:ffff
Created a new subnet:
+-------------------+----------------------------------------------------------+
| Field             | Value                                                    |
+-------------------+----------------------------------------------------------+
| allocation_pools  | {"start": "2005::1", "end": "2005::ffff:ffff:ffff:fffe"} |
| cidr              | 2005::/64                                                |
| dns_nameservers   |                                                          |
| enable_dhcp       | True                                                     |
| gateway_ip        | 2005::ffff:ffff:ffff:ffff                                |
| host_routes       |                                                          |
| id                | e43fcb37-400e-4c2e-94d9-3798f53ff3fd                     |
| ip_version        | 6                                                        |
| ipv6_address_mode | slaac                                                    |
| ipv6_ra_mode      | slaac                                                    |
| name              | subnet_6                                                 |
| network_id        | b8aadae6-5603-4749-9f87-0f918dc5a93c                     |
| subnetpool_id     |                                                          |
| tenant_id         | 2bb277af47304c72a1d58cb4a7bdc736                         |
+-------------------+----------------------------------------------------------+

Comment 12 errata-xmlrpc 2017-01-19 13:26:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0159.html

Note You need to log in before you can comment on or make changes to this bug.