network_vlan_ranges is a 'pool' of vlans from which to pick a vlans for tenant networks. Provider networks are not confined to this pool. In fact, I believe it is a more common use-case that provider vlans are outside the pool so that they do not conflict with tenant vlan allocation.
-- Henry On Thu, Jan 16, at 3:45 pm, Paul Ward <wpw...@us.ibm.com> wrote: > In testing some new function I've written, I've unsurfaced the problem that > the ML2 vlan type driver does not enforce the vlan range specified in the > network_vlan_ranges option in ml2_conf.ini file. It is properly enforcing > the physical network name, and even checking to be sure the segmentation_id > is valid in the sense that it's not outside the range of ALL valid vlan ids. > But it does not actually enforce that segmentation_id is within the vlan > range specified for the given physical network in network_vlan_ranges. > > The fix I propose is simple. Add the following check to > /neutron/plugins/ml2/drivers/type_vlan.py > (TypeVlanDriver.validate_provider_segment()): > > range_min, range_max = self.network_vlan_ranges[physical_network][0] > if segmentation_id not in range(range_min, range_max): > msg = (_("segmentation_id out of range (%(min)s through " > "%(max)s)") % > {'min': range_min, > 'max': range_max}) > raise exc.InvalidInput(error_message=msg) > > This would go near line 182 in > https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/type_vlan.py. > > One question I have is whether self.network_vlan_ranges[physical_network] > could actually be an empty list rather than a tuple representing the vlan > range. I believe that should always exist, but the documentation is not > clear on this. For reference, the corresponding line in ml2_conf.ini is this: > > [ml2_type_vlan] > network_vlan_ranges = default:1:4093 > > Thanks in advance to any that choose to provide some insight here! > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev