[Yahoo-eng-team] [Bug 1443798] Re: Restrict netmask of CIDR to avoid DHCP resync

Thierry Carrez Tue, 21 Apr 2015 08:07:34 -0700

** Also affects: neutron/kilo
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1443798


Title:
  Restrict netmask of CIDR to avoid DHCP resync

Status in OpenStack Neutron (virtual network service):
  In Progress
Status in neutron kilo series:
  New
Status in OpenStack Security Advisories:
  Confirmed

Bug description:
  If any tenant creates a subnet with a netmask of 31 or 32 in IPv4,
  IP addresses of network will fail to be generated, and that
  will cause constant resyncs and neutron-dhcp-agent malfunction.

  [Example operation 1]
   - Create subnet from CLI, with CIDR /31 (CIDR /32 has the same result).

  $ neutron subnet-create net 192.168.0.0/31 --name sub
  Created a new subnet:
  +-------------------+--------------------------------------+
  | Field             | Value                                |
  +-------------------+--------------------------------------+
  | allocation_pools  |                                      |
  | cidr              | 192.168.0.0/31                       |
  | dns_nameservers   |                                      |
  | enable_dhcp       | True                                 |
  | gateway_ip        | 192.168.0.1                          |
  | host_routes       |                                      |
  | id                | 42a91f59-1c2d-4e33-9033-4691069c5e4b |
  | ip_version        | 4                                    |
  | ipv6_address_mode |                                      |
  | ipv6_ra_mode      |                                      |
  | name              | sub                                  |
  | network_id        | 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e |
  | subnetpool_id     |                                      |
  | tenant_id         | 4ffb89e718d346b48fdce2ac61537bce     |
  +-------------------+--------------------------------------+

  [Example operation 2]
   - Create subnet from API, with cidr /32 (CIDR /31 has the same result).

  $ curl -i -X POST -H "content-type:application/json" -d '{"subnet": { "name": 
"badsub", "cidr" : "192.168.0.0/32", "ip_version": 4, "network_id": "8
  8143cda-5fe7-45b6-9245-b1e8b75d28d8"}}' -H "x-auth-token:$TOKEN" 
http://192.168.122.130:9696/v2.0/subnets
  HTTP/1.1 201 Created
  Content-Type: application/json; charset=UTF-8
  Content-Length: 410
  X-Openstack-Request-Id: req-4e7e74c0-0190-4a69-a9eb-93d545e8aeef
  Date: Thu, 16 Apr 2015 19:21:20 GMT

  {"subnet": {"name": "badsub", "enable_dhcp": true, "network_id":
  "88143cda-5fe7-45b6-9245-b1e8b75d28d8", "tenant_id":
  "4ffb89e718d346b48fdce2ac61537bce", "dns_nameservers": [],
  "gateway_ip": "192.168.0.1", "ipv6_ra_mode": null, "allocation_pools":
  [], "host_routes": [], "ip_version": 4, "ipv6_address_mode": null,
  "cidr": "192.168.0.0/32", "id": "d210d5fd-8b3b-4c0e-b5ad-
  41798bd47d97", "subnetpool_id": null}}

  [Example operation 3]
   - Create subnet from API, with empty allocation_pools.

  $ curl -i -X POST -H "content-type:application/json" -d '{"subnet": { "name": 
"badsub", "cidr" : "192.168.0.0/24", "allocation_pools": [], "ip_version": 4, 
"network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8"}}' -H 
"x-auth-token:$TOKEN" http://192.168.122.130:9696/v2.0/subnets
  HTTP/1.1 201 Created
  Content-Type: application/json; charset=UTF-8
  Content-Length: 410
  X-Openstack-Request-Id: req-54ce81db-b586-4887-b60b-8776a2ebdb4e
  Date: Thu, 16 Apr 2015 19:18:21 GMT

  {"subnet": {"name": "badsub", "enable_dhcp": true, "network_id":
  "88143cda-5fe7-45b6-9245-b1e8b75d28d8", "tenant_id":
  "4ffb89e718d346b48fdce2ac61537bce", "dns_nameservers": [],
  "gateway_ip": "192.168.0.1", "ipv6_ra_mode": null, "allocation_pools":
  [], "host_routes": [], "ip_version": 4, "ipv6_address_mode": null,
  "cidr": "192.168.0.0/24", "id": "abc2dca4-bf8b-46f5-af1a-
  0a1049309854", "subnetpool_id": null}}

  [Trace log]
  2015-04-17 04:23:27.907 16641 DEBUG oslo_messaging._drivers.amqp [-] 
UNIQUE_ID is e0a6a81a005d4aa0b40130506afa0267. _add_unique_id 
/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqp.py:258
  2015-04-17 04:23:27.979 16641 ERROR neutron.agent.dhcp.agent [-] Unable to 
enable dhcp for 88143cda-5fe7-45b6-9245-b1e8b75d28d8.
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent Traceback (most 
recent call last):
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent   File 
"/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 112, in call_driver
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent     
getattr(driver, action)(**action_kwargs)
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent   File 
"/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 201, in enable
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent     
interface_name = self.device_manager.setup(self.network)
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent   File 
"/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 928, in setup
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent     port = 
self.setup_dhcp_port(network)
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent   File 
"/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 909, in setup_dhcp_port
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent     dhcp_port = 
self.plugin.create_dhcp_port({'port': port_dict})
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent   File 
"/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 433, in create_dhcp_port
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent     port=port, 
host=self.host)
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent   File 
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/client.py", line 
156, in call
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent     
retry=self.retry)
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent   File 
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/transport.py", line 90, 
in _send
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent     
timeout=timeout, retry=retry)
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent   File 
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", 
line 350, in send
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent     retry=retry)
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent   File 
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", 
line 341, in _send
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent     raise result
  2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent RemoteError: 
Remote error: IpAddressGenerationFailure No more IP addresses available on 
network 88143cda-5fe7-45b6-9245-b1e8b75d28d8.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1443798/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1443798] Re: Restrict netmask of CIDR to avoid DHCP resync

Reply via email to