[OVN] VMs cannot access metadata when connected to a network with only IPv6 subnets

Bug #2069482 reported by Miguel Lavalle
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
In Progress
High
Miguel Lavalle

Bug Description

VMs cannot access the metadata service when connected to a network with only IPv6 subnets.

Neutron branch: master

Steps to reproduce:

1) Create a network with a single IPv6 subnet:

$ openstack network create ipv6-net-dhcpv6-slaac
$ openstack subnet create --subnet-range fdba:e036:9e22::/64 --ip-version 6 --gateway dba:e036:9e22::1 --ipv6-ra-mode slaac --ipv6-address-mode slaac --network ipv6-net-dhcpv6-slaac ipv6-subnet-dhcpv6-slaac

2) Create a VM using this network:

$ openstack server create --key-name my_key --flavor m1.small --image ubuntu-20.04-minimal-cloudimg-amd64 --network ipv6-net-dhcpv6-slaac --security-group sg1 my-vm-slaac

3) The following message is added to the metadata agent log file:

Jun 14 22:00:32 central neutron-ovn-metadata-agent[89379]: DEBUG neutron.agent.ovn.metadata.agent [-] No valid VIF ports were found for network 191a0539-edbc-4037-b973-dfa77e3208f6, tearing the namespace down if needed {{(pid=89379) _get_provision_params /opt/stack/neutron/neutron/agent/ovn/metadata/agent.py:720}}

which is produced here:

https://github.com/openstack/neutron/blob/79b2d709c80217830fed8ad73dcf6fbd3eea91b4/neutron/agent/ovn/metadata/agent.py#L719-L723

4) When an IPv4 subnet is added to the network and the VM is recreated, the metadata service is accessible to it over IPv6:

$ openstack subnet create --network ipv6-net-dhcpv6-slaac ipv4-subnet-dhcpv6-slaac --subnet-range 10.2.0.0/24
$ openstack server delete my-vm-slaac
$ openstack server create --key-name my_key --flavor m1.small --image ubuntu-20.04-minimal-cloudimg-amd64 --network ipv6-net-dhcpv6-slaac --security-group sg1 my-vm-slaac

From the VM:

ubuntu@my-vm-slaac:~$ curl http://[fe80::a9fe:a9fe%ens3]
1.0
2007-01-19
2007-03-01
2007-08-29
2007-10-10
2007-12-15
2008-02-01
2008-09-01
2009-04-04
latest

ubuntu@my-vm-slaac:~$ curl http://[fe80::a9fe:a9fe%ens3]/openstack
2012-08-10
2013-04-04
2013-10-17
2015-10-15
2016-06-30
2016-10-06
2017-02-22
2018-08-27
2020-10-14
latest

How reproducible: 100%

Tags: ipv6 ovn
Miguel Lavalle (minsel)
Changed in neutron:
importance: Undecided → High
assignee: nobody → Miguel Lavalle (minsel)
Changed in neutron:
status: New → Triaged
tags: added: ovn
tags: added: ipv6
Changed in neutron:
status: Triaged → In Progress
Revision history for this message
Alex Bazhaninovskiy (alexbazhan1) wrote :

Hello. We faced the same problem. We found that when creating a new interface for metadata in a function "_get_provision_params" only ipv4 port addresses are collected by "_get_port_ip4_ips". Why is only ipv4 used in this place? We offer a small patch that allows to collect ipv6 too.

Revision history for this message
Miguel Lavalle (minsel) wrote :
Revision history for this message
Alex Bazhaninovskiy (alexbazhan1) wrote :

Why should the "_get_provision_params" function return a list of only ipv4 addresses, and not all ipv4+ipv6? Could this cause any problems?

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron-tempest-plugin (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/925928

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.