[Yahoo-eng-team] [Bug 1663077] [NEW] [ipv6] when slaas is setup as ipv6_address_mode ipv6-icmp packets are rejected by iptables

Wed, 08 Feb 2017 16:51:07 -0800 

Public bug reported:

Mitaka and Newton

Setting up subnet with ipv6 addressing for provider network (baremetal external 
router providing RA).
Expecting the advertising packets to be able to reach out to instance so that 
the instance can pick the subnet from the external router.

What happens:
Iptables on the compute node is only set up to allow certain types of ipv6-icmp:

-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j 
RETURN
-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j 
RETURN
-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j 
RETURN
-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j 
RETURN
-A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j 
RETURN

while RA type is 134.
The list of available types most likely has to be extended in the Neutron 
constants or some deeper logic has to be implemented.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1663077

Title:
  [ipv6] when slaas is setup as ipv6_address_mode ipv6-icmp packets are
  rejected by iptables

Status in neutron:
  New

Bug description:
  Mitaka and Newton

  Setting up subnet with ipv6 addressing for provider network (baremetal 
external router providing RA).
  Expecting the advertising packets to be able to reach out to instance so that 
the instance can pick the subnet from the external router.

  What happens:
  Iptables on the compute node is only set up to allow certain types of 
ipv6-icmp:

  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j 
RETURN
  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j 
RETURN
  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j 
RETURN
  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j 
RETURN
  -A neutron-linuxbri-i4d4602ea-3 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j 
RETURN

  while RA type is 134.
  The list of available types most likely has to be extended in the Neutron 
constants or some deeper logic has to be implemented.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1663077/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to