** Changed in: neutron
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1174657
Title:
metadata IP 169.254.169.254 routing breaks RFC3927 and does not work
on Windows starting from WS 2008
Status in neutron:
Fix Released
Bug description:
The Quantum L3 Linux Agent handles metadata IP access with the
following rule:
-A quantum-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp
--dport 80 -j REDIRECT --to-ports 9697
obtained with: sudo ip netns exec qrouter-<router-id> iptables-save
169.254.x.x link local addresses are described in RFC3927 whose section 2.6.2
clearly states:
"The host MUST NOT send a packet with an IPv4 Link-Local destination
address to any router for forwarding."
And on section 2.7:
"An IPv4 packet whose source and/or destination address is in the
169.254/16 prefix MUST NOT be sent to any router for forwarding, and
any network device receiving such a packet MUST NOT forward it,
regardless of the TTL in the IPv4 header."
Ref: http://tools.ietf.org/html/rfc3927#section-2.6.2
Linux does not enforce this rule, but Windows starting with 2008 and Vista
does, which means that the metadata IP 169.254.169.254 is not accessible from a
Windows guest (tested on Windows Server 2012 on Hyper-V).
The current workaround consists in adding explicitly a static route on the
Windows guest with:
route add 169.254.169.254 mask 255.255.255.255 <router-ip>
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1174657/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
