Description:
Presently Neutron doesn't validate the address family of floating IP
addresses or the internal addresses they are associated with. It merely
associates the first IP of the floating IP's port with the first IP of
the internal port, unless a specified fixed IP is specified. This can
lead to incorrect or poorly defined behavior when IPv6 is present.
The existing L3 agent implementation only manages IPv4 NAT rules. While
IPv6 NAT and NAT protocol translation are possible, the existing
implementation does not support these configurations.
Presently a floating IP can be created on an IPv6 only external network
or associated with an IPv6 fixed IP, but the L3 agent is unable to bind
these configurations.
Implementation:
When creating and updating a floating IP, only consider IPv4 addresses
on both the floating IPs port and the internal port he floating IP is
associated with. Additionally disallow creating floating IPs on networks
without any IPv4 subnets, since these floating IPs could not be
allocated an IPv4 address.
Reviewed: https:/ /review. openstack. org/198908 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=4cdc71e7d0e 5220a5f12ee2dfe a1ff3db045c041
Committed: https:/
Submitter: Jenkins
Branch: master
commit 4cdc71e7d0e5220 a5f12ee2dfea1ff 3db045c041
Author: Dustin Lundquist <email address hidden>
Date: Mon Jul 6 13:53:46 2015 -0700
Ensure floating IPs only use IPv4 addresses
Description:
Presently Neutron doesn't validate the address family of floating IP
addresses or the internal addresses they are associated with. It merely
associates the first IP of the floating IP's port with the first IP of
the internal port, unless a specified fixed IP is specified. This can
lead to incorrect or poorly defined behavior when IPv6 is present.
The existing L3 agent implementation only manages IPv4 NAT rules. While
IPv6 NAT and NAT protocol translation are possible, the existing
implementation does not support these configurations.
Presently a floating IP can be created on an IPv6 only external network
or associated with an IPv6 fixed IP, but the L3 agent is unable to bind
these configurations.
Implementation:
When creating and updating a floating IP, only consider IPv4 addresses
on both the floating IPs port and the internal port he floating IP is
associated with. Additionally disallow creating floating IPs on networks
without any IPv4 subnets, since these floating IPs could not be
allocated an IPv4 address.
DocImpact
APIImpact
Co-Authored-By: Bradley Jones <email address hidden> dafc17eddc41213 df1c24ec202
Change-Id: I79b28a304b38ec
Related-Bug: #1437855
Closes-Bug: #1323766
Closes-Bug: #1469322