review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Dustin Lundquist <dustin@null-ptr.net>
	Mon, 6 Jul 2015 20:53:46 +0000 (13:53 -0700)
committer	Dustin Lundquist <dustin@null-ptr.net>
	Mon, 13 Jul 2015 03:21:03 +0000 (20:21 -0700)
commit	4cdc71e7d0e5220a5f12ee2dfea1ff3db045c041
tree	abf7ab03590524071170913d6331c0e29a56f038	tree \| snapshot
parent	211c0355778c1aef0dd4a44553f604b4fa3f72b3	commit \| diff

Ensure floating IPs only use IPv4 addresses

Description:
Presently Neutron doesn't validate the address family of floating IP
addresses or the internal addresses they are associated with. It merely
associates the first IP of the floating IP's port with the first IP of
the internal port, unless a specified fixed IP is specified. This can
lead to incorrect or poorly defined behavior when IPv6 is present.

The existing L3 agent implementation only manages IPv4 NAT rules. While
IPv6 NAT and NAT protocol translation are possible, the existing
implementation does not support these configurations.

Presently a floating IP can be created on an IPv6 only external network
or associated with an IPv6 fixed IP, but the L3 agent is unable to bind
these configurations.

Implementation:
When creating and updating a floating IP, only consider IPv4 addresses
on both the floating IPs port and the internal port he floating IP is
associated with. Additionally disallow creating floating IPs on networks
without any IPv4 subnets, since these floating IPs could not be
allocated an IPv4 address.

DocImpact
APIImpact

Co-Authored-By: Bradley Jones <jones.bradley@me.com>
Change-Id: I79b28a304b38ecdafc17eddc41213df1c24ec202
Related-Bug: #1437855
Closes-Bug: #1323766
Closes-Bug: #1469322

neutron/db/l3_db.py		diff \| blob \| history
neutron/tests/unit/extensions/test_l3.py		diff \| blob \| history