Ask Your Question

After creating selfservice subnet, neutron linux bridge log shows ERROR "RTNETLINK answers: Permission denied"

asked 2016-05-09 14:16:58 -0500

luowei gravatar image

updated 2016-05-10 15:11:19 -0500

This is following Mitaka Installation Guide for Ubuntu 14.04 (LTS) with Networking Option 2: Self-service networks.

After creating virtual networks, "Verify operation" shows correct "ip netns" and "neutron router-port-list router", but pinging gateway IP address on the provider network fails.

Checking the logs, the neutron linux bridge log shows:

ERROR neutron.plugins.ml2.drivers.agent._common_agent RuntimeError: Exit code: 2; Stdin: ; Stdout: ; Stderr: RTNETLINK answers: Permission denied

This error appears at the point in time when giving the "neutron subnet-create" command.

edit retag flag offensive close merge delete


can you provide the lb agent log, neutron net-show, neutron subnet-show, the lb agent config files

darragh-oreilly gravatar imagedarragh-oreilly ( 2016-05-16 01:28:00 -0500 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2016-05-09 14:37:20 -0500

luowei gravatar image

updated 2016-05-13 08:05:23 -0500

This is somehow linked to ipv6. If I disable ipv6 in /etc/sysctl.conf (net.ipv6.conf.all.disable_ipv6=1) the ERROR does not occur.

But I need the provider networks to be dual-stacked.

Also, if I disable the external radvd (SLAAC) server on the management and provider subnets, the ERROR does not occur.

This was not a problem in Liberty.

edit flag offensive delete link more


See my similar question: (

Turn on debug, note that it may be linuxbridge agent failing to move the IPv6 address to the new bridge.

dcreno gravatar imagedcreno ( 2017-02-06 09:59:02 -0500 )edit

answered 2017-02-09 08:36:54 -0500

dcreno gravatar image

updated 2017-02-09 08:37:41 -0500

See my question which I believe is the same answer: (

tl;dr: The linux-bridge agent disables IPv6 by design. If you have IPv6 configured on your physical NIC, neutron/root will not have permission to move the address from the physical NIC to the linux-bridge. The solution is to remove the IPv6 configuration from the operating system network config files. Presumably, the linux-bridge will still forward IPv6 as L2 frames and you can still use IPv6 on your guests.

(please upvote if this helped you)

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-05-09 14:16:58 -0500

Seen: 4,337 times

Last updated: Feb 09 '17