@@ -63,7 +63,7 @@ exists it will be used instead to preserve backward-compatibility.

 ::

     [[local|localrc]]

-    FIXED_RANGE=10.254.1.0/24

+    IPV4_ADDRS_SAFE_TO_USE=10.254.1.0/24

     ADMIN_PASSWORD=speciale

     LOGFILE=$DEST/logs/stack.sh.log

@@ -161,8 +161,8 @@ values that most often need to be set.

 -  no logging

 -  pre-set the passwords to prevent interactive prompts

--  move network ranges away from the local network (``FIXED_RANGE`` and

-   ``FLOATING_RANGE``, commented out below)

+-  move network ranges away from the local network (``IPV4_ADDRS_SAFE_TO_USE``

+   and ``FLOATING_RANGE``, commented out below)

 -  set the host IP if detection is unreliable (``HOST_IP``, commented

    out below)

@@ -173,7 +173,7 @@ values that most often need to be set.

     DATABASE_PASSWORD=$ADMIN_PASSWORD

     RABBIT_PASSWORD=$ADMIN_PASSWORD

     SERVICE_PASSWORD=$ADMIN_PASSWORD

-    #FIXED_RANGE=172.31.1.0/24

+    #IPV4_ADDRS_SAFE_TO_USE=172.31.1.0/24

     #FLOATING_RANGE=192.168.20.0/25

     #HOST_IP=10.3.4.5

@@ -537,12 +537,12 @@ behavior:

         IPV6_RA_MODE=slaac

         IPV6_ADDRESS_MODE=slaac

-        FIXED_RANGE_V6=fd$IPV6_GLOBAL_ID::/64

+        IPV6_ADDRS_SAFE_TO_USE=fd$IPV6_GLOBAL_ID::/56

         IPV6_PRIVATE_NETWORK_GATEWAY=fd$IPV6_GLOBAL_ID::1

-*Note*: ``FIXED_RANGE_V6`` and ``IPV6_PRIVATE_NETWORK_GATEWAY`` can be

-configured with any valid IPv6 prefix. The default values make use of

-an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC4193.

+*Note*: ``IPV6_ADDRS_SAFE_TO_USE`` and ``IPV6_PRIVATE_NETWORK_GATEWAY``

+can be configured with any valid IPv6 prefix. The default values make

+use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC4193.

 Service Version

 ~~~~~~~~~~~~~~~

@@ -79,7 +79,7 @@ serving as a hypervisor for guest instances.

         ## Neutron options

         Q_USE_SECGROUP=True

         FLOATING_RANGE="172.18.161.0/24"

-        FIXED_RANGE="10.0.0.0/24"

+        IPV4_ADDRS_SAFE_TO_USE="10.0.0.0/22"

         Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254

         PUBLIC_NETWORK_GATEWAY="172.18.161.1"

         PUBLIC_INTERFACE=eth0

@@ -387,17 +387,17 @@ controller node.

         ## Neutron Networking options used to create Neutron Subnets

-        FIXED_RANGE="203.0.113.0/24"

+        IPV4_ADDRS_SAFE_TO_USE="203.0.113.0/24"

         NETWORK_GATEWAY=203.0.113.1

         PROVIDER_SUBNET_NAME="provider_net"

         PROVIDER_NETWORK_TYPE="vlan"

         SEGMENTATION_ID=2010

         USE_SUBNETPOOL=False

-In this configuration we are defining FIXED_RANGE to be a

+In this configuration we are defining IPV4_ADDRS_SAFE_TO_USE to be a

 publicly routed IPv4 subnet. In this specific instance we are using

 the special TEST-NET-3 subnet defined in `RFC 5737 <http://tools.ietf.org/html/rfc5737>`_,

-which is used for documentation.  In your DevStack setup, FIXED_RANGE

+which is used for documentation.  In your DevStack setup, IPV4_ADDRS_SAFE_TO_USE

 would be a public IP address range that you or your organization has

 allocated to you, so that you could access your instances from the

 public internet.

@@ -524,7 +524,7 @@ setup, with small modifications for the interface mappings.

     ## Neutron options

     Q_USE_SECGROUP=True

     FLOATING_RANGE="172.18.161.0/24"

-    FIXED_RANGE="10.0.0.0/24"

+    IPV4_ADDRS_SAFE_TO_USE="10.0.0.0/24"

     Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254

     PUBLIC_NETWORK_GATEWAY="172.18.161.1"

     PUBLIC_INTERFACE=eth0

@@ -573,7 +573,7 @@ you do not require them.

     Q_AGENT=macvtap

     PHYSICAL_NETWORK=default

-    FIXED_RANGE="203.0.113.0/24"

+    IPV4_ADDRS_SAFE_TO_USE="203.0.113.0/24"

     NETWORK_GATEWAY=203.0.113.1

     PROVIDER_SUBNET_NAME="provider_net"

     PROVIDER_NETWORK_TYPE="vlan"

@@ -15,7 +15,8 @@ If you don't specify any configuration you will get the following:

 * neutron (including l3 with openvswitch)

 * private project networks for each openstack project

 * a floating ip range of 172.24.4.0/24 with the gateway of 172.24.4.1

-* the demo project configured with fixed ips on 10.0.0.0/24

+* the demo project configured with fixed ips on a subnet allocated from

+  the 10.0.0.0/22 range

 * a ``br-ex`` interface controlled by neutron for all it's networking

   (this is not connected to any physical interfaces).

 * DNS resolution for guests based on the resolv.conf for you host

@@ -95,3 +96,21 @@ the range of floating ips that will be handed out. As we are sharing

 your existing network, you'll want to give it a slice that your local

 dhcp server is not allocating. Otherwise you could easily have

 conflicting ip addresses, and cause havoc with your local network.

+

+

+Private Network Addressing

+==========================

+

+The private networks addresses are controlled by the ``IPV4_ADDRS_SAFE_TO_USE``

+and the ``IPV6_ADDRS_SAFE_TO_USE`` variables. This allows users to specify one

+single variable of safe internal IPs to use that will be referenced whether or

+not subnetpools are in use.

+

+For IPv4, ``FIXED_RANGE`` and ``SUBNETPOOL_PREFIX_V4`` will just default to

+the value of ``IPV4_ADDRS_SAFE_TO_USE`` directly.

+

+For IPv6, ``FIXED_RANGE`` will default to the first /64 of the value of

+``IPV6_ADDRS_SAFE_TO_USE``. If ``IPV6_ADDRS_SAFE_TO_USE`` is /64 or smaller,

+``FIXED_RANGE`` will just use the value of that directly.

+``SUBNETPOOL_PREFIX_V6`` will just default to the value of

+``IPV6_ADDRS_SAFE_TO_USE`` directly.

@@ -70,7 +70,10 @@ IPV6_RA_MODE=${IPV6_RA_MODE:-slaac}

 IPV6_ADDRESS_MODE=${IPV6_ADDRESS_MODE:-slaac}

 IPV6_PUBLIC_SUBNET_NAME=${IPV6_PUBLIC_SUBNET_NAME:-ipv6-public-subnet}

 IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet}

-FIXED_RANGE_V6=${FIXED_RANGE_V6:-fd$IPV6_GLOBAL_ID::/64}

+IPV6_ADDRS_SAFE_TO_USE=${IPV6_ADDRS_SAFE_TO_USE:-fd$IPV6_GLOBAL_ID::/56}

+# if we got larger than a /64 safe to use, we only use the first /64 to

+# avoid side effects outlined in rfc7421

+FIXED_RANGE_V6=${FIXED_RANGE_V6:-$(echo $IPV6_ADDRS_SAFE_TO_USE | awk -F '/' '{ print ($2>63 ? $2 : 64) }')}

 IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-}

 IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-2001:db8::/64}

 IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-2001:db8::2}

@@ -86,10 +89,10 @@ PUBLIC_SUBNET_NAME=${PUBLIC_SUBNET_NAME:-"public-subnet"}

 USE_SUBNETPOOL=${USE_SUBNETPOOL:-True}

 SUBNETPOOL_NAME=${SUBNETPOOL_NAME:-"shared-default-subnetpool"}

-SUBNETPOOL_PREFIX_V4=${SUBNETPOOL_PREFIX_V4:-10.0.0.0/16}

-SUBNETPOOL_PREFIX_V6=${SUBNETPOOL_PREFIX_V6:-2001:db8:8000::/48}

+SUBNETPOOL_PREFIX_V4=${SUBNETPOOL_PREFIX_V4:-$IPV4_ADDRS_SAFE_TO_USE}

+SUBNETPOOL_PREFIX_V6=${SUBNETPOOL_PREFIX_V6:-$IPV6_ADDRS_SAFE_TO_USE}

-SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-24}

+SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-26}

 SUBNETPOOL_SIZE_V6=${SUBNETPOOL_SIZE_V6:-64}

 default_v4_route_devs=$(ip -4 route | grep ^default | awk '{print $5}')

@@ -765,7 +765,8 @@ ENABLE_DEBUG_LOG_LEVEL=$(trueorfalse True ENABLE_DEBUG_LOG_LEVEL)

 # Note that setting ``FIXED_RANGE`` may be necessary when running DevStack

 # in an OpenStack cloud that uses either of these address ranges internally.

 FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.0/24}

-FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24}

+IPV4_ADDRS_SAFE_TO_USE=${IPV4_ADDRS_SAFE_TO_USE:-10.0.0.0/22}

+FIXED_RANGE=${FIXED_RANGE:-$IPV4_ADDRS_SAFE_TO_USE}

 FIXED_NETWORK_SIZE=${FIXED_NETWORK_SIZE:-256}

 HOST_IP_IFACE=${HOST_IP_IFACE:-}

 HOST_IP=${HOST_IP:-}