remove duplicate ip addresses with smaller prefix #2636
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fmoehler
requested review from
a team,
Alphasite and
lnguyen
and removed request for
a team
cf-foundation-community-automation
bot
moved this to Inbox
in Foundational Infrastructure Working Group
github-project-automation
bot
moved this from Inbox
to Pending Merge | Prioritized
in Foundational Infrastructure Working Group
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a bug in dynamic IP allocation where existing IP addresses could incorrectly match restricted IP CIDR ranges, causing "IP belongs to reserved range" errors. The fix removes duplicate IP addresses with smaller prefixes from the list of addresses that cannot be allocated, ensuring only the largest CIDR ranges are considered.
Key Changes:
- Added deduplication logic to remove IP addresses with smaller prefixes when they're contained within larger CIDR ranges
- Added test coverage for the scenario where existing IPs overlap with restricted IPs
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/bosh-director/lib/bosh/director/deployment_plan/ip_provider/ip_repo.rb |
Implements deduplication logic to filter out IP addresses with smaller prefixes when contained in larger CIDR ranges |
src/bosh-director/spec/unit/bosh/director/deployment_plan/ip_provider/ip_repo_spec.rb |
Adds test case verifying that duplicate IPs with smaller prefixes are properly handled during allocation |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
src/bosh-director/spec/unit/bosh/director/deployment_plan/ip_provider/ip_repo_spec.rb
Outdated
Show resolved
Hide resolved
src/bosh-director/lib/bosh/director/deployment_plan/ip_provider/ip_repo.rb
Show resolved
Hide resolved
src/bosh-director/lib/bosh/director/deployment_plan/ip_provider/ip_repo.rb
Outdated
Show resolved
Hide resolved
Co-authored-by: Copilot <[email protected]>
aramprice
previously approved these changes
Oct 23, 2025
aramprice
approved these changes
Oct 23, 2025
github-project-automation
bot
moved this from Pending Merge | Prioritized
to Done
in Foundational Infrastructure Working Group
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is this change about?
We have to clear duplicate ip address with a smaller prefix in the addresses we cant allocate during dynamic ip allocation.
Please provide contextual information.
In the context of introducing prefix delegation for the bosh director we refactored the way restricted_ips are handled in the code. Instead of having single ips as an array we switched to having the biggest cidr ranges possible. This would solve a bug where the bosh director would become unresponsive (out of memory) if the number of ip addresses exceeded a certain limit, especially relevant for ipv6 use cases where ranges get very big very easily.
E.g. a /80 network contains 281,474,976,710,656 (approximately 281.5 trillion) addresses. Previously this would result in an array with the same amount of elements. With the change it could be as low as only 1.
However this leads to issues when existing addresses randomly match one of the restricted ips cidr range, because in the code we delete all ip addresses below the current ip we are trying to allocate not paying attention to the cidr range.
This can result in the error:
Failed to reserve IP '10.0.72.2/32' for network 'diego-cells': IP belongs to reserved range
What tests have you run against this PR?
Unit tests
How should this change be described in bosh release notes?
Fix for "Failed to reserve IP 'xxx' for network 'xxx': IP belongs to reserved range"
Does this PR introduce a breaking change?
no
Tag your pair, your PM, and/or team!
@dudejas