Change API to validate network MTU minimums

A network's MTU is now only valid if it is the minimum value
allowed based on the IP version of the associated subnets,
68 for IPv4 and 1280 for IPv6.

This minimum is now enforced in the following ways:

1) When a subnet is associated with a network, validate
   the MTU is large enough for the IP version. Not only
   would the subnet be unusable if it was allowed, but the
   Linux kernel can fail adding addresses and configuring
   network settings like the MTU.

2) When a network MTU is changed, validate the MTU is large
   enough for any currently associated subnets. Allowing a
   smaller MTU would render any existing subnets unusable.

Closes-bug: #1988069
Change-Id: Ia4017a8737f9a7c63945df546c8a7243b2673ceb

3 files changed, 25 insertions, 2 deletions

diff --git a/doc/source/admin/config-ipv6.rst b/doc/source/admin/config-ipv6.rst
index 65b5fb9a41..8f2395f6fb 100644
--- a/doc/source/admin/config-ipv6.rst
+++ b/doc/source/admin/config-ipv6.rst
@@ -195,8 +195,8 @@ Project network considerations
 Dataplane
 ---------
 
-Both the Linux bridge and the Open vSwitch dataplane modules support
-forwarding IPv6
+All dataplane modules, including OVN, Open vSwitch and Linux bridge,
+support forwarding IPv6
 packets amongst the guests and router ports. Similar to IPv4, there is no
 special configuration or setup required to enable the dataplane to properly
 forward packets from the source to the destination using IPv6. Note that these
@@ -204,6 +204,15 @@ dataplanes will forward Link-local Address (LLA) packets between hosts on the
 same network just fine without any participation or setup by OpenStack
 components after the ports are all connected and MAC addresses learned.
 
+.. warning::
+   The only exception to this is the setting of the MTU value on
+   the network an IPv6 subnet is created on. If the MTU is less than
+   1280 octets (the minimum link MTU value specified in
+   `RFC 8200 <https://www.rfc-editor.org/rfc/rfc8200>`__), then it
+   could lead to issues configuring both IPv6 and IPv4 addresses on
+   the network, leaving the subnets unusable. For that reason, the API
+   validates the MTU value when subnets are created to avoid this issue.
+
 Addresses for subnets
 ---------------------
 
diff --git a/doc/source/admin/config-mtu.rst b/doc/source/admin/config-mtu.rst
index 4207809e46..78892c7563 100644
--- a/doc/source/admin/config-mtu.rst
+++ b/doc/source/admin/config-mtu.rst
@@ -130,6 +130,13 @@ IPv6. IPv6 uses RA via the L3 agent because the DHCP agent only supports
 IPv4. Instances using IPv4 and IPv6 should obtain the same MTU value
 regardless of method.
 
+.. note::
+
+   If you are using an MTU value on your network below 1280, please
+   read the warning listed in the
+   `IPv6 configuration guide <./config-ipv6.html#project-network-considerations>`__
+   before creating any subnets.
+
 Networks with enabled vlan transparency
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/doc/source/admin/shared/deploy-selfservice-initialnetworks.txt b/doc/source/admin/shared/deploy-selfservice-initialnetworks.txt
index 022bfca392..0e3f85dcfa 100644
--- a/doc/source/admin/shared/deploy-selfservice-initialnetworks.txt
+++ b/doc/source/admin/shared/deploy-selfservice-initialnetworks.txt
@@ -38,6 +38,13 @@ NAT for IPv4 network traffic and directly routes IPv6 network traffic.
       | status                  | ACTIVE       |
       +-------------------------+--------------+
 
+   .. note::
+
+      If you are using an MTU value on your network below 1280, please
+      read the warning listed in the
+      `IPv6 configuration guide <../config-ipv6.html#project-network-considerations>`__
+      before creating any subnets.
+
 #. Create a IPv4 subnet on the self-service network.
 
    .. code-block:: console