Potential race condition when allocating "next available" resources #2849

New Issue

Closed

opened 2025-12-29 18:22:45 +01:00 by adam · 5 comments

adam commented 2025-12-29 18:22:45 +01:00

Owner

Copy Link

Originally created by @juan-vg on GitHub (Sep 3, 2019).

Environment

• Python version: 3.5.3
• NetBox version: 2.6.2

Steps to Reproduce

1. Get a prefix ID (is_pool must be true for the prefix)
2. Run two simultaneous POST requests to the /ipam/prefixes/{id}/available-ips/ endpoint

Expected Behavior

It was also mentioned on the https://github.com/netbox-community/netbox/issues/1246#issuecomment-306878192. There is a critical section when setting an IP address as Active (in use). It must be an atomic operation that respects the mutual exclusion by setting a lock for the (pool) prefix.

Observed Behavior

Both POST requests got the same IP address as answer.

$  curl -X POST "http://netbox/api/ipam/prefixes/123/available-ips/" -H  "accept: application/json" -H  "Content-Type: application/json" -H  "X-CSRFToken: CSRFToken" -d "{}" -H "Authorization: Token AuthToken"
{"id":19746,"family":{"value":4,"label":"IPv4"},"address":"172.16.16.4/24","vrf":null,"tenant":null,"status":{"value":1,"label":"Active"},"role":null,"interface":null,"nat_inside":null,"nat_outside":null,"dns_name":"","description":"","tags":[],"created":"2019-09-03","last_updated":"2019-09-03T14:01:54.216398Z"}


$  curl -X POST "http://netbox/api/ipam/prefixes/123/available-ips/" -H  "accept: application/json" -H  "Content-Type: application/json" -H  "X-CSRFToken: CSRFToken" -d "{}" -H "Authorization: Token AuthToken"
{"id":19745,"family":{"value":4,"label":"IPv4"},"address":"172.16.16.4/24","vrf":null,"tenant":null,"status":{"value":1,"label":"Active"},"role":null,"interface":null,"nat_inside":null,"nat_outside":null,"dns_name":"","description":"","tags":[],"created":"2019-09-03","last_updated":"2019-09-03T14:01:54.212623Z"}

Originally created by @juan-vg on GitHub (Sep 3, 2019). ### Environment * Python version: 3.5.3 * NetBox version: 2.6.2 ### Steps to Reproduce 1. Get a prefix ID (`is_pool` must be true for the prefix) 2. Run **two simultaneous** POST requests to the `/ipam/prefixes/{id}/available-ips/` endpoint ### Expected Behavior It was also mentioned on the https://github.com/netbox-community/netbox/issues/1246#issuecomment-306878192. There is a critical section when setting an IP address as `Active` (in use). It must be an atomic operation that respects the mutual exclusion by setting a lock for the (pool) prefix. ### Observed Behavior Both POST requests got the same IP address as answer. ```bash $ curl -X POST "http://netbox/api/ipam/prefixes/123/available-ips/" -H "accept: application/json" -H "Content-Type: application/json" -H "X-CSRFToken: CSRFToken" -d "{}" -H "Authorization: Token AuthToken" {"id":19746,"family":{"value":4,"label":"IPv4"},"address":"172.16.16.4/24","vrf":null,"tenant":null,"status":{"value":1,"label":"Active"},"role":null,"interface":null,"nat_inside":null,"nat_outside":null,"dns_name":"","description":"","tags":[],"created":"2019-09-03","last_updated":"2019-09-03T14:01:54.216398Z"} $ curl -X POST "http://netbox/api/ipam/prefixes/123/available-ips/" -H "accept: application/json" -H "Content-Type: application/json" -H "X-CSRFToken: CSRFToken" -d "{}" -H "Authorization: Token AuthToken" {"id":19745,"family":{"value":4,"label":"IPv4"},"address":"172.16.16.4/24","vrf":null,"tenant":null,"status":{"value":1,"label":"Active"},"role":null,"interface":null,"nat_inside":null,"nat_outside":null,"dns_name":"","description":"","tags":[],"created":"2019-09-03","last_updated":"2019-09-03T14:01:54.212623Z"} ``` 

adam added the status: duplicate label 2025-12-29 18:22:45 +01:00

adam closed this issue 2025-12-29 18:22:45 +01:00

adam commented 2025-12-29 18:22:46 +01:00

Author

Owner

Copy Link

@juan-vg commented on GitHub (Sep 3, 2019):

Redis could be used to manage the locks

@juan-vg commented on GitHub (Sep 3, 2019): Redis could be used to manage the locks

adam commented 2025-12-29 18:22:46 +01:00

Author

Owner

Copy Link

@DanSheps commented on GitHub (Sep 6, 2019):

Do you have a production use-case where this has happened?

@DanSheps commented on GitHub (Sep 6, 2019): Do you have a production use-case where this has happened?

adam commented 2025-12-29 18:22:47 +01:00

Author

Owner

Copy Link

@juan-vg commented on GitHub (Sep 9, 2019):

TBH no. Before doing the curl tests I've checked the source code of this function and I realized that no mutual exclusion checks were happening. I'm not going to use it in production if I know it could fail.

Moreover, where I want to use this is a distributed system that allocates IP addresses (similar to a DHCP) using netbox as the source of free IPs. I'm currently doing this using phpIPAM, and now I want to migrate the IP management to netbox (aggregating several sources of truth). This system could be running from several sources at the same time and eventually can happen that it could wrongly get the same IP for two (or even more) clients.

I hope that this explanation is enough, but don't hesitate to come back to me if you have any other question :)

@juan-vg commented on GitHub (Sep 9, 2019): TBH no. Before doing the curl tests I've checked the source code of this function and I realized that no mutual exclusion checks were happening. I'm not going to use it in production if I know it could fail. Moreover, where I want to use this is a distributed system that allocates IP addresses (similar to a DHCP) using netbox as the source of free IPs. I'm currently doing this using phpIPAM, and now I want to migrate the IP management to netbox (aggregating several sources of truth). This system could be running from several sources at the same time and eventually can happen that it could wrongly get the same IP for two (or even more) clients. I hope that this explanation is enough, but don't hesitate to come back to me if you have any other question :)

adam commented 2025-12-29 18:22:47 +01:00

Author

Owner

Copy Link

@juan-vg commented on GitHub (Sep 19, 2019):

Hello!

I have one now! Terraform deploying a VM with two network interfaces on the same subnet queries Netbox in order to get the proper available IP addresses. I get an error because the two addresses are the same.

Obviously I can run it again and it will eventually work, but considering the purpose of this endpoint (get the next available IP) I believe it should work without having to repeat the operation.

Regards!

@juan-vg commented on GitHub (Sep 19, 2019): Hello! I have one now! Terraform deploying a VM with two network interfaces on the same subnet queries Netbox in order to get the proper available IP addresses. I get an error because the two addresses are the same. Obviously I can run it again and it will eventually work, but considering the purpose of this endpoint (get the next **available** IP) I believe it should work without having to repeat the operation. Regards!

adam commented 2025-12-29 18:22:47 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Nov 13, 2019):

Turns out this is a duplicate of #2519

@jeremystretch commented on GitHub (Nov 13, 2019): Turns out this is a duplicate of #2519

adam referenced this issue 2025-12-29 22:21:39 +01:00

[PR #2849] [CLOSED] Closes #1941: Added InfiniBand Interface Form Factor #12451

adam referenced this issue 2025-12-29 22:22:27 +01:00

[PR #3565] [MERGED] Added InfiniBand interface form factor #12580

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label status: duplicate

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#2849