Skip to content
DevOps AI ToolKit
Newsletter
All guides
AI for OpenStack By James Joyner IV · · 9 min read

OpenStack Error Guide: 'No more IP addresses available on network' (Neutron IP exhaustion)

Resolve the Neutron 'No more IP addresses available' error: exhausted allocation pools, leaked ports, oversized reservations, small CIDRs, and orphaned VM ports.

  • #openstack
  • #troubleshooting
  • #errors
  • #neutron

Overview

When Neutron tries to assign an IP to a new port — booting an instance, creating a router interface, or allocating a floating IP — it pulls from a subnet’s allocation pool. When that pool has no free addresses left, the API returns a 409 and an error that reads:

No more IP addresses available on network 9b2f5c1a-3d4e-4f6a-8b7c-1d2e3f4a5b6c. Neutron server returns request_ids: ['req-1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d']

In Nova-driven boots it usually surfaces wrapped as an instance going to ERROR with Fault: Failed to allocate the network(s), not rescheduling. It occurs whenever the demand for addresses on a subnet exceeds the supply: the allocation pool is genuinely full, stale or leaked ports are squatting on addresses, DHCP/router/floating-IP reservations consume more than expected, the CIDR is simply too small, or ports were never cleaned up after instances were deleted.

Symptoms

  • New instances fail to boot and land in ERROR with a network allocation fault.
  • openstack port create / floating ip create returns 409 Conflict.
  • The subnet’s used-IP count equals (pool_end − pool_start + 1).
  • It affects only instances landing on one specific network/subnet.
openstack server create --flavor m1.small --image ubuntu-22.04 \
  --network private-net web-07
Instance web-07 failed to boot:
Fault: Failed to allocate the network(s), not rescheduling.
... No more IP addresses available on network 9b2f5c1a-3d4e-4f6a-8b7c-1d2e3f4a5b6c.

Common Root Causes

1. Allocation pool exhausted

The subnet’s pool has handed out every address. This is the headline cause.

SUBNET=private-subnet
openstack subnet show $SUBNET -c allocation_pools -c cidr
openstack port list --network private-net -c id -f value | wc -l
+-------------------+-------------------------------------+
| Field             | Value                               |
+-------------------+-------------------------------------+
| allocation_pools  | 10.0.0.2-10.0.0.254                 |
| cidr              | 10.0.0.0/24                         |
+-------------------+-------------------------------------+
253

A pool of 253 addresses with 253 ports already allocated means zero free.

2. Leaked or stale ports

Ports stuck in DOWN with no device_id, or bound to a device_owner that no longer exists, hold addresses that nothing is using.

openstack port list --network private-net --long \
  -c ID -c "Fixed IP Addresses" -c Status -c "Device Owner"
+--------------------------------------+----------------------+--------+--------------------------+
| ID                                   | Fixed IP Addresses   | Status | Device Owner             |
+--------------------------------------+----------------------+--------+--------------------------+
| a1b2c3d4-...                         | ip='10.0.0.51'       | DOWN   |                          |
| b2c3d4e5-...                         | ip='10.0.0.52'       | DOWN   | compute:nova             |
+--------------------------------------+----------------------+--------+--------------------------+

A DOWN port with an empty Device Owner is a leaked address.

3. DHCP, router, and floating-IP reservations

Every subnet reserves addresses for the DHCP agent(s), the gateway, and any router interfaces; floating IPs consume external-network addresses. On HA setups multiple DHCP agents each take an address.

openstack port list --network private-net --device-owner network:dhcp -f value -c "Fixed IP Addresses"
openstack port list --network private-net --device-owner network:router_interface -f value -c "Fixed IP Addresses"
ip='10.0.0.2'
ip='10.0.0.3'
ip='10.0.0.1'

Three “infrastructure” addresses you may not have accounted for in capacity planning.

4. Subnet CIDR too small

A /27 looks fine until the fleet grows. Subtract the reserved addresses and the usable count is smaller than it appears.

openstack subnet show private-subnet -c cidr -c gateway_ip
+------------+---------------+
| Field      | Value         |
+------------+---------------+
| cidr       | 10.0.0.0/27   |
| gateway_ip | 10.0.0.1      |
+------------+---------------+

A /27 yields ~30 usable hosts — easy to exhaust with a single autoscaling group.

5. Ports not cleaned up after VM delete

If an instance is force-deleted or Nova/Neutron lose sync, the port may survive its instance, permanently reserving the address.

# Cross-reference ports against existing servers
comm -23 \
  <(openstack port list --network private-net --device-owner compute:nova -f value -c "Device ID" | sort -u) \
  <(openstack server list --all-projects -f value -c ID | sort -u)
e5f6a7b8-9c0d-1e2f-3a4b-5c6d7e8f9a0b

Each ID printed is a device_id referenced by a port whose server no longer exists — an orphaned port.

6. Concurrent boots racing the pool

A burst of simultaneous instance creates can drain the last few addresses faster than capacity dashboards refresh, producing intermittent 409s only under load.

openstack port list --network private-net -f value -c ID | wc -l
252

One free address with five pending boots guarantees four failures.

Diagnostic Workflow

Step 1 — Identify the network and subnet

Pull the exact network UUID from the error and inspect its subnet.

NET=9b2f5c1a-3d4e-4f6a-8b7c-1d2e3f4a5b6c
openstack network show $NET -c subnets -f value
openstack subnet show <subnet-id> -c cidr -c allocation_pools

Step 2 — Count supply vs demand

Compare pool size against allocated ports.

openstack port list --network $NET -f value -c ID | wc -l
openstack subnet show <subnet-id> -c allocation_pools

Step 3 — Hunt leaked and orphaned ports

Find DOWN ports with no owner and ports referencing dead servers.

openstack port list --network $NET --long -c ID -c Status -c "Device Owner" -c "Fixed IP Addresses"

Step 4 — Read the Neutron logs

Confirm the IP-allocation failure and rule out plugin/DB errors.

# Kolla-Ansible (containerized)
docker logs neutron_server 2>&1 | grep -iE "No more IP|IpAddressGenerationFailure" | tail
# Package-based
journalctl -u neutron-server --since "15 min ago" | grep -i ipaddress
tail -100 /var/log/neutron/neutron-server.log
ERROR neutron.api.v2.resource [req-1a2b3c4d...] create failed:
neutron_lib.exceptions.IpAddressGenerationFailure: No more IP addresses available on network 9b2f5c1a-...

Step 5 — Reclaim or expand

Delete confirmed-orphaned ports, then either extend the allocation pool or add a second subnet.

openstack port delete <orphaned-port-id>
openstack subnet set --allocation-pool start=10.0.1.2,end=10.0.1.254 <subnet-id>

Example Root Cause Analysis

Scenario. An autoscaling group on private-net (a 10.0.0.0/24) stops scaling out. Five of every batch of new instances fail with No more IP addresses available, while older instances keep running.

Failing log.

docker logs neutron_server 2>&1 | grep "No more IP" | tail
ERROR neutron.api.v2.resource [req-1a2b...] IpAddressGenerationFailure:
No more IP addresses available on network 9b2f5c1a-3d4e-4f6a-8b7c-1d2e3f4a5b6c.

Investigation. The pool is 10.0.0.2-10.0.0.254 (253 addresses) and the port count is 253 — fully allocated. But the team only runs ~120 instances. Listing ports by status reveals the culprit:

openstack port list --network private-net --long -c ID -c Status -c "Device Owner" | grep DOWN | wc -l
131

131 DOWN ports with empty Device Owner — leaked from months of instances that were force-deleted during earlier incidents. Cross-checking against live servers confirms none of these device_ids exist anymore.

Fix. Delete the orphaned ports to reclaim the addresses:

openstack port list --network private-net --device-owner '' --status DOWN -f value -c ID \
  | xargs -r -n1 openstack port delete

The pool drops back to ~120 used addresses, scaling resumes, and the team adds a second subnet to give headroom for future bursts.

Prevention Best Practices

  • Right-size CIDRs for peak fleet plus reservations and bursts; a /24 (~250 usable) is a safer default than a /27 for anything that autoscales.
  • Alert on pool utilization. Periodically compare port count to pool size and page when usage crosses ~80%: [ $(openstack port list --network private-net -f value -c ID | wc -l) -gt 200 ] && echo HIGH.
  • Schedule an orphan-port sweep that deletes DOWN ports with no device_id whose server no longer exists, so leaked addresses are reclaimed automatically.
  • Account for infrastructure addresses (DHCP agents, gateway, router interfaces, floating IPs) when planning capacity — they are not free.
  • Attach a second subnet to busy networks before exhaustion rather than during an outage.
  • Wire pool-exhaustion alerts into an automated runbook such as /dashboard/incident-response/ so the first response includes the leaked-port check.

Quick Command Reference

# Supply vs demand
openstack subnet show <subnet-id> -c cidr -c allocation_pools
openstack port list --network <net-id> -f value -c ID | wc -l

# Find leaked / DOWN ports with no owner
openstack port list --network <net-id> --long -c ID -c Status -c "Device Owner" -c "Fixed IP Addresses"
openstack port list --network <net-id> --status DOWN --device-owner '' -f value -c ID

# Find orphaned compute ports (device_id with no server)
comm -23 \
  <(openstack port list --device-owner compute:nova -f value -c "Device ID" | sort -u) \
  <(openstack server list --all-projects -f value -c ID | sort -u)

# Inspect reservations
openstack port list --network <net-id> --device-owner network:dhcp
openstack port list --network <net-id> --device-owner network:router_interface

# Read Neutron logs
docker logs neutron_server 2>&1 | grep -i "No more IP" | tail
journalctl -u neutron-server --since "15 min ago" | grep -i ipaddress

# Reclaim and expand
openstack port delete <port-id>
openstack subnet set --allocation-pool start=10.0.1.2,end=10.0.1.254 <subnet-id>

Conclusion

A Neutron “No more IP addresses available” error comes down to supply not meeting demand on a subnet, typically caused by:

  1. A genuinely exhausted allocation pool.
  2. Leaked or stale DOWN ports holding addresses.
  3. DHCP, router, and floating-IP reservations consuming more than planned.
  4. A CIDR that’s simply too small for the fleet.
  5. Ports never cleaned up after instances were deleted.
  6. Concurrent boots racing the last free addresses.

Count supply against demand, reclaim orphaned ports, then expand the pool or add a subnet. More guides are at /categories/openstack/.

Free download · 368-page PDF

Download the Free 500-Prompt DevOps AI Toolkit

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.