OpenStack Error Guide: 'No more IP addresses available on network' (Neutron IP exhaustion)
Resolve the Neutron 'No more IP addresses available' error: exhausted allocation pools, leaked ports, oversized reservations, small CIDRs, and orphaned VM ports.
- #openstack
- #troubleshooting
- #errors
- #neutron
Overview
When Neutron tries to assign an IP to a new port — booting an instance, creating a router interface, or allocating a floating IP — it pulls from a subnet’s allocation pool. When that pool has no free addresses left, the API returns a 409 and an error that reads:
No more IP addresses available on network 9b2f5c1a-3d4e-4f6a-8b7c-1d2e3f4a5b6c. Neutron server returns request_ids: ['req-1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d']
In Nova-driven boots it usually surfaces wrapped as an instance going to ERROR with Fault: Failed to allocate the network(s), not rescheduling. It occurs whenever the demand for addresses on a subnet exceeds the supply: the allocation pool is genuinely full, stale or leaked ports are squatting on addresses, DHCP/router/floating-IP reservations consume more than expected, the CIDR is simply too small, or ports were never cleaned up after instances were deleted.
Symptoms
- New instances fail to boot and land in
ERRORwith a network allocation fault. openstack port create/floating ip createreturns409 Conflict.- The subnet’s used-IP count equals (pool_end − pool_start + 1).
- It affects only instances landing on one specific network/subnet.
openstack server create --flavor m1.small --image ubuntu-22.04 \
--network private-net web-07
Instance web-07 failed to boot:
Fault: Failed to allocate the network(s), not rescheduling.
... No more IP addresses available on network 9b2f5c1a-3d4e-4f6a-8b7c-1d2e3f4a5b6c.
Common Root Causes
1. Allocation pool exhausted
The subnet’s pool has handed out every address. This is the headline cause.
SUBNET=private-subnet
openstack subnet show $SUBNET -c allocation_pools -c cidr
openstack port list --network private-net -c id -f value | wc -l
+-------------------+-------------------------------------+
| Field | Value |
+-------------------+-------------------------------------+
| allocation_pools | 10.0.0.2-10.0.0.254 |
| cidr | 10.0.0.0/24 |
+-------------------+-------------------------------------+
253
A pool of 253 addresses with 253 ports already allocated means zero free.
2. Leaked or stale ports
Ports stuck in DOWN with no device_id, or bound to a device_owner that no longer exists, hold addresses that nothing is using.
openstack port list --network private-net --long \
-c ID -c "Fixed IP Addresses" -c Status -c "Device Owner"
+--------------------------------------+----------------------+--------+--------------------------+
| ID | Fixed IP Addresses | Status | Device Owner |
+--------------------------------------+----------------------+--------+--------------------------+
| a1b2c3d4-... | ip='10.0.0.51' | DOWN | |
| b2c3d4e5-... | ip='10.0.0.52' | DOWN | compute:nova |
+--------------------------------------+----------------------+--------+--------------------------+
A DOWN port with an empty Device Owner is a leaked address.
3. DHCP, router, and floating-IP reservations
Every subnet reserves addresses for the DHCP agent(s), the gateway, and any router interfaces; floating IPs consume external-network addresses. On HA setups multiple DHCP agents each take an address.
openstack port list --network private-net --device-owner network:dhcp -f value -c "Fixed IP Addresses"
openstack port list --network private-net --device-owner network:router_interface -f value -c "Fixed IP Addresses"
ip='10.0.0.2'
ip='10.0.0.3'
ip='10.0.0.1'
Three “infrastructure” addresses you may not have accounted for in capacity planning.
4. Subnet CIDR too small
A /27 looks fine until the fleet grows. Subtract the reserved addresses and the usable count is smaller than it appears.
openstack subnet show private-subnet -c cidr -c gateway_ip
+------------+---------------+
| Field | Value |
+------------+---------------+
| cidr | 10.0.0.0/27 |
| gateway_ip | 10.0.0.1 |
+------------+---------------+
A /27 yields ~30 usable hosts — easy to exhaust with a single autoscaling group.
5. Ports not cleaned up after VM delete
If an instance is force-deleted or Nova/Neutron lose sync, the port may survive its instance, permanently reserving the address.
# Cross-reference ports against existing servers
comm -23 \
<(openstack port list --network private-net --device-owner compute:nova -f value -c "Device ID" | sort -u) \
<(openstack server list --all-projects -f value -c ID | sort -u)
e5f6a7b8-9c0d-1e2f-3a4b-5c6d7e8f9a0b
Each ID printed is a device_id referenced by a port whose server no longer exists — an orphaned port.
6. Concurrent boots racing the pool
A burst of simultaneous instance creates can drain the last few addresses faster than capacity dashboards refresh, producing intermittent 409s only under load.
openstack port list --network private-net -f value -c ID | wc -l
252
One free address with five pending boots guarantees four failures.
Diagnostic Workflow
Step 1 — Identify the network and subnet
Pull the exact network UUID from the error and inspect its subnet.
NET=9b2f5c1a-3d4e-4f6a-8b7c-1d2e3f4a5b6c
openstack network show $NET -c subnets -f value
openstack subnet show <subnet-id> -c cidr -c allocation_pools
Step 2 — Count supply vs demand
Compare pool size against allocated ports.
openstack port list --network $NET -f value -c ID | wc -l
openstack subnet show <subnet-id> -c allocation_pools
Step 3 — Hunt leaked and orphaned ports
Find DOWN ports with no owner and ports referencing dead servers.
openstack port list --network $NET --long -c ID -c Status -c "Device Owner" -c "Fixed IP Addresses"
Step 4 — Read the Neutron logs
Confirm the IP-allocation failure and rule out plugin/DB errors.
# Kolla-Ansible (containerized)
docker logs neutron_server 2>&1 | grep -iE "No more IP|IpAddressGenerationFailure" | tail
# Package-based
journalctl -u neutron-server --since "15 min ago" | grep -i ipaddress
tail -100 /var/log/neutron/neutron-server.log
ERROR neutron.api.v2.resource [req-1a2b3c4d...] create failed:
neutron_lib.exceptions.IpAddressGenerationFailure: No more IP addresses available on network 9b2f5c1a-...
Step 5 — Reclaim or expand
Delete confirmed-orphaned ports, then either extend the allocation pool or add a second subnet.
openstack port delete <orphaned-port-id>
openstack subnet set --allocation-pool start=10.0.1.2,end=10.0.1.254 <subnet-id>
Example Root Cause Analysis
Scenario. An autoscaling group on private-net (a 10.0.0.0/24) stops scaling out. Five of every batch of new instances fail with No more IP addresses available, while older instances keep running.
Failing log.
docker logs neutron_server 2>&1 | grep "No more IP" | tail
ERROR neutron.api.v2.resource [req-1a2b...] IpAddressGenerationFailure:
No more IP addresses available on network 9b2f5c1a-3d4e-4f6a-8b7c-1d2e3f4a5b6c.
Investigation. The pool is 10.0.0.2-10.0.0.254 (253 addresses) and the port count is 253 — fully allocated. But the team only runs ~120 instances. Listing ports by status reveals the culprit:
openstack port list --network private-net --long -c ID -c Status -c "Device Owner" | grep DOWN | wc -l
131
131 DOWN ports with empty Device Owner — leaked from months of instances that were force-deleted during earlier incidents. Cross-checking against live servers confirms none of these device_ids exist anymore.
Fix. Delete the orphaned ports to reclaim the addresses:
openstack port list --network private-net --device-owner '' --status DOWN -f value -c ID \
| xargs -r -n1 openstack port delete
The pool drops back to ~120 used addresses, scaling resumes, and the team adds a second subnet to give headroom for future bursts.
Prevention Best Practices
- Right-size CIDRs for peak fleet plus reservations and bursts; a /24 (~250 usable) is a safer default than a /27 for anything that autoscales.
- Alert on pool utilization. Periodically compare port count to pool size and page when usage crosses ~80%:
[ $(openstack port list --network private-net -f value -c ID | wc -l) -gt 200 ] && echo HIGH. - Schedule an orphan-port sweep that deletes
DOWNports with nodevice_idwhose server no longer exists, so leaked addresses are reclaimed automatically. - Account for infrastructure addresses (DHCP agents, gateway, router interfaces, floating IPs) when planning capacity — they are not free.
- Attach a second subnet to busy networks before exhaustion rather than during an outage.
- Wire pool-exhaustion alerts into an automated runbook such as /dashboard/incident-response/ so the first response includes the leaked-port check.
Quick Command Reference
# Supply vs demand
openstack subnet show <subnet-id> -c cidr -c allocation_pools
openstack port list --network <net-id> -f value -c ID | wc -l
# Find leaked / DOWN ports with no owner
openstack port list --network <net-id> --long -c ID -c Status -c "Device Owner" -c "Fixed IP Addresses"
openstack port list --network <net-id> --status DOWN --device-owner '' -f value -c ID
# Find orphaned compute ports (device_id with no server)
comm -23 \
<(openstack port list --device-owner compute:nova -f value -c "Device ID" | sort -u) \
<(openstack server list --all-projects -f value -c ID | sort -u)
# Inspect reservations
openstack port list --network <net-id> --device-owner network:dhcp
openstack port list --network <net-id> --device-owner network:router_interface
# Read Neutron logs
docker logs neutron_server 2>&1 | grep -i "No more IP" | tail
journalctl -u neutron-server --since "15 min ago" | grep -i ipaddress
# Reclaim and expand
openstack port delete <port-id>
openstack subnet set --allocation-pool start=10.0.1.2,end=10.0.1.254 <subnet-id>
Conclusion
A Neutron “No more IP addresses available” error comes down to supply not meeting demand on a subnet, typically caused by:
- A genuinely exhausted allocation pool.
- Leaked or stale
DOWNports holding addresses. - DHCP, router, and floating-IP reservations consuming more than planned.
- A CIDR that’s simply too small for the fleet.
- Ports never cleaned up after instances were deleted.
- Concurrent boots racing the last free addresses.
Count supply against demand, reclaim orphaned ports, then expand the pool or add a subnet. More guides are at /categories/openstack/.
Download the Free 500-Prompt DevOps AI Toolkit
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.