Public bug reported: It was found that in case of ML2/OVN, stateless SG rules stop working when a Octavia Load Balancer is attached to the same network. This was addressed in OVN core project with: https://github.com/ovn- org/ovn/commit/a0f82efdd9dfd3ef2d9606c1890e353df1097a51
I think it may make sense to add a new integration scenario for this case in tempest plugin that would: - create stateless SG - define some rules - start a VM for the SG - check rules work as expected - define a Load Balancer for the network - check the SG rules still work as expected This is a corner case, but since we know it's problematic in some OVN branches and since ML2/OVN is the default implementation, - and since OVN core team is considering adjusting the ACL conntrack behavior in the near future that may affect stateless behavior - it may be wise to implement the scenario nevertheless. ** Affects: neutron Importance: Undecided Status: New ** Tags: ovn ovn-octavia-provider tempest ** Tags added: ovn ovn-octavia-provider tempest ** Bug watch added: Red Hat Bugzilla #2214303 https://bugzilla.redhat.com/show_bug.cgi?id=2214303 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2024502 Title: Tempest: add scenario to validate that stateless SG rules are working in presence of Load Balancer attached to the same network Status in neutron: New Bug description: It was found that in case of ML2/OVN, stateless SG rules stop working when a Octavia Load Balancer is attached to the same network. This was addressed in OVN core project with: https://github.com/ovn- org/ovn/commit/a0f82efdd9dfd3ef2d9606c1890e353df1097a51 I think it may make sense to add a new integration scenario for this case in tempest plugin that would: - create stateless SG - define some rules - start a VM for the SG - check rules work as expected - define a Load Balancer for the network - check the SG rules still work as expected This is a corner case, but since we know it's problematic in some OVN branches and since ML2/OVN is the default implementation, - and since OVN core team is considering adjusting the ACL conntrack behavior in the near future that may affect stateless behavior - it may be wise to implement the scenario nevertheless. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2024502/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp