Public bug reported: We have found that there are some CIDR accepted by neutron, which does not work in networking ovn. Specifically, these are network CIDRs with the host bits set.
Steps to reproduce - Create VM. Attach a floating IP to it - Remove all security group. Attach a blank security group to it - Add a security group rule and start ping For example, if my IP is 10.10.10.175/26 (first 3 octets changed for privacy), the following security rules work openstack security group rule create --protocol icmp --remote-ip 10.10.10.175/32 cidr openstack security group rule create --protocol icmp --remote-ip 10.10.10.128/26 cidr However, the following security group rule do not work openstack security group rule create --protocol icmp --remote-ip 10.10.10.175/26 cidr FWIW, in our testing, CIDRs like 10.10.10.175/26 work in other drivers, like linuxbridge and midonet. ** Affects: neutron Importance: Undecided Status: New ** Description changed: We have found that there are some CIDR accepted by neutron, which does not work in networking ovn. Specifically, these are network CIDRs with the host bits set. Steps to reproduce - Create VM. Attach a floating IP to it - Remove all security group. Attach a blank security group to it - Add a security group rule and start ping - For example, if my IP is 10.10.10.175/26 (first 3 bits changed for + For example, if my IP is 10.10.10.175/26 (first 3 octets changed for privacy), the following security rules work openstack security group rule create --protocol icmp --remote-ip 10.10.10.175/32 cidr openstack security group rule create --protocol icmp --remote-ip 10.10.10.128/26 cidr However, the following security group rule do not work openstack security group rule create --protocol icmp --remote-ip 10.10.10.175/26 cidr - - FWIW, in our testing, CIDRs like 10.10.10.175/26 work in other drivers, like linuxbridge and midonet. + FWIW, in our testing, CIDRs like 10.10.10.175/26 work in other drivers, + like linuxbridge and midonet. -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1869129 Title: neutron accepts CIDR in security groups that are invalid in ovn Status in neutron: New Bug description: We have found that there are some CIDR accepted by neutron, which does not work in networking ovn. Specifically, these are network CIDRs with the host bits set. Steps to reproduce - Create VM. Attach a floating IP to it - Remove all security group. Attach a blank security group to it - Add a security group rule and start ping For example, if my IP is 10.10.10.175/26 (first 3 octets changed for privacy), the following security rules work openstack security group rule create --protocol icmp --remote-ip 10.10.10.175/32 cidr openstack security group rule create --protocol icmp --remote-ip 10.10.10.128/26 cidr However, the following security group rule do not work openstack security group rule create --protocol icmp --remote-ip 10.10.10.175/26 cidr FWIW, in our testing, CIDRs like 10.10.10.175/26 work in other drivers, like linuxbridge and midonet. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1869129/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp