Public bug reported:
We have found that there are some CIDR accepted by neutron, which does
not work in networking ovn. Specifically, these are network CIDRs with
the host bits set.
Steps to reproduce
- Create VM. Attach a floating IP to it
- Remove all security group. Attach a blank security group to it
- Add a security group rule and start ping
For example, if my IP is 10.10.10.175/26 (first 3 octets changed for
privacy), the following security rules work
openstack security group rule create --protocol icmp --remote-ip
10.10.10.175/32 cidr
openstack security group rule create --protocol icmp --remote-ip
10.10.10.128/26 cidr
However, the following security group rule do not work
openstack security group rule create --protocol icmp --remote-ip
10.10.10.175/26 cidr
FWIW, in our testing, CIDRs like 10.10.10.175/26 work in other drivers,
like linuxbridge and midonet.
** Affects: neutron
Importance: Undecided
Status: New
** Description changed:
We have found that there are some CIDR accepted by neutron, which does
not work in networking ovn. Specifically, these are network CIDRs with
the host bits set.
Steps to reproduce
- Create VM. Attach a floating IP to it
- Remove all security group. Attach a blank security group to it
- Add a security group rule and start ping
- For example, if my IP is 10.10.10.175/26 (first 3 bits changed for
+ For example, if my IP is 10.10.10.175/26 (first 3 octets changed for
privacy), the following security rules work
openstack security group rule create --protocol icmp --remote-ip
10.10.10.175/32 cidr
openstack security group rule create --protocol icmp --remote-ip
10.10.10.128/26 cidr
However, the following security group rule do not work
openstack security group rule create --protocol icmp --remote-ip
10.10.10.175/26 cidr
-
- FWIW, in our testing, CIDRs like 10.10.10.175/26 work in other drivers, like
linuxbridge and midonet.
+ FWIW, in our testing, CIDRs like 10.10.10.175/26 work in other drivers,
+ like linuxbridge and midonet.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1869129
Title:
neutron accepts CIDR in security groups that are invalid in ovn
Status in neutron:
New
Bug description:
We have found that there are some CIDR accepted by neutron, which does
not work in networking ovn. Specifically, these are network CIDRs with
the host bits set.
Steps to reproduce
- Create VM. Attach a floating IP to it
- Remove all security group. Attach a blank security group to it
- Add a security group rule and start ping
For example, if my IP is 10.10.10.175/26 (first 3 octets changed for
privacy), the following security rules work
openstack security group rule create --protocol icmp --remote-ip
10.10.10.175/32 cidr
openstack security group rule create --protocol icmp --remote-ip
10.10.10.128/26 cidr
However, the following security group rule do not work
openstack security group rule create --protocol icmp --remote-ip
10.10.10.175/26 cidr
FWIW, in our testing, CIDRs like 10.10.10.175/26 work in other
drivers, like linuxbridge and midonet.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1869129/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
