** Changed in: neutron
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1190613
Title:
when a port have multiple IP addresses the port cannot communicate
Status in OpenStack Neutron (virtual network service):
Fix Released
Bug description:
When a port have multiple IP addresses, iptables security group
implementation drops all the packets from the port. As a result the
port cannot communicate.
The following rules is the cause. All IP packets match one of them and
are dropped.
0 0 DROP all -- * * !10.0.0.10 0.0.0.0/0
0 0 DROP all -- * * !10.0.0.3 0.0.0.0/0
We need to change the rule to accept packet with one of the addresses.
However, iptables rule does not support AND condition with ! (not) operator,
so we seem to need another chain to check multiple IP addresses. Hmm....
ubuntu@ostack02:~/devstack (master)$ nova list
+--------------------------------------+------+--------+------------+-------------+--------------------------+
| ID | Name | Status | Task State | Power
State | Networks |
+--------------------------------------+------+--------+------------+-------------+--------------------------+
| bfd3cbc9-8bf7-4334-9fff-65e3d81dc28c | vm3 | ACTIVE | None | Running
| net1=10.0.0.10, 10.0.0.3 |
+--------------------------------------+------+--------+------------+-------------+--------------------------+
ubuntu@ostack02:~/devstack (master)$ quantum port-show
3d6b255d-126b-4569-8cf0-c12d263dcd60
+-----------------+----------------------------------------------------------------------------------+
| Field | Value
|
+-----------------+----------------------------------------------------------------------------------+
| admin_state_up | True
|
| device_id | bfd3cbc9-8bf7-4334-9fff-65e3d81dc28c
|
| device_owner | compute:None
|
| fixed_ips | {"subnet_id": "df0395d8-1540-45aa-87c3-ad793949910b",
"ip_address": "10.0.0.10"} |
| | {"subnet_id": "df0395d8-1540-45aa-87c3-ad793949910b",
"ip_address": "10.0.0.3"} |
| id | 3d6b255d-126b-4569-8cf0-c12d263dcd60
|
| mac_address | fa:16:3e:6c:a3:8c
|
| name |
|
| network_id | 370c8404-7dd0-41f2-969e-2507b3006b18
|
| security_groups | 69de8500-0c16-48c0-abb7-d6dcedfb05ab
|
| status | ACTIVE
|
| tenant_id | 86d9d4a34eb545358ca620d8193b2081
|
+-----------------+----------------------------------------------------------------------------------+
Chain quantum-openvswi-o3d6b255d-1 (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
MAC ! FA:16:3E:6C:A3:8C
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:68 dpt:67
0 0 DROP all -- * * !10.0.0.10 0.0.0.0/0
0 0 DROP all -- * * !10.0.0.3 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:67 dpt:68
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 quantum-openvswi-sg-fallback all -- * * 0.0.0.0/0
0.0.0.0/0
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1190613/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
