yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #04134
[Bug 1190613] Re: when a port have multiple IP addresses the port cannot communicate
** Changed in: neutron/grizzly
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1190613
Title:
when a port have multiple IP addresses the port cannot communicate
Status in OpenStack Neutron (virtual network service):
Fix Released
Status in neutron grizzly series:
Fix Released
Bug description:
When a port have multiple IP addresses, iptables security group
implementation drops all the packets from the port. As a result the
port cannot communicate.
The following rules is the cause. All IP packets match one of them and
are dropped.
0 0 DROP all -- * * !10.0.0.10 0.0.0.0/0
0 0 DROP all -- * * !10.0.0.3 0.0.0.0/0
We need to change the rule to accept packet with one of the addresses.
However, iptables rule does not support AND condition with ! (not) operator,
so we seem to need another chain to check multiple IP addresses. Hmm....
ubuntu@ostack02:~/devstack (master)$ nova list
+--------------------------------------+------+--------+------------+-------------+--------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+------+--------+------------+-------------+--------------------------+
| bfd3cbc9-8bf7-4334-9fff-65e3d81dc28c | vm3 | ACTIVE | None | Running | net1=10.0.0.10, 10.0.0.3 |
+--------------------------------------+------+--------+------------+-------------+--------------------------+
ubuntu@ostack02:~/devstack (master)$ quantum port-show 3d6b255d-126b-4569-8cf0-c12d263dcd60
+-----------------+----------------------------------------------------------------------------------+
| Field | Value |
+-----------------+----------------------------------------------------------------------------------+
| admin_state_up | True |
| device_id | bfd3cbc9-8bf7-4334-9fff-65e3d81dc28c |
| device_owner | compute:None |
| fixed_ips | {"subnet_id": "df0395d8-1540-45aa-87c3-ad793949910b", "ip_address": "10.0.0.10"} |
| | {"subnet_id": "df0395d8-1540-45aa-87c3-ad793949910b", "ip_address": "10.0.0.3"} |
| id | 3d6b255d-126b-4569-8cf0-c12d263dcd60 |
| mac_address | fa:16:3e:6c:a3:8c |
| name | |
| network_id | 370c8404-7dd0-41f2-969e-2507b3006b18 |
| security_groups | 69de8500-0c16-48c0-abb7-d6dcedfb05ab |
| status | ACTIVE |
| tenant_id | 86d9d4a34eb545358ca620d8193b2081 |
+-----------------+----------------------------------------------------------------------------------+
Chain quantum-openvswi-o3d6b255d-1 (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 MAC ! FA:16:3E:6C:A3:8C
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 DROP all -- * * !10.0.0.10 0.0.0.0/0
0 0 DROP all -- * * !10.0.0.3 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 quantum-openvswi-sg-fallback all -- * * 0.0.0.0/0 0.0.0.0/0
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1190613/+subscriptions
