yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1362676] [NEW] Hyper-V agent doesn't create stateful security group rules

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Claudiu Belu <cbelu@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Aug 2014 15:34:32 -0000
Reply-to: Bug 1362676 <1362676@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Hyper-V agent does not create stateful security group rules (ACLs),
meaning it doesn't allow any response traffic to pass through.

For example, the following security group rule:
{"direction": "ingress", "remote_ip_prefix": null, "protocol": "tcp", "port_range_max": 22,  "port_range_min": 22, "ethertype": "IPv4"}
Allows tcp  inbound traffic through port 22, but since the Hyper-V agent does not add this rule as stateful, the reply traffic never received, unless specifically added an egress security group rule as well.

** Affects: neutron
     Importance: Undecided
     Assignee: Claudiu Belu (cbelu)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Claudiu Belu (cbelu)

** Description changed:

  Hyper-V agent does not create stateful security group rules (ACLs),
- which doesn't allow any traffic response to pass through.
+ meaning it doesn't allow any response traffic to pass through.
  
  For example, the following security group rule:
  {"direction": "ingress", "remote_ip_prefix": null, "protocol": "tcp", "port_range_max": 22,  "port_range_min": 22, "ethertype": "IPv4"}
  Allows tcp  inbound traffic through port 22, but since the Hyper-V agent does not add this rule as stateful, the reply traffic never received, unless specifically added an egress security group rule as well.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1362676

Title:
  Hyper-V agent doesn't create stateful security group rules

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Hyper-V agent does not create stateful security group rules (ACLs),
  meaning it doesn't allow any response traffic to pass through.

  For example, the following security group rule:
  {"direction": "ingress", "remote_ip_prefix": null, "protocol": "tcp", "port_range_max": 22,  "port_range_min": 22, "ethertype": "IPv4"}
  Allows tcp  inbound traffic through port 22, but since the Hyper-V agent does not add this rule as stateful, the reply traffic never received, unless specifically added an egress security group rule as well.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1362676/+subscriptions

Follow ups

[Bug 1362676] Re: Hyper-V agent doesn't create stateful security group rules
From: Armando Migliaccio, 2016-08-17
[Bug 1362676] Re: Hyper-V agent doesn't create stateful security group rules
From: Alan Pevec, 2015-11-19
[Bug 1362676] Re: Hyper-V agent doesn't create stateful security group rules
From: Alan Pevec, 2015-11-14
[Bug 1362676] Re: Hyper-V agent doesn't create stateful security group rules
From: Claudiu Belu, 2015-05-08
[Bug 1362676] Re: Hyper-V agent doesn't create stateful security group rules
From: Claudiu Belu, 2015-02-11
[Bug 1362676] [NEW] Hyper-V agent doesn't create stateful security group rules
From: Claudiu Belu, 2014-08-28

References

[Bug 1362676] [NEW] Hyper-V agent doesn't create stateful security group rules
From: Claudiu Belu, 2014-08-28