yahoo-eng-team team mailing list archive

[Dmitry Ratushnyy <d.ratushnyy@xxxxxxxxx>]

Public bug reported:

It is possible to send traffic through port with
port_security_enabled=True.

Steps to reproduce.

1) Create three VMS on one network:
    Guest os:
     ubuntu-14.04

    "destination" VM  to ping (10.100.0.3)
    "router" VM to send traffic through (10.100.0.2)
    "source" VM that will ping "destination" VM(10.100.0.1)

2) On source VM add route to destination via router ( sudo ip route add 10.100.0.3 via 10.100.0.2)
3) On "router" VM  set net.ipv4.ip_forward = 1 (sudo sysctl  net.ipv4.ip_forward = 1)
4) On  "destination" VM add route to 'source' via router ( sudo ip route add 10.100.0.1 via 10.100.0.2) 
5) Start to ping "destination" on "source" VM.  
    5.1) Check traffic on all VMs

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: port-security

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1459343

Title:
  Port security enabled=True is not respected

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  It is possible to send traffic through port with
  port_security_enabled=True.

  Steps to reproduce.

  1) Create three VMS on one network:
      Guest os:
       ubuntu-14.04

      "destination" VM  to ping (10.100.0.3)
      "router" VM to send traffic through (10.100.0.2)
      "source" VM that will ping "destination" VM(10.100.0.1)

  2) On source VM add route to destination via router ( sudo ip route add 10.100.0.3 via 10.100.0.2)
  3) On "router" VM  set net.ipv4.ip_forward = 1 (sudo sysctl  net.ipv4.ip_forward = 1)
  4) On  "destination" VM add route to 'source' via router ( sudo ip route add 10.100.0.1 via 10.100.0.2) 
  5) Start to ping "destination" on "source" VM.  
      5.1) Check traffic on all VMs

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1459343/+subscriptions