yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1485509] [NEW] Firewall doesn't work for instances with floating IPs in DVR mode

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sergey Kolekonov <skolekonov@xxxxxxxxxxxx>
Date: Mon, 17 Aug 2015 09:06:13 -0000
Reply-to: Bug 1485509 <1485509@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

FWaaS doesn't seem to be fully compatible with Neutron DVR at the
moment.

With firewall created I'm observing firewall rules in SNAT namespace on
the network node. It's OK if instances don't have floating IPs assigned.
But when I assign a floating IP to an instance, firewall rules are still
only in SNAT-namespaces, however, they should also exist on a compute
node. So traffic just bypasses firewall rules in that case.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: fwaas l3-dvr-backlog

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1485509

Title:
  Firewall doesn't work for instances with floating IPs in DVR mode

Status in neutron:
  New

Bug description:
  FWaaS doesn't seem to be fully compatible with Neutron DVR at the
  moment.

  With firewall created I'm observing firewall rules in SNAT namespace
  on the network node. It's OK if instances don't have floating IPs
  assigned. But when I assign a floating IP to an instance, firewall
  rules are still only in SNAT-namespaces, however, they should also
  exist on a compute node. So traffic just bypasses firewall rules in
  that case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1485509/+subscriptions