yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1487338] [NEW] OVS ARP spoofing protection breaks floating IPs without port security extension

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kevin Benton <1487338@xxxxxxxxxxxxxxxxxx>
Date: Fri, 21 Aug 2015 07:04:33 -0000
Reply-to: Bug 1487338 <1487338@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The OVS ARP spoofing protection depends on the port security extension
being enabled to disable ARP spoofing protection on router interfaces
that have floating IP traffic on them. So if the port security extension
is disabled the router interface will get ARP spoofing rules, which
don't know about the floating IPs and will drop the ARP requests for
them.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1487338

Title:
  OVS ARP spoofing protection breaks floating IPs without port security
  extension

Status in neutron:
  New

Bug description:
  The OVS ARP spoofing protection depends on the port security extension
  being enabled to disable ARP spoofing protection on router interfaces
  that have floating IP traffic on them. So if the port security
  extension is disabled the router interface will get ARP spoofing
  rules, which don't know about the floating IPs and will drop the ARP
  requests for them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1487338/+subscriptions

Follow ups

[Bug 1487338] Re: OVS ARP spoofing protection breaks floating IPs without port security extension
From: Dave Walker, 2016-05-09
[Bug 1487338] Re: OVS ARP spoofing protection breaks floating IPs without port security extension
From: Thierry Carrez, 2015-09-24