yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #37227
[Bug 1488362] Re: Network ports are not down when network admin-state is made down
Not a vulnerability. We don't document anywhere that setting
admin_state_up to False is supposed to stop all traffic from flowing.
** Changed in: neutron
Status: New => Opinion
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1488362
Title:
Network ports are not down when network admin-state is made down
Status in neutron:
Opinion
Status in OpenStack Security Advisory:
Incomplete
Bug description:
Neutron ports continue to be admin-state up and operational. It is
expected that when network admin-state is made down, the ports of it
should also be brought down and should not work.
$ neutron net-create net2
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 860bd682-74cc-4864-8b12-e756dfcd9475 |
| name | net2 |
| provider:network_type | vxlan |
| provider:physical_network | |
| provider:segmentation_id | 1020 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | b3a57548ddf54b57a2f40411843b6c92 |
+---------------------------+--------------------------------------+
$ neutron subnet-create net2 192.168.2.0/24
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation_pools | {"start": "192.168.2.2", "end": "192.168.2.254"} |
| cidr | 192.168.2.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.2.1 |
| host_routes | |
| id | f29a5119-ba5c-4092-8d00-71d53c668d89 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | |
| network_id | 860bd682-74cc-4864-8b12-e756dfcd9475 |
| tenant_id | b3a57548ddf54b57a2f40411843b6c92 |
+-------------------+--------------------------------------------------+
$ nova boot --image cirros-0.3.2-x86_64-uec --flavor 1 --nic net-id=860bd682-74cc-4864-8b12-e756dfcd9475 i3
+--------------------------------------+----------------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000003 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | UT2jcpsSSiQQ |
| config_drive | |
| created | 2015-08-25T07:01:44Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 350c66d3-2817-408e-85d9-9cd1b4c47e39 |
| image | cirros-0.3.2-x86_64-uec (98a6a3ee-4008-4dac-a634-534bb457a5f7) |
| key_name | - |
| metadata | {} |
| name | i3 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | b3a57548ddf54b57a2f40411843b6c92 |
| updated | 2015-08-25T07:01:44Z |
| user_id | b4f34210995d44bba288e0559f68b18d |
+--------------------------------------+----------------------------------------------------------------+
$ neutron router-interface-add router1 f29a5119-ba5c-4092-8d00-71d53c668d89
Added interface ea75f789-628a-4341-94ae-0d55bc1d6244 to router router1.
$ neutron net-update net2 --admin-state-up False
Updated network: net2
juno@Juno:~$ neutron net-show net2
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | False |
| id | 860bd682-74cc-4864-8b12-e756dfcd9475 |
| name | net2 |
| provider:network_type | vxlan |
| provider:physical_network | |
| provider:segmentation_id | 1020 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | f29a5119-ba5c-4092-8d00-71d53c668d89 |
| tenant_id | b3a57548ddf54b57a2f40411843b6c92 |
+---------------------------+--------------------------------------+
$ sudo ip netns exec qrouter-03931f82-98ef-43bb-a7e0-66875b9558bb ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.119 ms
64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=0.083 ms
^C
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.083/0.101/0.119/0.018 ms
$ sudo ip netns exec qrouter-03931f82-98ef-43bb-a7e0-66875b9558bb ping 192.168.2.2
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
64 bytes from 192.168.2.2: icmp_seq=4 ttl=64 time=4.41 ms
64 bytes from 192.168.2.2: icmp_seq=5 ttl=64 time=1.06 ms
64 bytes from 192.168.2.2: icmp_seq=6 ttl=64 time=1.11 ms
64 bytes from 192.168.2.2: icmp_seq=7 ttl=64 time=1.11 ms
^C
--- 192.168.2.2 ping statistics ---
7 packets transmitted, 4 received, 42% packet loss, time 6027ms
rtt min/avg/max/mdev = 1.062/1.925/4.412/1.436 ms
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1488362/+subscriptions
