yahoo-eng-team team mailing list archive

[John Schwarz <jschwarz@xxxxxxxxxx>]

Public bug reported:

Iptables doesn't work properly with fullstack, as can be observed in
[1].

The gist is that since all ovs-agents are running on the same namespace, they try to override each other's iptables, causing the failures. This will obviously cause security groups to fail.
Also, Assaf Muller mentioned that since FakeMachines are directly connected to br-int, security groups will also not work properly on them. Instead, they should be connected through an intermediary linuxbridge.

[1]: http://logs.openstack.org/71/270971/3/check/gate-neutron-dsvm-
fullstack/c913b51/logs/TestConnectivitySameNetwork.test_connectivity_VLANs,Ofctl_
/neutron-openvswitch-agent--2016-02-14--
11-40-19-078390.log.txt.gz#_2016-02-14_11_41_03_165

** Affects: neutron
     Importance: Undecided
         Status: Confirmed


** Tags: fullstack

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1546490

Title:
  Security groups don't work with fullstack

Status in neutron:
  Confirmed

Bug description:
  Iptables doesn't work properly with fullstack, as can be observed in
  [1].

  The gist is that since all ovs-agents are running on the same namespace, they try to override each other's iptables, causing the failures. This will obviously cause security groups to fail.
  Also, Assaf Muller mentioned that since FakeMachines are directly connected to br-int, security groups will also not work properly on them. Instead, they should be connected through an intermediary linuxbridge.

  [1]: http://logs.openstack.org/71/270971/3/check/gate-neutron-dsvm-
  fullstack/c913b51/logs/TestConnectivitySameNetwork.test_connectivity_VLANs,Ofctl_
  /neutron-openvswitch-agent--2016-02-14--
  11-40-19-078390.log.txt.gz#_2016-02-14_11_41_03_165

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1546490/+subscriptions