yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1564947] [NEW] ovs-firewall doesn't work with tunneling and vlan tagging

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jakub Libosvar <libosvar@xxxxxxxxxx>
Date: Fri, 01 Apr 2016 14:58:40 -0000
Reply-to: Bug 1564947 <1564947@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

As firewall uses actions=output: which doesn't handle vlan tags,
accepted ingress traffic gets packets that are still tagged. Normal
actions take care of vlan tags according tags on ports, so those are
fine. We should use strip_vlan for all actions using
output:<port_number>

** Affects: neutron
     Importance: Undecided
     Assignee: Jakub Libosvar (libosvar)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1564947

Title:
  ovs-firewall doesn't work with tunneling and vlan tagging

Status in neutron:
  In Progress

Bug description:
  As firewall uses actions=output: which doesn't handle vlan tags,
  accepted ingress traffic gets packets that are still tagged. Normal
  actions take care of vlan tags according tags on ports, so those are
  fine. We should use strip_vlan for all actions using
  output:<port_number>

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1564947/+subscriptions

Follow ups

[Bug 1564947] Re: ovs-firewall doesn't work with tunneling and vlan tagging
From: OpenStack Infra, 2016-04-05