yahoo-eng-team team mailing list archive

[Launchpad Bug Tracker <1499812@xxxxxxxxxxxxxxxxxx>]

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1499812

Title:
  VM can't get an IP via DHCP when booting with a port that has port
  security disabled

Status in neutron:
  Expired

Bug description:
  To reproduce:

   - create a port with port security disabled

      neutron port-create private --port-security-enabled=False --name
  rawport

   - boot a vm with the port

      nova boot --flavor=1 --image=cirros-0.3.4-x86_64-uec --nic port-
  id=$(neutron port-show -f value -F id rawport) vm1

  The VM boots, seemingly successfully, but is not reachable.  Examining
  the VM's console.log shows that the VM failed to acquire a dhcp lease
  despite multiple tries.

  There is a workaround of sorts.  It is possible to boot a VM with port
  security enabled, and then disable port security once it has acquired
  a dhcp lease:

      nova boot --flavor=1 --image=cirros-0.3.4-x86_64-uec vm2
      neutron port-update --security-groups= [port id]
      neutron port-update --port-security-enabled=false [port id]

  This results in the VM both having connectivity and being able to send
  traffic for ip/mac pairs not associated with the port.  However, a
  reboot would again result in a VM unable to acquire a dhcp lease.

  The problem also exhibits if booting a VM on a network that has
  port security disabled (assuming nova has been fixed as per
  https://review.openstack.org/#/c/173204).

  
  environment: centos71, 3.10.0-229.el7.x86_64, ovs 2.3.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1499812/+subscriptions