← Back to team overview

yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1656754] [NEW] Fwaas (Bind a firewall to DVR router when its floating-ip count is zero): The firewall does not take effect for a VM after binding a floating ip to the VM.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: wujun <wujun@xxxxxxxxxxx>
Date: Mon, 16 Jan 2017 07:53:23 -0000
Reply-to: Bug 1656754 <1656754@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

environment: Mitaka

In the DVR mode:
1. create a router, a firewall and a VM
2. bind the firewall to the router of VM

Now, the firewall rule take effect in the snat namespace. It is normal.

3. bind a floatingip to the VM

Now, the firewall rule does not take effect in the qrouter namespace. It is abnormal.
Unless we unbind the firewall and then rebind it.

Before bind the floating ip : VM->qrouter->snat
After bind the floating ip : VM->qrouter->fip

In the Fwaas code, When create a firewall, it will check the variable
dist_fip_count.Only if it is bigger than zero, it will take effect on
the interface "rfp-".

So, we bind a firewall to a router before bind floating ip to a VM，the firewall rule will
not take effect for the VM.

** Affects: neutron
Importance: Undecided
Status: New

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1656754

Title:
Fwaas (Bind a firewall to DVR router when its floating-ip count is
zero): The firewall does not take effect for a VM after binding a
floating ip to the VM.

Status in neutron:
New

Bug description:
environment: Mitaka