← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #63020

[Bug 1680305] [NEW] remote securitygroup address pairs update

  Thread PreviousDate PreviousThread Next 
Public bug reported:

1. create two security groups
    sg-test-1:
      id           523ea2a0-8b73-4a9d-b122-68030418f9a6
      security_group_rules               egress, IPv4
                                         egress, IPv6
                                         ingress, IPv4, icmp, remote_group_id: 56dd2c05-fd80-4f1d-a17f-f1be73a42a82

    sg-test-2:
      id           56dd2c05-fd80-4f1d-a17f-f1be73a42a82
      security_group_rules               egress, IPv4
                                         egress, IPv6
2. create two vms with security group
     vm1(10.20.10.12)   port id    b11b8dde-69cb-4a1e-bd9c-20db51748c52     sg-test-1
     vm2(10.20.10.6)    port id    ffcd8854-f4f6-4d66-84cd-ad29192ab778     sg-test-2

3. in vm1's compute node

   #iptables -nvL  neutron-openvswi-ib11b8dde-6;
   …………
    0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            match-set NIPv456dd2c05-fd80-4f1d-a17f- src
   #ipset list NIPv456dd2c05-fd80-4f1d-a17f-
   Name: NIPv456dd2c05-fd80-4f1d-a17f-
   Type: hash:net
   Revision: 3
   Header: family inet hashsize 1024 maxelem 65536
   Size in memory: 19216
   References: 1
   Members:
   10.20.10.6

4、update vm2's port 
   #neutron port-update ffcd8854-f4f6-4d66-84cd-ad29192ab778 --allowed-address-pairs type=dict list=true \
ip_address=10.20.10.66,mac_address=fa:16:3e:02:70:85

5、 ipset list NIPv456dd2c05-fd80-4f1d-a17f- ,not found address
10.20.10.66

release used: ocata

** Affects: neutron
     Importance: Undecided
     Assignee: 刘成乾 (liuchengqian90)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => 刘成乾 (liuchengqian90)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1680305

Title:
  remote securitygroup address pairs update

Status in neutron:
  New

Bug description:
  1. create two security groups
      sg-test-1:
        id           523ea2a0-8b73-4a9d-b122-68030418f9a6
        security_group_rules               egress, IPv4
                                           egress, IPv6
                                           ingress, IPv4, icmp, remote_group_id: 56dd2c05-fd80-4f1d-a17f-f1be73a42a82

      sg-test-2:
        id           56dd2c05-fd80-4f1d-a17f-f1be73a42a82
        security_group_rules               egress, IPv4
                                           egress, IPv6
  2. create two vms with security group
       vm1(10.20.10.12)   port id    b11b8dde-69cb-4a1e-bd9c-20db51748c52     sg-test-1
       vm2(10.20.10.6)    port id    ffcd8854-f4f6-4d66-84cd-ad29192ab778     sg-test-2

  3. in vm1's compute node

     #iptables -nvL  neutron-openvswi-ib11b8dde-6;
     …………
      0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            match-set NIPv456dd2c05-fd80-4f1d-a17f- src
     #ipset list NIPv456dd2c05-fd80-4f1d-a17f-
     Name: NIPv456dd2c05-fd80-4f1d-a17f-
     Type: hash:net
     Revision: 3
     Header: family inet hashsize 1024 maxelem 65536
     Size in memory: 19216
     References: 1
     Members:
     10.20.10.6

  4、update vm2's port 
     #neutron port-update ffcd8854-f4f6-4d66-84cd-ad29192ab778 --allowed-address-pairs type=dict list=true \
  ip_address=10.20.10.66,mac_address=fa:16:3e:02:70:85

  5、 ipset list NIPv456dd2c05-fd80-4f1d-a17f- ,not found address
  10.20.10.66

  release used: ocata

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1680305/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next