yahoo-eng-team team mailing list archive

[Launchpad Bug Tracker <1602006@xxxxxxxxxxxxxxxxxx>]

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1602006

Title:
  openvswitch firewall driver  IPv6 drop

Status in neutron:
  Expired

Bug description:
  I was testing ovs firewall driver added in https://bugs.launchpad.net/neutron/+bug/1461000 .
  Versions:
  ---------
  OpenStack: Mitaka
  Neutron: 8.1.2
  ovs 2.5
  linux kernel 4.4

  Environment:
  ------------
  2 Controllers (Neutron L3 Agent in dvr_snat)
  1 Dual stacked neutron provider network (ie; with IPv4 + IPv6 subnets)
  Created security group to allow traffic ICMP, UDP, TCP traffic
  Two physical interfaces on Computes and controllers. Second interface is used for data traffic and OVS attached to that interface (see attachment for ovs details)
  Compute1 (Neutron L3 Agent in dvr mode, ML2 + firewall_driver as openvswitch)
  Compute2 (Neutron L3 Agent in dvr mode, ML2 + firewall_driver as iptables)

  Created an Instance1 on *Compute1* with port attached to provider
  network (not using Tenant network to avoid any DVR flow intervention).
  Able to ping/tcp connect IPv4 but unable to reach IPv6 (tried from
  Router and dhcp namespace on the controller)

  Created an Instance2 on *Compute2* with port attached to provider
  network (not using Tenant network to avoid any DVR flow intervention).
  Able to ping/tcp connect both IPv4 and IPv6.

  I have changed the firewall_driver on Compute1 to iptables and created
  instance3 and able to reach IPv4 and IPv6 packets from the router
  interface without issues.

  Attaching my environment details and OVS flow tables for more details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1602006/+subscriptions