yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1746855] Re: FWaaS V2 failures with Ml2 is Linuxbridge or security group driver is iptables_hybrid

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1746855@xxxxxxxxxxxxxxxxxx>
Date: Mon, 05 Feb 2018 08:50:02 -0000
Reply-to: Bug 1746855 <1746855@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/536234
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=358c2edb53c9bfc8ad1d91d74f3a16a1a07fc502
Submitter: Zuul
Branch:    master

commit 358c2edb53c9bfc8ad1d91d74f3a16a1a07fc502
Author: Nguyen Phuong An <AnNP@xxxxxxxxxxxxxx>
Date:   Mon Jan 22 13:50:55 2018 +0700

    Validating if a port is supported by FWaaS L2 driver
    
    Currently, FWaaS L2 driver based OVS only works correctly with
    VM ports, which are landed at compute nodes with:
        * mechanism_drivers=openvswitch
        * firewall_driver=noop or openvswitch for security group
    
    If you try to add a VM port to a FWG, which is landed at compute
    nodes with:
        * mechanism_drivers=linuxbridge and firewall_driver=iptables
        * mechanism_drivers=openvswitch and firewall_driver=iptables_hybrid
    Then, FWaaS V2 API  won't work correctly.
    
    So this patch validates if VM ports are supported fully by FWaaS L2
    driver at this moment. In the future, if FWaaS L2 driver can support
    not only hybrid port but also other ports, we can remove this validation.
    
    Change-Id: Ib0a85b55840d8dfe6bcae91484a0440902d3c49a
    Closes-Bug: #1746855


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1746855

Title:
  FWaaS V2 failures with Ml2 is Linuxbridge or security group driver is
  iptables_hybrid

Status in neutron:
  Fix Released

Bug description:
  Current, FWaaS L2 driver based openvswitch only works correctly with
  vm ports, which are landed at compute nodes with mechanism driver is
  openvswtich. So if you try to add a vm port to a FWG, which is landed
  at compute nodes with mechanism driver is linuxbridge, then FWaaS API
  won't work.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1746855/+subscriptions

References

[Bug 1746855] [NEW] Fwaas V2 doesn't support Linuxbridge
From: Nguyen Phuong An, 2018-02-02