← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #82165

[Bug 1864027] Re: [OVN] DHCP doesn't work while instance has disabled port security

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/708852
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=3d3b61f8792277b303e10bce51512d9a73ef187e
Submitter: Zuul
Branch:    master

commit 3d3b61f8792277b303e10bce51512d9a73ef187e
Author: Maciej Józefczyk <mjozefcz@xxxxxxxxxx>
Date:   Thu Feb 20 11:27:13 2020 +0000

    Revert "[OVN] Set 'unknown' address properly when port sec is disabled"
    
    We can now revert this patch, because main cause has been already
    fixed in Core OVN [1]. With this fix the ARP responder flows are not
    installed on LS pipeline, when LSP has port security disabled, and
    an 'unknown' address is set in addresses column.
    This makes MAC spoofing possible.
    
    
    [1] https://patchwork.ozlabs.org/patch/1258152/
    
    
    This reverts commit 03b87ad963d5d8165a92e5c7c284c1517333dd00.
    
    
    
    Change-Id: Ie4c87d325b671348e133d62818d99af147d50ca2
    Closes-Bug: #1864027


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1864027

Title:
  [OVN] DHCP doesn't work while instance has disabled port security

Status in neutron:
  Fix Released

Bug description:
  While instance has disabled port security its not able to reach DHCP service.
  Looks like the change [1] introduced this regression.

  Port has [unknown] address set:
  +-----------------------+--------------------------------------------------------------------------------------------------------+
  root@mjozefcz-ovn-train-lb:~# ovn-nbctl list logical_switch_port a09a1ac7-62ad-46ad-b802-c4abf65dcf70
  _uuid               : 32a741bc-a185-4291-8b36-dc9c387bb662
  addresses           : [unknown]
  dhcpv4_options      : 7c94ec89-3144-4920-b624-193d968c637a
  dhcpv6_options      : []
  dynamic_addresses   : []
  enabled             : true
  external_ids        : {"neutron:cidrs"="10.2.1.134/24", "neutron:device_id"="9f4a705f-b438-4da1-975d-1a0cdf81e124", "neutron:device_owner"="compute:nova", "neutron:network_name"=neutron-cd1ee69d-06b6-4502-ba26-e1280fd66ad9, "neutron:port_fip"="172.24.4.132", "neutron:port_name"="", "neutron:project_id"="98b165bfeeca4efd84724f3118d84f6f", "neutron:revision_number"="4", "neutron:security_group_ids"=""}
  ha_chassis_group    : []
  name                : "a09a1ac7-62ad-46ad-b802-c4abf65dcf70"
  options             : {requested-chassis=mjozefcz-ovn-train-lb}
  parent_name         : []
  port_security       : []
  tag                 : []
  tag_request         : []
  type                : ""
  up                  : true

  
  ovn-controller doesn't respond for DHCP requests.

  
  It was caught by failing OVN Provider driver tempest test:
  octavia_tempest_plugin.tests.scenario.v2.test_traffic_ops.TrafficOperationsScenarioTest


  
  [1] https://review.opendev.org/#/c/702249/

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1864027/+subscriptions

References

  Thread PreviousDate PreviousThread Next