yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #82265
[Bug 1872407] [NEW] The firewall group's function is failed in the dvr scene.
Public bug reported:
Creating a firewall group with policies and 1 interface ports.
[root@test25g04 yuanshuo1]# openstack firewall group show ys-normal-fw1
+-------------------+-------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------+
| Description | |
| Egress Policy ID | 0910e062-f961-45aa-928a-03cdc8725da9 |
| ID | f3b8441a-dcdb-457d-90bc-71571bffa155 |
| Ingress Policy ID | 9873dfd4-f235-463e-a246-67217ecdbdb0 |
| Name | ys-normal-fw1 |
| Ports | [u'ef283f14-ed0b-4dbb-bde4-2e08b66e73fc'] |
| Project | 17bf57ec04994db2b591fda36c368e99 |
| Shared | False |
| State | UP |
| Status | ACTIVE |
| created_at | 2020-04-13T03:10:10Z |
| project_id | 17bf57ec04994db2b591fda36c368e99 |
| revision_number | 7 |
| tags | [] |
| updated_at | 2020-04-13T03:55:04Z |
+-------------------+-------------------------------------------+
[root@test25g04 yuanshuo1]#
[root@test25g04 yuanshuo1]# ip netns exec snat-fd339f1d-2021-4ea0-9781-0f55a1992924 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
6806: ha-ff2aff44-1c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000
link/ether fa:16:3e:22:7e:32 brd ff:ff:ff:ff:ff:ff
inet 169.254.195.185/18 brd 169.254.255.255 scope global ha-ff2aff44-1c
valid_lft forever preferred_lft forever
inet 169.254.0.73/24 scope global ha-ff2aff44-1c
valid_lft forever preferred_lft forever
6811: sg-fa47642f-a8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000
link/ether fa:16:3e:1a:06:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.164/24 scope global sg-fa47642f-a8
valid_lft forever preferred_lft forever
6812: qg-6c7ac163-0b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether fa:16:3e:d0:1e:70 brd ff:ff:ff:ff:ff:ff
inet 10.162.150.108/25 scope global qg-6c7ac163-0b
valid_lft forever preferred_lft forever
The chain of iptables for neutron-l3-agent-FORWARD is:
Chain neutron-l3-agent-FORWARD (1 references)
pkts bytes target prot opt in out source destination
21 1764 neutron-l3-agent-scope all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-iv4f3b8441a all -- * sg-ef283f14-ed 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-ov4f3b8441a all -- sg-ef283f14-ed * 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-fwaas-defau all -- * sg-ef283f14-ed 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-fwaas-defau all -- sg-ef283f14-ed * 0.0.0.0/0 0.0.0.0/0
But the interface sg-ef283f14-ed is not exist, so the the firewall
group's function is failed in the dvr scene.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1872407
Title:
The firewall group's function is failed in the dvr scene.
Status in neutron:
New
Bug description:
Creating a firewall group with policies and 1 interface ports.
[root@test25g04 yuanshuo1]# openstack firewall group show ys-normal-fw1
+-------------------+-------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------+
| Description | |
| Egress Policy ID | 0910e062-f961-45aa-928a-03cdc8725da9 |
| ID | f3b8441a-dcdb-457d-90bc-71571bffa155 |
| Ingress Policy ID | 9873dfd4-f235-463e-a246-67217ecdbdb0 |
| Name | ys-normal-fw1 |
| Ports | [u'ef283f14-ed0b-4dbb-bde4-2e08b66e73fc'] |
| Project | 17bf57ec04994db2b591fda36c368e99 |
| Shared | False |
| State | UP |
| Status | ACTIVE |
| created_at | 2020-04-13T03:10:10Z |
| project_id | 17bf57ec04994db2b591fda36c368e99 |
| revision_number | 7 |
| tags | [] |
| updated_at | 2020-04-13T03:55:04Z |
+-------------------+-------------------------------------------+
[root@test25g04 yuanshuo1]#
[root@test25g04 yuanshuo1]# ip netns exec snat-fd339f1d-2021-4ea0-9781-0f55a1992924 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
6806: ha-ff2aff44-1c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000
link/ether fa:16:3e:22:7e:32 brd ff:ff:ff:ff:ff:ff
inet 169.254.195.185/18 brd 169.254.255.255 scope global ha-ff2aff44-1c
valid_lft forever preferred_lft forever
inet 169.254.0.73/24 scope global ha-ff2aff44-1c
valid_lft forever preferred_lft forever
6811: sg-fa47642f-a8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000
link/ether fa:16:3e:1a:06:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.164/24 scope global sg-fa47642f-a8
valid_lft forever preferred_lft forever
6812: qg-6c7ac163-0b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether fa:16:3e:d0:1e:70 brd ff:ff:ff:ff:ff:ff
inet 10.162.150.108/25 scope global qg-6c7ac163-0b
valid_lft forever preferred_lft forever
The chain of iptables for neutron-l3-agent-FORWARD is:
Chain neutron-l3-agent-FORWARD (1 references)
pkts bytes target prot opt in out source destination
21 1764 neutron-l3-agent-scope all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-iv4f3b8441a all -- * sg-ef283f14-ed 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-ov4f3b8441a all -- sg-ef283f14-ed * 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-fwaas-defau all -- * sg-ef283f14-ed 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-fwaas-defau all -- sg-ef283f14-ed * 0.0.0.0/0 0.0.0.0/0
But the interface sg-ef283f14-ed is not exist, so the the firewall
group's function is failed in the dvr scene.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1872407/+subscriptions
