yahoo-eng-team team mailing list archive

[Krzysztof Klimonda <1908382@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

See mailing list thread started at http://lists.openstack.org/pipermail
/openstack-discuss/2020-December/019442.html

Bug discovered during magnum testing in ussuri, where pods deployed on
different nodes could not communicate with each other - it has been
traced to incorrect OVN ACLs for this specific scenario:

- neutron port with additional subnet added to  allowed_address_pairs
- security group created with a remote group set for both TCP and UDP, to allow traffic between subnet defined in allowed_address_pairs

It resulted in TCP and UDP being dropped by OVN.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1908382

Title:
  [OVN] Missing OVN ACLs for security groups that utilize remote groups
  attached to ports with allowed_address_pairs

Status in neutron:
  New

Bug description:
  See mailing list thread started at
  http://lists.openstack.org/pipermail/openstack-
  discuss/2020-December/019442.html

  Bug discovered during magnum testing in ussuri, where pods deployed on
  different nodes could not communicate with each other - it has been
  traced to incorrect OVN ACLs for this specific scenario:

  - neutron port with additional subnet added to  allowed_address_pairs
  - security group created with a remote group set for both TCP and UDP, to allow traffic between subnet defined in allowed_address_pairs

  It resulted in TCP and UDP being dropped by OVN.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1908382/+subscriptions