yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1907491] Re: OVS conjunctive flows are not cleaned up after remote group member ips deleted

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Hang Yang <1907491@xxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Jan 2021 19:49:41 -0000
Reply-to: Bug 1907491 <1907491@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Fix released and backported:
Master: https://review.opendev.org/c/openstack/neutron/+/766775
Victoria: https://review.opendev.org/c/openstack/neutron/+/767676
Ussuri: https://review.opendev.org/c/openstack/neutron/+/767677
Train: https://review.opendev.org/c/openstack/neutron/+/767678


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1907491

Title:
  OVS conjunctive flows are not cleaned up after remote group member ips
  deleted

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Running with the current Neutron master and OVS firewall agent in
  devstack all-in-one, when creating a security group rule with a
  remote-group for an active VM, the conjunctive flows that match the
  remote-group's member IPs are created. But when deleting the remote-
  group's member IPs(e.g: unset fixed-ips of the port associated with
  the remote-group), the deleted IP's conjunctive flows are not cleaned
  up in OVS.

  Detailed steps to reproduce in devstack:
  http://paste.openstack.org/show/800820/

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1907491/+subscriptions