yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1940530] [NEW] Specifying allowed_address_pairs as CIDR breaks DVR

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Pavlo Shchelokovskyy <1940530@xxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Aug 2021 11:57:40 -0000
Reply-to: Bug 1940530 <1940530@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

This looks like aftermath of fixing
https://bugs.launchpad.net/neutron/+bug/1928466

According to docs https://docs.openstack.org/api-
ref/network/v2/?expanded=create-port-detail#create-port the ip_address
in allowed_address_pairs of a port can be a CIDR.

Change https://review.opendev.org/q/I5d6c72c271ff450d9e43b3e33a99dd59d727882d (backported down to Queens) started calling _update_arp_entry method with ip_address of allowed_address_pairs.
But when CIDR is supplied as such ip_address value, it now fails because CIDR can't be set on the device as a neighbor.

TBH I am not clear what to do here. Should we unpack the CIDR and add
arp entry for every IP in the range defined? Or should we ignore CIDRs
altogether when adding arp entries? Or should we explicitly fail and
deny allowed_address_pairs ip_address as CIDR in DVR? Or at all?

** Affects: neutron
Importance: Undecided
Status: New

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1940530

Title:
Specifying allowed_address_pairs as CIDR breaks DVR

Status in neutron:
New

Bug description:
This looks like aftermath of fixing
https://bugs.launchpad.net/neutron/+bug/1928466

According to docs https://docs.openstack.org/api-
ref/network/v2/?expanded=create-port-detail#create-port the ip_address
in allowed_address_pairs of a port can be a CIDR.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1940530/+subscriptions