yahoo-eng-team team mailing list archive

[Maximilian Stinsky <1951564@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

With the following report
https://bugs.launchpad.net/neutron/+bug/1814002 neutron was set to
create SNAT rules with the --random-fully flag.

This is only getting applied with iptables 1.6.2 through a version check on the neutorn-l3-agent start. 
--random-fully is already supported since iptables 1.6.0 for SNAT rules. 1.6.2 is only required for MASQUERADE.

As far as I can see neutron is only setting SNAT rules so it would be
reasonable to decrease the version check to 1.6.0 - this would enable
--random-fully for more deployments as ubuntu bionic for example only
ships with iptables 1.6.1.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1951564

Title:
  snat random-fully supported with iptables 1.6.0

Status in neutron:
  New

Bug description:
  With the following report
  https://bugs.launchpad.net/neutron/+bug/1814002 neutron was set to
  create SNAT rules with the --random-fully flag.

  This is only getting applied with iptables 1.6.2 through a version check on the neutorn-l3-agent start. 
  --random-fully is already supported since iptables 1.6.0 for SNAT rules. 1.6.2 is only required for MASQUERADE.

  As far as I can see neutron is only setting SNAT rules so it would be
  reasonable to decrease the version check to 1.6.0 - this would enable
  --random-fully for more deployments as ubuntu bionic for example only
  ships with iptables 1.6.1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1951564/+subscriptions