yahoo-eng-team team mailing list archive

[David Hill <1987396@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

masquerading behavior changed beteen queens and train following [1]
implementation of random-fully to solve another issue.   Now, the source
port is remapped randomly to some undeterminisitc value in order to
avoid a racy tuple generation in the kernel but this has for effect that
a firewall between openstack routers and the destination service that
relies on source_ip:source_port for this no longer works.   There're
many other custom applications that could be using that information in
their internal functions


[1] https://review.opendev.org/c/openstack/neutron/+/636473

** Affects: neutron
     Importance: Undecided
         Status: Confirmed

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1987396

Title:
  masquerading behavior changed beteen queens and train

Status in neutron:
  Confirmed

Bug description:
  masquerading behavior changed beteen queens and train following [1]
  implementation of random-fully to solve another issue.   Now, the
  source port is remapped randomly to some undeterminisitc value in
  order to avoid a racy tuple generation in the kernel but this has for
  effect that a firewall between openstack routers and the destination
  service that relies on source_ip:source_port for this no longer works.
  There're many other custom applications that could be using that
  information in their internal functions

  
  [1] https://review.opendev.org/c/openstack/neutron/+/636473

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1987396/+subscriptions