yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1908382] Re: [OVN] Missing OVN ACLs for security groups that utilize remote groups attached to ports with allowed_address_pairs

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rodolfo Alonso <1908382@xxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Dec 2022 11:14:30 -0000
Reply-to: Bug 1908382 <1908382@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Bug closed due to lack of activity, please feel free to reopen if
needed.

** Changed in: neutron
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1908382

Title:
  [OVN] Missing OVN ACLs for security groups that utilize remote groups
  attached to ports with allowed_address_pairs

Status in neutron:
  Won't Fix

Bug description:
  See mailing list thread started at
  http://lists.openstack.org/pipermail/openstack-
  discuss/2020-December/019442.html

  Bug discovered during magnum testing in ussuri, where pods deployed on
  different nodes could not communicate with each other - it has been
  traced to incorrect OVN ACLs for this specific scenario:

  - neutron port with additional subnet added to  allowed_address_pairs
  - security group created with a remote group set for both TCP and UDP, to allow traffic between subnet defined in allowed_address_pairs

  It resulted in TCP and UDP being dropped by OVN.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1908382/+subscriptions

References

[Bug 1908382] [NEW] [OVN] Missing OVN ACLs for security groups that utilize remote groups attached to ports with allowed_address_pairs
From: Krzysztof Klimonda, 2020-12-16