← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #92518

[Bug 2024502] [NEW] Tempest: add scenario to validate that stateless SG rules are working in presence of Load Balancer attached to the same network

  Thread PreviousDate PreviousThread Next 
Public bug reported:

It was found that in case of ML2/OVN, stateless SG rules stop working
when a Octavia Load Balancer is attached to the same network. This was
addressed in OVN core project with: https://github.com/ovn-
org/ovn/commit/a0f82efdd9dfd3ef2d9606c1890e353df1097a51

I think it may make sense to add a new integration scenario for this
case in tempest plugin that would:

- create stateless SG
- define some rules
- start a VM for the SG
- check rules work as expected
- define a Load Balancer for the network
- check the SG rules still work as expected

This is a corner case, but since we know it's problematic in some OVN
branches and since ML2/OVN is the default implementation, - and since
OVN core team is considering adjusting the ACL conntrack behavior in the
near future that may affect stateless behavior - it may be wise to
implement the scenario nevertheless.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: ovn ovn-octavia-provider tempest

** Tags added: ovn ovn-octavia-provider tempest

** Bug watch added: Red Hat Bugzilla #2214303
   https://bugzilla.redhat.com/show_bug.cgi?id=2214303

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2024502

Title:
  Tempest: add scenario to validate that stateless SG rules are working
  in presence of Load Balancer attached to the same network

Status in neutron:
  New

Bug description:
  It was found that in case of ML2/OVN, stateless SG rules stop working
  when a Octavia Load Balancer is attached to the same network. This was
  addressed in OVN core project with: https://github.com/ovn-
  org/ovn/commit/a0f82efdd9dfd3ef2d9606c1890e353df1097a51

  I think it may make sense to add a new integration scenario for this
  case in tempest plugin that would:

  - create stateless SG
  - define some rules
  - start a VM for the SG
  - check rules work as expected
  - define a Load Balancer for the network
  - check the SG rules still work as expected

  This is a corner case, but since we know it's problematic in some OVN
  branches and since ML2/OVN is the default implementation, - and since
  OVN core team is considering adjusting the ACL conntrack behavior in
  the near future that may affect stateless behavior - it may be wise to
  implement the scenario nevertheless.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2024502/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next