yahoo-eng-team team mailing list archive

[Lucas Alvares Gomes <2080347@xxxxxxxxxxxxxxxxxx>]

Hi Saeed,

This ticket sounds more like a question for team and maintainers of
ML2/OVS than a bug per se. I would like to suggest you to send it as an
email to the openstack-discuss@xxxxxxxxxxxxxxxxxxx (with the [neutron]
tag in the subject) or join us at #openstack-neutron on the OFTC IRC
network and ask that question.

Please feel free to reopen this bug if you think this should be treated
as a bug.

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2080347

Title:
  Openvswitch Port Security for unicast traffic of other instances

Status in neutron:
  Invalid

Bug description:
  I run some scenarios with ML2/OVN and ML2/OVS (in all tests security-
  group has no rule)

  With the OVN backend, when port security is enabled I can NOT watch
  the unicast traffic of other instances by tcpdump, but when port
  security is disabled I can watch other unicast traffic for other
  instances.

  I also run the same scenarios when the backend is Openvswitch only
  (not OVN) I can watch unicast traffic of other instances (enabling or
  disabling port security has no impact).

  Is there any link or reference that explicitly explains this issue and
  the impact of OVN in OpenStack for dropping other traffic?

  I dump flow rules from openvswitch and compare them, and I'm pretty
  sure that the OVN adds some rules to drop other unicast traffic.

  Can I drop the unicast traffic of other instances in Openvswitch when I do not use OVN as the backend?
  (automatically or by configuration)

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2080347/+subscriptions