yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #94776
[Bug 2085349] [NEW] [neutron] Potential bug with allowed address pair feature
Public bug reported:
[Summary (Bug title)]
Potential bug with allowed address pair feature.
[High level description]
I want to forward all traffic to Internet from VM-2 via VM-1 using allowed address pair feature. VM-1 should be as network gateway for VM-2. After created "allowed address pair" rules contain IP address (IP VM-2 on VM-1 rule and IP VM-1 on VM-2 rule), interfaces on this VMs change status to UNBIND/DOWN. After that, VMs aren't recoverable. If VM will be rebooted (HARD, shelve) Nova will return error "Exception during message handling: nova.exception.InternalError: Unexpected vif_type=unbound".
[Pre-conditions]
Two VMs without defined "allowed address pair" rules, connected to the same internal network, one VM should have assigned FIP. VMs should be reachable beetwen self (ex. ping response)
[Step-by-step reproduction steps]
- Create 2 VM's and assign to the same network and assign FIP to one -> in this case pb-lab-network-1, pb-lab-network-2
- Create allowed_adress_pair for each VM - only IP should be filled
- Verify ports status - connectivity with VM-2 (without FIP) should be lost
- Make SOFT REBOOT instance. After reboot VM will going to UP state but port will change status do DOWN
- Make HARD REBOOT instance. After reboot VM will going to ERROR state.
Here are logs and commands: https://paste.openstack.org/show/bx3EGpt18sjT9s16xVNR/
[Expected output]
Error or Warning should be returned if settings aren't correctly. Or blocked.
[Actual output]
I can modify rules and filled "what I want", even incorrectly. In this case, PROD environment can be stopped, unconsciously.
[Version]
OpenStack 2023.2 Bobcat, deployed by kolla-ansible with all defaults
Ubuntu 22.04 LTS
[Perceived severity]
Major
** Affects: neutron
Importance: Undecided
Status: New
** Tags: neutron
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2085349
Title:
[neutron] Potential bug with allowed address pair feature
Status in neutron:
New
Bug description:
[Summary (Bug title)]
Potential bug with allowed address pair feature.
[High level description]
I want to forward all traffic to Internet from VM-2 via VM-1 using allowed address pair feature. VM-1 should be as network gateway for VM-2. After created "allowed address pair" rules contain IP address (IP VM-2 on VM-1 rule and IP VM-1 on VM-2 rule), interfaces on this VMs change status to UNBIND/DOWN. After that, VMs aren't recoverable. If VM will be rebooted (HARD, shelve) Nova will return error "Exception during message handling: nova.exception.InternalError: Unexpected vif_type=unbound".
[Pre-conditions]
Two VMs without defined "allowed address pair" rules, connected to the same internal network, one VM should have assigned FIP. VMs should be reachable beetwen self (ex. ping response)
[Step-by-step reproduction steps]
- Create 2 VM's and assign to the same network and assign FIP to one -> in this case pb-lab-network-1, pb-lab-network-2
- Create allowed_adress_pair for each VM - only IP should be filled
- Verify ports status - connectivity with VM-2 (without FIP) should be lost
- Make SOFT REBOOT instance. After reboot VM will going to UP state but port will change status do DOWN
- Make HARD REBOOT instance. After reboot VM will going to ERROR state.
Here are logs and commands: https://paste.openstack.org/show/bx3EGpt18sjT9s16xVNR/
[Expected output]
Error or Warning should be returned if settings aren't correctly. Or blocked.
[Actual output]
I can modify rules and filled "what I want", even incorrectly. In this case, PROD environment can be stopped, unconsciously.
[Version]
OpenStack 2023.2 Bobcat, deployed by kolla-ansible with all defaults
Ubuntu 22.04 LTS
[Perceived severity]
Major
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2085349/+subscriptions
Follow ups
