Public bug reported:
See mailing list thread started at http://lists.openstack.org/pipermail
/openstack-discuss/2020-December/019442.html
Bug discovered during magnum testing in ussuri, where pods deployed on
different nodes could not communicate with each other - it has been
traced to incorrect OVN ACLs for this specific scenario:
- neutron port with additional subnet added to allowed_address_pairs
- security group created with a remote group set for both TCP and UDP, to allow
traffic between subnet defined in allowed_address_pairs
It resulted in TCP and UDP being dropped by OVN.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1908382
Title:
[OVN] Missing OVN ACLs for security groups that utilize remote groups
attached to ports with allowed_address_pairs
Status in neutron:
New
Bug description:
See mailing list thread started at
http://lists.openstack.org/pipermail/openstack-
discuss/2020-December/019442.html
Bug discovered during magnum testing in ussuri, where pods deployed on
different nodes could not communicate with each other - it has been
traced to incorrect OVN ACLs for this specific scenario:
- neutron port with additional subnet added to allowed_address_pairs
- security group created with a remote group set for both TCP and UDP, to
allow traffic between subnet defined in allowed_address_pairs
It resulted in TCP and UDP being dropped by OVN.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1908382/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
