Public bug reported: [Summary (Bug title)] Potential bug with allowed address pair feature.
[High level description] I want to forward all traffic to Internet from VM-2 via VM-1 using allowed address pair feature. VM-1 should be as network gateway for VM-2. After created "allowed address pair" rules contain IP address (IP VM-2 on VM-1 rule and IP VM-1 on VM-2 rule), interfaces on this VMs change status to UNBIND/DOWN. After that, VMs aren't recoverable. If VM will be rebooted (HARD, shelve) Nova will return error "Exception during message handling: nova.exception.InternalError: Unexpected vif_type=unbound". [Pre-conditions] Two VMs without defined "allowed address pair" rules, connected to the same internal network, one VM should have assigned FIP. VMs should be reachable beetwen self (ex. ping response) [Step-by-step reproduction steps] - Create 2 VM's and assign to the same network and assign FIP to one -> in this case pb-lab-network-1, pb-lab-network-2 - Create allowed_adress_pair for each VM - only IP should be filled - Verify ports status - connectivity with VM-2 (without FIP) should be lost - Make SOFT REBOOT instance. After reboot VM will going to UP state but port will change status do DOWN - Make HARD REBOOT instance. After reboot VM will going to ERROR state. Here are logs and commands: https://paste.openstack.org/show/bx3EGpt18sjT9s16xVNR/ [Expected output] Error or Warning should be returned if settings aren't correctly. Or blocked. [Actual output] I can modify rules and filled "what I want", even incorrectly. In this case, PROD environment can be stopped, unconsciously. [Version] OpenStack 2023.2 Bobcat, deployed by kolla-ansible with all defaults Ubuntu 22.04 LTS [Perceived severity] Major ** Affects: neutron Importance: Undecided Status: New ** Tags: neutron -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2085349 Title: [neutron] Potential bug with allowed address pair feature Status in neutron: New Bug description: [Summary (Bug title)] Potential bug with allowed address pair feature. [High level description] I want to forward all traffic to Internet from VM-2 via VM-1 using allowed address pair feature. VM-1 should be as network gateway for VM-2. After created "allowed address pair" rules contain IP address (IP VM-2 on VM-1 rule and IP VM-1 on VM-2 rule), interfaces on this VMs change status to UNBIND/DOWN. After that, VMs aren't recoverable. If VM will be rebooted (HARD, shelve) Nova will return error "Exception during message handling: nova.exception.InternalError: Unexpected vif_type=unbound". [Pre-conditions] Two VMs without defined "allowed address pair" rules, connected to the same internal network, one VM should have assigned FIP. VMs should be reachable beetwen self (ex. ping response) [Step-by-step reproduction steps] - Create 2 VM's and assign to the same network and assign FIP to one -> in this case pb-lab-network-1, pb-lab-network-2 - Create allowed_adress_pair for each VM - only IP should be filled - Verify ports status - connectivity with VM-2 (without FIP) should be lost - Make SOFT REBOOT instance. After reboot VM will going to UP state but port will change status do DOWN - Make HARD REBOOT instance. After reboot VM will going to ERROR state. Here are logs and commands: https://paste.openstack.org/show/bx3EGpt18sjT9s16xVNR/ [Expected output] Error or Warning should be returned if settings aren't correctly. Or blocked. [Actual output] I can modify rules and filled "what I want", even incorrectly. In this case, PROD environment can be stopped, unconsciously. [Version] OpenStack 2023.2 Bobcat, deployed by kolla-ansible with all defaults Ubuntu 22.04 LTS [Perceived severity] Major To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2085349/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
