Back to bug 1713329

Who	When	What	Removed	Added
Nate Johnston	2019-05-23 15:14:00 UTC	CC		njohnston
		Assignee	amuller	njohnston
Nate Johnston	2019-05-24 15:59:34 UTC	Priority	unspecified	high
		Status	NEW	ON_DEV
Slawek Kaplonski	2019-06-14 10:38:30 UTC	Assignee	njohnston	skaplons
Slawek Kaplonski	2019-06-14 15:02:03 UTC	Keywords		Triaged
Bernard Cafarelli	2019-06-28 11:58:02 UTC	Keywords		AutomationBlocker
		Status	ON_DEV	POST
Slawek Kaplonski	2019-06-28 12:18:37 UTC	Doc Text		Cause: The version of ebtables RHEL 8 ships does not support the among match. Consequence: Arp spoofing protection in neutron-linuxbridge-agent will not work due to that issue. Workaround (if any): No Result: When using Linuxbridge agent on RHEL 8 there is no protection against arp spoofing by instances.
		Doc Type	If docs needed, set a value	Known Issue
Slawek Kaplonski	2019-06-28 12:21:14 UTC	Doc Text	Cause: The version of ebtables RHEL 8 ships does not support the among match. Consequence: Arp spoofing protection in neutron-linuxbridge-agent will not work due to that issue. Workaround (if any): No Result: When using Linuxbridge agent on RHEL 8 there is no protection against arp spoofing by instances.	Cause: The version of ebtables RHEL 8 ships does not support the among match. Consequence: Arp spoofing protection in neutron-linuxbridge-agent will not work due to that issue. Workaround (if any): use neutron-ovs-agent or networking-ovn which are preferred (only supported even probably) solutions. Result: When using Linuxbridge agent on RHEL 8 there is no protection against arp spoofing by instances.
Slawek Kaplonski	2019-06-28 13:18:09 UTC	Status	POST	MODIFIED
Slawek Kaplonski	2019-06-28 16:08:13 UTC	Target Release	---	15.0 (Stein)
		Target Milestone	---	beta
Greg Rakauskas	2019-06-28 17:57:20 UTC	CC		gregraka
		Doc Text	Cause: The version of ebtables RHEL 8 ships does not support the among match. Consequence: Arp spoofing protection in neutron-linuxbridge-agent will not work due to that issue. Workaround (if any): use neutron-ovs-agent or networking-ovn which are preferred (only supported even probably) solutions. Result: When using Linuxbridge agent on RHEL 8 there is no protection against arp spoofing by instances.	Red Hat OpenStack Platform deployments that use the Linux bridge ML2 driver and agent are unprotected against Address Resolution Protocol (ARP) spoofing. The version of Ethernet bridge frame table administration (ebtables) that is part of Red Hat Enterprise Linux 8 is incompatible with the Linux bridge ML2 driver. The Linux Bridge ML2 driver and agent were deprecated in Red Hat OpenStack Platform 11, and should not be used. Red Hat recommends that you use instead the ML2 Open Virtual Network (OVN) driver and services, the default deployed by the Red Hat OpenStack Platform director.
errata-xmlrpc	2019-07-01 19:20:27 UTC	Status	MODIFIED	ON_QA
Eran Kuris	2019-07-02 07:27:54 UTC	CC		ekuris
		QA Contact	ragiman	ccamposr
Bernard Cafarelli	2019-07-02 09:47:25 UTC	Status	ON_QA	VERIFIED
		Target Release	15.0 (Stein)	---
		CC		bcafarel
		Target Milestone	beta	---
		Doc Type	Known Issue	If docs needed, set a value
Greg Rakauskas	2019-07-02 21:12:07 UTC	Flags		needinfo?(bcafarel)
Bernard Cafarelli	2019-07-03 13:10:10 UTC	Target Release	---	15.0 (Stein)
		Target Milestone	---	beta
		Doc Type	If docs needed, set a value	Known Issue
		Flags	needinfo?(bcafarel)
Lon Hohberger	2019-07-09 15:39:11 UTC	Fixed In Version		openstack-neutron-14.0.3-0.20190704180411.9f4e596.el8ost
errata-xmlrpc	2019-09-18 19:14:52 UTC	Status	VERIFIED	RELEASE_PENDING
errata-xmlrpc	2019-09-21 11:22:30 UTC	Status	RELEASE_PENDING	CLOSED
		Resolution	---	ERRATA
		Last Closed		2019-09-21 11:22:30 UTC
errata-xmlrpc	2019-09-21 11:22:50 UTC	Link ID		Red Hat Product Errata RHEA-2019:2811

Back to bug 1713329