Back to bug 2192913
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat One Jira (issues.redhat.com) | 2023-05-03 13:48:19 UTC | Link ID | Red Hat Issue Tracker OSP-24725 | |
| Luis Tomas Bolivar | 2023-05-03 13:51:11 UTC | CC | ltomasbo | |
| Eduardo Olivares | 2023-05-03 13:52:03 UTC | Comment | 0 | updated |
| Jakub Libosvar | 2023-05-08 14:50:45 UTC | Assignee | rhos-maint | jlibosva |
| CC | jlibosva | |||
| Jakub Libosvar | 2023-05-08 15:59:03 UTC | Assignee | jlibosva | rhos-maint |
| Depends On | 2087779 | |||
| Target Milestone | --- | ga | ||
| Priority | unspecified | medium | ||
| Keywords | TestOnly, Triaged | |||
| Vadim Khitrin | 2023-06-13 09:14:33 UTC | CC | vkhitrin | |
| Doc Type | If docs needed, set a value | Known Issue | ||
| Eduardo Olivares | 2023-06-14 16:03:42 UTC | Doc Text | In Red Hat OpenStack Platform (RHOSP) 17.1 environments with ML2/OVN, DVR enabled and using VLAN tenant networks, east/west traffic between VMs connected to different tenant networks is flooded to the fabric. The consequence is that packets between those VMs reach not only the compute nodes where those VMs run, but also any other overcloud node. This could cause an impact in the network side and it could be a security risk because the fabric will be sending traffic everywhere. This bug will be fixed in a later FDP release, so no RHOSP update is needed to obtain it. | |
| Flags | needinfo?(jlibosva) | |||
| James Smith | 2023-06-14 20:33:42 UTC | CC | jamsmith | |
| Doc Text | In Red Hat OpenStack Platform (RHOSP) 17.1 environments with ML2/OVN, DVR enabled and using VLAN tenant networks, east/west traffic between VMs connected to different tenant networks is flooded to the fabric. The consequence is that packets between those VMs reach not only the compute nodes where those VMs run, but also any other overcloud node. This could cause an impact in the network side and it could be a security risk because the fabric will be sending traffic everywhere. This bug will be fixed in a later FDP release, so no RHOSP update is needed to obtain it. | In Red Hat OpenStack Platform (RHOSP) 17.1 environments with ML2/OVN, DVR enabled and using VLAN tenant networks, east/west traffic between VMs connected to different tenant networks is flooded to the fabric. + As a result, packets between those VMs reach not only the compute nodes where those VMs run, but also any other overcloud node. + This could cause an impact in the network side and it could be a security risk because the fabric sends traffic everywhere. + This bug will be fixed in a later FDP release, so no RHOSP update is needed to obtain it. |
||
| Jakub Libosvar | 2023-07-17 16:53:20 UTC | Flags | needinfo?(jlibosva) | |
| Eran Kuris | 2023-07-25 08:52:10 UTC | Summary | [OVN+VLAN+DVR] Flooded packets testing e/w with different tenant networks | [OVN+VLAN+DVR] Flooded packets testing e/w with different tenant networks [Core OVN tracker] |
| Status | NEW | POST | ||
| Target Milestone | ga | z1 | ||
| RHEL Program Management | 2023-07-25 08:52:21 UTC | Target Release | --- | 17.1 |
| Jakub Libosvar | 2023-07-31 15:19:50 UTC | Assignee | rhos-maint | jlibosva |
| Ian Frangs | 2023-08-03 15:46:23 UTC | Flags | needinfo?(jlibosva) | |
| Jakub Libosvar | 2023-08-03 16:17:29 UTC | Flags | needinfo?(jlibosva) | needinfo?(ifrangs) |
| CC | ifrangs | |||
| Jenny-Anne Lynch | 2023-08-10 09:23:49 UTC | CC | jelynch | |
| Doc Text | In Red Hat OpenStack Platform (RHOSP) 17.1 environments with ML2/OVN, DVR enabled and using VLAN tenant networks, east/west traffic between VMs connected to different tenant networks is flooded to the fabric. + As a result, packets between those VMs reach not only the compute nodes where those VMs run, but also any other overcloud node. + This could cause an impact in the network side and it could be a security risk because the fabric sends traffic everywhere. + This bug will be fixed in a later FDP release, so no RHOSP update is needed to obtain it. | In RHOSP 17.1 environments with ML2/OVN, DVR enabled and using VLAN tenant networks, east/west traffic between VMs connected to different tenant networks is flooded to the fabric. + As a result, packets between those VMs reach not only the compute nodes where those VMs run, but also any other overcloud node. + This could cause an impact in the network side and it could be a security risk because the fabric sends traffic everywhere. + This bug will be fixed in a later FDP release, so no RHOSP update is needed to obtain it. |
||
| Ian Frangs | 2023-08-11 11:11:41 UTC | Doc Text | In RHOSP 17.1 environments with ML2/OVN, DVR enabled and using VLAN tenant networks, east/west traffic between VMs connected to different tenant networks is flooded to the fabric. + As a result, packets between those VMs reach not only the compute nodes where those VMs run, but also any other overcloud node. + This could cause an impact in the network side and it could be a security risk because the fabric sends traffic everywhere. + This bug will be fixed in a later FDP release, so no RHOSP update is needed to obtain it. | In RHOSP environments with ML2/OVN or ML2/OVS that have DVR enabled and use VLAN tenant networks, east/west traffic between instances connected to different tenant networks is flooded to the fabric. + As a result, packets between those instances reach not only the Compute nodes where those instances run, but also any other overcloud node. + This could cause an impact on the network side and it could be a security risk because the fabric sends traffic everywhere. + This bug will be fixed in a later FDP release, so no RHOSP update is needed to obtain it. |
| Flags | needinfo?(ifrangs) | needinfo?(jlibosva) | ||
| James Smith | 2023-08-13 21:18:29 UTC | Doc Text | In RHOSP environments with ML2/OVN or ML2/OVS that have DVR enabled and use VLAN tenant networks, east/west traffic between instances connected to different tenant networks is flooded to the fabric. + As a result, packets between those instances reach not only the Compute nodes where those instances run, but also any other overcloud node. + This could cause an impact on the network side and it could be a security risk because the fabric sends traffic everywhere. + This bug will be fixed in a later FDP release, so no RHOSP update is needed to obtain it. | In RHOSP environments with ML2/OVN or ML2/OVS that have DVR enabled and use VLAN tenant networks, east/west traffic between instances connected to different tenant networks is flooded to the fabric. + As a result, packets between those instances reach not only the Compute nodes where those instances run, but also any other overcloud node. + This could cause an impact on the network and it could be a security risk because the fabric sends traffic everywhere. + This bug will be fixed in a later FDP release. You do not need to perform a RHOSP update to obtain the FDP fix. |
| Ian Frangs | 2023-08-15 08:47:23 UTC | Doc Text | In RHOSP environments with ML2/OVN or ML2/OVS that have DVR enabled and use VLAN tenant networks, east/west traffic between instances connected to different tenant networks is flooded to the fabric. + As a result, packets between those instances reach not only the Compute nodes where those instances run, but also any other overcloud node. + This could cause an impact on the network and it could be a security risk because the fabric sends traffic everywhere. + This bug will be fixed in a later FDP release. You do not need to perform a RHOSP update to obtain the FDP fix. | In RHOSP environments with ML2/OVN or ML2/OVS that have DVR enabled and use VLAN tenant networks, east/west traffic between instances connected to different tenant networks is flooded to the fabric. + As a result, packets between those instances reach not only the Compute nodes where those instances run, but also any other overcloud node. + This could cause an impact on the network and it could be a security risk because the fabric sends traffic everywhere. + This bug will be fixed in a later FDP release. You do not need to perform a RHOSP update to obtain the FDP fix. |
Back to bug 2192913