Bug 1671809
Summary: | port_security disabled in networking-ovn works for egress, but not for ingress | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Miguel Angel Ajo <majopela> | ||||
Component: | python-networking-ovn | Assignee: | Kamil Sambor <ksambor> | ||||
Status: | CLOSED ERRATA | QA Contact: | Roman Safronov <rsafrono> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 13.0 (Queens) | CC: | apevec, chrisw, dalvarez, ekuris, fiezzi, ksambor, lhh, lmartins, majopela, nusiddiq, ojanas, pmorey, rhos-maint | ||||
Target Milestone: | --- | Keywords: | Triaged, ZStream | ||||
Target Release: | 13.0 (Queens) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | python-networking-ovn-4.0.3-5.el7ost | Doc Type: | If docs needed, set a value | ||||
Doc Text: |
-
|
Story Points: | --- | ||||
Clone Of: | |||||||
: | 1683311 (view as bug list) | Environment: | |||||
Last Closed: | 2019-04-30 17:24:33 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1672625 | ||||||
Bug Blocks: | 1683311, 1789764 | ||||||
Attachments: |
|
Description
Miguel Angel Ajo
2019-02-01 17:20:51 UTC
Created attachment 1525912 [details]
lflows, ports, dump-flows, port bindings, etc from OVN
Verified on puddle 13.0-RHEL-7/2019-04-10.1 with python-networking-ovn-4.0.3-6.el7ost.noarch Verification scenario: --------------------- 1. Created a router connected to the external network. 2. Created internal network with --port-security-disabled and connected it to the router. 3. Created VM1 and VM2 connected to the internal network. 4. Verified that switch ports have "unknown" added to addresses field (see below) switch b5cb2837-2492-49ff-8f31-af4bec6f41b3 (neutron-c6105578-e399-419f-bbb5-61c9d40a537b) (aka internal_A) port aff9aa2e-6702-43b0-ae34-99107f062e02 type: localport addresses: ["fa:16:3e:b0:f7:08 192.168.2.2", "unknown"] port provnet-c6105578-e399-419f-bbb5-61c9d40a537b type: localnet tag: 322 addresses: ["unknown"] port 27f54cfa-8fb4-466f-b0da-2ade851af874 addresses: ["fa:16:3e:20:ff:98 192.168.2.7", "unknown"] port 30c956f1-b009-41b1-acf2-6949f279e499 type: router router-port: lrp-30c956f1-b009-41b1-acf2-6949f279e499 port 574da47a-0b92-4cd5-bd7b-0641f0e6175a addresses: ["fa:16:3e:6f:cd:93 192.168.2.17", "unknown"] 5. Connected to both VMs and verified that ping worked between them in both directions. 6. On VM1 changed MAC address of the interface connected to the internal network to aa:bb:cc:dd:ee:ff and IP address to 192.168.2.22 (instead of 192.168.2.7), tried to ping VM2 (192.168.2.17) Result: ping worked 7. Connected to VM2 and pinged new VM1 address (192.168.2.22) Result: ping worked. All worked as expected Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0932 |