Hide Forgot
Description of problem: When running SCTP and using conntrack (e.g. in OpenDaylight) there is a need to load the ip_conntrack_proto_sctp module in the overcloud nodes. Version-Release number of selected component (if applicable): openstack-tripleo-heat-templates-5.2.0-3.el7ost.noarch puppet-tripleo-5.5.0-2.el7ost.noarch How reproducible: Steps to Reproduce: 1.On the compute nodes run lsmod |grep nf_conntrack_proto_sctp 2.Verify the nf_conntrack_proto_sctp is not loaded 3. Actual results: Expected results: Additional info:
To clarify, the ip_conntrack_proto_sctp module is needed for all networking backends that implement Neutron Security Groups using OVS conntrack, so that they can match/filter based on SCTP traffic. This list currently include ML2/OVS (via the OVS firewall driver), OVN, and OpenDaylight.
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.
Merged in master.
*** Bug 1450647 has been marked as a duplicate of this bug. ***
In RHEL 7.4 this is not a module anymore. Verified by adding a security group rule with SCTP and Sending SCTP traffic between RHEL images. On RHOS12 with OpenDaylight setup. openstack-tripleo-heat-templates-7.0.3-10.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3462