Bug 1683311
| Summary: | port_security disabled in networking-ovn works for egress, but not for ingress | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Kamil Sambor <ksambor> | ||||
| Component: | python-networking-ovn | Assignee: | Kamil Sambor <ksambor> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Roman Safronov <rsafrono> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 14.0 (Rocky) | CC: | apevec, chrisw, dalvarez, ekuris, lhh, lmartins, majopela, nusiddiq, ojanas, pmorey, ragiman, rhos-maint, scohen | ||||
| Target Milestone: | --- | Keywords: | Triaged, ZStream | ||||
| Target Release: | 14.0 (Rocky) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | python-networking-ovn-5.0.2-0.20190212171419.8c44e71.el7ost | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | 1671809 | ||||||
| : | 1789764 (view as bug list) | Environment: | |||||
| Last Closed: | 2019-04-30 17:51:50 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1671809 | ||||||
| Bug Blocks: | 1789764 | ||||||
| Attachments: |
|
||||||
Verified on puddle 14.0-RHEL-7/2019-04-05.1
Verification scenario:
---------------------
1. Created a router connected to the external network.
2. Created internal network with --port-security-disabled and connected it to the router.
3. Created VM1 and VM2 connected to the internal network.
4. Verified that switch ports have "unknown" added to addresses field (see below)
switch b5cb2837-2492-49ff-8f31-af4bec6f41b3 (neutron-c6105578-e399-419f-bbb5-61c9d40a537b) (aka internal_A)
port aff9aa2e-6702-43b0-ae34-99107f062e02
type: localport
addresses: ["fa:16:3e:b0:f7:08 192.168.2.2", "unknown"]
port provnet-c6105578-e399-419f-bbb5-61c9d40a537b
type: localnet
tag: 322
addresses: ["unknown"]
port 27f54cfa-8fb4-466f-b0da-2ade851af874
addresses: ["fa:16:3e:20:ff:98 192.168.2.7", "unknown"]
port 30c956f1-b009-41b1-acf2-6949f279e499
type: router
router-port: lrp-30c956f1-b009-41b1-acf2-6949f279e499
port 574da47a-0b92-4cd5-bd7b-0641f0e6175a
addresses: ["fa:16:3e:6f:cd:93 192.168.2.17", "unknown"]
5. Connected to both VMs and verified that ping worked between them in both directions.
6. On VM1 changed MAC address of the interface connected to the internal network to aa:bb:cc:dd:ee:ff and IP address to 192.168.2.22 (instead of 192.168.2.7), tried to ping VM2 (192.168.2.17)
Result: ping worked
7. Connected to VM2 and pinged new VM1 address (192.168.2.22)
Result: ping worked.
All worked as expected
python-networking-ovn-5.0.2-0.20190307204430.6a774a0.el7ost.noarch
openvswitch2.10-2.10.0-28.el7fdp.1.x86_64
openvswitch2.10-ovn-common-2.10.0-28.el7fdp.1.x86_64
rhosp-openvswitch-ovn-common-2.10-0.1.el7ost.noarch
rhosp-openvswitch-2.10-0.1.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0950 |
Created attachment 1545554 [details] hotfix with RPM, ansible playbook and instructions (