1854334 – Backport fix for IPv6 Router Advertisement filtering

Bug 1854334 - Backport fix for IPv6 Router Advertisement filtering

Summary: Backport fix for IPv6 Router Advertisement filtering

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-networking-ovn
Sub Component:
Version:	16.1 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z1
Target Release:	16.1 (Train on RHEL 8.2)
Assignee:	Jakub Libosvar
QA Contact:	Eran Kuris
Docs Contact:
URL:
Whiteboard:
Depends On:	1848398 1854333
Blocks:
TreeView+	depends on / blocked

Reported:	2020-07-07 08:16 UTC by Jakub Libosvar
Modified:	2023-10-23 17:49 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Known Issue
Doc Text:	There is a known issue with the OVN filter packets that `ovn-controller` generates. Router Advertisements that receive ACL processing in OVN are dropped if there is no explicit ACL rule to allow this traffic. + Workaround: Enter the following command to create a security rule: + `openstack security group rule create --ethertype IPv6 --protocol icmp --icmp-type 134 <SECURITY_GROUP>`
Clone Of:	1854333
Environment:
Last Closed:	2023-10-23 17:49:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-6314	0	None	None	None	2022-03-24 14:09:37 UTC

Description Jakub Libosvar 2020-07-07 08:16:31 UTC

This is a tracker bug to sync with ovn2.13 in FDP.

+++ This bug was initially created as a clone of Bug #1854333 +++

In order to make DHCPv6 working on IPv6 networks, we need to backport https://github.com/ovn-org/ovn/commit/cc1ae396c6197daf8ac48b4eabe077dc72b65456 to the FDP.

Comment 1 Jakub Libosvar 2020-07-07 08:18:22 UTC

The workaround is to create a security group rule that allows IPv6 ethertype icmp protocol with 134 ICMP type in the ingress direction.

Comment 2 Jakub Libosvar 2020-07-07 10:14:02 UTC


*** This bug has been marked as a duplicate of bug 1848398 ***

Comment 3 Jakub Libosvar 2020-07-07 10:14:04 UTC


*** This bug has been marked as a duplicate of bug 1848398 ***

Comment 4 Jakub Libosvar 2020-07-07 10:14:49 UTC

Re-opening for testing purposes

Comment 5 Alex Katz 2021-08-10 16:55:24 UTC

verified on RHOS-16.1-RHEL-8-20210804.n.0

Note You need to log in before you can comment on or make changes to this bug.