Astara

demo tenant instance connectivity issues /w devstack because arp spoofing protection

Bug #1482389 reported by Adam Gandelman on 2015-08-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Astara	Fix Released	Critical	Mark McClain	Astara 7.0.0 "liberty"
	akanda	Fix Released	Critical	Mark McClain	akanda 7.0.0 "liberty"

Bug Description

To reproduce:

1. Deploy devstack
2. As the demo tenant, create a new network/subnet/router. Akanda should boot a router instance. Network here is called foonet.
3. As demo user, Boot an instance on the newly created network with a specified ipv4 address.

The instance spawns with an ipv4 and ipv6 address from foonet associated with it

The router instance spawns with the ipv6 foonet address, and an addres on the mgt network

Instance boots and attempts to DHCP for its ipv4.

The dnsmasq process receives the broadcast in the appliance, and logs:

Aug 6 21:16:06 akanda-linux dnsmasq-dhcp[1261]: DHCPDISCOVER(eth2) fa:16:3e:9a:a9:00
Aug 6 21:16:06 akanda-linux dnsmasq-dhcp[1261]: DHCPOFFER(eth2) 192.168.32.4 fa:16:3e:9a:a9:00

.. but its never ACKed by the client in the demo instance.

I *thought* this had already been addressed by https://review.openstack.org/#/c/182119/ but maybe not?

Tags:

Adam Gandelman (gandelman-a) on 2015-08-06

Changed in akanda:
milestone:	none → liberty-rc2
importance:	Undecided → High

Sean Roberts (sarob) on 2015-08-30

tags:

added: akanda-appliance akanda-rug

Adam Gandelman (gandelman-a) on 2015-09-21

Changed in akanda:
milestone:	liberty-rc2 → liberty-rc1

Adam Gandelman (gandelman-a) on 2015-10-05

summary:	- demo tenant instance connectivity issues /w devstack + demo tenant instance connectivity issues /w devstack because arp + spoofing protection
Changed in akanda:
assignee:	nobody → Mark McClain (markmcclain)
status:	New → In Progress
importance:	High → Critical

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-07: Fix proposed to akanda-rug (master)

Fix proposed to branch: master
Review: https://review.openstack.org/232193

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-09: Fix merged to akanda-rug (master)

Reviewed: https://review.openstack.org/232193
Committed: https://git.openstack.org/cgit/stackforge/akanda-rug/commit/?id=1da737512028329b34480713e5ce66c561406258
Submitter: Jenkins
Branch: master

commit 1da737512028329b34480713e5ce66c561406258
Author: Mark McClain <email address hidden>
Date: Wed Oct 7 15:03:38 2015 -0400

disable port_security for VRRP ports

    For tenant networks port_security makes sense, but for the VRRP router
    case it can get in the way. This change disables it for Akanda managed
    ports for now.

Change-Id: I0fb9fd5253ad0538a35b25d8806323f83cfc48e4
Closes-bug: #1482389

Changed in akanda:
status:	In Progress → Fix Committed

Mark McClain (markmcclain) on 2015-10-12

no longer affects:

akanda/kilo

Adam Gandelman (gandelman-a) on 2015-10-17

Changed in astara:
milestone:	none → liberty-rc1
status:	New → Incomplete
status:	Incomplete → Fix Committed
importance:	Undecided → Critical

Adam Gandelman (gandelman-a) on 2015-10-17

Changed in akanda:
status:	Fix Committed → Fix Released
Changed in astara:
status:	Fix Committed → Fix Released
assignee:	nobody → Mark McClain (markmcclain)

Adam Gandelman (gandelman-a) on 2015-10-21

Changed in astara:
milestone:	liberty-rc1 → 7.0.0
Changed in akanda:
milestone:	liberty-rc1 → 7.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.