networking-bgpvpn

enforce constraints on "neutron router-interface-add"

Bug #1537067 reported by Mathieu Rohon on 2016-01-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	networking-bgpvpn	Fix Released	High	Mathieu Rohon	networking-bgpvpn 5.0.0 "newton"

Bug Description

the bgpvpn spec explicitly mention that :

"To avoid any ambiguity on semantics in particular the context of processing associated to a Router (e.g. NAT or FWaaS), if a said Subnet in a Network is bound to a Router, this API does not allow to both associate the Network to an L3 BGPVPN and the Router to the same or to a distinct L3 BGPVPN."

http://docs.openstack.org/developer/networking-bgpvpn/api.html#association-constraints

But currently this constraint is not enforced since a user can :

-create a net+subnet
-associate this net to a first bgpvpn
-create a router
-associate the router to a second bgpvpn
-attach the subnet to the router

the last action should return an error.

Revision history for this message

Mathieu Rohon (mathieu-rohon) wrote on 2016-01-22:

Since this bug [1] is fixed now in mitaka, the straightforward solution seems to add an new event in ML2 so that the bgpvpn plugin will be notified of a port_update that reflects the attachment of a port to a router.

If both the router and the network of the port are already attached to a bgpvpn, we should send an exception that will prevent the attachment of that network to the router.

[1]https://bugs.launchpad.net/bgpvpn/+bug/1475093

Revision history for this message

Mathieu Rohon (mathieu-rohon) wrote on 2016-01-22:

related rfe on neutron :

https://bugs.launchpad.net/neutron/+bug/1537091

Mathieu Rohon (mathieu-rohon) on 2016-02-23

Changed in bgpvpn:
status:	New → Confirmed
importance:	Undecided → High

Mathieu Rohon (mathieu-rohon) on 2016-05-31

Changed in bgpvpn:
milestone:	none → 5.0.0

Mathieu Rohon (mathieu-rohon) on 2016-08-31

Changed in bgpvpn:
assignee:	nobody → Mathieu Rohon (mathieu-rohon)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-13: Fix proposed to networking-bgpvpn (master)

Fix proposed to branch: master
Review: https://review.openstack.org/369413

Changed in bgpvpn:
status:	Confirmed → In Progress

OpenStack Infra (hudson-openstack) on 2016-09-27

Changed in bgpvpn:
assignee:	Mathieu Rohon (mathieu-rohon) → Wim De Clercq (wim-de-clercq)

OpenStack Infra (hudson-openstack) on 2016-10-04

Changed in bgpvpn:
assignee:	Wim De Clercq (wim-de-clercq) → Mathieu Rohon (mathieu-rohon)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-05: Fix merged to networking-bgpvpn (master)

Reviewed: https://review.openstack.org/369413
Committed: https://git.openstack.org/cgit/openstack/networking-bgpvpn/commit/?id=9a3c45b80e2f8ea26a1879a0e7a3856ab5ca2784
Submitter: Jenkins
Branch: master

commit 9a3c45b80e2f8ea26a1879a0e7a3856ab5ca2784
Author: Mathieu Rohon <email address hidden>
Date: Tue Sep 13 11:18:06 2016 +0000

Prevent mixing bgpvpn associations

    As mentioned in the spec, a router and one of its subnet
    cannot be both attached to a bgpvpn.
    This patch enforce this rule by adding a check when a subnet is
    attached to a router.

    Co-Authored-By: Wim De Clercq <email address hidden>
    Change-Id: Ie1f6a733e8a16b8b41e89c5a82637d7cb03bd423
    Closes-bug: #1537067

Changed in bgpvpn:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-13: Fix included in openstack/networking-bgpvpn 5.0.0

This issue was fixed in the openstack/networking-bgpvpn 5.0.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.