Configuration failure in CIDR as source and vn/policy as destination.
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R1.1 |
Won't Fix
|
Critical
|
Sachin Bansal | |||
Trunk |
Invalid
|
High
|
Sachin Bansal |
Bug Description
When CIDR is configured as source and a VN or policy is configured at the destination end of a policy. The configuration is treated as invalid because no VN name is found at the source of the policy. I see the following error:
==> /var/log/
09/08/2014 04:12:54 PM [nodeg1:
09/08/2014 04:12:54 PM [nodeg1:
Similarly when the source is a CIDR and destination is a policy - PolA which is attached to vn3, the error says:
==> /var/log/
09/08/2014 04:32:39 PM [nodeg1:
09/08/2014 04:32:39 PM [nodeg1:
This is how the configured policy looks like:
Pol13 ---------- attached to ------ vn1
rule1 -------- deny protocol icmp 10.1.1.2/32 ports any <> network vn3 ports any
rule2 -------- pass protocol any network vn1 ports any <> network vn3 ports any
information type: | Proprietary → Public |
tags: | added: releasenote |
This is working as designed. For policy rules to be applied to a VN, the attached VN must be present in either source or destination. In this case, dest VN is vn3, while you are attaching it to vn1, hence the rule is ignored. You will see the same behavior if you configure it with src as vn3 and cidr as destination.