Attaching or detaching an interface to a router causes all VPNaaS daemons to be restarted.
Bug #1393589 reported by
David Clarke
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Low
|
Numan Siddique |
Bug Description
'sync' in services/
'sync' loops through the results of 'get_vpn_
An authorized user can trivially loop through the attach/detach API calls, causing the IPsec daemons for every tenant to be continuously restarted.
Changed in neutron: | |
importance: | Undecided → Low |
tags: | added: vpnaas |
Changed in neutron: | |
status: | New → Confirmed |
Changed in neutron: | |
assignee: | nobody → Numan Siddique (numansiddique) |
Changed in neutron: | |
status: | Confirmed → In Progress |
Changed in neutron: | |
milestone: | none → kilo-1 |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | kilo-1 → 2015.1.0 |
To post a comment you must log in.
Yeah, I've noticed that currently, when a change is made, the reference implementation does a sync, which applies to ALL services on the host, and doesn't limit it to the corresponding router.
I was thinking of filing a bug myself, but wanted to check with Nachi Ueno to see if there was any impact to filtering the call based on the router affected. I sent him an email last week, but haven't heard back yet. Maybe he can chime in on this bug.