floating ip scheduled to wrong router
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
neutron |
Fix Released
|
Medium
|
Kevin Fox | ||
Juno |
Fix Released
|
Medium
|
Akihiro Motoki |
Bug Description
I have a tenant network, two external networks, two routers (each one has gateway set to one of the external networks, and one port on the tenant network) and floating ip's on each external network.
In icehouse, this worked fine. the floating ip for each network was attached to the correct router. After upgrading to RDO Juno, I'm seeing both sets of floating ip's getting assigned to the same router:
[root@cloud ~]# ip netns exec qrouter-
1: lo: <LOOPBACK,
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
44: qr-ffaaacc1-06: <BROADCAST,
link/ether fa:16:3e:5c:e1:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.127.1/24 brd 192.168.127.255 scope global qr-ffaaacc1-06
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
53: qg-1a260edc-41: <BROADCAST,
link/ether fa:16:3e:81:dc:f7 brd ff:ff:ff:ff:ff:ff
inet 192.101.107.185/25 brd 192.101.107.255 scope global qg-1a260edc-41
valid_lft forever preferred_lft forever
inet 192.168.122.179/32 brd 192.168.122.179 scope global qg-1a260edc-41
valid_lft forever preferred_lft forever
inet 192.168.122.128/32 brd 192.168.122.128 scope global qg-1a260edc-41
valid_lft forever preferred_lft forever
inet 192.101.107.171/32 brd 192.101.107.171 scope global qg-1a260edc-41
valid_lft forever preferred_lft forever
inet 192.101.107.181/32 brd 192.101.107.181 scope global qg-1a260edc-41
valid_lft forever preferred_lft forever
inet 192.101.107.180/32 brd 192.101.107.180 scope global qg-1a260edc-41
valid_lft forever preferred_lft forever
inet 192.101.107.179/32 brd 192.101.107.179 scope global qg-1a260edc-41
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
Changed in neutron: | |
milestone: | none → kilo-rc1 |
importance: | Undecided → Medium |
Changed in neutron: | |
assignee: | Kevin Fox (kevpn) → Kevin Benton (kevinbenton) |
Changed in neutron: | |
assignee: | Kevin Benton (kevinbenton) → nobody |
Changed in neutron: | |
assignee: | nobody → Kevin Fox (kevpn) |
Changed in neutron: | |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | kilo-rc1 → 2015.1.0 |
tags: | added: juno-backport-potential |
tags: | removed: in-stable-juno juno-backport-potential |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
However this seems related to the RDO upgrade process (which is not covered by the OpenStack Security Advisory project). If it's the case, feel free to report it to the correct bugtracker there: https:/ /bugzilla. redhat. com/enter_ bug.cgi? product= RDO