Juniper Openstack

[2.20]DM: Incorrect firewall filter for inet.0 to GW vrf redirection

Bug #1466717 reported by amit surana on 2015-06-19

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R2.20	Fix Committed	High	Suresh Balineni	Juniper Openstack r2.20-fcs
R3.0	Invalid	High	Suresh Balineni	Juniper Openstack r3.0-fcs
Trunk	Fix Committed	High	Suresh Balineni	Juniper Openstack r3.0-fcs

Bug Description

The firewall filter configured to redirect traffic from the inet.0 to the GW VRF is matching the private destination IPs rather than the public IP.

Tags:

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-19: [Review update] R2.20

Review in progress for https://review.opencontrail.org/11854
Submitter: Suresh Balineni (<email address hidden>)

Revision history for this message

Suresh Balineni (sbalineni) wrote on 2015-06-19:

fix is in progress:fix is in-progress:

New config generated -following is for two public VNs - a213, e37e.

root@cmbu-tasman# show groups __contrail__ firewall
family inet {
    filter redirect_to_public_vrf_filter {
        term term-__contrail__l3_a213 {
            from {
                destination-address {
                    192.0.0.0/8;
                }
            }
            then {
                routing-instance __contrail__l3_a2134800-0125-4abf-9ec3-53ada05c9519_vn-public;
            }
        }
        term term-__contrail__l3_e37e {
            from {
                destination-address {
                    193.1.0.0/16;
                }
            }
            then {
                routing-instance __contrail__l3_e37e18e0-ba6b-4432-a365-eec8251e07e2_Public_2;
            }
        }
        term default-term {
            then accept;
        }
    }
}root@cmbu-tasman# show groups __contrail__ forwarding-options
family inet {
    filter {
        input redirect_to_public_vrf_filter;
    }
}

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-19: A change has been merged

Reviewed: https://review.opencontrail.org/11854
Committed: http://github.org/Juniper/contrail-controller/commit/b4b9565e7ec1fc21cd7918d5be3c8ffa8f30ffb0
Submitter: Zuul
Branch: R2.20

commit b4b9565e7ec1fc21cd7918d5be3c8ffa8f30ffb0
Author: sbalineni <email address hidden>
Date: Fri Jun 19 09:37:09 2015 -0700

DM: firewall filter should be configured correctly

configure one global firewall filter for inet
filter should have terms for each public network

Change-Id: Ia83541ef99fa32f8175c98991671a26bed4e0e7c
Closes-Bug: #1466717
Closes-Bug: #1466719

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-25: [Review update] master

Review in progress for https://review.opencontrail.org/12043
Submitter: Suresh Balineni (<email address hidden>)

Nischal Sheth (nsheth) on 2015-06-26

information type:

Proprietary → Public

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-26: A change has been merged

Reviewed: https://review.opencontrail.org/12043
Committed: http://github.org/Juniper/contrail-controller/commit/91fbdb6187dc2932e3ccc0c7435365a1e88a5b73
Submitter: Zuul
Branch: master

commit 91fbdb6187dc2932e3ccc0c7435365a1e88a5b73
Author: sbalineni <email address hidden>
Date: Thu Jun 25 14:08:30 2015 -0700

DM: fixes ported from R2.20

Change-Id: Ie5e87314202a45b7863960d9d68a29121d30a22a
Closes-Bug: #1468209
Closes-Bug: #1468145
Closes-Bug: #1468143
Closes-Bug: #1466721
Closes-Bug: #1466719
Closes-Bug: #1466717
Closes-Bug: #1466437

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.