[Contrail Fabric]: Default security group config pushed by DM not allowing ARP
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
Trunk |
Fix Committed
|
Critical
|
Suresh Balineni |
Bug Description
When DM is pushing default security group config it is only allowing ether type IPV4 and IPv6. It is not allowing ether type arp
Current config we are pushing
-------
root@5d2-qfx1# run show configuration groups __contrail__ firewall
/* Firewalls Configuration */
family ethernet-switching {
filter sg-filter-
term ether-type {
from {
}
then accept;
}
}
filter sg-filter-
term ether-type {
from {
}
then accept;
}
}
}
Configuration to allow ARP
-------
root@5d2-qfx1# run show configuration groups __contrail__ firewall
/* Firewalls Configuration */
family ethernet-switching {
filter sg-filter-
term ether-type {
from {
}
then accept;
}
}
filter sg-filter-
term ether-type {
from {
}
then accept;
}
}
}
Changed in juniperopenstack: | |
importance: | Undecided → High |
importance: | High → Critical |
assignee: | nobody → Suresh Balineni (sbalineni) |
milestone: | none → r5.0.0 |
information type: | Proprietary → Public |
tags: | added: blocker |
Review in progress for https:/ /review. opencontrail. org/41109
Submitter: Suresh Balineni (<email address hidden>)