Juniper Openstack

[Mainline-Build 2704]: IPv6 - icmpv6 port unreachable error msg is not allowed without SG rules allowing it

Bug #1539724 reported by alok kumar on 2016-01-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Juniper Openstack	Status tracked in Trunk
	Trunk	Fix Committed	Medium	Anand H. Krishnan	Juniper Openstack r3.0-fcs

Bug Description

icmpv6 error responses need to be allowed without SG rules too, same as icmp v4.

Tags:

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-02-04: [Review update] master

Review in progress for https://review.opencontrail.org/16869
Submitter: Anand H. Krishnan (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-02-11: A change has been merged

Reviewed: https://review.opencontrail.org/16869
Committed: http://github.org/Juniper/contrail-vrouter/commit/2edeb1e704900bada7cc6f8c9af33114a986c7ae
Submitter: Zuul
Branch: master

commit 2edeb1e704900bada7cc6f8c9af33114a986c7ae
Author: Anand H. Krishnan <email address hidden>
Date: Thu Feb 4 16:03:31 2016 +0530

ICMPv6 errors should match the flow that led to the error

All ICMPv6 errors should follow the flow that originally led to the
error in the first place. Thus, even if ICMP packets are not allowed,
error packets will make it to the source of the original flow,
resulting in notifications to the source and allowing it to complete
its functionality.

Change-Id: Ie0baebc9efc97367e75c798a4da2c8532c905d19
Closes-BUG: #1539724

alok kumar (kalok) on 2016-02-26

information type:

Proprietary → Public

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.