Juniper Openstack

multi CIDR security group not shown in GUI

Bug #1579888 reported by bliu on 2016-05-09

This bug report is a duplicate of: Bug #1385740: Network policies with multiple subnets not handled by Contrail UI Network Policy editor. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Juniper Openstack	New	Medium	Rahul

Bug Description

when I successfully define a security group with multiple CIDRs via api, I can only see the 1st CIDR shown in GUI (Horizon or Contrail).

To replicate:

Step1: at the config node, to find out the “fq_name”
curl -u admin:secret123 http://127.0.0.1:8095/projects | python -m json.tool

Step2: at the config node, to create a security group in contrail with multiple CIDRs:
root@neteng-lab-contrail1:~# curl -X POST -H "Content-Type: application/json; charset=UTF-8" -d '{"security-group": {"parent_type": "project", "fq_name": ["default-domain", "test123", "test2"], "security_group_entries": {"policy_rule": [{"protocol": "tcp", "dst_addresses": [{"subnet": {"ip_prefix": "208.22.56.74", "ip_prefix_len": 32}}, {"subnet": {"ip_prefix": "69.191.192.0", "ip_prefix_len": 24}}, {"subnet": {"ip_prefix": "206.156.53.143", "ip_prefix_len": 32}}], "dst_ports": [{"start_port": 8194, "end_port": 8198}], "src_ports": [{"start_port": 8194, "end_port": 8198}], "src_addresses": [{"security_group": "local"}], "ethertype":"IPv4"}, {"protocol": "udp", "src_addresses": [{"subnet": {"ip_prefix": "1.1.1.0", "ip_prefix_len": 24}}, {"subnet": {"ip_prefix": "2.2.2.0", "ip_prefix_len": 24}}], "src_ports": [{"start_port": 8194, "end_port": 8198}], "dst_ports": [{"start_port": 8194, "end_port": 8198}], "dst_addresses": [{"security_group": "local"}], "ethertype":"IPv4"}]}}}' -u admin:secret123 http://127.0.0.1:8095/security-groups

The system should automatically generate the response below:
{"security-group": {"fq_name": ["default-domain", "test123", "test2"], "parent_uuid": "49b09243-1706-44fa-af6c-f9e83b56ac7c", "parent_href": "http://127.0.0.1:8095/project/49b09243-1706-44fa-af6c-f9e83b56ac7c", "uuid": "e80ec9f4-c550-4355-8fd0-8dc7d02f1fd4", "href": "http://127.0.0.1:8095/security-group/e80ec9f4-c550-4355-8fd0-8dc7d02f1fd4", "name": "test2"}

Step 3: to verify this in terminal:
curl -u admin:secret123 http://127.0.0.1:8095/security-group/e80ec9f4-c550-4355-8fd0-8dc7d02f1fd4 | python -mjson.tool

The multiple CIDRs cannot be shown in Horizon or Contrail GUI.

Tags:

Revision history for this message

Rahul (rahuls) wrote on 2016-05-10:

Multiple CIDRs aren't openstack feature so aren't seen through Horizon.

Multiple CIDR's, VNs in rules for policy and SG in Contrail UI are being tracked separately

Changed in juniperopenstack:
assignee:	nobody → Rahul (rahuls)

Nagabhushana R (bhushana) on 2016-05-10

tags:	added: ui
Changed in juniperopenstack:
importance:	Undecided → Medium

Revision history for this message

alok kumar (kalok) wrote on 2016-05-10:

neutron does not support multiple cidr in single SG rule.
https://bugs.launchpad.net/juniperopenstack/+bug/1352840

Jeba Paulaiyan (jebap) on 2016-05-11

information type:

Proprietary → Public

Revision history for this message

bliu (bliu) wrote on 2016-05-25:

Are you going to add this feature in Contrail GUI?

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1385740 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.