Juniper Openstack

Don't allow VN to be extended to spine device .

Series trunk
Bug #1799804

Bug #1799804 reported by venu kolli on 2018-10-24

This bug affects 1 person

	Status	Importance	Assigned to
Juniper Openstack	Status tracked in Trunk
R5.0	Won't Fix	High	Suresh Balineni
Trunk	New	High	Suresh Balineni

Bug Description

Build : 307

Right now we were allowing VN to be extended to qfx spine device .

Which in turn is creating irb on spine .

Traffic coming on to irb is able to go out on inet.0

Any pvt network extended to spine is able to go out to public without creating LR on spine .

Tags:

Revision history for this message

venu kolli (vkolli) wrote on 2018-10-24:

Also UI should not allow vn to extend it to qfx spine devices or show up qfx spine device in its list.

Jeba Paulaiyan (jebap) on 2018-10-26

tags:

added: contrail-command fabric

Jeba Paulaiyan (jebap) on 2018-10-26

tags:

added: releasenote

Revision history for this message

venu kolli (vkolli) wrote on 2018-10-26:

Due to this issue , pvt networks traffic can go out of qfx when they ping public ip . But traffic will not return as pvt network route will not be resolved to qfx . But if there is route resolving to qfx for the pvt network used it will be able to ping without any LR .

Revision history for this message

Jeba Paulaiyan (jebap) wrote on 2018-11-20:

Notes:

When extending the VN to Spine, the right way is to create a LR in Spine and attach the VN to the LR. Instead, if the user extends the VN to the Spine, the packets from the private network will be sent to the public network.

Jeba Paulaiyan (jebap) on 2018-11-20

information type:

Proprietary → Public

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.