Security Groups does not allow RA packets in by default
Bug #1242933 reported by
Sean M. Collins
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Sean M. Collins |
Bug Description
Provisioning a VM using Neutron, with RA's being broadcast by upstream switches, the VM was not getting the packets.
Changing the rules manually to:
ip6tables -I neutron-
Allowed RA packets through.
Changed in neutron: | |
assignee: | nobody → Sean M. Collins (scollins) |
Changed in neutron: | |
status: | New → In Progress |
Changed in neutron: | |
assignee: | Shixiong Shang (sparkofwisdom-cloud) → Sean M. Collins (scollins) |
Changed in neutron: | |
assignee: | Sean M. Collins (scollins) → Shixiong Shang (sparkofwisdom-cloud) |
Changed in neutron: | |
assignee: | Shixiong Shang (sparkofwisdom-cloud) → Sean M. Collins (scollins) |
summary: |
- _spoofing_rule does not allow RA packets in + Security Groups does not allow RA packets in by default |
Changed in neutron: | |
milestone: | none → icehouse-1 |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | icehouse-1 → 2014.1 |
tags: | added: ipv6 |
Changed in neutron: | |
importance: | Undecided → Medium |
To post a comment you must log in.
Most probably I'm wrong here, because I'm quite new to neutron.
But, shouldn't this kind of policy be handled in the security policies manually? (The same way you open ICMP to VMs in IPv4).