neutron

Router RA rule need to be updated when router is created after VM port

Bug #1290252 reported by Xu Han Peng
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
Xu Han Peng
neutron 2014.2 "juno"

Bug Description

Router RA rule is added to compute node to allow VM to accept RA from router interface on network node. However, this is only added when router port which sends RA is created before VM port is created.

We should add trigger to allow RA from router port when router port is created after VM port is created.

Looking at the code, we can change notify_security_groups_member_updated in securitygroups_rpc_base.py from

        if port['device_owner'] == q_const.DEVICE_OWNER_DHCP:
            self.notifier.security_groups_provider_updated(context)
        else:
            self.notifier.security_groups_member_updated(
                context, port.get(ext_sg.SECURITYGROUPS))

To:

        if port['device_owner'] in [q_const.DEVICE_OWNER_DHCP,
                                                         q_const.DEVICE_OWNER_ROUTER_INTF]:
            self.notifier.security_groups_provider_updated(context)
        else:
            self.notifier.security_groups_member_updated(
                context, port.get(ext_sg.SECURITYGROUPS))

To get provider rule update triggered when route port is created.

Tags: ipv6
Xu Han Peng (xuhanp)
Changed in neutron:
assignee: nobody → Xu Han Peng (xuhanp)
tags: added: ipv6
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/80932

Changed in neutron:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/80932
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b4e318e4b6a01af3a80267016c4cc2b2da2220c2
Submitter: Jenkins
Branch: master

commit b4e318e4b6a01af3a80267016c4cc2b2da2220c2
Author: Xuhan Peng <email address hidden>
Date: Mon Mar 17 16:38:51 2014 +0800

    Trigger provider security group update for RA

    For IPv6 subnets, router RA rule is added to compute node
    to allow VM to accept RA from router interface on network node.
    However, currently this is only done when router port which
    sends RA is created *before* VM port is created.

    This fix triggers provider security group rule update for IPv6 subnet
    when router interface port is created or updated.

    Change-Id: I7d950f12909a0c2a82b129279e6249b9fac80112
    Closes-Bug: 1290252

Changed in neutron:
status: In Progress → Fix Committed
Russell Bryant (russellb)
Changed in neutron:
milestone: none → juno-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in neutron:
milestone: juno-2 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.