neutron

  1. Bug #1439817
  2. Comment #11

Comment 11 for bug 1439817

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (stable/juno)

Reviewed: https://review.openstack.org/179402
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0325b98c54af276064e367db603bfeb525bbb790
Submitter: Jenkins
Branch: stable/juno

commit 0325b98c54af276064e367db603bfeb525bbb790
Author: Brian Haley <email address hidden>
Date: Fri May 1 10:59:03 2015 -0400

    Set IPset hash type to 'net' instead of 'ip'

    The previous hash type was 'ip' and this caused a major
    issue with the allowed address pairs extension since it
    results in CIDRs being passed to ipset. When the hash type
    is 'ip', a CIDR is completely enumerated into all of its
    addresses so 10.100.0.0/16 results in ~65k entries. This
    meant a single allowed_address_pairs entry could easily
    exhaust an entire set.

    This patch changes the hash type to 'net', which is designed
    to handle a CIDRs as a single entry.

    This patch also changes the names of the ipsets because
    creating an ipset with different parameters will cause an
    error and our ipset manager code isn't robust enough to handle
    that at this time.

    Related-Bug: #1439817
    Related-Bug: #1444397
    (based on commit a38b5df5cd3c47672705aad4c30e789ae11ec958)

    Change-Id: I8177699b157cd3eac46e2f481f47b5d966c49b07