commit 0325b98c54af276064e367db603bfeb525bbb790
Author: Brian Haley <email address hidden>
Date: Fri May 1 10:59:03 2015 -0400
Set IPset hash type to 'net' instead of 'ip'
The previous hash type was 'ip' and this caused a major
issue with the allowed address pairs extension since it
results in CIDRs being passed to ipset. When the hash type
is 'ip', a CIDR is completely enumerated into all of its
addresses so 10.100.0.0/16 results in ~65k entries. This
meant a single allowed_address_pairs entry could easily
exhaust an entire set.
This patch changes the hash type to 'net', which is designed
to handle a CIDRs as a single entry.
This patch also changes the names of the ipsets because
creating an ipset with different parameters will cause an
error and our ipset manager code isn't robust enough to handle
that at this time.
Related-Bug: #1439817
Related-Bug: #1444397
(based on commit a38b5df5cd3c47672705aad4c30e789ae11ec958)
Reviewed: https:/ /review. openstack. org/179402 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=0325b98c54a f276064e367db60 3bfeb525bbb790
Committed: https:/
Submitter: Jenkins
Branch: stable/juno
commit 0325b98c54af276 064e367db603bfe b525bbb790
Author: Brian Haley <email address hidden>
Date: Fri May 1 10:59:03 2015 -0400
Set IPset hash type to 'net' instead of 'ip'
The previous hash type was 'ip' and this caused a major address_ pairs entry could easily
issue with the allowed address pairs extension since it
results in CIDRs being passed to ipset. When the hash type
is 'ip', a CIDR is completely enumerated into all of its
addresses so 10.100.0.0/16 results in ~65k entries. This
meant a single allowed_
exhaust an entire set.
This patch changes the hash type to 'net', which is designed
to handle a CIDRs as a single entry.
This patch also changes the names of the ipsets because
creating an ipset with different parameters will cause an
error and our ipset manager code isn't robust enough to handle
that at this time.
Related-Bug: #1439817 72705aad4c30e78 9ae11ec958)
Related-Bug: #1444397
(based on commit a38b5df5cd3c476
Change-Id: I8177699b157cd3 eac46e2f481f47b 5d966c49b07