allowed-address-pairs only update ipset on one compute node
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Unassigned |
Bug Description
1. Two vms run on the same network but different compute nodes.
vm1(
vm2(
2. both vms bind to securitygroup sg1, sg1 has two rules:
a) egress: all protocol, 0.0.0.0/0
b) ingress: all protocol, remote sg: sg1
3. vm1 and vm2 could ping each other successfully as we expect.
4. update port belong to vm1 by using: neutron port-update 4d436802-
5. change IP of vm1 to 100.100.100.10. Now vm2 could ping vm1 successfully, but vm1 could not ping vm2.
Then check the ipset on CN1: ipset list
Name: NETIPv4f766bf09
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16880
References: 1
Members:
100.100.100.3
100.100.100.10
100.100.100.4
Check ipset on CN2: ipset list
Name: NETIPv4f766bf09
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16848
References: 1
Members:
100.100.100.4
100.100.100.3
If add the IP (100.100.100.10) to IPSET NETIPv4f766bf09
I use kilo release, not sure master have this problem.
Changed in neutron: | |
assignee: | nobody → yujie (16189455-d) |
Changed in neutron: | |
status: | Incomplete → New |
Changed in neutron: | |
status: | New → Confirmed |
Changed in neutron: | |
assignee: | nobody → Hunt Xu (huntxu) |
Changed in neutron: | |
assignee: | Hunt Xu (huntxu) → nobody |
Changed in neutron: | |
status: | Incomplete → Fix Released |
Yujie, can you please check if master has this problem?