neutron

  1. Bug #1626010
  2. Comment #32

Comment 32 for bug 1626010

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/385085
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=6370a0471076ccb095a90f97ffc869ae7ea2e5ed
Submitter: Jenkins
Branch: master

commit 6370a0471076ccb095a90f97ffc869ae7ea2e5ed
Author: Jakub Libosvar <email address hidden>
Date: Tue Jun 13 12:07:28 2017 +0000

    ovsfw: Fix overlapping MAC addresses on integration bridge

    The patch relies on the fact that traffic not going from instance
    (and thus port not managed by firewall) is tagged. Traffic coming from
    the instance is not tagged and thus net register is used for marking
    such traffic. These two approaches make matching rules unique even if
    two ports from different networks share its' mac addressess.

    Traffic coming from trusted ports is marked with network in registry
    so firewall can decide later to which network traffic belongs.

    Closes-bug: #1626010

    Change-Id: Ia05d75a01b0469a0eaa82ada67b16a9481c50f1c