prevent_arp_spoofing in liberty prevents applications
Bug #1638684 reported by
ioannis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In Liberty the default option is: prevent_
If a VM is configured with subnet mask different to /24, e.g. a /20, then if an application is listening to same subnet (but not if it was /24), it won't reply to arp requests.
For example,
VM A interface is 10.1.2.3/20 and there is an application listening to 10.1.3.4 on the same VM.
VM B interface is 10.1.2.4/20.
If you ping 10.1.3.4 from VM B, neutron will not forward arp reply to VM B. So, even if both A and B are on the same subnet, they cannot exchange arp requests, so they cannot connect to applications running.
Ping works if you ping from VM B the VM A in 10.1.2.3.
To post a comment you must log in.
Please re-open if this is still an issue, but provide more information on how you reproduced this.