port security rules only applied at port binding/creation time
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
Unassigned |
Bug Description
Quick Overview
==============
OpenStack is already running with networks and instances created.
Port security extension is not enabled.
When enabling port_security, instances in old networks not get DHCP.
Instances in new networks work fine.
Bug Description
===============
As suggestion in bug https:/
During my verification/tests with source code from master branch (Pike ATM) found that instances not get DHCP in old networks while instances in new networks after enabling port_security worked fine.
In a IRC discussion, one suggestion was to disable and re-enable DHCP in old subnets. After that DHCP worked fine and fixes the issue.
How to reproduce
================
- Deploy OpenStack without port_security
- Create 1 network, subnet and attach to a router
- <Optionally deploy one instance> -> Not really needed.
- Enable port_security extension in ml2_conf.ini
- Restart all neutron services.
- Create 1 instance in the old network.
- Instance not getting DHCP lease.
- Create 1 new network, subnet, attach to router.
- Spawn new instance in new network
- Instance gets DHCP lease.
Expected behaviour
=================
Instance in old network get DHCP lease.
Actual Results
==============
Instance in old network not get DHCP lease.
Environment configuration
=======
- CentOS 7.
- Neutron master source code Latest commit: https:/
- OpenStack deployed with Kolla, all defaults.
Logs
====
Attached logs with:
- network/ports information
- iptables-save in qdhcp
Let me know if need something else.
I'm available in kolla's IRC channel as egonzalez
Regards
I see a lot of DOWN ports in that output. All ports should be going to ACTIVE before you can expect them to work.
Are you seeing any errors in the l2 agent logs or the dhcp agent logs?