neutron

fwaas v2 add port into firewall group failed

Bug #1778207 reported by Derek Yang
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
neutron
Confirmed
Undecided
Sridar Kandaswamy

Bug Description

Hey, stackers. There are some errors when I added router ports with DVR/HA mode into a fwaasv2 firewall group.

The error msg was that:

Error: Failed to update firewallgroup 3c8dbcab-0cfb-4189-bd60-dc4b40a346a4: Port 002c3fff-5b00-42b5-83ab-6413afc083c4 of firewall group is invalid. Neutron server returns request_ids: ['req-da8b946c-aa69-456f-b1d3-d956eff49110']

My router HA interface:

Device Owner
network:router_ha_interface
Device ID
a804ad96-42c4-437b-a945-9ecc4cdef34c

And I traced the related source code about how to validate the port for firewall group
https://github.com/openstack/neutron-fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147

I found that there is not any condition to determine whether the router is in DVR/HA mode or not. Therefore, maybe we have to update this code snippet https://github.com/openstack/neutron-fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147

to support router with DVR/HA mode.

See original description
Tags: fwaas
Derek Yang (hswayne77)
tags: added: neutron-fwaas
description: updated
Derek Yang (hswayne77)
tags: added: fwaas
removed: neutron-fwaas
Revision history for this message
Sridar Kandaswamy (skandasw) wrote :

I am looking at such an issue already - let me take it for now - I will probably Dup it. I am out on PTO - so will take some action next week when I am back.

Changed in neutron:
assignee: nobody → Sridar Kandaswamy (skandasw)
Derek Yang (hswayne77)
Changed in neutron:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.