neutron

  1. Bug #1839252
  2. Comment #10

Comment 10 for bug 1839252

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/stein)

Reviewed: https://review.opendev.org/675728
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=9f6d8c383f4d7f5ea6e4c157fe7eb176042960cf
Submitter: Zuul
Branch: stable/stein

commit 9f6d8c383f4d7f5ea6e4c157fe7eb176042960cf
Author: Oleg Bondarev <email address hidden>
Date: Wed Aug 7 12:14:18 2019 +0400

    Clear skb mark on encapsulating packets

    Looks like by default OVS tunnels inherit skb marks from
    tunneled packets. As a result Neutron IPTables marks set in
    qrouter namespace are inherited by VXLAN encapsulating packets.
    These marks may conflict with marks used by underlying networking
    (like Calico) and lead to VXLAN tunneled packets being dropped.

    This patch ensures that skb marks are cleared by OVS before entering
    a tunnel to avoid conflicts with IPTables rules in default namespace.

    Closes-Bug: #1839252
    Change-Id: Id029be51bffe4188dd7f2155db16b21d19da1698
    (cherry picked from commit 762773525234814c1c47b5d21e072a30a94ff9e6)