Unfortunately, I'm unable to upgrade my cluster to master or latest rocky immediately. I'm currently on stable/rocky off commit #56c070c5a37f06515c9330274ae12d87e7468421.
I walked through the other commits on latest stable/rocky and I see this commit that comes closest, which I am already running:
commit 9749fd270c1f7493fe4daf8b0e8412fcf0412184
Author: LIU Yulong <email address hidden>
Date: Mon Oct 8 14:52:16 2018 +0800
Prevent create port forwarding to port which has binding fip
For dvr scenario, if port has a bound floating, and then create
port forwarding to it, this port forwarding will not work, due to
the traffic is redirected to dvr rules.
This patch restricts such API request, if user try to create port
forwarding to a port, check if it has bound floating IP first.
This will be run for all type of routers, since neutron should
not let user to waste public IP address on a port which already
has a floating IP, it can take care all the procotol port
numbers.
Closes-Bug: #1799137
Change-Id: I4ba4b023d79185f8d478d60ce16417d3501bf785
(cherry picked from commit b8d2ab8543a27b03bde534ef994027d9b44556c4)
Can you point me to a specific review/commit that you think fixes this? While upgrading might involve a lot of paperwork, I am able to apply a patch to see if that fixes things.
Unfortunately, I'm unable to upgrade my cluster to master or latest rocky immediately. I'm currently on stable/rocky off commit #56c070c5a37f06 515c9330274ae12 d87e7468421.
I walked through the other commits on latest stable/rocky and I see this commit that comes closest, which I am already running:
commit 9749fd270c1f749 3fe4daf8b0e8412 fcf0412184
Author: LIU Yulong <email address hidden>
Date: Mon Oct 8 14:52:16 2018 +0800
Prevent create port forwarding to port which has binding fip
For dvr scenario, if port has a bound floating, and then create
port forwarding to it, this port forwarding will not work, due to
the traffic is redirected to dvr rules.
This patch restricts such API request, if user try to create port
forwarding to a port, check if it has bound floating IP first.
This will be run for all type of routers, since neutron should
not let user to waste public IP address on a port which already
has a floating IP, it can take care all the procotol port
numbers.
Conflicts:
neutron/ services/ portforwarding/ pf_plugin. py
Closes-Bug: #1799137 f8d478d60ce1641 7d3501bf785 3bde534ef994027 d9b44556c4)
Change-Id: I4ba4b023d79185
(cherry picked from commit b8d2ab8543a27b0
Can you point me to a specific review/commit that you think fixes this? While upgrading might involve a lot of paperwork, I am able to apply a patch to see if that fixes things.