Hello neutrinos,

last week we started a new bug deputy rotation, opening this round here are the bugs reported in week 11.

This was relatively quiet (for new bugs count), and most bugs have active discussion or suggested fix

Critical
* [security] Add allowed-address-pair 0.0.0.0/0 to one port will open all others' protocol under same security group - https://bugs.launchpad.net/neutron/+bug/1867119
  A follow-up to security bug https://bugs.launchpad.net/neutron/+bug/1793029 (which was fixed in documentation)
  Potential code fix at https://review.opendev.org/712632 - reviews and opinions most welcome

Medium
* Restart neutron-linuxbridge-agent service led to all ports status changed - https://bugs.launchpad.net/neutron/+bug/1866743
  Reported on Pike/Queens, pretty standard configuration, may be l2pop
  Related gerrit question: https://review.opendev.org/713156
* MTU too large error presented on create but not update - https://bugs.launchpad.net/neutron/+bug/1867214
  Suggested fix: https://review.opendev.org/712801

Low
* Packets incorrectly marked as martian - https://bugs.launchpad.net/neutron/+bug/1866615
  Martian packets logged with some specific setup, VMs are working fine though, switching to ovs firewall workarounds the issue
* Deployment has security group with empty tenant id - https://bugs.launchpad.net/neutron/+bug/1867101
  Some master devstacks deployments like networking-odl get empty project ID for default security group
* Unnecessary network flapping while update floatingip without port or fixed ip changed - https://bugs.launchpad.net/neutron/+bug/1867122
  OVN mech driver only, some discussion about relevant use-case for FIP update in LP and patch https://review.opendev.org/712641

Incomplete
* router-update for internal networking not correct when restarting ovs-agent - https://bugs.launchpad.net/neutron/+bug/1866635
  Missing flows on restart, I asked for more logs - may be missing tunnel during restart

Update from previous week
* br-int bridge in one compute can't learn MAC addresses of VMs in other compute nodes - https://bugs.launchpad.net/neutron/+bug/1866445
  Was closed as duplicate of bug #1732067 but they do not use OVS firewall
  Patch for iptables_hybrid proposed: https://review.opendev.org/712640

Last bug I triaged is 1867214, handing over the deputy baton to slaweq

--
Bernard Cafarelli