[openstack-dev] [neutron][networking-odl][qa] What's the recommended behavior for SG Rules with ethertype='IPv6' and protocol='icmp' ?

Ghanshyam Mann ghanshyammann at gmail.com
Fri Mar 24 10:41:44 UTC 2017


Hi All,

Tempest is testing SG rule creation and pinging scenario tests with
ethertype='IPv6' and protocol='icmp' [0].
In case of ethertype='IPv6', currently neutron accept protocol type
as 'icmp', 'icmpv6' and 'ipv6-icmp' which again seems like duplication of
SG rules bug on neutron side but not sure [1]

But it seems like some driver does not work with 'icmp' on IPv6, at least
ODL as mentioned in bug [2]. Where few others like ML2/OVS iptables driver
convert 'icmp' to 'icmpv6' when ethertype='IPv6' and had no issue with
'icmp'.

IMO neutron should keep accepting 'icmp' for IPv6 for backward
compatibility and legacy usage and tempest should test 'icmp' also along
with other protocol type.
But we need more feedback on that what is right way (as per backward
compatibility pov) and recommended way for having best behaviour for SG
rules on IPv6. What best can work for all plugins also?

.. 0

https://git.openstack.org/cgit/openstack/tempest/tree/tempest/api/network/test_security_groups.py

https://git.openstack.org/cgit/openstack/tempest/tree/tempest/scenario/manager.py#n1116

.. 1 https://bugs.launchpad.net/neutron/+bug/1582500

.. 2 https://bugs.launchpad.net/tempest/+bug/1671366

.. 3
https://git.openstack.org/cgit/openstack/neutron/tree/neutron/agent/linux/iptables_firewall.py#n378


-gmann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170324/477d0704/attachment.html>


More information about the OpenStack-dev mailing list