Hi All, Tempest is testing SG rule creation and pinging scenario tests with ethertype='IPv6' and protocol='icmp' [0]. In case of ethertype='IPv6', currently neutron accept protocol type as 'icmp', 'icmpv6' and 'ipv6-icmp' which again seems like duplication of SG rules bug on neutron side but not sure [1] But it seems like some driver does not work with 'icmp' on IPv6, at least ODL as mentioned in bug [2]. Where few others like ML2/OVS iptables driver convert 'icmp' to 'icmpv6' when ethertype='IPv6' and had no issue with 'icmp'. IMO neutron should keep accepting 'icmp' for IPv6 for backward compatibility and legacy usage and tempest should test 'icmp' also along with other protocol type. But we need more feedback on that what is right way (as per backward compatibility pov) and recommended way for having best behaviour for SG rules on IPv6. What best can work for all plugins also? .. 0 https://git.openstack.org/cgit/openstack/tempest/tree/tempest/api/network/test_security_groups.py https://git.openstack.org/cgit/openstack/tempest/tree/tempest/scenario/manager.py#n1116 .. 1 https://bugs.launchpad.net/neutron/+bug/1582500 .. 2 https://bugs.launchpad.net/tempest/+bug/1671366 .. 3 https://git.openstack.org/cgit/openstack/neutron/tree/neutron/agent/linux/iptables_firewall.py#n378 -gmann -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170324/477d0704/attachment.html>