[neutron] Bug deputy report (week starting on 2020-03-09)

Bernard Cafarelli bcafarel at redhat.com
Mon Mar 16 09:37:26 UTC 2020

Hello neutrinos,

last week we started a new bug deputy rotation, opening this round here are
the bugs reported in week 11.

This was relatively quiet (for new bugs count), and most bugs have active
discussion or suggested fix

* [security] Add allowed-address-pair to one port will open all
others' protocol under same security group -
  A follow-up to security bug
https://bugs.launchpad.net/neutron/+bug/1793029 (which was fixed in
  Potential code fix at https://review.opendev.org/712632 - reviews and
opinions most welcome

* Restart neutron-linuxbridge-agent service led to all ports status changed
- https://bugs.launchpad.net/neutron/+bug/1866743
  Reported on Pike/Queens, pretty standard configuration, may be l2pop
  Related gerrit question: https://review.opendev.org/713156
* MTU too large error presented on create but not update -
  Suggested fix: https://review.opendev.org/712801

* Packets incorrectly marked as martian -
  Martian packets logged with some specific setup, VMs are working fine
though, switching to ovs firewall workarounds the issue
* Deployment has security group with empty tenant id -
  Some master devstacks deployments like networking-odl get empty project
ID for default security group
* Unnecessary network flapping while update floatingip without port or
fixed ip changed - https://bugs.launchpad.net/neutron/+bug/1867122
  OVN mech driver only, some discussion about relevant use-case for FIP
update in LP and patch https://review.opendev.org/712641

* router-update for internal networking not correct when restarting
ovs-agent - https://bugs.launchpad.net/neutron/+bug/1866635
  Missing flows on restart, I asked for more logs - may be missing tunnel
during restart

Update from previous week
* br-int bridge in one compute can't learn MAC addresses of VMs in other
compute nodes - https://bugs.launchpad.net/neutron/+bug/1866445
  Was closed as duplicate of bug #1732067 but they do not use OVS firewall
  Patch for iptables_hybrid proposed: https://review.opendev.org/712640

Last bug I triaged is 1867214, handing over the deputy baton to slaweq

Bernard Cafarelli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200316/e31d9aaa/attachment-0001.html>

More information about the openstack-discuss mailing list