Public bug reported: Iptables doesn't work properly with fullstack, as can be observed in [1].
The gist is that since all ovs-agents are running on the same namespace, they try to override each other's iptables, causing the failures. This will obviously cause security groups to fail. Also, Assaf Muller mentioned that since FakeMachines are directly connected to br-int, security groups will also not work properly on them. Instead, they should be connected through an intermediary linuxbridge. [1]: http://logs.openstack.org/71/270971/3/check/gate-neutron-dsvm- fullstack/c913b51/logs/TestConnectivitySameNetwork.test_connectivity_VLANs,Ofctl_ /neutron-openvswitch-agent--2016-02-14-- 11-40-19-078390.log.txt.gz#_2016-02-14_11_41_03_165 ** Affects: neutron Importance: Undecided Status: Confirmed ** Tags: fullstack -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1546490 Title: Security groups don't work with fullstack Status in neutron: Confirmed Bug description: Iptables doesn't work properly with fullstack, as can be observed in [1]. The gist is that since all ovs-agents are running on the same namespace, they try to override each other's iptables, causing the failures. This will obviously cause security groups to fail. Also, Assaf Muller mentioned that since FakeMachines are directly connected to br-int, security groups will also not work properly on them. Instead, they should be connected through an intermediary linuxbridge. [1]: http://logs.openstack.org/71/270971/3/check/gate-neutron-dsvm- fullstack/c913b51/logs/TestConnectivitySameNetwork.test_connectivity_VLANs,Ofctl_ /neutron-openvswitch-agent--2016-02-14-- 11-40-19-078390.log.txt.gz#_2016-02-14_11_41_03_165 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1546490/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp