Public bug reported: With https://review.opendev.org/c/openstack/neutron/+/792791 neutron build from branch `stable/train` fails to update routers with ports containing an `allowed_address_pair` containing an IP address range in CIDR notation, i.e.: ``` openstack port show 135515bf-6cdf-45d7-affa-c775d2a43ce1 -f value -c allowed_address_pairs [{'mac_address': 'fa:16:3e:1e:c4:f1', 'ip_address': '192.168.0.0/16'}] ```
I could not find definitive information on wether this is an allowed value for allowed_address_pairs, but at least the openstack/magnum project makes use of this. Once the above is set neutron-l3-agent logs errors shown in http://paste.openstack.org/show/807237/ and connection to all resources behind the router stop. Steps to reproduce: Set up openstack environment with neutron build from git branch stable/train with OVS, DVR and router HA in a multinode deployment on ubuntu bionic. Create a test environment: openstack network create test openstack subnet create --network test --subnet-range 10.0.0.0/24 test openstack router create --ha --distributed test openstack router set --external-gateway <provider network> test openstack router add subnet test test openstack server create --image <test image> --flavor m1.small --security-group <default> --network test test openstack security group create icmp openstack security group rule create --protocol icmp --ingress icmp openstack server add security group test icmp openstack floating ip create <provider network> openstack server add floating ip test <floating ip> ping <floating ip> openstack port set --allowed-address ip-address=192.168.0.0/16 <instance port> ping <floating ip> Observe loss of ping after setting allowed_address_pairs. Revert https://review.opendev.org/c/openstack/neutron/+/792791 and redeploy neutron ping <floating ip> Observe reestablishment of the connection. Please let me know if you need any other information ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1934912 Title: Router update fails for ports with allowed_address_pairs containg IP range in CIDR notation Status in neutron: New Bug description: With https://review.opendev.org/c/openstack/neutron/+/792791 neutron build from branch `stable/train` fails to update routers with ports containing an `allowed_address_pair` containing an IP address range in CIDR notation, i.e.: ``` openstack port show 135515bf-6cdf-45d7-affa-c775d2a43ce1 -f value -c allowed_address_pairs [{'mac_address': 'fa:16:3e:1e:c4:f1', 'ip_address': '192.168.0.0/16'}] ``` I could not find definitive information on wether this is an allowed value for allowed_address_pairs, but at least the openstack/magnum project makes use of this. Once the above is set neutron-l3-agent logs errors shown in http://paste.openstack.org/show/807237/ and connection to all resources behind the router stop. Steps to reproduce: Set up openstack environment with neutron build from git branch stable/train with OVS, DVR and router HA in a multinode deployment on ubuntu bionic. Create a test environment: openstack network create test openstack subnet create --network test --subnet-range 10.0.0.0/24 test openstack router create --ha --distributed test openstack router set --external-gateway <provider network> test openstack router add subnet test test openstack server create --image <test image> --flavor m1.small --security-group <default> --network test test openstack security group create icmp openstack security group rule create --protocol icmp --ingress icmp openstack server add security group test icmp openstack floating ip create <provider network> openstack server add floating ip test <floating ip> ping <floating ip> openstack port set --allowed-address ip-address=192.168.0.0/16 <instance port> ping <floating ip> Observe loss of ping after setting allowed_address_pairs. Revert https://review.opendev.org/c/openstack/neutron/+/792791 and redeploy neutron ping <floating ip> Observe reestablishment of the connection. Please let me know if you need any other information To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1934912/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp