[NETVIRT-431] Unable to add an ingress security group rule when the remote-ip-prefix is un-masked - OpenDaylight JIRA

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Resolution: Cannot Reproduce
Affects Version/s: Carbon
Fix Version/s: None
Component/s: General
Labels:
None
Environment:

Operating System: All
Platform: All

External issue ID:
7546

Description

Setup:
1. Stateful Security Groups enabled.
2. Create a tenant network with an IPv4 subnet and associate it to a Neutron router.
3. Create an external FLAT network with IPv4 subnet and associate the external network to the router.
4. Spawn a VM on the tenant network and associate a floating-ip to the VM.
5. Add an ingress security group rule with an unmasked remote-ip-prefix (f.e., 172.16.1.20/24)

You can see that ACL service does not program this flow in Table 252.
However, if we add the same ingress ACL rule with a masked prefix (i.e., 172.16.1.0/24), it works fine.

There is no error in karaf when step-5 is executed. So user will not be aware of this issue.
Though we can expect that user always enter a masked prefix, IMHO its good to support this use-case by handling this in ACL Service.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Unassigned

Reporter:: Sridhar Gaddam

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Jan/17 7:14 AM

Updated:: 08/Apr/19 4:58 PM

Resolved:: 06/Jul/17 5:10 AM