https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/NETVIRT-431 netvirt <p>Setup:<br/> 1. Stateful Security Groups enabled.<br/> 2. Create a tenant network with an IPv4 subnet and associate it to a Neutron router.<br/> 3. Create an external FLAT network with IPv4 subnet and associate the external network to the router.<br/> 4. Spawn a VM on the tenant network and associate a floating-ip to the VM.<br/> 5. Add an ingress security group rule with an unmasked remote-ip-prefix (f.e., 172.16.1.20/24)</p> <p>You can see that ACL service does not program this flow in Table 252.<br/> However, if we add the same ingress ACL rule with a masked prefix (i.e., 172.16.1.0/24), it works fine.</p> <p>There is no error in karaf when step-5 is executed. So user will not be aware of this issue.<br/> Though we can expect that user always enter a masked prefix, IMHO its good to support this use-case by handling this in ACL Service.</p> <p>Operating System: All<br/> Platform: All</p> NETVIRT-431

Unable to add an ingress security group rule when the remote-ip-prefix is un-masked

Bug Resolved Cannot Reproduce Unassigned Sridhar Gaddam Mon, 16 Jan 2017 07:14:25 +0000 Mon, 8 Apr 2019 16:58:30 +0000 Thu, 6 Jul 2017 05:10:39 +0000 Carbon General 0 2 <p>(In reply to Sridhar Gaddam from comment #0)<br/> &gt; Setup:<br/> &gt; 1. Stateful Security Groups enabled.<br/> &gt; 2. Create a tenant network with an IPv4 subnet and associate it to a Neutron<br/> &gt; router.<br/> &gt; 3. Create an external FLAT network with IPv4 subnet and associate the<br/> &gt; external network to the router.<br/> &gt; 4. Spawn a VM on the tenant network and associate a floating-ip to the VM.<br/> &gt; 5. Add an ingress security group rule with an unmasked remote-ip-prefix<br/> &gt; (f.e., 172.16.1.20/24)<br/> &gt; <br/> &gt; You can see that ACL service does not program this flow in Table 252.<br/> &gt; However, if we add the same ingress ACL rule with a masked prefix (i.e.,<br/> &gt; 172.16.1.0/24), it works fine.<br/> &gt; <br/> &gt; There is no error in karaf when step-5 is executed. So user will not be<br/> &gt; aware of this issue.<br/> &gt; Though we can expect that user always enter a masked prefix, IMHO its good<br/> &gt; to support this use-case by handling this in ACL Service.</p> <p>Did you mean /24 for the unmasked case or should that be /32?</p> <p>I meant /24 only. Agree that Ideally user should enter the prefix as "172.16.1.0/24", but IMHO even if he accidentally enters "172.16.1.20/24" we should be able to support.</p> <p>(In reply to Sridhar Gaddam from comment #2)<br/> &gt; I meant /24 only. Agree that Ideally user should enter the prefix as<br/> &gt; "172.16.1.0/24", but IMHO even if he accidentally enters "172.16.1.20/24" we<br/> &gt; should be able to support.</p> <p>Hi Sridhar,<br/> similar discussion happened on this bug.<br/> <a href="https://bugs.opendaylight.org/show_bug.cgi?id=8561" class="external-link" target="_blank" rel="nofollow noopener">https://bugs.opendaylight.org/show_bug.cgi?id=8561</a><br/> OF Plugin says issue with OVS ,when OF plugin teying to push the flow using "/24" with fixed IP OVS returns error.</p> Development External issue ID 7546 External issue URL Rank 0|i01rrb: