https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/NETVIRT-513 netvirt <p>Supporting AAP with prefix 0.0.0.0/0 for remote security group rules would lead to a potential security breach. This would result in allowing the traffic from all the IPs.</p> <p>Below is a sample flow related to remote security group rules for VM (10.10.10.3). This would include nw_src match to allow traffic from VM (10.10.10.3).</p> <p> cookie=0x6900000, duration=3111.415s, table=252, n_packets=0, n_bytes=0, priority=1001,ct_state=+new+trk,ip,metadata=0x30000000000/0xfffff0000000000,nw_src=10.10.10.3 actions=ct(commit,zone=5001),resubmit(,220)</p> <p>Below is a sample flow related to remote security group rules for VM having AAP with prefix 0.0.0.0/0. This doesn't have nw_src match which would result in allowing the traffic from all the IPs.</p> <p>cookie=0x6900000, duration=3111.415s, table=252, n_packets=0, n_bytes=0, priority=1001,ct_state=+new+trk,ip,metadata=0x30000000000/0xfffff0000000000 actions=ct(commit,zone=5001),resubmit(,220).</p> <p>This bug is raised to not support AAP with 0.0.0.0/0 as part of remote security group rules/flows.</p> <p>Operating System: All<br/> Platform: All</p> NETVIRT-513

AAP with prefix 0.0.0.0/0 shouldn't be supported for remote security group rules

Bug Resolved Done Somashekar Byrappa Somashekar Byrappa Tue, 7 Mar 2017 06:50:44 +0000 Mon, 3 Apr 2017 17:40:39 +0000 Mon, 3 Apr 2017 17:40:39 +0000 Boron General 0 1 <p>Support for AAP with 0.0.0.0/0 should be retained only for anti spoofing flows which are configured in table 40/251.</p> <p>This issues is fixed in master via:<br/> <a href="https://git.opendaylight.org/gerrit/53006" class="external-link" target="_blank" rel="nofollow noopener">https://git.opendaylight.org/gerrit/53006</a></p> Development External issue ID 7912 External issue URL Rank 0|i01s9j: