DragonFlow

router_port_rarp_cache and floatingip_rarp_cache dictionaries consider just mac address as key

Bug #1697439 reported by Venu Reddy on 2017-06-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	DragonFlow	Fix Released	High	Dima Kuznetsov

Bug Description

Dictionaries
router_port_rarp_cache in l3-app_base.py and
floatingip_rarp_cache in dnat_app.py

These dictionaries consider mac address alone as key. It can lead to collision when same mac addresses are reused across tenants. I believe we should consider using network id along with mac address to make key unique.

Regards,
Venu

Omer Anson (omer-anson) on 2017-06-14

Changed in dragonflow:
importance:	Undecided → High

Dima Kuznetsov (dimakuz) on 2017-06-26

Changed in dragonflow:
assignee:	nobody → Dima Kuznetsov (dimakuz)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-06-28: Related fix proposed to dragonflow (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/478500

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-06-30: Related fix merged to dragonflow (master)

Reviewed: https://review.openstack.org/478500
Committed: https://git.openstack.org/cgit/openstack/dragonflow/commit/?id=9a9a1b2a42c8e2e3d29fd801ed08dc6f223d6a8f
Submitter: Jenkins
Branch: master

commit 9a9a1b2a42c8e2e3d29fd801ed08dc6f223d6a8f
Author: Dima Kuznetsov <email address hidden>
Date: Wed Jun 28 15:11:17 2017 +0300

DNAT: Use port key in ICMP handling code

    This patch changes floating port lookup in functions that generate and
    translate ICMP responses. The old lookup relied on MAC address of the
    logical port of the floating IP but this can lead to collisions between
    networks.

    Related-Bug: #1697439
    Related-Bug: #1636829
    Change-Id: I22ddbfadf7e3de5d9f2331edb3189a7eb734db3d

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-04: Fix proposed to dragonflow (master)

Fix proposed to branch: master
Review: https://review.openstack.org/480133

Changed in dragonflow:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-12: Fix merged to dragonflow (master)

Reviewed: https://review.openstack.org/480133
Committed: https://git.openstack.org/cgit/openstack/dragonflow/commit/?id=ab360211b7964ac2f0af9f7e3dfff683e2668987
Submitter: Jenkins
Branch: master

commit ab360211b7964ac2f0af9f7e3dfff683e2668987
Author: Dima Kuznetsov <email address hidden>
Date: Fri Jun 23 18:35:01 2017 +0300

L3 app: use port/router keys in PACKET_IN handler

    L3 app used packet's MAC address to find the relevant port IP. Since
    MACs are not unique across projects or networks, we can resolve an
    incorrect IP address. This uses router/port keys to find the relevant
    resource.

Closes-Bug: #1697439
Change-Id: I2925db5c00fcad256159306fec455b8b3c4cf8bc

Changed in dragonflow:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.