Set security group provider rule for icmpv6 RA in DVR

Security group provider rules for RA is set for the VM ports
when a router interface is added or updated after the VM
instance is created.

In the case of DVR Routers the security group provider rule
to allow the RA packets to flow through the VM port input
chain was missing and so the VM was not able to get a
SLAAC/DHCP address when associated with a DVR Router.

This fix will add the security group rule to the VM port input
chain to allow the RA packets to flow into the VM and hence
the VM will obtain an IP address assigned by the Router.

Closes-Bug: #1501969

Conflicts:
	neutron/db/securitygroups_rpc_base.py

Change-Id: Ib0b3499d9c880fe1462734b2d4092debf4819509
(cherry picked from commit a7dc528c18)
This commit is contained in:
Swaminathan Vasudevan 2015-10-19 22:02:38 -07:00 committed by Kevin Benton
parent ca8d046adc
commit 1578dcbb8d
2 changed files with 14 additions and 2 deletions

View File

@ -153,7 +153,10 @@ class SecurityGroupServerRpcMixin(sg_db.SecurityGroupDbMixin):
security_groups_provider_updated = True
# For IPv6, provider rule need to be updated in case router
# interface is created or updated after VM port is created.
elif port['device_owner'] == q_const.DEVICE_OWNER_ROUTER_INTF:
# NOTE (Swami): ROUTER_INTERFACE_OWNERS check is required
# since it includes the legacy router interface device owners
# and DVR router interface device owners.
elif port['device_owner'] in q_const.ROUTER_INTERFACE_OWNERS:
if any(netaddr.IPAddress(fixed_ip['ip_address']).version == 6
for fixed_ip in port['fixed_ips']):
security_groups_provider_updated = True

View File

@ -129,7 +129,7 @@ class SGServerRpcCallBackTestCase(test_sg.SecurityGroupDBTestCase):
self.fmt, net['network']['id'], **kwargs)
res = self.deserialize(self.fmt, res)
port_id = res['port']['id']
if device_owner == const.DEVICE_OWNER_ROUTER_INTF:
if device_owner in const.ROUTER_INTERFACE_OWNERS:
data = {'port': {'fixed_ips': []}}
req = self.new_update_request('ports', data, port_id)
res = self.deserialize(self.fmt,
@ -145,6 +145,15 @@ class SGServerRpcCallBackTestCase(test_sg.SecurityGroupDBTestCase):
'2001:0db8::1')
self.assertTrue(self.notifier.security_groups_provider_updated.called)
def test_notify_security_group_dvr_ipv6_gateway_port_added(self):
self._test_security_group_port(
const.DEVICE_OWNER_DVR_INTERFACE,
'2001:0db8::1',
'2001:0db8::/64',
6,
'2001:0db8::2')
self.assertTrue(self.notifier.security_groups_provider_updated.called)
def test_notify_security_group_ipv6_normal_port_added(self):
self._test_security_group_port(
None,