openstack
/
neutron
Code Issues Proposed changes
neutron/neutron
History
Kevin Benton a6b2c22dce Set IPset hash type to 'net' instead of 'ip' 
The previous hash type was 'ip' and this caused a major
issue with the allowed address pairs extension since it
results in CIDRs being passed to ipset. When the hash type
is 'ip', a CIDR is completely enumerated into all of its
addresses so 10.100.0.0/16 results in ~65k entries. This
meant a single allowed_address_pairs entry could easily
exhaust an entire set.

This patch changes the hash type to 'net', which is designed
to handle a CIDRs as a single entry.

This patch also changes the names of the ipsets because
creating an ipset with different parameters will cause an
error and our ipset manager code isn't robust enough to handle
that at this time. There is another ongoing patch to fix
that but it won't be ready in time.[1]

The related bug was closed by increasing the set limit, which
did alleviate the problem. However, this change would also
address the issue because the gate tests run an allowed address
pairs extension test with the CIDR mentioned above.

1. I59e2e1c090cb95ee1bd14dbb53b6ff2c5e2713fd

Related-Bug: #1439817
Closes-Bug: #1444397
Change-Id: I8177699b157cd3eac46e2f481f47b5d966c49b07
(cherry picked from commit a38b5df5cd)
 		2015-04-16 19:13:57 -07:00
..
agent Set IPset hash type to 'net' instead of 'ip' 2015-04-16 19:13:57 -07:00
api Moving VLAN Transparency support from core to extension 2015-04-08 08:35:13 -07:00
callbacks Migrate to oslo.log 2015-03-12 11:22:56 +01:00
cmd Add simple ARP spoofing protection 2015-03-29 20:57:07 -07:00
common Merge "Implement default subnet pool configuration settings" 2015-04-01 21:54:03 +00:00
db Merge "Re-use context session in ML2 DB get_port_binding_host" 2015-04-08 22:40:49 +00:00
debug Migrate to oslo.log 2015-03-12 11:22:56 +01:00
extensions Moving VLAN Transparency support from core to extension 2015-04-08 08:35:13 -07:00
hacking Migrate to oslo.log 2015-03-12 11:22:56 +01:00
ipam Simple subnetpool allocation quotas 2015-03-31 20:56:31 +00:00
locale Imported Translations from Transifex 2015-04-03 06:13:58 +00:00
notifiers Reuse nova batch notifier 2015-03-20 13:55:08 +00:00
openstack Migrate to oslo.log 2015-03-12 11:22:56 +01:00
plugins Merge "Add simple ARP spoofing protection" 2015-04-09 01:21:53 +00:00
scheduler Fix a usage error of joinedload + filter in l3 scheduler 2015-03-25 15:06:21 +09:00
server Migrate to oslo.log 2015-03-12 11:22:56 +01:00
services Refactoring cleanup for L3 agent callbacks 2015-04-03 11:09:28 -04:00
tests Set IPset hash type to 'net' instead of 'ip' 2015-04-16 19:13:57 -07:00
__init__.py Revert "monkey patch stdlib before importing other modules" 2015-02-11 17:26:33 -08:00
auth.py Migrate to oslo.log 2015-03-12 11:22:56 +01:00
context.py Remove "Arguments dropped when creating context" logging 2015-04-01 09:38:21 -04:00
hooks.py Remove the useless vim modelines 2014-06-21 15:07:31 +08:00
i18n.py oslo: migrate to namespace-less import paths 2015-02-05 15:09:32 +01:00
manager.py Migrate to oslo.log 2015-03-12 11:22:56 +01:00
neutron_plugin_base_v2.py Basic subnetpool CRUD 2015-03-18 22:53:50 -07:00
policy.py Merge "Enable to apply policies to resources with special plural" 2015-04-01 08:04:45 +00:00
quota.py Treat all negative quota values as -1 2015-04-02 17:26:51 +05:30
service.py Revert "Set default of api_workers to number of CPUs" 2015-03-16 17:23:44 -07:00
version.py Remove the useless vim modelines 2014-06-21 15:07:31 +08:00
wsgi.py Merge "Start metadata agent without trying to connect db" 2015-03-23 16:45:05 +00:00