Tempest: add scenario to validate that stateless SG rules are working in presence of Load Balancer attached to the same network
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| neutron |
Confirmed
|
Wishlist
|
Slawek Kaplonski | ||
Bug Description
It was found that in case of ML2/OVN, stateless SG rules stop working when a Octavia Load Balancer is attached to the same network. This was addressed in OVN core project with: https:/
I think it may make sense to add a new integration scenario for this case in tempest plugin that would:
- create stateless SG
- define some rules
- start a VM for the SG
- check rules work as expected
- define a Load Balancer for the network
- check the SG rules still work as expected
This is a corner case, but since we know it's problematic in some OVN branches and since ML2/OVN is the default implementation, - and since OVN core team is considering adjusting the ACL conntrack behavior in the near future that may affect stateless behavior - it may be wise to implement the scenario nevertheless.
| Ihar Hrachyshka (ihar-hrachyshka) wrote | #1 |
| tags: | added: ovn ovn-octavia-provider tempest |
| Changed in neutron: | |
| status: | New → Confirmed |
| importance: | Undecided → Wishlist |
| assignee: | nobody → Slawek Kaplonski (slaweq) |
The issue was originally spotted in RH bugzilla: https:/