IGMP queries from address 0.0.0.0 being blocked
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
In Progress
|
Undecided
|
Caio Bruchert | ||
Bug Description
Brief Description
-----------------
IGMP queries from address 0.0.0.0 on the cluster-host and mgmt networks are being blocked and it causes the heartbeat traffic to stop and the controller-0 to reboot.
IGMP queries with source address 0.0.0.0 are sent when the switch between the controllers has IGMP snooping enabled on a VLAN without an IP address configured.
Severity
--------
Critical
Steps to Reproduce
------------------
Configure the switch with IGMP snooping for the mgmt or cluster-host VLAN.
The VLAN must have no IP address configured.
Expected Behavior
------------------
IGMP queries with source address 0.0.0.0 from the switch should be allowed and IGMP reports should be seen.
Actual Behavior
----------------
IGMP queries with source address 0.0.0.0 from the switch are block and IGMP reports are not seen.
Reproducibility
---------------
Reproducible
System Configuration
-------
AIO-DX
Branch/Pull Time/Commit
-------
master
Last Pass
---------
Before the firewall was implemented
Timestamp/Logs
--------------
Test Activity
-------------
Regression Testing
Workaround
Edit the firewall rules for mgmt and cluster-host networks to allow IGMP with source address 0.0.0.0/32 using:
kubectl edit globalnetworkpo
kubectl edit globalnetworkpo
| Changed in starlingx: | |
| assignee: | nobody → Caio Bruchert (cbrucher) |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to config (master) | #1 |
| Changed in starlingx: | |
| status: | New → In Progress |
Fix proposed to branch: master
Review: https:/