From ccc7f4e248a13a0b36774f4b61123ba0c5dbbbc3 Mon Sep 17 00:00:00 2001 From: Bence Romsics Date: Tue, 10 Sep 2019 15:08:02 +0200 Subject: [PATCH] Document the incompatibility of trunk ports with iptables_hybrid fw We seem to have forgot to properly document this limitation and this is popping up in bug reports. Change-Id: I3c1d79017349be13ebb2f4a924c065e041ccbf5a Partial-Bug: #1843285 --- doc/source/admin/config-trunking.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/source/admin/config-trunking.rst b/doc/source/admin/config-trunking.rst index 1e38d61cb50..5991bcaba98 100644 --- a/doc/source/admin/config-trunking.rst +++ b/doc/source/admin/config-trunking.rst @@ -320,5 +320,10 @@ Trunk states Limitations and issues ~~~~~~~~~~~~~~~~~~~~~~ +* In ``neutron-ovs-agent`` the use of ``iptables_hybrid`` firewall driver and + trunk ports are not compatible with each other. The ``iptables_hybrid`` + firewall is not going to filter the traffic of subports. + Instead use other firewall drivers like ``openvswitch``. + * See `bugs `__ for more information.