Go to file

Slawek Kaplonski 1fd2fcc5c3 Don't prevent setting CIDRs as allowed_address_pair for port

Previously with [1] we blocked possiblility to set as allowed address
pair for port any IP or CIDR which contains IP address assigned to the
distributed metadata IP address in same network. It was done that way
because setting distributed metadata IP address as allowed address pair
for any port in the network breaks metadata service for all of the ports
in that network.

But this restriction was too strict as it also prevented to set CIDRs
bigger then /32 or /128 in the allowed_address_pair if CIDR contained
distributed metadata port IP. For example:
- distributed metadata port IP address 10.0.0.2
- allowed address pairs set for port in that network:
  - 10.0.0.3 - allowed
  - 10.0.0.1/26 - not allowed as 10.0.0.2 belongs to that CIDR.

In such case however, when CIDR is set as
allowed_address_pair, it is not set in OVN as Virtual IP so it won't
break connectivity to the metadata service as was reported in [2]
thus we should allow that.
This patch is reducing that restriction. Now CIDRs can be set as
allowed_address_pair for the port even if it includes IP assigned for
the distributed metadata port.
It is only forbidden to set as allowed_address_pair same, single IP
address as set for the distributed metadata port.

Closes-Bug: #2131928

[1] https://review.opendev.org/c/openstack/neutron/+/955757
[2] https://bugs.launchpad.net/neutron/+bug/2116249

Change-Id: Ieb98a126b6d380894456ed892c0a19787e7fbb04
Signed-off-by: Slawek Kaplonski <skaplons@redhat.com>
(cherry picked from commit 71ae26e352)

2025-12-01 17:21:19 +00:00

api-ref

Fix some typos

2016-06-28 22:46:19 +02:00

devstack

Add trusted vif api extension for the port

2024-09-05 07:18:08 +00:00

doc

[OVN] Set always the GW LRP "gateway_mtu" option

2025-09-29 19:03:41 -04:00

etc

[S-RBAC] Change policies for port's binding:profile field

2024-02-16 16:10:43 +01:00

neutron

Don't prevent setting CIDRs as allowed_address_pair for port

2025-12-01 17:21:19 +00:00

playbooks

Add some swap to tox-cover job

2024-06-06 11:13:54 +05:30

rally-jobs

[ci] Fix several rally task arguments

2020-05-06 14:56:27 +03:00

releasenotes

[OVN] Set always the GW LRP "gateway_mtu" option

2025-09-29 19:03:41 -04:00

roles

[CI] Functional: Increase Ulimit to 4096

2024-10-09 04:01:38 +00:00

tools

Merge "Skip abandoning of the old patches in unmaintained branches"

2024-08-06 00:33:31 +00:00

vagrant/ovn

Fix local neutron folder path in ovn/sparse/Vagrantfile

2020-11-03 17:02:34 +01:00

zuul.d

[CI][9-stream][stable only] Use last python3.9 supported tempest tag

2025-11-07 13:17:53 +05:30

.coveragerc

Exclude files from coverage check, improve overall result

2024-03-05 08:13:17 +00:00

.gitignore

Ignore reno artefacts (RELEASENOTES.rst and reno.cache)

2023-01-18 04:52:03 +01:00

.gitreview

Update .gitreview for stable/2024.2

2024-09-13 11:13:42 +00:00

.mailmap

Add mailmap entry

2014-05-16 13:40:04 -04:00

.pre-commit-config.yaml

Add pre-commit configuration

2024-05-02 10:46:27 +00:00

.pylintrc

Fix the broken neutron gate

2024-05-15 16:13:38 +02:00

.stestr.conf

Fix post gate hook to accommodate for new os-testr

2017-09-12 14:20:12 -06:00

bindep.txt

Fix bindep for Debian bookworm

2023-08-21 13:57:00 +00:00

CONTRIBUTING.rst

[Community goal] Add contributor and PTL guide

2020-03-03 04:43:26 +01:00

HACKING.rst

Update hacking version

2024-02-08 10:34:10 -05:00

LICENSE

Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to

2011-08-08 12:31:04 -07:00

plugin.spec

Update url and package name

2023-03-28 06:59:20 +00:00

README.rst

Doc: make the contributor guide more visible

2022-07-14 13:08:56 +02:00

requirements.txt

Add new "tagging" API method: create (POST)

2024-09-06 07:11:15 +00:00

setup.cfg

Add trusted vif api extension for the port

2024-09-05 07:18:08 +00:00

setup.py

Cleanup setup.py and requirements

2024-01-12 17:44:09 +09:00

test-requirements.txt

Remove old excludes

2024-05-21 13:17:36 -04:00

TESTING.rst

Amend documentation for fullstack tests

2022-12-08 14:29:34 +01:00

tox.ini

[FT] Isolate randomly failing address scope tests

2025-07-21 12:41:02 +00:00

README.rst

OpenStack Neutron

Neutron is an OpenStack project to provide "network connectivity as a service" between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., Nova).

To learn more about neutron:

Documentation: https://docs.openstack.org/neutron/latest/

Features: https://specs.openstack.org/openstack/neutron-specs

Defects: https://launchpad.net/neutron

Release notes: https://docs.openstack.org/releasenotes/neutron/index.html

Source: https://opendev.org/openstack/neutron

If you would like to contribute to Neutron, please read the file CONTRIBUTING.rst or see the Neutron contributor guide:

https://docs.openstack.org/neutron/latest/contributor/contributing.html

Get in touch via email. Use [Neutron] in your subject.