[Bug 1664282] [NEW] lxd bridge interferes with tenant networks

Fairbanks. 1664282 at bugs.launchpad.net
Mon Feb 13 15:42:00 UTC 2017


Public bug reported:

Hello,

I have deployed OpenStack using juju with the openstack bundle.
This bundle uses LXD containers. The setup of these LXD containers create a bridge interface for NAT usage for these LXD's.

In my deployment this LXD network is located on 10.0.0.0/24 on all the
machines, the neutron-gateway and several nova-compute nodes.

This produces several iptable rules, like postrouting and forwarding for
this network.

Now, if i start an kvm instance on one of the compute nodes which has
LXD containers running on the host, and i create a tenant network in
that same subnet, the instance doesn't work, because its traffic is
being altered by the iptable rules.

I don't know if this causes any security issues, but it at least means
that tenant networks which will be on that same subnet as the lxd
network will fail to work.

For more information please let me know.

** Affects: charms
     Importance: Undecided
         Status: New


** Tags: bridge iptables lxd lxdbr0 posrouting

** Package changed: cinder (Juju Charms Collection) => charms

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Juju Charms Collection.
Matching subscriptions: charm-bugs
https://bugs.launchpad.net/bugs/1664282

Title:
  lxd bridge interferes with tenant networks

Status in Juju Charms Collection:
  New

Bug description:
  Hello,

  I have deployed OpenStack using juju with the openstack bundle.
  This bundle uses LXD containers. The setup of these LXD containers create a bridge interface for NAT usage for these LXD's.

  In my deployment this LXD network is located on 10.0.0.0/24 on all the
  machines, the neutron-gateway and several nova-compute nodes.

  This produces several iptable rules, like postrouting and forwarding
  for this network.

  Now, if i start an kvm instance on one of the compute nodes which has
  LXD containers running on the host, and i create a tenant network in
  that same subnet, the instance doesn't work, because its traffic is
  being altered by the iptable rules.

  I don't know if this causes any security issues, but it at least means
  that tenant networks which will be on that same subnet as the lxd
  network will fail to work.

  For more information please let me know.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charms/+bug/1664282/+subscriptions



More information about the Ubuntu-openstack-bugs mailing list