Guest

Preview Tool

Cisco Bug: CSCvs53247 - ACI OSP plugin don't support all named IP protocols for Security Group rules

Last Modified

Jan 15, 2020

Products (1)

  • Cisco Application Policy Infrastructure Controller (APIC)

Known Affected Releases

4.1(2g)

Description (partial)

Symptom:
It seems our plugin supports only some named IP protocols for SG rules:
 
https://github.com/noironetworks/aci-integration-module/blob/master/aim/api/types.py#L39-L41
 
ip_protocol = {'0': UNSPECIFIED, '1': 'icmp', '2': 'igmp', '6': 'tcp',
               '8': 'egp', '9': 'igp', '17': 'udp', '58': 'icmpv6',
               '88': 'eigrp', '89': 'ospfigp', '103': 'pim', '115': 'l2tp'}
 
However, OpenStack at the moment allows more named IP protocols:
 
--protocol <protocol>
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
udp, udplite, vrrp and integer representations [0-255]
or any; default: tcp)

Conditions:
Using named IP protocols for security group rules
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.