NETVIRT-1193: ACL dropping IPv6 RA packets from external router.
When an IPv6 subnet is created without specifying ipv6_ra_mode,
it is expected that the VMs with this subnet obtains global IPv6
address from non-OpenStack router using SLAAC.
Hence added below ACL flow to allow IPv6 RA packets from external
router if ipv6_ra_mode is not specified.
Since ipv6_src for RA packets are always link-local address, flow
contains match ipv6_src=fe80::/10 to allow from entire link-local
prefix.
cookie=0x6900000, duration=12.117s, table=240, n_packets=0, n_bytes=0, priority=63010,icmp6,reg6=0x400/0xfffff00,ipv6_src=fe80::/10,icmp_type=134,icmp_code=0 actions=resubmit(,220)
Change-Id: I030a99dd2e4385748a6b49cb2735e154b229da01
Signed-off-by: Somashekar Byrappa <somashekar.b@altencalsoftlabs.com>
15 files changed: