[NETVIRT-214] Multiple SGs with same rules, dissociating either of SG from an instance results in deletion of SG flows - OpenDaylight JIRA

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Resolution: Done
Affects Version/s: Boron
Fix Version/s: None
Component/s: General
Labels:
None
Environment:

Operating System: All
Platform: All

External issue ID:
7020

Description

Create multiple security groups (SG) with some common rules and associated both the SG's with the VM. Flow entries are created for SG rules and ping works.

When user dissociates any one of the SG from VM, flow entries corresponding to the common rules are getting deleted from the flow table and traffic fails.

Steps to reproduce:
-------------------
1. Create two SG's (sg1 and sg2) have some common rules. Below are two icmp rules common in both sg1 and sg2.

sg1	egress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0
	ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0
sg2	egress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0
	ingress, IPv4, 80/tcp, remote_ip_prefix: 0.0.0.0/0
	ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0

2. Create network, subnet
3. Create VM1 with sg1 and sg2. Verify flows
4. Dissociate sg2 from VM1

Observation:
--------------
Flow entries corresponding to icmp rules are deleted from table 41 and 252.

Expected behavior:
------------------
Since VM1 has one more SG (sg1) associated, flow entries corresponding to icmp rules should exist in table 41 and 252.

Attachments

Issue Links

is duplicated by

NETVIRT-225 SG - Delete Security group influence of existing rules

Resolved

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Somashekar Byrappa

Reporter:: Somashekar Byrappa

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Oct/16 10:26 AM

Updated:: 09/Dec/16 1:36 PM

Resolved:: 09/Dec/16 1:36 PM