Details
-
Bug
-
Status: Resolved
-
Resolution: Done
-
Carbon
-
None
-
None
-
Operating System: All
Platform: All
-
8296
-
High
Description
The Egress classifier Filter flows are not matching correctly:
cookie=0xf005ba1100000003, table=221, priority=260,encap_eth_type=0x894f actions=goto_table:222
cookie=0xf005ba1100000003, table=221, priority=260,tun_gpe_np=0x4 actions=goto_table:222
The NSH encapsulation transport (NSH+ETH => encap_eth_type=0x894f and Vxgpe+NSH => tun_gpe_np=0x4) fields are not set until the packet is egressed, so they arent available here. The point to table=221 is to only allow packets with NSH to continue in the Egress classifier tables, all other packets should be sent back to the egress dispatcher. There are 2 options to solve this: 1) match on NSP, in which case we would have to add an entry for each service chain created 2) match on another NSH field set in the Ingress Classifier ACL flow, such as NSH MDtype=1.
Additionally, the Egress classifier transport egress table should have the local Node IP address, but it has the remote destination SFF IP address
cookie=0xf005ba1100000005, table=223, priority=260,nsp=36,tun_dst=172.19.0.3 actions=resubmit(,83)
These invalid flows cause no SFC packets to be egressed and they end up getting dropped.
Attachments
Issue Links
- is duplicated by
-
- Resolved
