Details
-
Bug
-
Status: Resolved
-
Resolution: Cannot Reproduce
-
Carbon
-
None
-
None
-
Operating System: All
Platform: All
-
8398
Description
environment details:
One ODL controller + One control node + 2 compute node.
ODL version: Carbon
https://nexus.opendaylight.org/content/repositories/autorelease-1779/org/opendaylight/integration/distribution-karaf/0.6.0-Carbon/distribution-karaf-0.6.0-Carbon.tar.gz
openstack Version:Ocata
issue scenario:
Communication between two VM instance on different tenant network failed when using default SG.
steps to reproduce the issue:
1.create network1 (10.0.0.0/24)
2.create network2 (20.0.0.0/24)
3.create 2VM's using network1 (VM1:10.0.0.3,VM2:10.0.0.4)
4.create 2VM's using network2 (VM3:20.0.0.3,VM4:20.0.0.4)
5.create router (R1) and attach interface(network1, network2) to the router.
6.Now open VM1 console try to ping VM3.
step 6 failed, VM1 able to ping network2 dhcp (20.0.0.2) but unable to
ping VM3 and VM4.
also VM1 unable to ping 10.0.0.1
Note: if we explicitly add icmp ingress rule in "defaultSG" ping to all
VM's are working as expected.
icmp ingress flow added in OVS:
cookie=0x6900000, duration=1231.003s, table=243, n_packets=3, n_bytes=294, priority=1006,ct_state=+new+trk,icmp,reg6=0x300/0xfffff00 actions=ct(commit,zone=5002),resubmit(,220)
default SG flow:
cookie=0x6900000, duration=1657.956s, table=243, n_packets=0, n_bytes=0, priority=1000,ct_state=+new+trk,ip,reg6=0x300/0xfffff00,metadata=0x2/0xfffffe actions=ct(commit,zone=5002),resubmit(,220)
my guess ping to other network doesn't matching "metadata=0x2/0xfffffe" ,
where as explicitly added icmp rule doesn't contain metadata in the flow ping was working.