Details
-
Bug
-
Status: Resolved
-
Resolution: Done
-
Boron
-
None
-
None
-
Operating System: All
Platform: All
-
6423
Description
DHCP packets do not pass the stateful SG, resulting in a drop in the DHCP request and no IP assignment to the VM.
For the request - the source port is 68 and the destination 67, but it seems that an egress (251) rule for this is missing, only the opposite direction exists (for response). The request falls on the drop rule.
Same for the response in tables 40/41.
Adding default flows for allow for both srcport 67 -> dstport 68 and the opposite direction, both for ingress and egress solved the DHCP.
Same for using transparent SG instead of stateful.
In any case these flows seem to be missing and not symmetric:
root@alonko-devstack1:~# ovs-ofctl -OOpenFlow13 dump-flows br-int | grep "tp_src=67|tp_dst=67"
cookie=0x6900000, duration=10667.149s, table=40, n_packets=0, n_bytes=0, priority=61010,udp,metadata=0x10000000000/0x1fffff0000000000,tp_src=68,tp_dst=67 actions=resubmit(,17)
cookie=0x6900000, duration=10667.145s, table=40, n_packets=0, n_bytes=0, priority=61010,udp,metadata=0x10000000000/0x1fffff0000000000,tp_src=67,tp_dst=68 actions=drop
cookie=0x6900000, duration=10667.187s, table=251, n_packets=0, n_bytes=0, priority=61010,udp,metadata=0x10000000000/0x1fffff0000000000,tp_src=67,tp_dst=68 actions=resubmit(,220)
