[NETVIRT-92] Restart to an VM instance in OpenStack bypass ACL flows - OpenDaylight JIRA

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Resolution: Done
Affects Version/s: Boron
Fix Version/s: None
Component/s: General
Labels:
None
Environment:

Operating System: All
Platform: All

External issue ID:
6514
Priority:
High

Description

I have created 3 instances on a private network in OpenStack, without router (so i'm not using the L3 pipeline). Two instances on one compute and the third instance on a different compute.
All instances received IP from the DHCP server as part of the boot process.

I have observed that there is no ping from the DHCP to the instances (and between themselves).
After debugging the flows I saw that the packets were droped in table 251 (ACL table).

Restart to an instance (in the OpenStack GUI), causes the flows in table 220 to change their actions and instead of a goto table 251 instruction, now there is an output to a port, which causes the ping to pass (both request and reply).

Same thing for an instance on a different compute. I had ran ping from the DHCP server to an instance in different compute, a restart to the instance had cause the flows in the remote ovs to bypass the ACL table also.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Aswin Suryanarayanan

Reporter:: Tomer Pearl

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 23/Aug/16 5:14 PM

Updated:: 03/May/18 2:37 PM

Resolved:: 30/Aug/16 3:38 PM