[NETVIRT-158] ACL flows are missing when two SG's having some common rules are swapped for a VM Created: 20/Sep/16  Updated: 27/Sep/16  Resolved: 27/Sep/16

Status: Resolved
Project: netvirt
Component/s: General
Affects Version/s: Boron
Fix Version/s: None

Type: Bug
Reporter: Somashekar Byrappa Assignee: Somashekar Byrappa
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All


External issue ID: 6756

 Description   

Steps to reproduce:

1. Create network net1
2. Create subnet subnet1 10.0.1.0/24
3. Create security group sg1 and sg2 having some common rules. 22/tcp (ingress/egress) is common between both sg1 and sg2.

sg1 egress, IPv4, 22/tcp, remote_ip_prefix: 0.0.0.0/0
  egress, IPv4, 33/tcp, remote_ip_prefix: 0.0.0.0/0
  ingress, IPv4, 22/tcp, remote_ip_prefix: 0.0.0.0/0
  ingress, IPv4, 33/tcp, remote_ip_prefix: 0.0.0.0/0
sg2 egress, IPv4, 22/tcp, remote_ip_prefix: 0.0.0.0/0
  egress, IPv4, 44/tcp, remote_ip_prefix: 0.0.0.0/0
  ingress, IPv4, 22/tcp, remote_ip_prefix: 0.0.0.0/0
  ingress, IPv4, 44/tcp, remote_ip_prefix: 0.0.0.0/0

4. Create VM1 with sg1
5. Edit security groups for VM1 and change it to sg2 instead of sg1.

Observation:
-------------
The flows related to the common rules (i.e., 22/tcp on both ingress and egress) among both SG's sg1 and sg2 are not found.
Below flows are missing:

cookie=0x6900000, duration=6.342s, table=41, n_packets=0, n_bytes=0, priority=61010,ct_state=+new+trk,tcp,metadata=0x30000000000/0x1fffff0000000000,tp_dst=22 actions=ct(commit,zone=5000),resubmit(,17)
cookie=0x6900000, duration=6.359s, table=252, n_packets=0, n_bytes=0, priority=61010,ct_state=+new+trk,tcp,metadata=0x30000000000/0x1fffff0000000000,tp_dst=22 actions=ct(commit,zone=5000),resubmit(,220)

Expected behavior:
--------------------
Below flows are expected.
cookie=0x6900000, duration=6.342s, table=41, n_packets=0, n_bytes=0, priority=61010,ct_state=+new+trk,tcp,metadata=0x30000000000/0x1fffff0000000000,tp_dst=22 actions=ct(commit,zone=5000),resubmit(,17)
cookie=0x6900000, duration=6.340s, table=41, n_packets=0, n_bytes=0, priority=61010,ct_state=+new+trk,tcp,metadata=0x30000000000/0x1fffff0000000000,tp_dst=44 actions=ct(commit,zone=5000),resubmit(,17)

cookie=0x6900000, duration=6.359s, table=252, n_packets=0, n_bytes=0, priority=61010,ct_state=+new+trk,tcp,metadata=0x30000000000/0x1fffff0000000000,tp_dst=22 actions=ct(commit,zone=5000),resubmit(,220)
cookie=0x6900000, duration=6.352s, table=252, n_packets=0, n_bytes=0, priority=61010,ct_state=+new+trk,tcp,metadata=0x30000000000/0x1fffff0000000000,tp_dst=44 actions=ct(commit,zone=5000),resubmit(,220)



 Comments   
Comment by Somashekar Byrappa [ 21/Sep/16 ]

https://git.opendaylight.org/gerrit/#/c/45892/2
https://git.opendaylight.org/gerrit/#/c/45957/1

Generated at Wed Feb 07 20:20:51 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.