[NETVIRT-214] Multiple SGs with same rules, dissociating either of SG from an instance results in deletion of SG flows Created: 25/Oct/16  Updated: 09/Dec/16  Resolved: 09/Dec/16

Status: Resolved
Project: netvirt
Component/s: General
Affects Version/s: Boron
Fix Version/s: None

Type: Bug
Reporter: Somashekar Byrappa Assignee: Somashekar Byrappa
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All

Issue Links:
Duplicate
is duplicated by NETVIRT-225 SG - Delete Security group influence ... Resolved
External issue ID: 7020

 Description   

Create multiple security groups (SG) with some common rules and associated both the SG's with the VM. Flow entries are created for SG rules and ping works.

When user dissociates any one of the SG from VM, flow entries corresponding to the common rules are getting deleted from the flow table and traffic fails.

Steps to reproduce:
-------------------
1. Create two SG's (sg1 and sg2) have some common rules. Below are two icmp rules common in both sg1 and sg2.

sg1 egress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0
  ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0
sg2 egress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0
  ingress, IPv4, 80/tcp, remote_ip_prefix: 0.0.0.0/0
  ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0

2. Create network, subnet
3. Create VM1 with sg1 and sg2. Verify flows
4. Dissociate sg2 from VM1

Observation:
--------------
Flow entries corresponding to icmp rules are deleted from table 41 and 252.

Expected behavior:
------------------
Since VM1 has one more SG (sg1) associated, flow entries corresponding to icmp rules should exist in table 41 and 252.

 Comments   
Comment by Koby Aizer [ 06/Nov/16 ]

This bug is in IN_PROGRESS status, are you working on its fix already?

Comment by Somashekar Byrappa [ 06/Dec/16 ]

https://git.opendaylight.org/gerrit/#/c/47519/
https://git.opendaylight.org/gerrit/#/c/48160/

Generated at Wed Feb 07 20:20:59 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.