[NETVIRT-319] miss ACL flows corresponding to ACL default rules Created: 05/Dec/16  Updated: 03/May/18  Resolved: 03/Apr/17

Status: Resolved
Project: netvirt
Component/s: General
Affects Version/s: Boron
Fix Version/s: None

Type: Bug
Reporter: wangqianyu Assignee: Aswin Suryanarayanan
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All

External issue ID: 7292

 Description   

the openstack neutron data in odl datastore is like bellow

{
"neutron": {
"security-groups": {
"security-group": [

{ "uuid": "757f3b08-e1ef-43d5-a7d9-f6eb484dea0b", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd", "name": "default" }

,

{ "uuid": "80df8d7e-ee7d-4bdd-836a-c4ba7a8f8b5c", "tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa", "name": "default" }

]
},
"networks": {
"network": [

{ "uuid": "039568d7-0fd8-49c5-997a-a4a31089ad73", "shared": false, "status": "ACTIVE", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd", "neutron-L3-ext:external": true, "neutron-provider-ext:physical-network": "public", "neutron-provider-ext:network-type": "neutron-networks:network-type-flat", "name": "public", "admin-state-up": true }

,

{ "uuid": "daa261a4-f5f7-4e38-8fb3-2405d6aae2c2", "shared": false, "status": "ACTIVE", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd", "neutron-L3-ext:external": false, "neutron-provider-ext:segmentation-id": "111", "neutron-provider-ext:network-type": "neutron-networks:network-type-vxlan", "name": "net1", "admin-state-up": true }

,

{ "uuid": "8e2b7db7-d1c9-48a5-886d-d2b2bd091349", "shared": false, "status": "ACTIVE", "tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa", "neutron-L3-ext:external": false, "neutron-provider-ext:segmentation-id": "28", "neutron-provider-ext:network-type": "neutron-networks:network-type-vxlan", "name": "private", "admin-state-up": true }

,

{ "uuid": "d9260a9d-7321-4906-a2b6-3e8f0e3fa74e", "shared": false, "status": "ACTIVE", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd", "neutron-L3-ext:external": false, "neutron-provider-ext:segmentation-id": "45", "neutron-provider-ext:network-type": "neutron-networks:network-type-vxlan", "name": "net2", "admin-state-up": true }

]
},
"security-rules": {
"security-rule": [

{ "uuid": "2a1cd8d0-4c49-4ee3-927e-677191af03a7", "security-group-id": "80df8d7e-ee7d-4bdd-836a-c4ba7a8f8b5c", "ethertype": "neutron-constants:ethertype-v4", "remote-group-id": "80df8d7e-ee7d-4bdd-836a-c4ba7a8f8b5c", "direction": "neutron-constants:direction-ingress", "tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa" }

,

{ "uuid": "151b2076-1c0f-43d6-9269-38740e57b285", "security-group-id": "757f3b08-e1ef-43d5-a7d9-f6eb484dea0b", "ethertype": "neutron-constants:ethertype-v6", "direction": "neutron-constants:direction-egress", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd" }

,

{ "uuid": "f953ad0c-add5-4608-8409-549df275f4a0", "security-group-id": "80df8d7e-ee7d-4bdd-836a-c4ba7a8f8b5c", "ethertype": "neutron-constants:ethertype-v6", "direction": "neutron-constants:direction-egress", "tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa" }

,

{ "uuid": "2040b704-a3c1-4f23-a6ff-3cb5a1b01e49", "security-group-id": "757f3b08-e1ef-43d5-a7d9-f6eb484dea0b", "ethertype": "neutron-constants:ethertype-v4", "remote-group-id": "757f3b08-e1ef-43d5-a7d9-f6eb484dea0b", "direction": "neutron-constants:direction-ingress", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd" }

,

{ "uuid": "93235dc3-bb5d-427c-b66b-f0af29225a62", "security-group-id": "757f3b08-e1ef-43d5-a7d9-f6eb484dea0b", "ethertype": "neutron-constants:ethertype-v6", "remote-group-id": "757f3b08-e1ef-43d5-a7d9-f6eb484dea0b", "direction": "neutron-constants:direction-ingress", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd" }

,

{ "uuid": "bf53ab3f-e50b-4369-8465-6d43e0ec873a", "security-group-id": "757f3b08-e1ef-43d5-a7d9-f6eb484dea0b", "ethertype": "neutron-constants:ethertype-v4", "direction": "neutron-constants:direction-egress", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd" }

,

{ "uuid": "2f8e6f6d-3503-4e85-af68-9cc88b085275", "security-group-id": "80df8d7e-ee7d-4bdd-836a-c4ba7a8f8b5c", "ethertype": "neutron-constants:ethertype-v4", "direction": "neutron-constants:direction-egress", "tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa" }

,

{ "uuid": "37cbfe3c-4ae1-414d-aeb9-c4967d6c6bb1", "security-group-id": "80df8d7e-ee7d-4bdd-836a-c4ba7a8f8b5c", "ethertype": "neutron-constants:ethertype-v6", "remote-group-id": "80df8d7e-ee7d-4bdd-836a-c4ba7a8f8b5c", "direction": "neutron-constants:direction-ingress", "tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa" }

]
},
"subnets": {
"subnet": [
{
"uuid": "53a9d1be-d21c-47c3-a74b-10665ef0461a",
"enable-dhcp": false,
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"allocation-pools": [

{ "start": "2001:db8::1", "end": "2001:db8::1" }

,

{ "start": "2001:db8::3", "end": "2001:db8::ffff:ffff:ffff:ffff" }

],
"ip-version": "neutron-constants:ip-version-v6",
"name": "ipv6-public-subnet",
"network-id": "039568d7-0fd8-49c5-997a-a4a31089ad73",
"gateway-ip": "2001:db8::2",
"cidr": "2001:db8::/64"
},
{
"uuid": "4648c3e6-bcf5-4498-93f3-f9011607cc13",
"enable-dhcp": true,
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"allocation-pools": [

{ "start": "22.22.22.2", "end": "22.22.22.100" }

],
"ip-version": "neutron-constants:ip-version-v4",
"name": "sub2",
"network-id": "d9260a9d-7321-4906-a2b6-3e8f0e3fa74e",
"gateway-ip": "22.22.22.1",
"cidr": "22.22.22.0/24"
},
{
"uuid": "326e9575-531d-4204-be4a-0d60678c72e0",
"enable-dhcp": false,
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"allocation-pools": [

{ "start": "172.24.4.2", "end": "172.24.4.254" }

],
"ip-version": "neutron-constants:ip-version-v4",
"name": "public-subnet",
"network-id": "039568d7-0fd8-49c5-997a-a4a31089ad73",
"gateway-ip": "172.24.4.1",
"cidr": "172.24.4.0/24"
},
{
"uuid": "80fadd14-44a7-405b-acbc-b1c7ff9366ba",
"enable-dhcp": true,
"tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa",
"allocation-pools": [

{ "start": "10.0.0.2", "end": "10.0.0.254" }

],
"ip-version": "neutron-constants:ip-version-v4",
"name": "private-subnet",
"network-id": "8e2b7db7-d1c9-48a5-886d-d2b2bd091349",
"gateway-ip": "10.0.0.1",
"cidr": "10.0.0.0/24"
},
{
"uuid": "fd747fdc-a705-451f-8fd8-7ac4c3f04ce6",
"ipv6-address-mode": "neutron-constants:dhcpv6-slaac",
"enable-dhcp": true,
"tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa",
"ip-version": "neutron-constants:ip-version-v6",
"network-id": "8e2b7db7-d1c9-48a5-886d-d2b2bd091349",
"allocation-pools": [

{ "start": "2001:db8:8000::2", "end": "2001:db8:8000:0:ffff:ffff:ffff:ffff" }

],
"ipv6-ra-mode": "neutron-constants:dhcpv6-slaac",
"name": "ipv6-private-subnet",
"gateway-ip": "2001:db8:8000::1",
"cidr": "2001:db8:8000::/64"
},
{
"uuid": "3a096051-d6bd-4ec2-8aab-626c03726f2e",
"enable-dhcp": true,
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"allocation-pools": [

{ "start": "11.11.11.2", "end": "11.11.11.254" }

],
"ip-version": "neutron-constants:ip-version-v4",
"name": "subnet1",
"network-id": "daa261a4-f5f7-4e38-8fb3-2405d6aae2c2",
"gateway-ip": "11.11.11.1",
"cidr": "11.11.11.0/24"
}
]
},
"ports": {
"port": [
{
"uuid": "0b121d0e-7025-41ff-b4ca-c91d0a13f0da",
"device-id": "e489d667-9853-4c40-9cf7-36d131be9b16",
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"neutron-binding:host-id": "",
"neutron-binding:vif-type": "unbound",
"neutron-binding:vnic-type": "normal",
"device-owner": "network:router_gateway",
"fixed-ips": [

{ "subnet-id": "326e9575-531d-4204-be4a-0d60678c72e0", "ip-address": "172.24.4.3" }

,

{ "subnet-id": "53a9d1be-d21c-47c3-a74b-10665ef0461a", "ip-address": "2001:db8::1" }

],
"network-id": "039568d7-0fd8-49c5-997a-a4a31089ad73",
"neutron-portsecurity:port-security-enabled": false,
"mac-address": "fa:16:3e:98:09:96",
"name": "",
"admin-state-up": true
},
{
"uuid": "83c1a19e-2348-47a3-8d23-5654cf7c3d54",
"device-id": "dhcpcd8f5f9f-e3e8-569f-87ef-f03c6cfc29bc-daa261a4-f5f7-4e38-8fb3-2405d6aae2c2",
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"neutron-binding:host-id": "localhost.localdomain",
"neutron-binding:vif-details": [

{ "details-key": "port_filter", "value": "true" }

],
"neutron-binding:vif-type": "ovs",
"neutron-binding:vnic-type": "normal",
"device-owner": "network:dhcp",
"fixed-ips": [

{ "subnet-id": "3a096051-d6bd-4ec2-8aab-626c03726f2e", "ip-address": "11.11.11.2" }

],
"network-id": "daa261a4-f5f7-4e38-8fb3-2405d6aae2c2",
"neutron-portsecurity:port-security-enabled": false,
"mac-address": "fa:16:3e:ba:33:38",
"name": "",
"admin-state-up": true
},
{
"uuid": "85b9f223-596c-4eb2-bfaf-05d76330e6e1",
"device-id": "dhcpcd8f5f9f-e3e8-569f-87ef-f03c6cfc29bc-d9260a9d-7321-4906-a2b6-3e8f0e3fa74e",
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"neutron-binding:host-id": "localhost.localdomain",
"neutron-binding:vif-details": [

{ "details-key": "port_filter", "value": "true" }

],
"neutron-binding:vif-type": "ovs",
"neutron-binding:vnic-type": "normal",
"device-owner": "network:dhcp",
"fixed-ips": [

{ "subnet-id": "4648c3e6-bcf5-4498-93f3-f9011607cc13", "ip-address": "22.22.22.2" }

],
"network-id": "d9260a9d-7321-4906-a2b6-3e8f0e3fa74e",
"neutron-portsecurity:port-security-enabled": false,
"mac-address": "fa:16:3e:5b:4b:fa",
"name": "",
"admin-state-up": true
},
{
"uuid": "21aae6c8-395d-4e78-936c-f5e9683d3180",
"device-id": "e489d667-9853-4c40-9cf7-36d131be9b16",
"tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa",
"neutron-binding:host-id": "",
"neutron-binding:vif-type": "unbound",
"neutron-binding:vnic-type": "normal",
"device-owner": "network:router_interface",
"fixed-ips": [

{ "subnet-id": "80fadd14-44a7-405b-acbc-b1c7ff9366ba", "ip-address": "10.0.0.1" }

],
"network-id": "8e2b7db7-d1c9-48a5-886d-d2b2bd091349",
"neutron-portsecurity:port-security-enabled": false,
"mac-address": "fa:16:3e:20:e6:41",
"name": "",
"admin-state-up": true
},
{
"uuid": "a48aac64-a26c-4a50-ab20-1e82af39b7f4",
"device-id": "196bd8b3-bd3f-49f5-b646-2e9d5e4b8add",
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"neutron-binding:host-id": "localhost.localdomain",
"neutron-binding:vif-details": [

{ "details-key": "port_filter", "value": "true" }

],
"neutron-binding:vif-type": "ovs",
"neutron-binding:vnic-type": "normal",
"security-groups": [
"757f3b08-e1ef-43d5-a7d9-f6eb484dea0b"
],
"device-owner": "compute:nova",
"fixed-ips": [

{ "subnet-id": "3a096051-d6bd-4ec2-8aab-626c03726f2e", "ip-address": "11.11.11.6" }

],
"network-id": "daa261a4-f5f7-4e38-8fb3-2405d6aae2c2",
"neutron-portsecurity:port-security-enabled": true,
"mac-address": "fa:16:3e:8c:26:b5",
"name": "",
"admin-state-up": true
},
{
"uuid": "c301bdaa-ab11-49a8-a8cf-57b1c417a832",
"device-id": "e489d667-9853-4c40-9cf7-36d131be9b16",
"tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa",
"neutron-binding:host-id": "",
"neutron-binding:vif-type": "unbound",
"neutron-binding:vnic-type": "normal",
"device-owner": "network:router_interface",
"fixed-ips": [

{ "subnet-id": "fd747fdc-a705-451f-8fd8-7ac4c3f04ce6", "ip-address": "2001:db8:8000::1" }

],
"network-id": "8e2b7db7-d1c9-48a5-886d-d2b2bd091349",
"neutron-portsecurity:port-security-enabled": false,
"mac-address": "fa:16:3e:44:e7:f5",
"name": "",
"admin-state-up": true
},
{
"uuid": "88634091-b9a3-4d2d-9e1a-71de095531af",
"device-id": "dhcpcd8f5f9f-e3e8-569f-87ef-f03c6cfc29bc-8e2b7db7-d1c9-48a5-886d-d2b2bd091349",
"tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa",
"neutron-binding:host-id": "localhost.localdomain",
"neutron-binding:vif-details": [

{ "details-key": "port_filter", "value": "true" }

],
"neutron-binding:vif-type": "ovs",
"neutron-binding:vnic-type": "normal",
"device-owner": "network:dhcp",
"fixed-ips": [

{ "subnet-id": "80fadd14-44a7-405b-acbc-b1c7ff9366ba", "ip-address": "10.0.0.2" }

,

{ "subnet-id": "fd747fdc-a705-451f-8fd8-7ac4c3f04ce6", "ip-address": "2001:db8:8000:0:f816:3eff:fe0e:10c1" }

],
"network-id": "8e2b7db7-d1c9-48a5-886d-d2b2bd091349",
"neutron-portsecurity:port-security-enabled": false,
"mac-address": "fa:16:3e:0e:10:c1",
"name": "",
"admin-state-up": true
},
{
"uuid": "127792dc-bffb-4737-a0e6-ce0c8c8dbe3f",
"device-id": "070d39cd-460a-45fb-a5a9-8ccb1746318d",
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"neutron-binding:host-id": "localhost.localdomain",
"neutron-binding:vif-details": [

{ "details-key": "port_filter", "value": "true" }

],
"neutron-binding:vif-type": "ovs",
"neutron-binding:vnic-type": "normal",
"security-groups": [
"757f3b08-e1ef-43d5-a7d9-f6eb484dea0b"
],
"device-owner": "compute:nova",
"fixed-ips": [

{ "subnet-id": "3a096051-d6bd-4ec2-8aab-626c03726f2e", "ip-address": "11.11.11.9" }

],
"network-id": "daa261a4-f5f7-4e38-8fb3-2405d6aae2c2",
"neutron-portsecurity:port-security-enabled": true,
"mac-address": "fa:16:3e:b0:73:1d",
"name": "",
"admin-state-up": true
},
{
"uuid": "cde0ff4f-90e1-4c2b-b6f3-e90424c42102",
"device-id": "b1b70916-6c93-4ae7-888e-fee8fcba743e",
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"neutron-binding:host-id": "",
"neutron-binding:vif-type": "unbound",
"neutron-binding:vnic-type": "normal",
"security-groups": [
"757f3b08-e1ef-43d5-a7d9-f6eb484dea0b"
],
"device-owner": "neutron:LOADBALANCERV2",
"fixed-ips": [

{ "subnet-id": "3a096051-d6bd-4ec2-8aab-626c03726f2e", "ip-address": "11.11.11.8" }

],
"network-id": "daa261a4-f5f7-4e38-8fb3-2405d6aae2c2",
"status": "ACTIVE",
"neutron-portsecurity:port-security-enabled": true,
"mac-address": "fa:16:3e:e3:42:4d",
"name": "loadbalancer-b1b70916-6c93-4ae7-888e-fee8fcba743e",
"admin-state-up": true
},
{
"uuid": "cc61bd38-89e1-4f74-a315-223d7fab073c",
"device-id": "ff9ae4b5-adba-47b4-af5b-df1c50134aaa",
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"neutron-binding:host-id": "localhost.localdomain",
"neutron-binding:vif-details": [

{ "details-key": "port_filter", "value": "true" }

],
"neutron-binding:vif-type": "ovs",
"neutron-binding:vnic-type": "normal",
"security-groups": [
"757f3b08-e1ef-43d5-a7d9-f6eb484dea0b"
],
"device-owner": "compute:nova",
"fixed-ips": [

{ "subnet-id": "4648c3e6-bcf5-4498-93f3-f9011607cc13", "ip-address": "22.22.22.10" }

],
"network-id": "d9260a9d-7321-4906-a2b6-3e8f0e3fa74e",
"neutron-portsecurity:port-security-enabled": true,
"mac-address": "fa:16:3e:36:9c:ef",
"name": "",
"admin-state-up": true
}
]
},
"routers": {
"router": [
{
"uuid": "e489d667-9853-4c40-9cf7-36d131be9b16",
"tenant-id": "2f9932d9-a90b-49ed-909d-2639b2bd0ffa",
"distributed": false,
"external_gateway_info": {
"external-network-id": "039568d7-0fd8-49c5-997a-a4a31089ad73",
"external-fixed-ips": [

{ "subnet-id": "326e9575-531d-4204-be4a-0d60678c72e0", "ip-address": "172.24.4.3" }

,

{ "subnet-id": "53a9d1be-d21c-47c3-a74b-10665ef0461a", "ip-address": "2001:db8::1" }

],
"enable-snat": true
},
"name": "router1",
"admin-state-up": true,
"gateway-port-id": "0b121d0e-7025-41ff-b4ca-c91d0a13f0da"
}
]
},
"loadbalancers": {
"loadbalancer": [

{ "uuid": "b1b70916-6c93-4ae7-888e-fee8fcba743e", "name": "Load Balancer1", "vip-subnet-id": "3a096051-d6bd-4ec2-8aab-626c03726f2e", "admin-state-up": true, "vip-address": "11.11.11.8", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd" }

]
},
"listeners": {
"listener": [

{ "uuid": "678dbddc-9001-4852-997f-078f46c59a79", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd", "loadbalancers": [ "b1b70916-6c93-4ae7-888e-fee8fcba743e" ], "connection-limit": -1, "name": "Listener 1", "admin-state-up": true, "protocol": "neutron-constants:protocol-http", "protocol-port": 80 }

]
},
"pools": {
"pool": [
{
"uuid": "7bac35ab-7309-4ad1-b1be-fe1816bcaf24",
"lb-algorithm": "ROUND_ROBIN",
"tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd",
"listeners": [
"678dbddc-9001-4852-997f-078f46c59a79"
],
"name": "Pool 1",
"members": {
"member": [

{ "uuid": "b623091b-acfa-4f0e-86ac-28b4b4556fc2", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd", "address": "11.11.11.9", "subnet-id": "3a096051-d6bd-4ec2-8aab-626c03726f2e", "weight": 1, "admin-state-up": true, "protocol-port": 80 }

]
},
"admin-state-up": true,
"protocol": "neutron-constants:protocol-http"
}
]
},
"healthmonitors": {
"healthmonitor": [

{ "uuid": "75bb649d-63cf-4f52-a3e9-8f4c75be488c", "http-method": "GET", "type": "neutron-constants:probe-http", "timeout": 5, "expected-codes": "200", "tenant-id": "9422d76e-19c8-442d-b657-881f74c501bd", "url-path": "/", "max-retries": 3, "pools": [ "7bac35ab-7309-4ad1-b1be-fe1816bcaf24" ], "admin-state-up": true, "delay": 5 }

]
}
}
}

and the flows in ovs is as follow:

[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# ovs-ofctl dump-flows -O openflow13 br-int
OFPST_FLOW reply (OF1.3) (xid=0x2):
cookie=0x8000000, duration=4716.549s, table=0, n_packets=0, n_bytes=0, priority=4,in_port=2 actions=write_metadata:0x50000000000/0xffffff0000000001,goto_table:17
cookie=0x8000000, duration=4716.262s, table=0, n_packets=13, n_bytes=3239, priority=4,in_port=3 actions=write_metadata:0x10000000000/0xffffff0000000001,goto_table:17
cookie=0x8000000, duration=4716.051s, table=0, n_packets=2, n_bytes=758, priority=4,in_port=4 actions=write_metadata:0x60000000000/0xffffff0000000001,goto_table:17
cookie=0x8000000, duration=2596.061s, table=0, n_packets=111, n_bytes=8818, priority=4,in_port=10 actions=write_metadata:0x70000000000/0xffffff0000000001,goto_table:17
cookie=0x8000000, duration=2566.229s, table=0, n_packets=111, n_bytes=8818, priority=4,in_port=11 actions=write_metadata:0x80000000000/0xffffff0000000001,goto_table:17
cookie=0x8000000, duration=80.143s, table=0, n_packets=37, n_bytes=3194, priority=4,in_port=12 actions=write_metadata:0x90000000000/0xffffff0000000001,goto_table:17

cookie=0x8040000, duration=4334.256s, table=17, n_packets=2, n_bytes=758, priority=6,metadata=0xc000060000000000/0xffffff0000000000 actions=write_metadata:0xe000061388000000/0xfffffffffffffffe,goto_table:50
cookie=0x8000001, duration=4334.247s, table=17, n_packets=2, n_bytes=758, priority=5,metadata=0x60000000000/0xffffff0000000000 actions=write_metadata:0xc0000600000222ea/0xfffffffffffffffe,goto_table:19
cookie=0x8040000, duration=4164.785s, table=17, n_packets=13, n_bytes=3239, priority=6,metadata=0xc000010000000000/0xffffff0000000000 actions=write_metadata:0xe00001138e000000/0xfffffffffffffffe,goto_table:50
cookie=0x8000001, duration=4164.784s, table=17, n_packets=13, n_bytes=3239, priority=5,metadata=0x10000000000/0xffffff0000000000 actions=write_metadata:0xc0000100000222ea/0xfffffffffffffffe,goto_table:19
cookie=0x6900000, duration=2592.864s, table=17, n_packets=111, n_bytes=8818, priority=1,metadata=0x70000000000/0xffffff0000000000 actions=write_metadata:0xa000070000000000/0xfffffffffffffffe,goto_table:40
cookie=0x8040000, duration=2592.776s, table=17, n_packets=16, n_bytes=1480, priority=6,metadata=0xc000070000000000/0xffffff0000000000 actions=write_metadata:0xe00007138e000000/0xfffffffffffffffe,goto_table:50
cookie=0x8000001, duration=2592.776s, table=17, n_packets=16, n_bytes=1480, priority=5,metadata=0xa000070000000000/0xffffff0000000000 actions=write_metadata:0xc0000700000222ea/0xfffffffffffffffe,goto_table:19
cookie=0x6900000, duration=2562.974s, table=17, n_packets=111, n_bytes=8818, priority=1,metadata=0x80000000000/0xffffff0000000000 actions=write_metadata:0xa000080000000000/0xfffffffffffffffe,goto_table:40
cookie=0x8040000, duration=2562.900s, table=17, n_packets=16, n_bytes=1480, priority=6,metadata=0xc000080000000000/0xffffff0000000000 actions=write_metadata:0xe00008138e000000/0xfffffffffffffffe,goto_table:50
cookie=0x8000001, duration=2562.900s, table=17, n_packets=36, n_bytes=3128, priority=5,metadata=0xa000080000000000/0xffffff0000000000 actions=write_metadata:0xc0000800000222ea/0xfffffffffffffffe,goto_table:19
cookie=0x4000000, duration=83.978s, table=17, n_packets=0, n_bytes=0, priority=3,metadata=0x50000000000/0xffffff0000000000 actions=write_metadata:0xc000051389000000/0xfffffffffffffffe,goto_table:45
cookie=0x8040000, duration=83.978s, table=17, n_packets=0, n_bytes=0, priority=6,metadata=0xc000050000000000/0xffffff0000000000 actions=write_metadata:0xe000051389000000/0xfffffffffffffffe,goto_table:50
cookie=0x6900000, duration=76.488s, table=17, n_packets=37, n_bytes=3194, priority=1,metadata=0x90000000000/0xffffff0000000000 actions=write_metadata:0xa000090000000000/0xfffffffffffffffe,goto_table:40
cookie=0x8040000, duration=76.296s, table=17, n_packets=11, n_bytes=1270, priority=6,metadata=0xc000090000000000/0xffffff0000000000 actions=write_metadata:0xe000091388000000/0xfffffffffffffffe,goto_table:50
cookie=0x8000001, duration=76.297s, table=17, n_packets=33, n_bytes=3002, priority=5,metadata=0xa000090000000000/0xffffff0000000000 actions=write_metadata:0xc0000900000222ea/0xfffffffffffffffe,goto_table:19
cookie=0x8000000, duration=4714.968s, table=17, n_packets=0, n_bytes=0, priority=0,metadata=0xa000000000000000/0xe000000000000000 actions=write_metadata:0xc000000000000000/0xe000000000000000,goto_table:80

cookie=0x6800000, duration=4702.023s, table=18, n_packets=0, n_bytes=0, priority=0 actions=goto_table:38
cookie=0x1080000, duration=4713.903s, table=19, n_packets=43, n_bytes=1806, priority=100,arp,arp_op=1 actions=CONTROLLER:65535,resubmit(,17)
cookie=0x1080000, duration=4713.878s, ta...

 Comments   
Comment by Aswin Suryanarayanan [ 06/Dec/16 ]

wangqianyu

The default mode SG in netvirt Boron is stateful and it requires ovs2.5 with kernel module installed. In the flows shared the flow related to connection tracking seems to be missing. You should see some flows similar to the below ones.

table_id=40, duration=5154s, n_packets=11, n_bytes=1000, priority=61010,ip,dl_src=fa:16:3e:57:7c:31,nw_src=10.100.5.3,actions=ct(table=41,zone=5000)
table_id=40, duration=5131s, n_packets=11, n_bytes=1000, priority=61010,ip,dl_src=fa:16:3e:bf:8b:19,nw_src=10.100.5.4,actions=ct(table=41,zone=5000)

If you are using ovs2.5 you can check the kernel modules are installed or else you need to install it. With that ping should work with default Security Groups.

[vagrant@devstack-control devstack]$ lsmod|grep openvswitch
openvswitch 231888 9
nf_defrag_ipv6 34768 1 openvswitch
nf_defrag_ipv4 12729 2 openvswitch,nf_conntrack_ipv4
nf_conntrack 105745 7 openvswitch,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,xt_connmark,nf_conntrack_ipv4
gre 13796 1 openvswitch

libcrc32c 12644 2 xfs,openvswitch

The installation steps in [1] has the section "Building the Kernel OVS Tree Datapath RPM", talks about installing kernel version.

In my centos I installed these rpms, which is generated after running the command mentioned.

openvswitch-kmod-2.5.90-1.el7.centos.x86_64.rpm
openvswitch-2.5.90-1.el7.centos.x86_64.rpm

The first one is the kernel module.

If you are using a different distro, you can follow the appropriate install guide in [2].

[1] https://github.com/openvswitch/ovs/blob/master/INSTALL.Fedora.md
[2] https://github.com/openvswitch/ovs/blob/master/

Comment by Sam Hague [ 08/Feb/17 ]

wangqianyu, did Aswin's directions help or is this still an issue?

Generated at Wed Feb 07 20:21:16 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.