[NETVIRT-631] Erroneous Egress Classifier flows causing packets to be egressed incorrectly Created: 25/Apr/17 Updated: 19/Oct/17 Resolved: 15/May/17 |
|
| Status: | Resolved |
| Project: | netvirt |
| Component/s: | General |
| Affects Version/s: | Carbon |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Brady Johnson | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| Issue Links: |
|
||||||||
| External issue ID: | 8296 | ||||||||
| Priority: | High | ||||||||
| Description |
|
The Egress classifier Filter flows are not matching correctly: cookie=0xf005ba1100000003, table=221, priority=260,encap_eth_type=0x894f actions=goto_table:222 The NSH encapsulation transport (NSH+ETH => encap_eth_type=0x894f and Vxgpe+NSH => tun_gpe_np=0x4) fields are not set until the packet is egressed, so they arent available here. The point to table=221 is to only allow packets with NSH to continue in the Egress classifier tables, all other packets should be sent back to the egress dispatcher. There are 2 options to solve this: 1) match on NSP, in which case we would have to add an entry for each service chain created 2) match on another NSH field set in the Ingress Classifier ACL flow, such as NSH MDtype=1. Additionally, the Egress classifier transport egress table should have the local Node IP address, but it has the remote destination SFF IP address cookie=0xf005ba1100000005, table=223, priority=260,nsp=36,tun_dst=172.19.0.3 actions=resubmit(,83) These invalid flows cause no SFC packets to be egressed and they end up getting dropped. |
| Comments |
| Comment by Brady Johnson [ 25/Apr/17 ] |
|
Fixed in Master: Fixed in stable/carbon: |