[NETVIRT-658] After applying Other_protocol(IP Protocol - [0]) SG Rule to VMs , communication is not happening. Created: 08/May/17  Updated: 03/May/18  Resolved: 29/Jun/17

Status: Resolved
Project: netvirt
Component/s: General
Affects Version/s: Carbon
Fix Version/s: None

Type: Bug
Reporter: Hari Prasidh Assignee: Vinoth B
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All

Attachments: File karaf.tar.gz    
External issue ID: 8399

 Description   

Setup Used:

1. 3 node ODL cluster + HA proxy
2. new netvirt (carbon)
3. Packstack with ocata.

Steps followed for testing:

1.Created Network
2.Created 2 VMs.
3.Created SG1 with [Other Protocol] - [IP Protocol] - [0].
4.Applied SG1 to both the VMs.

Observed communication failed .

 Comments   
Comment by Aswin Suryanarayanan [ 24/May/17 ]

Logs when tested with patch 10 of https://git.opendaylight.org/gerrit/#/c/57705

Comment by Aswin Suryanarayanan [ 24/May/17 ]

Attachment karaf.tar.gz has been added with description: Logs

Comment by Aswin Suryanarayanan [ 24/May/17 ]

(In reply to Aswin Suryanarayanan from comment #1)
> Created attachment 1805 [details]
> Logs
>
> Logs when tested with patch 10 of
> https://git.opendaylight.org/gerrit/#/c/57705

wrong attachment ignore

Comment by Aswin Suryanarayanan [ 25/May/17 ]

Is the netfilter marking the packet as invalid here? where in pipeline packet is dropped?

Comment by Vinoth B [ 09/Jun/17 ]

Patch pushed

For Genius,
https://git.opendaylight.org/gerrit/#/c/58502/
For Netvirt,
https://git.opendaylight.org/gerrit/#/c/58494

Fix provided :

For ip_proto=0 rule, Installed the same set of flows as ip_proto=ANY rule

Comment by Vinoth B [ 16/Jun/17 ]

Test case:

1. Created SG1 with [Other Protocol] - [IP Protocol] - [0] rule
2. Created 2 VMs with SG1
3. Verified the communication (ICMP, TCP and UDP) between VMs.

Setup - 1 : Pure openstack with IPTable_firewall

Tested the above test case and observed that the communication between VMs is working.

Setup 2 : Pure openstack with OVS firewall

The communication between VMs is not working in above test case.

Comment by Vinoth B [ 29/Jun/17 ]

(In reply to Vinoth B from comment #4)
> Patch pushed
>
> For Genius,
> https://git.opendaylight.org/gerrit/#/c/58502/
> For Netvirt,
> https://git.opendaylight.org/gerrit/#/c/58494
>
> Fix provided :
>
> For ip_proto=0 rule, Installed the same set of flows as ip_proto=ANY rule

Since protocol number 0 having a valid protocol, It is not a good idea to treat 0 as ANY. So I am abandoned the above patches from merge.

Generated at Wed Feb 07 20:22:08 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.