https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/NETVIRT-92 netvirt <p>I have created 3 instances on a private network in OpenStack, without router (so i'm not using the L3 pipeline). Two instances on one compute and the third instance on a different compute.<br/> All instances received IP from the DHCP server as part of the boot process.</p> <p>I have observed that there is no ping from the DHCP to the instances (and between themselves).<br/> After debugging the flows I saw that the packets were droped in table 251 (ACL table).</p> <p>Restart to an instance (in the OpenStack GUI), causes the flows in table 220 to change their actions and instead of a goto table 251 instruction, now there is an output to a port, which causes the ping to pass (both request and reply).</p> <p>Same thing for an instance on a different compute. I had ran ping from the DHCP server to an instance in different compute, a restart to the instance had cause the flows in the remote ovs to bypass the ACL table also.</p> <p>Operating System: All<br/> Platform: All</p> NETVIRT-92

Restart to an VM instance in OpenStack bypass ACL flows

Bug Resolved Done Aswin Suryanarayanan Tomer Pearl Tue, 23 Aug 2016 17:14:52 +0000 Thu, 3 May 2018 14:37:01 +0000 Tue, 30 Aug 2016 15:38:18 +0000 Boron General 0 1 <p>The AclInterface cache was getting cleaned on a interface state change.<br/> Now it will be cleaned up only on port delete.</p> <p>So when a vm is restarted, the Aclrules will be cleaned for stop(for the interface down) and will be added again when vm starts (interface up).</p> <p>Patch <span class="error">&#91;1&#93;</span> is pushed to fix the same.</p> <p><span class="error">&#91;1&#93;</span>https://git.opendaylight.org/gerrit/#/c/44607/</p> Development External issue ID 6514 External issue URL Priority Rank 0|i01pnz: