yahoo-eng-team team mailing list archive

[Vishal Thapar <vthapar@xxxxxx>]

Public bug reported:

ovs_lib.py provides defer_apply_on/off methods to bulk apply flow
changes on a bridge. Currently the order in which flows get applied is
add, mod, del. This causes problems for ovs-firewall-driver.
update_port_filter() deletes all existing flows on a port and then adds
new flows. But because of fixed order of deferred flows the addition of
new flows is done first and then cleanup deleting all flows. This
results in a scenario where update_port_filter ends up wiping out all
flows.

This is a big issue for ovs-firewall-driver. There should be a means to
tweak the order in which flows will be applied when turning
deferred_apply_on.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: ml2 ovs ovs-firewall-driver

** Tags removed: ovs-firewall-driver ovslib

** Tags added: ml2

** Tags added: ovs ovs-firewall-driver

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1312023

Title:
  ovs_lib: apply order for deferred flows problematic for ovs-firewall-
  driver

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  ovs_lib.py provides defer_apply_on/off methods to bulk apply flow
  changes on a bridge. Currently the order in which flows get applied is
  add, mod, del. This causes problems for ovs-firewall-driver.
  update_port_filter() deletes all existing flows on a port and then
  adds new flows. But because of fixed order of deferred flows the
  addition of new flows is done first and then cleanup deleting all
  flows. This results in a scenario where update_port_filter ends up
  wiping out all flows.

  This is a big issue for ovs-firewall-driver. There should be a means
  to tweak the order in which flows will be applied when turning
  deferred_apply_on.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1312023/+subscriptions