← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #56781

[Bug 1625516] [NEW] OVS FW driver ignores all non tcp udp icmp protocol rules

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Tested ovs 2.5 OVS FW driver.

Could not run sctp traffic between VMs in the same tenant and network
after allowing ip protocol 132 (sctp) ingress and egress traffic in the
security group.

With iptables driver worked well.

Tested on rhel7.3

OSP10- Newton

2016-09-20 11:20:38.121 17370 DEBUG
neutron.agent.linux.openvswitch_firewall.firewall [req-1e1ee4b4-0722
-42fb-b9a6-5499eeac7028 - - - - -] RULGEN: Rules generated for flow
{u'ethertype': u'IPv4', u'direction': u'ingress', u'source_ip_prefix':
u'0.0.0.0/0', u'protocol': u'132'} are [{'dl_type': 2048, 'reg_port': 7,
'actions': 'strip_vlan,output:7', 'priority': 70, 'table': 82, 'dl_dst':
u'fa:16:3e:5b:c9:06'}] add_flows_from_rules /usr/lib/python2.7/site-
packages/neutron/agent/linux/openvswitch_firewall/firewall.py:667

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: sg-fw

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1625516

Title:
  OVS FW driver ignores all non tcp udp icmp protocol rules

Status in neutron:
  New

Bug description:
  Tested ovs 2.5 OVS FW driver.

  Could not run sctp traffic between VMs in the same tenant and network
  after allowing ip protocol 132 (sctp) ingress and egress traffic in
  the security group.

  With iptables driver worked well.

  Tested on rhel7.3

  OSP10- Newton

  2016-09-20 11:20:38.121 17370 DEBUG
  neutron.agent.linux.openvswitch_firewall.firewall [req-1e1ee4b4-0722
  -42fb-b9a6-5499eeac7028 - - - - -] RULGEN: Rules generated for flow
  {u'ethertype': u'IPv4', u'direction': u'ingress', u'source_ip_prefix':
  u'0.0.0.0/0', u'protocol': u'132'} are [{'dl_type': 2048, 'reg_port':
  7, 'actions': 'strip_vlan,output:7', 'priority': 70, 'table': 82,
  'dl_dst': u'fa:16:3e:5b:c9:06'}] add_flows_from_rules
  /usr/lib/python2.7/site-
  packages/neutron/agent/linux/openvswitch_firewall/firewall.py:667

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1625516/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next