yahoo-eng-team team mailing list archive

[OpenStack Infra <1721084@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/509228
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0456515a7a06ee96c2929c684a82737a1067ce72
Submitter: Jenkins
Branch:    master

commit 0456515a7a06ee96c2929c684a82737a1067ce72
Author: Jakub Libosvar <libosvar@xxxxxxxxxx>
Date:   Tue Oct 3 16:58:32 2017 +0000

    br_int: Make removal of DVR flows more strict
    
    As ingres traffic to instance ports when using DVR uses same matching
    openflow rule as openvswitch firewall driver, it happens that setting
    admin_state_up of router deletes firewall rules.
    
    This patch makes the deletion more strict because DVR and ovs-firewall
    flows differ in priority. Thus using priority when removing DVR flows
    won't affect ovs-firewall flows.
    
    Closes-bug: #1721084
    
    Change-Id: I4eb61b2824579a4f8ba219cd1b1dcf57d38ebc89


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1721084

Title:
  openvswitch firewall driver is dropping packets when router migrated
  from DVR to HA

Status in neutron:
  Fix Released

Bug description:
  Openvswitch firewall driver is dropping packets when router is
  migrated from DVR to HA.

  I see the packet is dropped at table 72

  cookie=0x6b90d3f7582969b5, duration=62.044s, table=72, n_packets=7,
  n_bytes=518, idle_age=1, priority=50,ct_state=+inv+trk actions=drop

  complete br-int flows are - http://paste.openstack.org/show/622528/
  output of "ovs-ofctl show br-int" http://paste.openstack.org/show/622530/

  But with iptables firewall driver this works fine.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1721084/+subscriptions