yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1787106] Re: Not able to ping between VMs when creating logging with --resource-type security_group

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1787106@xxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Aug 2018 07:44:12 -0000
Reply-to: Bug 1787106 <1787106@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/591918
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7d2ac2d0aff90d17d2e46aba2af3b4cc32d1833c
Submitter: Zuul
Branch:    master

commit 7d2ac2d0aff90d17d2e46aba2af3b4cc32d1833c
Author: Nguyen Phuong An <AnNP@xxxxxxxxxxxxxx>
Date:   Wed Aug 15 13:09:38 2018 +0700

    Fix lost connection when create security group log
    
    Packet sent to table 91 are considered accepted by the egress pipeline
    and NORMAL action is used by default in this table. However, if we
    create a security group logging resource, then ovs flows log will be
    added into this table with higher priority. Therefore packet matches
    with ovs flows log will be sent to CONTROLLER and never forward.
    So this patch append action=NORMAL into ovs flows log to forward
    the packet and send it to CONTROLLER for logging.
    
    Closes-Bug: #1787106
    Change-Id: I6e95e2e646ec8a5507c7f140ab2c4a56be8404c3


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1787106

Title:
  Not able to ping between VMs when creating logging with --resource-
  type security_group

Status in neutron:
  Fix Released

Bug description:
  Environment setup:
  VM1 <=> (Subnet1) Router1 (Subnet2) <=> VM2
  1. Create Subnet1, Subnet2
  2. Attach Subnet1 and Subnet2 to Router1
  3. Create log_resource with event=ALL
  openstack network log create --resource-type security_group --enable --event ALL Log_all_defined_resource
  4. Create VM1 under Subnet1, create VM2 under Subnet2 (default security group)
  5. Add ALLOW ICMP rule to default security group
  6. Login to VM1, ping to VM2

  Expected result: be able to ping to VM
  Actual result: not able to ping to VM2

  Please note that:
  We can ping from Router1 to VM1 and VM2.
  But when "logging to VM1", we cannot ping to VM2 and Router1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1787106/+subscriptions

References

[Bug 1787106] [NEW] Not able to ping between VMs when creating logging with --resource-type security_group
From: Vu Cong Tuan, 2018-08-15