← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #84104

[Bug 1881070] Re: the accepted-egress-direct-flows can't be deleted when the VM is deleted

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/738551
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=959d8b6d73e2a6ab1a45c9a7b0b05ae163e650fc
Submitter: Zuul
Branch:    master

commit 959d8b6d73e2a6ab1a45c9a7b0b05ae163e650fc
Author: LIU Yulong <i@xxxxxxxxxxxx>
Date:   Fri Jul 10 17:25:15 2020 +0800

    Local mac direct flow for non-openflow firewall
    
    When there is no openflow firewall, aka the ovs agent security group
    is disabled or Noop/HybridIptable, this patch will introduce a different
    ingress pipeline for bridge ports which will avoid ingress flood:
    (1) table=0,  in_port=patch_bridge,dl_vlan=physical_vlan action=mod_vlan:local_vlan,goto:60 (original)
    (2) table=60, in_port=patch_bridge                       action=goto:61                     (new)
    (3) table=61, dl_dst=local_port_mac,dl_vlan=local_vlan,  action=strip_vlan,output:<ofport>  (changes)
    
    And changes the local ports pipeline:
    (1) table=0,  in_port=local_ofport                       action=goto:25                  (original)
    (2) table=25, in_port=local_ofport,dl_src=local_port_mac action=goto:60                  (original)
    (3) table=60, in_port=local_ofport,dl_src=local_port_mac action=local_vlan->reg6,goto:61 (changes)
    (4) table=61, dl_dst=local_port_mac,reg6=local_vlan,     action=output:<ofport>          (changes)
    
    Closes-Bug: #1884708
    Closes-Bug: #1881070
    Related-Bug: #1732067
    Related-Bug: #1866445
    Related-Bug: #1883321
    
    Change-Id: Iecf9cffaf02616342f1727ad7db85545d8adbec2


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1881070

Title:
  the accepted-egress-direct-flows can't be deleted when the VM is
  deleted

Status in neutron:
  Fix Released

Bug description:
  When vm is deleted or migrate to other compute node, the function
  'delete_accepted_egress_direct_flow' was not executed. This will
  resule in stale flows in table 61.

  reproduction steps:
   1. Create a VM, which mac is fa:16:3e:2a:4c:9f
   2. Show the flows in br-int:
      cookie=0xf19902187e0bc0bf, duration=76.736s, table=1, n_packets=0, n_bytes=0, priority=20,dl_vlan=9,dl_dst=fa:16:3e:2a:4c:9f actions=mod_dl_src:fa:16:3e:e4:8a:e4,resubmit(,60)
      cookie=0xf19902187e0bc0bf, duration=74.976s, table=25, n_packets=126, n_bytes=11031, priority=2,in_port="qvode3db9ac-24",dl_src=fa:16:3e:2a:4c:9f actions=resubmit(,60)
      cookie=0xf19902187e0bc0bf, duration=76.732s, table=60, n_packets=28, n_bytes=3314, priority=20,dl_vlan=9,dl_dst=fa:16:3e:2a:4c:9f actions=strip_vlan,output:"qvode3db9ac-24"
      cookie=0xf19902187e0bc0bf, duration=76.299s, table=60, n_packets=126, n_bytes=11031, priority=9,in_port="qvode3db9ac-24",dl_src=fa:16:3e:2a:4c:9f actions=resubmit(,61)
      cookie=0xf19902187e0bc0bf, duration=76.299s, table=61, n_packets=62, n_bytes=6401, priority=12,dl_dst=fa:16:3e:2a:4c:9f actions=output:"qvode3db9ac-24"
      cookie=0xf19902187e0bc0bf, duration=76.299s, table=61, n_packets=24, n_bytes=1782, priority=10,in_port="qvode3db9ac-24",dl_src=fa:16:3e:2a:4c:9f,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=mod_vlan_vid:9,output:"patch-tun"
   3. Delete the VM
   4. Show the flows in br-int again:
      cookie=0xf19902187e0bc0bf, duration=134.991s, table=61, n_packets=62, n_bytes=6401, priority=12,dl_dst=fa:16:3e:2a:4c:9f actions=output:58

  As shown above, the flow remains after deleting the virtual machine.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1881070/+subscriptions

References

  Thread PreviousDate PreviousThread Next