neutron

ovs_lib: apply order for deferred flows problematic for ovs-firewall-driver

Bug #1312023 reported by Vishal Thapar on 2014-04-24

26

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Unassigned

Bug Description

ovs_lib.py provides defer_apply_on/off methods to bulk apply flow changes on a bridge. Currently the order in which flows get applied is add, mod, del. This causes problems for ovs-firewall-driver. update_port_filter() deletes all existing flows on a port and then adds new flows. But because of fixed order of deferred flows the addition of new flows is done first and then cleanup deleting all flows. This results in a scenario where update_port_filter ends up wiping out all flows.

This is a big issue for ovs-firewall-driver. There should be a means to tweak the order in which flows will be applied when turning deferred_apply_on.

Tags:

Vishal Thapar (vthapar) on 2014-04-24

tags:	removed: ovs-firewall-driver ovslib
tags:	added: ml2
tags:	added: ovs ovs-firewall-driver

Revision history for this message

Cedric Brandily (cbrandily) wrote on 2014-06-05:

#1

A rework[1] on defer_apply_on/off is in progress, perhaps it could solve your trouble ?

[1] https://review.openstack.org/77578

Revision history for this message

Vishal Thapar (vthapar) wrote on 2014-06-05:

#2

cbrandily: Oh yes, looks like it would. How can I get in touch with you to understand the changes and how to use deferred flows? It looks like you're not 'fixing' deferred_apply_on/off() and I'd like to understand the implementation better.

Revision history for this message

Cedric Brandily (cbrandily) wrote on 2014-06-05:

#3

We replace it with a deferred OVSBridge which ensures that during apply you only apply your flows (it is not the case if defer_apply_on/off).

Cedric
zzelle@IRC

Eugene Nikanorov (enikanorov) on 2014-07-07

tags:	added: sg-fw removed: ovs-firewall-driver
Changed in neutron:
importance:	Undecided → Medium

Revision history for this message

Cedric Brandily (cbrandily) wrote on 2014-08-26:

#4

https://review.openstack.org/77578 has been merged, i hope it could help

Revision history for this message

Sudhakar Gariganti (sudhakar-gariganti) wrote on 2014-10-09:

#5

As cbrandily also confirmed, this is no longer a defect considering the new defer_apply approach.
Close the bug?

Vishal Thapar (vthapar) on 2014-10-13

Changed in neutron:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.