with fat flow enabled on port 22, unable to ssh to metadata ip of the VM
Bug #1521858 reported by
Vedamurthy Joshi
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Juniper Openstack |
Won't Fix
|
High
|
Praveen | ||
| R2.20 |
Won't Fix
|
High
|
Praveen | ||
Bug Description
R2.20 111 Ubuntu 14.04 Juno multi-node
Fat flow is enabled on a port on tcp port 22
vrouter changes to fix bug 1521574 was included
Then, ssh to metadata IP of the VM starts to fail
Praveen is aware of this
Revision history for this message
| Praveen (praveen-karadakal) wrote | #1 |
| Changed in juniperopenstack: | |
| status: | New → Won't Fix |
To post a comment you must log in.
When fat flow is configured for port 22,
1. When packet is received on vhost, forward and reverse flows are created as 5-tuple flows
2. Packet is sent to the VM
3. VM responds with SYN-ACK
- VRouter treats packet from VRouter as new flow (4-tuple flow)
- Agent does not allow flows to be initialised from VM to fabric (as security check)
- Flow from VM to fabric are marked for discard
Considering ssh from vhost to VM is only used in debug scenarios, will not fix this bug.