Bug #1542311 “Build 2710 : Port mirroring not working when svc t...” : Bugs : Juniper Openstack

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-02-05: [Review update] master

#1

Review in progress for https://review.opencontrail.org/16919
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-02-06: A change has been merged

#3

Reviewed: https://review.opencontrail.org/16919
Committed: http://github.org/Juniper/contrail-controller/commit/8025eee0a78bea65717b44710ce41187b7a7c5a9
Submitter: Zuul
Branch: master

commit 8025eee0a78bea65717b44710ce41187b7a7c5a9
Author: Sachin Bansal <email address hidden>
Date: Fri Feb 5 09:59:20 2016 -0800

Use correct variable name

Change-Id: I2689a2a85bbcaf36e278cda3476460c1ca5fa11e
Closes-Bug: 1542311

Revision history for this message

Ankit Jain (ankitja) wrote on 2016-02-10:

#4

With this above fix, problem did not get solved.

When I configured mirroring using policy between two VNs, I see the following ACL rules in the agent if map introspect
type:access-control-list name:default-domain:admin:my_vn1:my_vn1 access-control-list-entries dynamic:false acl-rule match-condition protocol:any src-address subnet ip-prefix-len:0 virtual-network:any src-port start-port:-1 end-port:-1 dst-address subnet ip-prefix-len:0 virtual-network:any dst-port start-port:-1 end-port:-1 action-list simple-action:pass mirror-to analyzer-name:default-domain:admin:svctest2 udp-port:0 log:false alert:false rule-uuid:b7f5ffdb-0423-4d5d-bb46-d82394874d10 id-perms permissions owner:cloud-admin owner-access:7 group:cloud-admin-group group-access:7 other-access:7 uuid uuid-mslong:5973287049156316904 uuid-lslong:10391912417391903427 Uuid : 52e560ec-6267-4ee8-9037-7d48ef9d82c3 enable:true created:2016-02-09T06:01:45 last-modified:2016-02-09T10:57:08 user-visible:true perms2 owner-access:7 global-access:0 display-name:my_vn1 Adjacencies: virtual-network default-domain:admin:my_vn1
type:access-control-list name:default-domain:admin:my_vn2:my_vn2 access-control-list-entries dynamic:false acl-rule match-condition protocol:any src-address subnet ip-prefix-len:0 virtual-network:any src-port start-port:-1 end-port:-1 dst-address subnet ip-prefix-len:0 virtual-network:any dst-port start-port:-1 end-port:-1 action-list simple-action:pass mirror-to analyzer-name:default-domain:admin:svctest2 udp-port:0 log:false alert:false rule-uuid:b7f5ffdb-0423-4d5d-bb46-d82394874d10 id-perms permissions owner:cloud-admin owner-access:7 group:cloud-admin-group group-access:7 other-access:7 uuid uuid-mslong:7208681036659835273 uuid-lslong:10652992244752191557 Uuid : 640a6135-a934-4189-93d7-08012f721045 enable:true created:2016-02-09T06:01:50 last-modified:2016-02-09T10:57:08 user-visible:true perms2 owner-access:7 global-access:0 display-name:my_vn2 Adjacencies: virtual-network default-domain:admin:my_vn2

this shows only “simple-action:pass mirror-to analyzer-name:default-domain:admin:svctest2 udp-port:0
there is no service instance IP, port info etc in these rules

please check if this is due to any schema issue
Setup @ nodeg13

With this above fix, problem did not get solved.

When I configured mirroring using policy between two VNs, I see the following ACL rules in the agent if map introspect
type:access-control-list name:default-domain:admin:my_vn1:my_vn1 access-control-list-entries dynamic:false acl-rule match-condition protocol:any src-address subnet ip-prefix-len:0 virtual-network:any src-port start-port:-1 end-port:-1 dst-address subnet ip-prefix-len:0 virtual-network:any dst-port start-port:-1 end-port:-1 action-list simple-action:pass mirror-to analyzer-name:default-domain:admin:svctest2 udp-port:0 log:false alert:false rule-uuid:b7f5ffdb-0423-4d5d-bb46-d82394874d10 id-perms permissions owner:cloud-admin owner-access:7 group:cloud-admin-group group-access:7 other-access:7 uuid uuid-mslong:5973287049156316904 uuid-lslong:10391912417391903427 Uuid : 52e560ec-6267-4ee8-9037-7d48ef9d82c3 enable:true created:2016-02-09T06:01:45 last-modified:2016-02-09T10:57:08 user-visible:true perms2 owner-access:7 global-access:0 display-name:my_vn1 Adjacencies: virtual-network default-domain:admin:my_vn1
type:access-control-list name:default-domain:admin:my_vn2:my_vn2 access-control-list-entries dynamic:false acl-rule match-condition protocol:any src-address subnet ip-prefix-len:0 virtual-network:any src-port start-port:-1 end-port:-1 dst-address subnet ip-prefix-len:0 virtual-network:any dst-port start-port:-1 end-port:-1 action-list simple-action:pass mirror-to analyzer-name:default-domain:admin:svctest2 udp-port:0 log:false alert:false rule-uuid:b7f5ffdb-0423-4d5d-bb46-d82394874d10 id-perms permissions owner:cloud-admin owner-access:7 group:cloud-admin-group group-access:7 other-access:7 uuid uuid-mslong:7208681036659835273 uuid-lslong:10652992244752191557 Uuid : 640a6135-a934-4189-93d7-08012f721045 enable:true created:2016-02-09T06:01:50 last-modified:2016-02-09T10:57:08 user-visible:true perms2 owner-access:7 global-access:0 display-name:my_vn2 Adjacencies: virtual-network default-domain:admin:my_vn2

this shows only “simple-action:pass mirror-to analyzer-name:default-domain:admin:svctest2 udp-port:0 
there is no service instance IP, port info etc in these rules

please check if this is due to any schema issue
Setup @ nodeg13

Ankit Jain (ankitja) on 2016-02-22

tags:

added: blocker

Revision history for this message

Sachin Bansal (sbansal) wrote on 2016-02-22:

#5

I wasn't able to recreate this on build 2714. Please leave the setup to debug if you are still seeing the issue.

Revision history for this message

Ankit Jain (ankitja) wrote on 2016-02-23:

#6

It's working on the latest build 2715

Nischal Sheth (nsheth) on 2016-02-26

information type:

Proprietary → Public

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.0	Fix Committed	Critical	Sachin Bansal	Juniper Openstack r3.0-fcs
Trunk	Fix Committed	Critical	Sachin Bansal	Juniper Openstack r3.1.0.0-fcs

Juniper Openstack

Build 2710 : Port mirroring not working when svc template v2 is used

Bug Description

Other bug subscribers

Remote bug watches