Flows should be created unless 'disable policy' flag is explicitly checked
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R3.0 |
Fix Committed
|
Medium
|
jayaramsatya | |||
R3.1 |
Fix Committed
|
Medium
|
jayaramsatya | |||
R3.2 |
Fix Committed
|
Medium
|
jayaramsatya | |||
R3.2.3.x |
Fix Committed
|
Medium
|
jayaramsatya | |||
R4.0 |
Fix Committed
|
Medium
|
jayaramsatya | |||
Trunk |
Fix Committed
|
Medium
|
jayaramsatya |
Bug Description
If a VMI is created without SG/network-policy refs, then policy is implicitly disabled on that VMI. It is then seen that for sessions originated from that VMI, no flows are created in vRouter. This will break several use cases that rely on the creation/presence of a flow.
Also, if the 'policy disable' flag is explicitly checked on the VMI, then services like BGPaaS/link local service etc that require flows to function, will break.
The expectation is that only if the 'policy disable' flag is checked on the VMI should flow creation be disabled. Furthermore, if proxy services are enabled on the VMI (like BGPaaS, Link Local Service, etc which require flow creation to function), then even if 'policy disable' flag is checked, flows must be created.
Review in progress for https:/ /review. opencontrail. org/25593
Submitter: jayaramsatya (<email address hidden>)