Juniper Openstack

3.0.3-69:DM doesn't change policy-options after Neutron router is deleted

Bug #1636727 reported by Sandeep Sridhar on 2016-10-26

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.0	Invalid	High	Sandeep Sridhar
R3.1	Invalid	High	Sandeep Sridhar
R3.2	Invalid	Medium	Sandeep Sridhar
Trunk	Invalid	High	Sandeep Sridhar	Juniper Openstack r4.0.0.0-fcs "r4.0.0.0"

Bug Description

Contrail - 3.0.3-69
MX - 14.2

I created two virtual networks and extended it to the physical router. DM pushed the following to the prouter:

+ policy-options {
+ policy-statement _contrail_l2_10_for_evpn-export {
+ term t1 {
+ then {
+ community add target_64512_8000007;
+ accept;
+ }
+ }
+ }
+ policy-statement _contrail_l2_10_for_evpn-import {
+ term t1 {
+ from community target_64512_8000007;
+ then accept;
+ }
+ then reject;
+ }
+ policy-statement _contrail_l3_10_for_evpn-export {
+ term t1 {
+ then {
+ community add target_64512_8000007;
+ accept;
+ }
+ }
+ }
+ policy-statement _contrail_l3_10_for_evpn-import {
+ term t1 {
+ from community target_64512_8000007;
+ then accept;
+ }
+ then reject;
+ }
+ policy-statement _contrail_l2_11_for_vm-export {
+ term t1 {
+ then {
+ community add target_64512_8000008;
+ accept;
+ }
+ }
+ }
+ policy-statement _contrail_l2_11_for_vm-import {
+ term t1 {
+ from community target_64512_8000008;
+ then accept;
+ }
+ then reject;
+ }
+ policy-statement _contrail_l3_11_for_vm-export {
+ term t1 {
+ then {
+ community add target_64512_8000008;
+ accept;
+ }
+ }
+ }
+ policy-statement _contrail_l3_11_for_vm-import {
+ term t1 {
+ from community target_64512_8000008;
+ then accept;
+ }
+ then reject;
+ }
+ community target_64512_8000007 members target:64512:8000007;
+ community target_64512_8000008 members target:64512:8000008;
+ }
+ routing-instances {
+ _contrail_l2_10_for_evpn {
+ vtep-source-interface lo0.0;
+ instance-type virtual-switch;
+ vrf-import _contrail_l2_10_for_evpn-import;
+ vrf-export _contrail_l2_10_for_evpn-export;
+ protocols {
+ evpn {
+ encapsulation vxlan;
+ extended-vni-list all;
+ }
+ }
+ bridge-domains {
+ bd-10 {
+ vlan-id none;
+ routing-interface irb.10;
+ vxlan {
+ vni 10;
+ }
+ }
+ }
+ }
+ _contrail_l3_10_for_evpn {
+ instance-type vrf;
+ interface irb.10;
+ vrf-import _contrail_l3_10_for_evpn-import;
+ vrf-export _contrail_l3_10_for_evpn-export;
+ vrf-table-label;
+ routing-options {
+ static {
+ route 192.168.1.0/24 discard;
+ }
+ auto-export {
+ family inet {
+ unicast;
+ }
+ }
+ }
+ }
+ _contrail_l2_11_for_vm {
+ vtep-source-interface lo0.0;
+ instance-type virtual-switch;
+ vrf-import _contrail_l2_11_for_vm-import;
+ vrf-export _contrail_l2_11_for_vm-export;
+ protocols {
+ evpn {
+ encapsulation vxlan;
+ extended-vni-list all;
+ }
+ }
+ bridge-domains {
+ bd-11 {
+ vlan-id none;
+ routing-interface irb.11;
+ vxlan {
+ vni 11;
+ }
+ }
+ }
+ }
+ _contrail_l3_11_for_vm {
+ instance-type vrf;
+ interface irb.11;
+ vrf-import _contrail_l3_11_for_vm-import;
+ vrf-export _contrail_l3_11_for_vm-export;
+ vrf-table-label;
+ routing-options {
+ static {
+ route 10.0.0.0/24 discard;
+ }
+ auto-export {
+ family inet {
+ unicast;
+ }
+ }
+ }
+ }
+ }
+ }

Post this, a neutron router was created and the networks created before were tagged to it. DM changed the config as below: (target:64512:8000009 got added )
+ policy-options {
+ policy-statement _contrail_l2_10_for_evpn-export {
+ term t1 {
+ then {
+ community add target_64512_8000007;
+ community add target_64512_8000009;
+ accept;
+ }
+ }
+ }
+ policy-statement _contrail_l2_10_for_evpn-import {
+ term t1 {
+ from community [ target_64512_8000007 target_64512_8000009 ];
+ then accept;
+ }
+ then reject;
+ }
+ policy-statement _contrail_l3_10_for_evpn-export {
+ term t1 {
+ then {
+ community add target_64512_8000007;
+ community add target_64512_8000009;
+ accept;
+ }
+ }
+ }
+ policy-statement _contrail_l3_10_for_evpn-import {
+ term t1 {
+ from community [ target_64512_8000007 target_64512_8000009 ];
+ then accept;
+ }
+ then reject;
+ }
+ policy-statement _contrail_l2_11_for_vm-export {
+ term t1 {
+ then {
+ community add target_64512_8000009;
+ community add target_64512_8000008;
+ accept;
+ }
+ }
+ }
+ policy-statement _contrail_l2_11_for_vm-import {
+ term t1 {
+ from community [ target_64512_8000009 target_64512_8000008 ];
+ then accept;
+ }
+ then reject;
+ }
+ policy-statement _contrail_l3_11_for_vm-export {
+ term t1 {
+ then {
+ community add target_64512_8000009;
+ community add target_64512_8000008;
+ accept;
+ }
+ }
+ }
+ policy-statement _contrail_l3_11_for_vm-import {
+ term t1 {
+ from community [ target_64512_8000009 target_64512_8000008 ];
+ then accept;
+ }
+ then reject;
+ }
+ community target_64512_8000007 members target:64512:8000007;
+ community target_64512_8000009 members target:64512:8000009;
+ community target_64512_8000008 members target:64512:8000008;
+ }
+ routing-instances {
+ _contrail_l2_10_for_evpn {
+ vtep-source-interface lo0.0;
+ instance-type virtual-switch;
+ vrf-import _contrail_l2_10_for_evpn-import;
+ vrf-export _contrail_l2_10_for_evpn-export;
+ protocols {
+ evpn {
+ encapsulation vxlan;
+ extended-vni-list all;
+ }
+ }
+ bridge-domains {
+ bd-10 {
+ vlan-id none;
+ routing-interface irb.10;
+ vxlan {
+ vni 10;
+ }
+ }
+ }
+ }
+ _contrail_l3_10_for_evpn {
+ instance-type vrf;
+ interface irb.10;
+ vrf-import _contrail_l3_10_for_evpn-import;
+ vrf-export _contrail_l3_10_for_evpn-export;
+ vrf-table-label;
+ routing-options {
+ static {
+ route 192.168.1.0/24 discard;
+ }
+ auto-export {
+ family inet {
+ unicast;
+ }
+ }
+ }
+ }
+ _contrail_l2_11_for_vm {
+ vtep-source-interface lo0.0;
+ instance-type virtual-switch;
+ vrf-import _contrail_l2_11_for_vm-import;
+ vrf-export _contrail_l2_11_for_vm-export;
+ protocols {
+ evpn {
+ encapsulation vxlan;
+ extended-vni-list all;
+ }
+ }
+ bridge-domains {
+ bd-11 {
+ vlan-id none;
+ routing-interface irb.11;
+ vxlan {
+ vni 11;
+ }
+ }
+ }
+ }
+ _contrail_l3_11_for_vm {
+ instance-type vrf;
+ interface irb.11;
+ vrf-import _contrail_l3_11_for_vm-import;
+ vrf-export _contrail_l3_11_for_vm-export;
+ vrf-table-label;
+ routing-options {
+ static {
+ route 10.0.0.0/24 discard;
+ }
+ auto-export {
+ family inet {
+ unicast;
+ }
+ }
+ }
+ }
+ }
+ }

The problem here is, post deleting the neutron router, the above config doesn't go away from Junos. This has to be fixed.

The same works fine if i just add an additional RT on the VN that is extended and delete it from Contrail.

Tags:

amit surana (asurana-t) on 2016-10-26

tags:

added: device-manager

Sachin Bansal (sbansal) on 2016-10-26

Changed in juniperopenstack:
assignee:	nobody → Suresh Balineni (sbalineni)

Sandeep Sridhar (ssandeep) on 2016-11-01

information type:

Proprietary → Public

Revision history for this message

Suresh Balineni (sbalineni) wrote on 2016-12-08:

Not re-producible in 3.1:

1) VN extended to PR, following config pushed to MX:

root@custmx# show groups __contrail__ policy-options
policy-statement _contrail_l2_6_test-dm1-export {
    term t1 {
        then {
            community add target_64512_8000003;
            accept;
        }
    }
}
policy-statement _contrail_l2_6_test-dm1-import {
    term t1 {
        from community target_64512_8000003;
        then accept;
    }
    then reject;
}
policy-statement _contrail_l3_6_test-dm1-export {
    term t1 {
        then {
            community add target_64512_8000003;
            accept;
        }
    }
}
policy-statement _contrail_l3_6_test-dm1-import {
    term t1 {
        from community target_64512_8000003;
        then accept;
    }
    then reject;
}
...

2) This is what the config generated when Router is associated to VN (still VNs are extended to PR) :
>> RT for LR is community add target_64512_8000005;

root@custmx# show groups __contrail__ policy-options
policy-statement _contrail_l2_6_test-dm1-export {
    term t1 {
        then {
            community add target_64512_8000005;
            community add target_64512_8000003;
            accept;
        }
    }
}
policy-statement _contrail_l2_6_test-dm1-import {
    term t1 {
        from community [ target_64512_8000005 target_64512_8000003 ];
        then accept;
    }
    then reject;
}
policy-statement _contrail_l3_6_test-dm1-export {
    term t1 {
        then {
            community add target_64512_8000005;
            community add target_64512_8000003;
            accept;
        }
    }
}
policy-statement _contrail_l3_6_test-dm1-import {
    term t1 {
        from community [ target_64512_8000005 target_64512_8000003 ];
        then accept;
    }
    then reject;
}
..

3) Now Logged on to Horizon, deleted Router.

Config pushed to mx :

Not re-producible in 3.1:

1) VN extended to PR, following config pushed to MX:

2) This is what the config generated when Router is associated to VN (still VNs are extended to PR) :
>> RT for LR is community add target_64512_8000005;

3) Now Logged on to Horizon, deleted Router.

Config pushed to mx :

Revision history for this message

Ashish Ranjan (aranjan-n) wrote on 2017-04-26:

Marking this bug invalid based on Suresh's comment.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.