Juniper Openstack

[R4.1-36]:SLO- Session logging issues when export rate is 0 or -1

Bug #1729794 reported by alok kumar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R4.1
Fix Committed
High
Madhusudan Bhat
Juniper Openstack r4.1.0.0-fcs "r4.1"
Trunk
Fix Committed
High
Madhusudan Bhat
Juniper Openstack r5.0.0

Bug Description

Sessions matching SLO is not getting logged when export rate is set to ZERO or when sampling is disabled.

More details and logged sessions are updated at comment #2.

test steps:
- create 2 VNs(1.1.1.0/24, 2.2.2.0/24) and connect them with policy pol1 with allow all rule.
- launch VMs in the VNs
- create the SLO object with the mentioned policy pol1 rule with rate 100 and attach it to VNs.
- start ping from VM1(1.1.1.3) to VM2(2.2.2.3)
- verify if session is logged locally.(local logging is enabled in agent config file)

when sampling is enabled, I see sessions getting logged locally irrespective of SLO.

See original description
alok kumar (kalok)
Changed in juniperopenstack:
importance: Undecided → High
information type: Proprietary → Public
alok kumar (kalok)
tags: added: blocker
Hari Prasad Killi (haripk)
summary: - [R4.1-36]:SLO- Session is not logged when sampling is disabled
+ [R4.1-36]:SLO- Session is not logged when network policy / SG rule is
+ configured in SLO
Revision history for this message
alok kumar (kalok) wrote : Re: [R4.1-36]:SLO- Session is not logged when network policy / SG rule is configured in SLO

Reverting back the bug title as this is different bug.
will file other bug to track policy/SG rule issue.

summary: - [R4.1-36]:SLO- Session is not logged when network policy / SG rule is
- configured in SLO
+ [R4.1-36]:SLO- Session logging issues when export rate is 0 or -1
Revision history for this message
alok kumar (kalok) wrote :
Download full text (3.5 KiB)

1. when export rate is set to -1(means disabling the sampling):

 1.a. when TCP session is created with matching firewall rule, session is logged locally without logged bytes/pkt but sampled bytes/pkt are set.

2017-11-06 Mon 11:50:51:546.386 IST nodec62 [Thread 139991784957696, Pid 3052]: [SYS_INFO]: SessionEndpointObject: session_data= [ [ [ vmi = default-domain:admin:357663f9-8576-41bc-86cc-dfc9286cf00c vn = default-domain:admin:vn1 application = default-domain:admin:application=1 remote_application = default-domain:admin:application=1 security_policy_rule = default-domain:admin:fp1:83c15c6d-1577-4576-9a11-42d24f73c522 remote_vn = default-domain:admin:vn2 is_client_session = 1 is_si = 0 vrouter_ip = 10.204.217.102 sess_agg_info= [ [ [ ip = 1.1.1.3 port = 22 protocol = 6 ] [ sampled_forward_bytes = 0 sampled_forward_pkts = 0 sampled_reverse_bytes = 0 sampled_reverse_pkts = 0 logged_forward_bytes = 0 logged_forward_pkts = 0 logged_reverse_bytes = 0 logged_reverse_pkts = 0 sessionMap= [ [ [ ip = 2.2.2.3 port = 52797 ] [ forward_flow_info= [ sampled_bytes = 2187 sampled_pkts = 10 flow_uuid = 597e1a7c-cb53-495c-a981-346158aff7a1 tcp_flags = 120 setup_time = 1509949250746302 action = pass sg_rule_uuid = 8b46d53f-d525-4961-a2b1-ba444150e887 nw_ace_uuid = 2b62ccdf-6e3a-496b-a52b-fa2e026e3308 underlay_source_port = 52040 ] reverse_flow_info= [ sampled_bytes = 2181 sampled_pkts = 11 flow_uuid = 03b41b6c-a323-49dd-9adc-ea71004e8143 tcp_flags = 120 setup_time = 1509949250746302 action = pass sg_rule_uuid = 5d04b7e1-b1db-4742-9608-beda2fcbae6b nw_ace_uuid = 2b62ccdf-6e3a-496b-a52b-fa2e026e3308 underlay_source_port = 52832 ] vm = 3993b589-2ac7-4f50-839d-aec8b2c837d5 other_vrouter_ip = 10.204.217.102 underlay_proto = 0 ], ] ] ], ] ] ],

  1.b. when session is deleted, session is logged locally with logged bytes/pkt but sampled bytes/pkt are also set.

2017-11-06 Mon 11:50:51:686.619 IST nodec62 [Thread 139991784957696, Pid 3052]: [SYS_INFO]: SessionEndpointObject: session_data= [ [ [ vmi = default-domain:admin:357663f9-8576-41bc-86cc-dfc9286cf00c vn = default-domain:admin:vn1 application = default-domain:admin:application=1 remote_application = default-domain:admin:application=1 security_policy_rule = default-domain:admin:fp1:83c15c6d-1577-4576-9a11-42d24f73c522 remote_vn = default-domain:admin:vn2 is_client_session = 1 is_si = 0 vrouter_ip = 10.204.217.102 sess_agg_info= [ [ [ ip = 1.1.1.3 port = 22 protocol = 6 ] [ sampled_forward_bytes = 132 sampled_forward_pkts = 2 sampled_reverse_bytes = 66 sampled_reverse_pkts = 1 logged_forward_bytes = 132 logged_forward_pkts = 2 logged_reverse_bytes = 66 logged_reverse_pkts = 1 sessionMap= [ [ [ ip = 2.2.2.3 port = 52797 ] [ forward_flow_info= [ sampled_bytes = 132 sampled_pkts = 2 logged_bytes = 132 logged_pkts = 2 flow_uuid = 597e1a7c-cb53-495c-a981-346158aff7a1 tcp_flags = 0 setup_time = 1509949250746302 teardown_time = 1509949251685365 action = pass sg_rule_uuid = 8b46d53f-d525-4961-a2b1-ba444150e887 nw_ace_uuid = 2b62ccdf-6e3a-496b-a52b-fa2e026e3308 underlay_source_port = 0 ] reverse_flow_info= [ sampled_bytes = 66 sampled_pkts = 1 logged_bytes = 66 logged_pkts = 1 flow_uuid = 03b41b6...

Read more...

alok kumar (kalok)
description: updated
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.1

Review in progress for https://review.opencontrail.org/37490
Submitter: Madhusudan Bhat (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/37490
Committed: http://github.com/Juniper/contrail-controller/commit/87069d9dda9cc74f45003d4ac37da61292c483c0
Submitter: Zuul (<email address hidden>)
Branch: R4.1

commit 87069d9dda9cc74f45003d4ac37da61292c483c0
Author: bmadhu <email address hidden>
Date: Mon Nov 13 13:52:09 2017 +0530

Fix for session logging when sampling is disabled:
Due to session object DB register was not happening,
slo list was not populated, hence during logging it never finds the
matching SLO rule. This fix ensures session object registers with DB
for the SLO config updates, which ensures SLO config and populates slo_list.

Change-Id: I9613b9034d050def580fd9ca71df97577c1d2302
Closes-Bug: 1729794

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/37869
Submitter: Madhusudan Bhat (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/37869
Committed: http://github.com/Juniper/contrail-controller/commit/ee5028dc5b3ac9b3a88a56f3d9112abf36f29114
Submitter: Zuul (<email address hidden>)
Branch: master

commit ee5028dc5b3ac9b3a88a56f3d9112abf36f29114
Author: bmadhu <email address hidden>
Date: Mon Nov 13 13:52:09 2017 +0530

Fix for session logging when sampling is disabled:
Due to session object DB register was not happening,
slo list was not populated, hence during logging it never finds the
matching SLO rule. This fix ensures session object registers with DB
for the SLO config updates, which ensures SLO config and populates slo_list.

Change-Id: I9613b9034d050def580fd9ca71df97577c1d2302
Closes-Bug: 1729794
(cherry picked from commit 87069d9dda9cc74f45003d4ac37da61292c483c0)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.