Juniper Openstack

[R4.1-36]: flow drop reason is UNKNOWN when it's dropped due to security firewalls

Bug #1729818 reported by alok kumar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.2
Fix Committed
Medium
Hari Prasad Killi
Juniper Openstack r3.2.7.0
R4.0
Fix Committed
Medium
Hari Prasad Killi
Juniper Openstack r4.0.3.0
R4.1
Fix Committed
Medium
Hari Prasad Killi
Juniper Openstack r4.1.0.0-fcs "r4.1"
Trunk
Fix Committed
Medium
Hari Prasad Killi
Juniper Openstack r5.0.0

Bug Description

Had a service group rule(in security framework firewall) which allows only tcp traffic across VN1 and VN2.

so ping would be dropped across VNs which works fine but the drop reason is UNKNOWN in the flow as well as logged sessions.

    Index Source:Port/Destination:Port Proto(V)
-----------------------------------------------------------------------------------
   192620<=>286196 2.2.2.4:29469 1 (2)
                         1.1.1.3:0
(Gen: 1, K(nh):19, Action:D(Unknown), Flags:, QOS:-1, S(nh):35, Stats:0/0,
 SPort 59900, TTL 0, Sinfo 0.0.0.0)

   286196<=>192620 1.1.1.3:29469 1 (2)
                         2.2.2.4:0
(Gen: 1, K(nh):19, Action:D(Unknown), Flags:, QOS:-1, S(nh):19, Stats:1/98,
 SPort 52803, TTL 0, Sinfo 4.0.0.0)

2017-11-03 Fri 15:03:41:412.816 IST nodec62 [Thread 140283233392384, Pid 19302]: [SYS_INFO]: SessionEndpointObject: session_data= [ [ [ vmi = default-domain:admin:357663f9-8576-41bc-86cc-dfc9286cf00c vn = default-domain:admin:vn1 application = default-domain:admin:application=1 remote_application = default-domain:admin:application=1 security_policy_rule = 00000000-0000-0000-0000-000000000002 remote_vn = default-domain:admin:vn2 is_client_session = 1 is_si = 0 vrouter_ip = 10.204.217.102 sess_agg_info= [ [ [ ip = 1.1.1.3 port = 0 protocol = 1 ] [ sampled_forward_bytes = 0 sampled_forward_pkts = 0 sampled_reverse_bytes = 0 sampled_reverse_pkts = 0 logged_forward_bytes = 0 logged_forward_pkts = 0 logged_reverse_bytes = 0 logged_reverse_pkts = 0 sessionMap= [ [ [ ip = 2.2.2.4 port = 29469 ] [ forward_flow_info= [ sampled_bytes = 98 sampled_pkts = 1 flow_uuid = 5daf5a14-6417-4937-b550-10b0bb976383 tcp_flags = 0 setup_time = 1509701621315623 action = deny|implicit deny sg_rule_uuid = 8b46d53f-d525-4961-a2b1-ba444150e887 nw_ace_uuid = 2b62ccdf-6e3a-496b-a52b-fa2e026e3308 underlay_source_port = 52803 drop_reason = UNKNOWN ] reverse_flow_info= [ flow_uuid = 2b051e1d-354b-4fd0-aba9-03001283f21b setup_time = 1509701621315623 action = deny|implicit deny sg_rule_uuid = 8b46d53f-d525-4961-a2b1-ba444150e887 nw_ace_uuid = 2b62ccdf-6e3a-496b-a52b-fa2e026e3308 drop_reason = UNKNOWN ] vm = 3993b589-2ac7-4f50-839d-aec8b2c837d5 other_vrouter_ip = 10.204.216.69 underlay_proto = 2 ], ] ] ], ] ] ], ] ]

Tags: vrouter
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/37236
Submitter: Hari Prasad Killi (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.1

Review in progress for https://review.opencontrail.org/37237
Submitter: Hari Prasad Killi (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/37240
Submitter: Hari Prasad Killi (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.1

Review in progress for https://review.opencontrail.org/37241
Submitter: Hari Prasad Killi (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.2

Review in progress for https://review.opencontrail.org/37242
Submitter: Hari Prasad Killi (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/37248
Submitter: Hari Prasad Killi (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/37237
Committed: http://github.com/Juniper/contrail-controller/commit/9faf4c1e6d1edc849ca16b7b7a91dc24a17cec3a
Submitter: Zuul (<email address hidden>)
Branch: R4.1

commit 9faf4c1e6d1edc849ca16b7b7a91dc24a17cec3a
Author: Hari Prasad Killi <email address hidden>
Date: Tue Nov 7 10:20:02 2017 +0530

Update flow drop reason for firewall policy

Change-Id: I52e8daec0ad1a6924b0fe070d5ad81d1ce7ddefc
closes-bug: #1729818

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/37236
Committed: http://github.com/Juniper/contrail-controller/commit/e082d1a822ce8de3815a22e35934b3ba119a398f
Submitter: Zuul (<email address hidden>)
Branch: master

commit e082d1a822ce8de3815a22e35934b3ba119a398f
Author: Hari Prasad Killi <email address hidden>
Date: Tue Nov 7 10:20:02 2017 +0530

Update flow drop reason for firewall policy

Change-Id: I52e8daec0ad1a6924b0fe070d5ad81d1ce7ddefc
closes-bug: #1729818

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/37241
Committed: http://github.com/Juniper/contrail-vrouter/commit/ecd1b019cb01ffade2bb7d808a6ae3632b474b09
Submitter: Zuul (<email address hidden>)
Branch: R4.1

commit ecd1b019cb01ffade2bb7d808a6ae3632b474b09
Author: Hari Prasad Killi <email address hidden>
Date: Tue Nov 7 11:39:33 2017 +0530

Update the flow drop reason list in flow utility

Change-Id: I2135446723dddf526babf1f033dd1492e22e9cf3
closes-bug: #1729818

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/37240
Committed: http://github.com/Juniper/contrail-vrouter/commit/081a617d7286dfb077c102bc34bb7ea26c542d10
Submitter: Zuul (<email address hidden>)
Branch: master

commit 081a617d7286dfb077c102bc34bb7ea26c542d10
Author: Hari Prasad Killi <email address hidden>
Date: Tue Nov 7 11:39:33 2017 +0530

Update the flow drop reason list in flow utility

Change-Id: I2135446723dddf526babf1f033dd1492e22e9cf3
closes-bug: #1729818

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/37242
Committed: http://github.com/Juniper/contrail-vrouter/commit/0153064a4da7b5f09c70b656f9504f2a5de33b7f
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit 0153064a4da7b5f09c70b656f9504f2a5de33b7f
Author: Hari Prasad Killi <email address hidden>
Date: Tue Nov 7 11:55:30 2017 +0530

Update the flow drop reason list in flow utility

Change-Id: I2135446723dddf526babf1f033dd1492e22e9cf3
closes-bug: #1729818

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/37248
Committed: http://github.com/Juniper/contrail-vrouter/commit/3908ffd071058d0aac6428b298544e69f29ce85c
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 3908ffd071058d0aac6428b298544e69f29ce85c
Author: Hari Prasad Killi <email address hidden>
Date: Tue Nov 7 11:55:30 2017 +0530

Update the flow drop reason list in flow utility

Change-Id: I2135446723dddf526babf1f033dd1492e22e9cf3
closes-bug: #1729818

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.