Juniper Openstack

[R4.1-84]-SLO: Issues in security logging for inter and intra node traffic

Bug #1742875 reported by alok kumar on 2018-01-12

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R4.1	Invalid	High	Madhusudan Bhat	Juniper Openstack r4.1.1.0
Trunk	Invalid	High	Madhusudan Bhat	Juniper Openstack r5.0.0

Bug Description

1. For intra-node traffic, both client session and server sessions does not have logged bytes/pkts in the logged session.

2018-01-12 Fri 12:12:29:596.542 IST nodec12 [Thread 140131204904704, Pid 24238]: [SYS_INFO]: SessionEndpointObject: session_data= [ [ [ vmi = default-domain:ctest-SecurityLogging-70593636:a99b0837-942d-4c91-872d-aa4598736749 vn = default-domain:ctest-SecurityLogging-70593636:ctest-vn-71975813 security_policy_rule = 00000000-0000-0000-0000-000000000001 remote_vn = default-domain:ctest-SecurityLogging-70593636:ctest-vn-40387821 is_client_session = 1 is_si = 0 vrouter_ip = 10.204.216.69 sess_agg_info= [ [ [ local_ip = 155.237.7.3 service_port = 0 protocol = 1 ] [ logged_forward_bytes = 0 logged_forward_pkts = 0 logged_reverse_bytes = 0 logged_reverse_pkts = 0 sessionMap= [ [ [ ip = 125.176.174.3 port = 8459 ] [ forward_flow_info= [ flow_uuid = 6904adbd-8951-4981-b943-9d91f853ddf2 setup_time = 1515739277734926 action = pass sg_rule_uuid = 0f351920-24c3-4343-b32a-67cccac6b325 nw_ace_uuid = 4e74bd94-4b5a-4177-8d72-8395d0cd0e39 ] reverse_flow_info= [ flow_uuid = c4be258d-e238-4704-b28d-4f2afb920243 setup_time = 1515739277734926 action = pass sg_rule_uuid = f775f3e4-13a1-4ee1-8bb8-469e594f761c nw_ace_uuid = 4e74bd94-4b5a-4177-8d72-8395d0cd0e39 ] vm = be78008c-163c-4491-be05-dcc42c44c4f6 other_vrouter_ip = 10.204.216.69 underlay_proto = 0 ], ] ] ], ] ] ], ] ]
2018-01-12 Fri 12:13:05:600.461 IST nodec12 [Thread 140131230095104, Pid 24238]: [SYS_INFO]: SessionEndpointObject: session_data= [ [ [ vmi = default-domain:ctest-SecurityLogging-70593636:5d2dcb20-eca8-4ba2-a39a-d02189d7d4bd vn = default-domain:ctest-SecurityLogging-70593636:ctest-vn-40387821 security_policy_rule = 00000000-0000-0000-0000-000000000001 remote_vn = default-domain:ctest-SecurityLogging-70593636:ctest-vn-71975813 is_client_session = 0 is_si = 0 vrouter_ip = 10.204.216.69 sess_agg_info= [ [ [ local_ip = 125.176.174.3 service_port = 8459 protocol = 1 ] [ logged_forward_bytes = 0 logged_forward_pkts = 0 logged_reverse_bytes = 0 logged_reverse_pkts = 0 sessionMap= [ [ [ ip = 155.237.7.3 port = 0 ] [ forward_flow_info= [ flow_uuid = c4be258d-e238-4704-b28d-4f2afb920243 setup_time = 1515739277734588 action = pass sg_rule_uuid = f775f3e4-13a1-4ee1-8bb8-469e594f761c nw_ace_uuid = 4e74bd94-4b5a-4177-8d72-8395d0cd0e39 ] reverse_flow_info= [ flow_uuid = 6904adbd-8951-4981-b943-9d91f853ddf2 setup_time = 1515739277734588 action = pass sg_rule_uuid = 0f351920-24c3-4343-b32a-67cccac6b325 nw_ace_uuid = 4e74bd94-4b5a-4177-8d72-8395d0cd0e39 ] vm = 520dd3e8-673f-4dc3-a864-e30c801c5289 other_vrouter_ip = 10.204.216.69 underlay_proto = 0 ], ] ] ], ] ] ], ] ]

2. For inter-node traffic, sometime client session is logged correctly with all logged bytes/pkts else mostly both client/server session does not have logged bytes/pkts info.

session logged with correct logged bytes/pkts:
2018-01-12 Fri 11:39:43:397.706 IST nodec12 [Thread 140131225896704, Pid 24238]: [SYS_INFO]: SessionEndpointObject: session_data= [ [ [ vmi = default-domain:ctest-SecurityLogging-70593636:a99b0837-942d-4c91-872d-aa4598736749 vn = default-domain:ctest-SecurityLogging-70593636:ctest-vn-71975813 security_policy_rule = 00000000-0000-0000-0000-000000000001 remote_vn = default-domain:ctest-SecurityLogging-70593636:ctest-vn-40387821 is_client_session = 1 is_si = 0 vrouter_ip = 10.204.216.69 sess_agg_info= [ [ [ local_ip = 155.237.7.3 service_port = 0 protocol = 1 ] [ logged_forward_bytes = 98 logged_forward_pkts = 1 logged_reverse_bytes = 84 logged_reverse_pkts = 1 sessionMap= [ [ [ ip = 125.176.174.4 port = 4274 ] [ forward_flow_info= [ logged_bytes = 98 logged_pkts = 1 flow_uuid = 34dc5bb7-bf7b-4a93-ac73-5745de35582a tcp_flags = 0 setup_time = 1515737382662454 action = pass sg_rule_uuid = 0f351920-24c3-4343-b32a-67cccac6b325 nw_ace_uuid = 4e74bd94-4b5a-4177-8d72-8395d0cd0e39 underlay_source_port = 61858 ] reverse_flow_info= [ logged_bytes = 84 logged_pkts = 1 flow_uuid = 82479935-62db-40f4-b080-4352b27decbb tcp_flags = 0 setup_time = 1515737382662454 action = pass sg_rule_uuid = 0f351920-24c3-4343-b32a-67cccac6b325 nw_ace_uuid = 4e74bd94-4b5a-4177-8d72-8395d0cd0e39 underlay_source_port = 60244 ] vm = be78008c-163c-4491-be05-dcc42c44c4f6 other_vrouter_ip = 10.204.217.102 underlay_proto = 2 ], ] ] ], ] ] ], ] ]

Tags:

alok kumar (kalok) on 2018-01-12

tags:

added: blocker

Revision history for this message

alok kumar (kalok) wrote on 2018-01-16:

with SLO rate 1 this seems to be working fine.
closing the bug for now.

tags:

removed: blocker

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.