[5.0 Vro ]Firewall Policy rules not getting into effect
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R5.0 |
Fix Released
|
Critical
|
Magda Zaremba | |||
Trunk |
Fix Committed
|
Critical
|
Magda Zaremba |
Bug Description
created two firewall policy rules
1) deny icmp:any:any EP1:global:
2) deny icmp:any:any EP1:global:tier=web <> EP2:global:
3)Added these rules to Firewall policy p1
4)attached policy to APS aps1 with application tag Finance to it
ping between vms from web to logic and from logic to db is passing instead of failing
Found that rule sequence numbers were missing when we attach rules to policy
And also when we attach policies to application policy set
Created same scenario from webui and it is working as expected and ping is failing
This is the following diff when we attach rules to policy and policy to aps
Application policy set firewall policy refs
Created from vro
firewall_
{
to: [
"default-
"pol1"
],
href: "http://
attr: null,-àpolicy sequence number missing
uuid: "13d6a6a7-
}
Created from webui
firewall_
{
to: [
"default-
"pol1"
],
href: "http://
attr: {
sequence: "0"
},
uuid: "13d6a6a7-
},
{
to: [
"default-
"p2"
],
href: "http://
attr: {
sequence: "1"
},
uuid: "21ef26cb-
}
],
Firewall policy with firewall rule refs
Created from vro
firewall_rule_refs: [
{
to: [
"default-
"1de0d5fc-
],
href: "http://
attr: null, -àrule sequence number missing
uuid: "d83699a8-
}
],
Created from webui
firewall_rule_refs: [
{
to: [
"default-
"5cabca73-
],
href: "http://
attr: {
sequence: "0"
},
uuid: "82286e96-
},
{
to: [
"default-
"1de0d5fc-
],
href: "http://
attr: {
sequence: "1"
},
uuid: "d83699a8-
}
],
tags: | added: vmware |
Review in progress for https:/ /review. opencontrail. org/44667
Submitter: Magda (<email address hidden>)