Comment 7 for bug 1554177

Here is unexpected behavior, i can't ping 10.0.213.3(public) from 10.0.210.2(admin)

(venv-fuel-devops-main-9.0-2.9.19)root@dl380-108:~# source /home/jenkins/venv-fuel-devops-main-9.0-2.9.19/bin/activate; dos.py net-list iso_800_multirack_0
NETWORK NAME IP NET
-------------- -------------
admin 10.0.210.0/24
management 10.0.211.0/24
storage 10.0.212.0/24
public 10.0.213.0/24
private 10.0.214.0/24
private2 10.0.215.0/24
management2 10.0.216.0/24
admin2 10.0.217.0/24
public2 10.0.218.0/24
private3 10.0.219.0/24
admin3 10.0.220.0/24
management3 10.0.221.0/24
public3 10.0.222.0/24

-A FORWARD -d 10.0.214.0/24 -o fuelbr4551 -j ACCEPT
-A FORWARD -s 10.0.214.0/24 -i fuelbr4551 -j ACCEPT
-A FORWARD -i fuelbr4551 -o fuelbr4551 -j ACCEPT
-A FORWARD -o fuelbr4551 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr4551 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 10.0.213.0/24 -o fuelbr4550 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.213.0/24 -i fuelbr4550 -j ACCEPT
-A FORWARD -i fuelbr4550 -o fuelbr4550 -j ACCEPT
-A FORWARD -o fuelbr4550 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr4550 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 10.0.212.0/24 -o fuelbr4549 -j ACCEPT
-A FORWARD -s 10.0.212.0/24 -i fuelbr4549 -j ACCEPT
-A FORWARD -i fuelbr4549 -o fuelbr4549 -j ACCEPT
-A FORWARD -o fuelbr4549 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr4549 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 10.0.211.0/24 -o fuelbr4548 -j ACCEPT
-A FORWARD -s 10.0.211.0/24 -i fuelbr4548 -j ACCEPT
-A FORWARD -i fuelbr4548 -o fuelbr4548 -j ACCEPT
-A FORWARD -o fuelbr4548 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr4548 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 10.0.210.0/24 -o fuelbr4547 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.210.0/24 -i fuelbr4547 -j ACCEPT
-A FORWARD -i fuelbr4547 -o fuelbr4547 -j ACCEPT
-A FORWARD -o fuelbr4547 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr4547 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o fuelbr4551 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o fuelbr4550 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o fuelbr4549 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o fuelbr4548 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o fuelbr4547 -p udp -m udp --dport 68 -j ACCEPT

------------------------------
Expected behavior, i can ping 10.0.146.3(public) from 10.0.143.2(admin)

(venv-fuel-devops-main-9.0-2.9.19)root@dl380-107:~# source /home/jenkins/venv-fuel-devops-main-9.0-2.9.19/bin/activate; dos.py net-list deploy_aic_contrail_large_ha_env_ssl_single.248.2016-04-29_07-51-19
NETWORK NAME IP NET
-------------- -------------
public3 10.0.155.0/24
management3 10.0.154.0/24
admin3 10.0.153.0/24
private3 10.0.152.0/24
public2 10.0.151.0/24
admin2 10.0.150.0/24
management2 10.0.149.0/24
private2 10.0.148.0/24
private 10.0.147.0/24
public 10.0.146.0/24
storage 10.0.145.0/24
management 10.0.144.0/24
admin 10.0.143.0/24

-A FORWARD -d 10.0.143.0/24 -o fuelbr5399 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.143.0/24 -i fuelbr5399 -j ACCEPT
-A FORWARD -i fuelbr5399 -o fuelbr5399 -j ACCEPT
-A FORWARD -o fuelbr5399 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr5399 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 10.0.144.0/24 -o fuelbr5400 -j ACCEPT
-A FORWARD -s 10.0.144.0/24 -i fuelbr5400 -j ACCEPT
-A FORWARD -i fuelbr5400 -o fuelbr5400 -j ACCEPT
-A FORWARD -o fuelbr5400 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr5400 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 10.0.145.0/24 -o fuelbr5401 -j ACCEPT
-A FORWARD -s 10.0.145.0/24 -i fuelbr5401 -j ACCEPT
-A FORWARD -i fuelbr5401 -o fuelbr5401 -j ACCEPT
-A FORWARD -o fuelbr5401 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr5401 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 10.0.146.0/24 -o fuelbr5402 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.146.0/24 -i fuelbr5402 -j ACCEPT
-A FORWARD -i fuelbr5402 -o fuelbr5402 -j ACCEPT
-A FORWARD -o fuelbr5402 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr5402 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 10.0.147.0/24 -o fuelbr5403 -j ACCEPT
-A FORWARD -s 10.0.147.0/24 -i fuelbr5403 -j ACCEPT
-A FORWARD -i fuelbr5403 -o fuelbr5403 -j ACCEPT
-A FORWARD -o fuelbr5403 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i fuelbr5403 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o fuelbr5399 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o fuelbr5400 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o fuelbr5401 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o fuelbr5402 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o fuelbr5403 -p udp -m udp --dport 68 -j ACCEPT

I'm not quite sure, maybe one of this two nodes was rebooted.