Group Based Policy

[apic-mapping] Contract doesn't take effect when same classifier is used in both redirect and allow rule

Bug #1508748 reported by vks1 on 2015-10-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Group Based Policy	Incomplete	Medium	Ivar Lazzaro	Group Based Policy next

Bug Description

Created TCP and ICMP wildcard classifier. Attached TCP classifier to REDIRECT and ALLOW rule. Create a external consumer and provider which consumes and provides same PRS respectively. ICMP traffic between consumer and provider works fine but TCP traffic doesn't reach to TAP interface of head of chain.

After debugging it show the contract doesn't take effect in ACI.

Sumit Naiksatam (snaiksat) on 2015-10-22

Changed in group-based-policy:
milestone:	none → liberty-1
importance:	Undecided → Medium
assignee:	nobody → Ivar Lazzaro (mmaleckk)

Revision history for this message

Ivar Lazzaro (mmaleckk) wrote on 2015-10-28:

Can you verify that this works if only ONE action is set in the policy rule? (In this case, only REDIRECT, which implicitly means allow).

Ivar Lazzaro (mmaleckk) on 2015-10-28

Changed in group-based-policy:
status:	New → Incomplete

Revision history for this message

vks1 (vikash-kumar) wrote on 2015-10-28:

Yes it worked if we remove the rule from ACTION and allow only the rule in REDIRECT.

Revision history for this message

Magesh GV (magesh-gv) wrote on 2015-10-29:

Had a discussion with Mandeep, we should not allow creating the PRS with this overlap if it is not supported on APIC.

Sumit Naiksatam (snaiksat) on 2016-01-10

Changed in group-based-policy:
milestone:	liberty-1 → next

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.