Following are the steps which we did when we saw the issue.
Create a tenant(member).
Create 4 classifiers as following
icmp : icmp classifier
udp: udp bi-directional
tcp: tcp bi-directional redirect_class: classifier with no protocol and port(Created this from CLI)
tcp80: tcp port 90, bi-directional
Create 4 allow actions(allow1, allow2, allow3, allow4) and 1 redirect action with FW service chain spec(to insert FW in E-W)
Create 5 rules as following
pr1: icmp+allow1
pr2: tcp+allow2
pr3: udp+allow3
pr4: redirect_class+allow4
pr5: tcp80+ redirect action
Created PRS 'prs1' using rules pr1, pr2, pr3, pr4 and pr5.
Create consumer and provider PTG to use the above PRS 'prs1'. FW service was inserted between the consumer and provider groups.
Create another 4 classifiers as following:
icmp1: icmp classifier
tcp1: tcp classifier
udp1: udp classifier redirect_class1: classifier with no protocol and port (created from CLI)
Create 4 allow actions(allow5, allow6, allow7, allow8)
Create 3 policy rules as following:
pr6: tcp1+allow5
pr7: udp1+allow7
pr8: icmp1+allow6
Now tried creating another allow rule using redirect_class1 classifier and allow8 action. Observed the policy rule create issue.
Note: After sometime, when tried adding the same rule again, the rule creation was successful.
Neutron server.log and the host-report output of OS controller and compute nodes are copied to "/root/pr_create_fail_log/" location on OS contoller node(10.30.120.97)
Snapshot of neutron server log when the error is seen:
2015-11-17 05:12:05.219 9976 ERROR gbpservice.neutron.services.grouppolicy.policy_driver_manager [-] Policy driver 'apic' failed in create_policy_rule_postcommit
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager Traceback (most recent call last):
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager File "/usr/lib/python2.7/site-packages/gbpservice/neutron/services/grouppolicy/policy_driver_manager.py", line 119, in _call_on_drivers
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager getattr(driver.obj, method_name)(context)
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager File "/usr/lib/python2.7/site-packages/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py", line 589, in create_policy_rule_postcommit
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager **attrs)
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager File "/usr/lib64/python2.7/contextlib.py", line 24, in __exit__
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager self.gen.next()
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager File "/usr/lib/python2.7/site-packages/apicapi/apic_client.py", line 867, in transaction
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager result = transaction.commit()
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager File "/usr/lib/python2.7/site-packages/apicapi/apic_client.py", line 773, in commit
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager *self.root_params)
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager File "/usr/lib/python2.7/site-packages/apicapi/apic_client.py", line 480, in post_body
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager return self._send(self.session.post, url, data=data)
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager File "/usr/lib/python2.7/site-packages/apicapi/apic_client.py", line 435, in _send
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager err_text=err_text, err_code=err_code)
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager ApicResponseNotOk: APIC responded with HTTP status 400: Bad Request, Request: '/mo/uni/tn-_noirolab_7c280ecd747545668fffca0006f6ab19.json, data={"fvTenant": {"attributes": {"rn": "tn-_noirolab_7c280ecd747545668fffca0006f6ab19"}, "children": [{"vzFilter": {"attributes": {"rn": "flt-pr8"}, "children": [{"vzEntry": {"attributes": {"rn": "e-os-entry", "etherT": "unspecified"}, "children": []}}]}}]}}', APIC error code 105: vz::EntryMo (Dn0) - non-IP Ethertype cannot be combined with other l4 properties Dn0=uni/tn-_noirolab_7c280ecd747545668fffca0006f6ab19/flt-pr8/e-os-entry,
2015-11-17 05:12:05.219 9976 TRACE gbpservice.neutron.services.grouppolicy.policy_driver_manager
2015-11-17 05:12:05.222 9976 ERROR gbpservice.neutron.services.grouppolicy.plugin [-] policy_driver_manager.create_policy_rule_postcommit failed, deleting policy_rule 3afc9967-d9d0-4cd0-9e15-2b26affa0b58
2015-11-17 05:12:05.222 9976 TRACE gbpservice.neutron.services.grouppolicy.plugin Traceback (most recent call last):
2015-11-17 05:12:05.222 9976 TRACE gbpservice.neutron.services.grouppolicy.plugin File "/usr/lib/python2.7/site-packages/gbpservice/neutron/services/grouppolicy/plugin.py", line 1064, in create_policy_rule
2015-11-17 05:12:05.222 9976 TRACE gbpservice.neutron.services.grouppolicy.plugin policy_context)
2015-11-17 05:12:05.222 9976 TRACE gbpservice.neutron.services.grouppolicy.plugin File "/usr/lib/python2.7/site-packages/gbpservice/neutron/services/grouppolicy/policy_driver_manager.py", line 280, in create_policy_rule_postcommit
2015-11-17 05:12:05.222 9976 TRACE gbpservice.neutron.services.grouppolicy.plugin self._call_on_drivers("create_policy_rule_postcommit", context)
2015-11-17 05:12:05.222 9976 TRACE gbpservice.neutron.services.grouppolicy.plugin File "/usr/lib/python2.7/site-packages/gbpservice/neutron/services/grouppolicy/policy_driver_manager.py", line 134, in _call_on_drivers
2015-11-17 05:12:05.222 9976 TRACE gbpservice.neutron.services.grouppolicy.plugin method=method_name
2015-11-17 05:12:05.222 9976 TRACE gbpservice.neutron.services.grouppolicy.plugin GroupPolicyDriverError: create_policy_rule_postcommit failed.
Following are the steps which we did when we saw the issue.
Create a tenant(member).
redirect_ class: classifier with no protocol and port(Created this from CLI) class+allow4
redirect_ class1: classifier with no protocol and port (created from CLI)
Create 4 classifiers as following
icmp : icmp classifier
udp: udp bi-directional
tcp: tcp bi-directional
tcp80: tcp port 90, bi-directional
Create 4 allow actions(allow1, allow2, allow3, allow4) and 1 redirect action with FW service chain spec(to insert FW in E-W)
Create 5 rules as following
pr1: icmp+allow1
pr2: tcp+allow2
pr3: udp+allow3
pr4: redirect_
pr5: tcp80+ redirect action
Created PRS 'prs1' using rules pr1, pr2, pr3, pr4 and pr5.
Create consumer and provider PTG to use the above PRS 'prs1'. FW service was inserted between the consumer and provider groups.
Create another 4 classifiers as following:
icmp1: icmp classifier
tcp1: tcp classifier
udp1: udp classifier
Create 4 allow actions(allow5, allow6, allow7, allow8)
Create 3 policy rules as following:
pr6: tcp1+allow5
pr7: udp1+allow7
pr8: icmp1+allow6
Now tried creating another allow rule using redirect_class1 classifier and allow8 action. Observed the policy rule create issue.
Note: After sometime, when tried adding the same rule again, the rule creation was successful.
Neutron server.log and the host-report output of OS controller and compute nodes are copied to "/root/ pr_create_ fail_log/ " location on OS contoller node(10.30.120.97)
Snapshot of neutron server log when the error is seen: neutron. services. grouppolicy. policy_ driver_ manager [-] Policy driver 'apic' failed in create_ policy_ rule_postcommit neutron. services. grouppolicy. policy_ driver_ manager Traceback (most recent call last): neutron. services. grouppolicy. policy_ driver_ manager File "/usr/lib/ python2. 7/site- packages/ gbpservice/ neutron/ services/ grouppolicy/ policy_ driver_ manager. py", line 119, in _call_on_drivers neutron. services. grouppolicy. policy_ driver_ manager getattr(driver.obj, method_ name)(context) neutron. services. grouppolicy. policy_ driver_ manager File "/usr/lib/ python2. 7/site- packages/ gbpservice/ neutron/ services/ grouppolicy/ drivers/ cisco/apic/ apic_mapping. py", line 589, in create_ policy_ rule_postcommit neutron. services. grouppolicy. policy_ driver_ manager **attrs) neutron. services. grouppolicy. policy_ driver_ manager File "/usr/lib64/ python2. 7/contextlib. py", line 24, in __exit__ neutron. services. grouppolicy. policy_ driver_ manager self.gen.next() neutron. services. grouppolicy. policy_ driver_ manager File "/usr/lib/ python2. 7/site- packages/ apicapi/ apic_client. py", line 867, in transaction neutron. services. grouppolicy. policy_ driver_ manager result = transaction. commit( ) neutron. services. grouppolicy. policy_ driver_ manager File "/usr/lib/ python2. 7/site- packages/ apicapi/ apic_client. py", line 773, in commit neutron. services. grouppolicy. policy_ driver_ manager *self.root_params) neutron. services. grouppolicy. policy_ driver_ manager File "/usr/lib/ python2. 7/site- packages/ apicapi/ apic_client. py", line 480, in post_body neutron. services. grouppolicy. policy_ driver_ manager return self._send( self.session. post, url, data=data) neutron. services. grouppolicy. policy_ driver_ manager File "/usr/lib/ python2. 7/site- packages/ apicapi/ apic_client. py", line 435, in _send neutron. services. grouppolicy. policy_ driver_ manager err_text=err_text, err_code=err_code) neutron. services. grouppolicy. policy_ driver_ manager ApicResponseNotOk: APIC responded with HTTP status 400: Bad Request, Request: '/mo/uni/ tn-_noirolab_ 7c280ecd7475456 68fffca0006f6ab 19.json, data={"fvTenant": {"attributes": {"rn": "tn-_noirolab_ 7c280ecd7475456 68fffca0006f6ab 19"}, "children": [{"vzFilter": {"attributes": {"rn": "flt-pr8"}, "children": [{"vzEntry": {"attributes": {"rn": "e-os-entry", "etherT": "unspecified"}, "children": []}}]}}]}}', APIC error code 105: vz::EntryMo (Dn0) - non-IP Ethertype cannot be combined with other l4 properties Dn0=uni/ tn-_noirolab_ 7c280ecd7475456 68fffca0006f6ab 19/flt- pr8/e-os- entry, neutron. services. grouppolicy. policy_ driver_ manager neutron. services. grouppolicy. plugin [-] policy_ driver_ manager. create_ policy_ rule_postcommit failed, deleting policy_rule 3afc9967- d9d0-4cd0- 9e15-2b26affa0b 58 neutron. services. grouppolicy. plugin Traceback (most recent call last): neutron. services. grouppolicy. plugin File "/usr/lib/ python2. 7/site- packages/ gbpservice/ neutron/ services/ grouppolicy/ plugin. py", line 1064, in create_policy_rule neutron. services. grouppolicy. plugin policy_context) neutron. services. grouppolicy. plugin File "/usr/lib/ python2. 7/site- packages/ gbpservice/ neutron/ services/ grouppolicy/ policy_ driver_ manager. py", line 280, in create_ policy_ rule_postcommit neutron. services. grouppolicy. plugin self._call_ on_drivers( "create_ policy_ rule_postcommit ", context) neutron. services. grouppolicy. plugin File "/usr/lib/ python2. 7/site- packages/ gbpservice/ neutron/ services/ grouppolicy/ policy_ driver_ manager. py", line 134, in _call_on_drivers neutron. services. grouppolicy. plugin method=method_name neutron. services. grouppolicy. plugin GroupPolicyDriv erError: create_ policy_ rule_postcommit failed.
2015-11-17 05:12:05.219 9976 ERROR gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.219 9976 TRACE gbpservice.
2015-11-17 05:12:05.222 9976 ERROR gbpservice.
2015-11-17 05:12:05.222 9976 TRACE gbpservice.
2015-11-17 05:12:05.222 9976 TRACE gbpservice.
2015-11-17 05:12:05.222 9976 TRACE gbpservice.
2015-11-17 05:12:05.222 9976 TRACE gbpservice.
2015-11-17 05:12:05.222 9976 TRACE gbpservice.
2015-11-17 05:12:05.222 9976 TRACE gbpservice.
2015-11-17 05:12:05.222 9976 TRACE gbpservice.
2015-11-17 05:12:05.222 9976 TRACE gbpservice.