Group Based Policy

Packet loss caused by updating external segment

Bug #1716326 reported by Chenghui Yu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Group Based Policy
In Progress
Undecided
Chenghui Yu

Bug Description

Description:
==============================
When user updated cidr of external segment, network traffic will be interrupted. And network appears the phenomenon of losing package.
As a result,This problem will cause an abnormal interruption of the business.

Steps to reproduce:
===============================
In order to creating a VM to ping an external host which IP address is 56.10.0.8, I have created policy resources according to the following steps:
1) I created a L3 policy named test-L3p (its IP pool is 96.0.0.0/8), then
   I created L2 policy named test-L2p, and added a subnet 96.10.0.0/24
   named l2p-subnet to the l2p_test-L2p;

2) As I have created public_net and public_subnet which cidr is
   192.168.0.0/24 before, I created a external connectivity named
   test-ext-conn using this public_subnet; Then I set External Routes
   whose destination cidr is 56.10.0.0/24;

3) After that, I create ping policy rule set(protocol:icmp,port-range:1-
   65535,direction:bin, action:allow) named test-ping;

4) Then, I created internal groups used test-L2p named test-inter-ptg and
   external groups named test-exter-ptg used test-ext-conn, I added
   test-ping to test-inter-ptg and test-exter-ptg as Provided Rule Sets
   and Consumed Rule Sets.

5) Lastly, I created a VM named test-vm using l2p-subnet whose IP address
   is 96.10.0.5, And test-vm could ping the external host (56.10.0.8)
   successfully。

After above steps:

 I updated the destination cidr in External routes, such as adding a new cidr 66.10.0.0/24

Expected result:
=======================================
test-vm could ping the external host (56.10.0.8) successfully, and Not allowed to lose any packets

Actual result:
=======================================
The connection between test-vm and external host lost some data packets。After lossing some data packets, test-vm could ping the external host (56.10.0.8) successfully again.

Environment:
=======================================
Version: devstack (stable/ocata)
         group-based-policy (master)

affected versions: Liberty, Mitaka, Newton, Ocata, Pike

See original description
Chenghui Yu (chenghuiyu)
Changed in group-based-policy:
status: New → In Progress
assignee: nobody → Chenghui Yu (chenghuiyu)
Chenghui Yu (chenghuiyu)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/502875

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.