[2.0-22~icehouse] Disparity in the packet-count in a analyser-firewall service chain between two networks
Bug #1407603 reported by
Ganesha HV
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Juniper Openstack |
Fix Committed
|
High
|
Naveen N | ||
| R2.0 |
Won't Fix
|
High
|
Naveen N | ||
| R2.1 |
Fix Committed
|
High
|
Naveen N | ||
Bug Description
Setup
====
nodec4 - cfgm/openstack/
nodec5 & nodec26 - ctrl
nodei27 & nodei28 - compute
1]. created a service chain between vn1 and vn2.
vm1 - nodei27
vm2, fw & analyser - nodei28
2]. The service chain has a firewall in in-network mode and a analyser in transparent mode.
3]. Started a 5-packet ping from vm1 to vm2.
4]. Expected to see 20 packets on the analyser, but seeing only 15 packets.
Shown to Naveen.
| Changed in juniperopenstack: | |
| milestone: | r2.0-fcs → none |
| tags: | added: regression |
| information type: | Proprietary → Public |
| tags: | added: blocker |
Revision history for this message
| OpenContrail Admin (ci-admin-f) wrote A change has been merged | #1 |
Revision history for this message
| OpenContrail Admin (ci-admin-f) wrote | #2 |
| Changed in juniperopenstack: | |
| status: | New → Fix Committed |
To post a comment you must log in.
Reviewed: https:/
Committed: http://
Submitter: Zuul
Branch: R2.1
commit 41af757411d5d54
Author: Naveen N <email address hidden>
Date: Wed Jan 28 21:51:39 2015 -0800
* Apply mirroring action from VN Acl even if interface as ignore acl
flag
Mirroring action are derived from network acl, and in case of service
instance interface we would have vrf translate acl and action from
network acl would be ignored, if interface has vrf translate acl.
Due to this packet from service instance interface were never mirrored,
with this fix we pick mirroring action exclusively from network acl.
Closes-bug:#1407603
Change-Id: Iaab4a6d81632a9