Juniper Openstack

  1. Bug #1548173
  2. Activity log

Activity log for bug #1548173

Date Who What changed Old value New value Message
2016-02-22 04:13:45 Ritam Gangopadhyay bug added bug
2016-02-22 04:14:11 Ritam Gangopadhyay tags vrouter policy regression vrouter
2016-02-22 04:14:32 Ritam Gangopadhyay bug added subscriber Sudheendra Rao
2016-02-22 04:19:35 Ritam Gangopadhyay description Change in policy rule does not effect traffic on active flows. Steps to reproduce:- 1. create a VN "vn-1" 2. create a Policy with rule:- source vn - vn-1 dest-vn - vn-1 protocol - ICMP action - deny 3. create 2 VM's "vm-11" and "vm-12" in "vn-1" 4. start ping to vm-12 from vm-11 5. packets should get dropped. 6. a drop flow should get created which show action as - Dropped by Policy - D(Policy) 7. agent introspect page should show the policy action for ICMP as drop 8. change the rule action to "PASS" from "DENY" 9. agent introspect page shows the policy action for ICMP as "pass" 10. but packets are still not allowed and the flow shows as dropped. - Dropped by Policy - D(Policy) root@nodec55:~# flow -l Flow table(size 68157440, entries 532480) Entries: Created 6 Added 6 Processed 6 Used Overflow entries 0 (Created Flows/CPU: 1 1 2 2)(oflows 0) Action:F=Forward, D=Drop N=NAT(S=SNAT, D=DNAT, Ps=SPAT, Pd=DPAT, L=Link Local Port) Other:K(nh)=Key_Nexthop, S(nh)=RPF_Nexthop, M=Mirror Index Flags:E=Evicted, Ec=Evict Candidate, N=New Flow, M=Modified TCP(r=reverse):S=SYN, F=FIN, R=RST, C=HalfClose, E=Established, D=Dead Index Source:Port Destination:Port Proto(V) ------------------------------------------------------------------------- 326684<=>355124 17.1.1.3:54272 17.1.1.4:0 1 (1) (K(nh):36, Action:D(Policy), Flags:, S(nh):36, Stats:206/20188, SPort:61506) 355124<=>326684 17.1.1.4:54272 17.1.1.3:0 1 (1) (K(nh):14, Action:D(Policy), Flags:, S(nh):14, Stats:0/0, SPort:49907) root@nodec55:~# Change in policy rule does not effect traffic on active flows. Steps to reproduce:- 1. create a VN "vn-1" 2. create a Policy with rule:-         source vn - vn-1         dest-vn - vn-1         protocol - ICMP         action - deny 3. create 2 VM's "vm-11" and "vm-12" in "vn-1" 4. start ping to vm-12 from vm-11 5. packets should get dropped. 6. a drop flow should get created which show action as - Dropped by Policy - D(Policy) 7. agent introspect page should show the policy action for ICMP as drop 8. change the rule action to "PASS" from "DENY" 9. agent introspect page shows the policy action for ICMP as "pass" 10. but packets are still not allowed and the flow shows as dropped. - Dropped by Policy - D(Policy) root@nodec55:~# flow -l Flow table(size 68157440, entries 532480) Entries: Created 6 Added 6 Processed 6 Used Overflow entries 0 (Created Flows/CPU: 1 1 2 2)(oflows 0) Action:F=Forward, D=Drop N=NAT(S=SNAT, D=DNAT, Ps=SPAT, Pd=DPAT, L=Link Local Port)  Other:K(nh)=Key_Nexthop, S(nh)=RPF_Nexthop, M=Mirror Index  Flags:E=Evicted, Ec=Evict Candidate, N=New Flow, M=Modified TCP(r=reverse):S=SYN, F=FIN, R=RST, C=HalfClose, E=Established, D=Dead  Index Source:Port Destination:Port Proto(V) ------------------------------------------------------------------------- 326684<=>355124 17.1.1.3:54272 17.1.1.4:0 1 (1) (K(nh):36, Action:D(Policy), Flags:, S(nh):36, Stats:206/20188, SPort:61506) 355124<=>326684 17.1.1.4:54272 17.1.1.3:0 1 (1) (K(nh):14, Action:D(Policy), Flags:, S(nh):14, Stats:0/0, SPort:49907) root@nodec55:~# 11. if we stop and restart the ping, i.e. when new flows get created it takes up the proper action of pass. So only "live flows" are not affected by change is policy rules. root@nodec55:~# flow -l Flow table(size 68157440, entries 532480) Entries: Created 7 Added 7 Processed 7 Used Overflow entries 0 (Created Flows/CPU: 2 1 2 2)(oflows 0) Action:F=Forward, D=Drop N=NAT(S=SNAT, D=DNAT, Ps=SPAT, Pd=DPAT, L=Link Local Port) Other:K(nh)=Key_Nexthop, S(nh)=RPF_Nexthop, M=Mirror Index Flags:E=Evicted, Ec=Evict Candidate, N=New Flow, M=Modified TCP(r=reverse):S=SYN, F=FIN, R=RST, C=HalfClose, E=Established, D=Dead Index Source:Port Destination:Port Proto(V) ------------------------------------------------------------------------- 64912<=>481500 17.1.1.4:54528 17.1.1.3:0 1 (1) (K(nh):14, Action:F, Flags:, S(nh):14, Stats:4/392, SPort:59060) 326684<=>355124 17.1.1.3:54272 17.1.1.4:0 1 (1) (K(nh):36, Action:D(Policy), Flags:, S(nh):36, Stats:436/42728, SPort:61506) 355124<=>326684 17.1.1.4:54272 17.1.1.3:0 1 (1) (K(nh):14, Action:D(Policy), Flags:, S(nh):14, Stats:0/0, SPort:49907) 481500<=>64912 17.1.1.3:54528 17.1.1.4:0 1 (1) (K(nh):36, Action:F, Flags:, S(nh):36, Stats:4/392, SPort:56645) root@nodec55:~#
2016-02-23 19:51:16 Ashish Ranjan nominated for series juniperopenstack/trunk
2016-02-23 19:51:16 Ashish Ranjan bug task added juniperopenstack/trunk
2016-02-23 19:51:33 Ashish Ranjan nominated for series juniperopenstack/r2.20
2016-02-23 19:51:33 Ashish Ranjan bug task added juniperopenstack/r2.20
2016-02-23 19:51:33 Ashish Ranjan nominated for series juniperopenstack/r2.21.x
2016-02-23 19:51:33 Ashish Ranjan bug task added juniperopenstack/r2.21.x
2016-02-23 19:51:53 Ashish Ranjan nominated for series juniperopenstack/r2.22.x
2016-02-23 19:51:53 Ashish Ranjan bug task added juniperopenstack/r2.22.x
2016-02-23 19:52:00 Ashish Ranjan bug task deleted juniperopenstack/r2.21.x
2016-02-23 19:52:06 Ashish Ranjan juniperopenstack/trunk: milestone r2.22.1 future
2016-02-23 19:52:12 Ashish Ranjan juniperopenstack/r2.22.x: milestone r2.22.2
2016-02-23 19:52:24 Ashish Ranjan juniperopenstack/r2.20: milestone r2.23
2016-02-23 19:52:58 Ashish Ranjan juniperopenstack/r2.20: assignee Hari Prasad Killi (haripk)
2016-02-23 19:53:00 Ashish Ranjan juniperopenstack/r2.22.x: assignee Hari Prasad Killi (haripk)
2016-02-23 19:53:02 Ashish Ranjan juniperopenstack/trunk: assignee Hari Prasad Killi (haripk)
2016-02-26 06:44:56 Ritam Gangopadhyay nominated for series juniperopenstack/r3.0
2016-02-26 06:44:56 Ritam Gangopadhyay bug task added juniperopenstack/r3.0
2016-02-26 06:45:12 Ritam Gangopadhyay bug task deleted juniperopenstack/r3.0
2016-03-11 09:51:55 Hari Prasad Killi juniperopenstack/trunk: assignee Hari Prasad Killi (haripk) Manish Singh (manishs)
2016-03-11 09:52:01 Hari Prasad Killi juniperopenstack/r2.22.x: assignee Hari Prasad Killi (haripk) Manish Singh (manishs)
2016-03-11 09:52:07 Hari Prasad Killi juniperopenstack/r2.20: assignee Hari Prasad Killi (haripk) Manish Singh (manishs)
2016-03-28 17:03:38 Nischal Sheth juniperopenstack/r2.22.x: importance Undecided Medium
2016-03-28 17:03:40 Nischal Sheth juniperopenstack/r2.20: importance Undecided Medium
2016-03-28 17:04:02 Nischal Sheth information type Proprietary Public
2016-05-04 08:57:17 Hari Prasad Killi juniperopenstack/r2.20: assignee Manish Singh (manishs) RAVI KIRAN (ravibk)
2016-05-04 08:57:24 Hari Prasad Killi juniperopenstack/r2.22.x: assignee Manish Singh (manishs) RAVI KIRAN (ravibk)
2016-05-04 08:57:30 Hari Prasad Killi juniperopenstack/trunk: assignee Manish Singh (manishs) RAVI KIRAN (ravibk)
2016-05-05 14:12:35 OpenContrail Admin nominated for series juniperopenstack/r3.0
2016-05-05 14:12:35 OpenContrail Admin bug task added juniperopenstack/r3.0
2016-05-05 14:12:35 OpenContrail Admin bug task added juniperopenstack/r3.0
2016-05-07 04:20:37 OpenContrail Admin juniperopenstack/r3.0: status In Progress Fix Committed
2016-05-07 04:20:39 OpenContrail Admin juniperopenstack/r3.0: milestone r3.0.2.0
2016-05-12 16:29:40 RAVI KIRAN juniperopenstack/r2.20: status New Fix Released
2016-05-12 16:29:47 RAVI KIRAN juniperopenstack/r2.20: status Fix Released Confirmed
2016-05-12 16:30:26 RAVI KIRAN juniperopenstack/r2.20: status Confirmed Fix Released
2016-05-12 17:29:16 RAVI KIRAN juniperopenstack/r2.22.x: status New Fix Released
2016-05-12 18:07:38 RAVI KIRAN juniperopenstack/trunk: status New Fix Released
2016-05-13 04:12:24 RAVI KIRAN juniperopenstack/trunk: status Fix Released New
2016-05-18 15:24:21 OpenContrail Admin juniperopenstack/trunk: status New In Progress
2016-05-20 00:47:51 OpenContrail Admin juniperopenstack/trunk: status In Progress Fix Committed