R5.01-195 : With fat flow configured and policy enabled on vhost0, BGPaaS is broken

Bug #1786947 reported by Ankit Jain on 2018-08-14
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Invalid
Undecided
N Anand Rao
R5.0
Invalid
Undecided
N Anand Rao

Bug Description

Steps:

Create a VN vn1 20.1.1.0/24, launch a vsrx instance in vn1, say 20.1.1.4
1) Fat flow config tcp with port 0 on vhost0
2) Enable the policy on vhost0 port
3) configure bgp config on vsrx image with 20.1.1.1 as peer

Observation:
BGP session is not established. Vrouter is not able to install reverse flow, which breaks the bgpaas functionality.

5.5.5.233 vhost0
5.5.5.234 is control node
20.1.1.4 vsrx
20.1.1.1 peer to vsrx

Below are the flows created when the system in not in working state:

   167540 5.5.5.233:50000 6 (0)
                         5.5.5.234:179
(Gen: 20, K(nh):5, Action:H, Flags:, TCP:RD, QOS:-1, S(nh):0, Stats:6/240,
 SPort 0, TTL 0, Sinfo 0.0.0.0)

   185352<=>347700 10.1.1.5:22 6 (0->2)
                         10.1.1.2:54566
(Gen: 2, K(nh):34, Action:F, Flags:, TCP:, QOS:-1, S(nh):34, Stats:6/396,
 SPort 56104, TTL 0, Sinfo 3.0.0.0)

   234068<=>347240 20.1.1.4:63068 6 (3->0)
                         20.1.1.1:179
(Gen: 2, K(nh):39, Action:N(SPsD), Flags:, TCP:S
, QOS:-1, S(nh):39, Stats:2/140,
 SPort 58170, TTL 0, Sinfo 5.0.0.0)

   347240<=>234068 5.5.5.234:179 6 (0->3)
                         5.5.5.233:50000
(Gen: 34, K(nh):5, Action:N(SDPd), Flags:, TCP:Sr, QOS:-1, S(nh):16, Stats:0/0,
 SPort 61765, TTL 0, Sinfo 0.0.0.0)

As discussed with Ashok/Anand today in the meeting...Ashok and Anand both aware of the issue.

Ankit Jain (ankitja) on 2018-08-14
Changed in juniperopenstack:
importance: Undecided → Critical
importance: Critical → Undecided
tags: removed: blocker
N Anand Rao (anandrao79) wrote :

Checked with Richard Roberts on this and he confirmed that applying fat flow config on vhost0 interface is not a valid use case. Hence closing this bug for now.

Changed in juniperopenstack:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers