Comment 65 for bug 1605089

Reviewed: https://review.openstack.org/531033
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=c2e6038fa17cb2cbfb095320827a59eb681112e8
Submitter: Zuul
Branch: master

commit c2e6038fa17cb2cbfb095320827a59eb681112e8
Author: Daniel Alvarez <email address hidden>
Date: Thu Jan 4 00:22:30 2018 +0100

    Check for sg_rules correctness

    This patch is updating networking-ovn to check for correctness when
    creating or deleting security group rules.

    This patch also allows to insert duplicate entries in ACL table in
    case that two indentical rules belong to different SGs. Each acl will
    reference to its own SG rule in the external_ids column so that we
    can ensure consistency across Neutron and OVN objects. The main
    drawback is that duplicated acls will make ovn-northd insert duplicate
    lflows in SB database which, in turn, makes ovn-controller drop the
    flows when it's processing the logical flows and log INFO messages. To
    overcome this, I have sent a patch [0] to core OVN so that
    ovn-controller logs those traces as DBG instead and reduce noise.
    Please see the references in the commit message at [0] and the
    discussion around this.

    Partial-Bug: #1605089

    [0] https://github.com/openvswitch/ovs/commit/5905b28f1abff1a295ea37654d887154b0dc2bc0

    Change-Id: Ie2659ecb84193d58d35ced6b8fb0b89fc03cf6e7
    Signed-off-by: Daniel Alvarez <email address hidden>