networking-sfc

reverse flow creation fails for single arm SFs

Bug #1675796 reported by vks1 on 2017-03-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	networking-sfc	New	Undecided	Unassigned

Bug Description

Inserted a single arm SF. Created a port-pair with ingress-port and egress-port as same. Created rest of the resource and it traffic was as expected through SF in one direction. After, that I tried to create reverse flow and it failed due to:

a. reverse port-chain create failed as ppg in use.
b. port-pair-create failed as same 'ingress' and 'egress' port is in use. Thus ppg also can't be created.

So, we can't create a new ppg (with same details) neither can we reuse, which restrict the reverse path creation by user.

This is the most basic use case and limit deployment of any single arm SF, which IMHO is the first thing to be tried by any user.

Revision history for this message

Igor D.C. (igordcard) wrote on 2017-03-27:

Hi Vikash, how are both port-chains and port-pair-groups specifically defined?

Revision history for this message

vks1 (vikash-kumar) wrote on 2017-03-27:

Hi Igor,

Following is the sequence:

1. neutron port-pair-create pp1 --ingress 319bae97-0b84-4c5c-9982-010f08e0496f --egress 319bae97-0b84-4c5c-9982-010f08e0496f

2. neutron port-pair-group-create ppg1 --port-pair pp1

3. neutron flow-classifier-create fc1 --logical-source-port 815256d5-48c0-421b-8632-870373d85ae8

4. neutron port-chain-create pc1 --port-pair-group ppg1 --flow-classifier fc1

5. neutron flow-classifier-create fc2 --logical-source-port 605a9cd5-98cc-4880-8b5e-8b4e919d3929

6. neutron port-chain-create pc2 --flow-classifier fc2 --port-pair-group ppg1

which gives this error:
Port Pair Group(s) [u'e3772af6-d259-46b3-920b-afb528bc9866'] in use by Port Chain 629d607a-61fe-4c89-af13-1d720cf92b6d

Since this is for single arm SF, a new pp with same port-pair creation won't be allowed.

Revision history for this message

Louis Fourie (lfourie) wrote on 2017-04-06:

The issue is that for a single arm SF, the OVS agent (packet re-classifier in SFC Proxy) needs to distinguish forward traffic from reverse traffic that is returned from the SF.

The only way to do that is to match on the n-tuple fields of the packet such as source IP prefix.
If the flow classifier only has the logical-source-port as in your example the ovs is cannot do that.

Try adding a source IP prefix to the flow classifiers fc1 and fc2.

Revision history for this message

vks1 (vikash-kumar) wrote on 2017-04-07:

I see here few things to address:

1. Relax the restriction of PPG reuse (even conditional one only for single arm SFs and can be part of related port-chain).

2. Sometime back Igor was mentioning about the issue in correlation due to this. Will ask him to add.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.