Comment 5 for bug 1708731
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to neutron (master) | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit 6f7ba76075dd0d6
Author: Jakub Libosvar <email address hidden>
Date: Mon Feb 5 17:20:09 2018 +0000
ovs-fw: Fix firewall blink
Previously, when security group was updated for given port, the firewall
removed all flows related to the port and added new rules. That
introduced a time window where there were no rules for the port.
This patch adds a new mechanism using cookie that can be described in
three states:
1) Create new openflow rules with non-default cookie that is considered
an updated cookie. All newly generated flows will be added with the next
cookie and all existing rules with default cookie are rewritten with the
default cookie.
2) Delete all rules for given port with the old default cookie. This
will leave the newly added rules in place.
3) Update the newly added flows with update cookie back to the default
cookie in order to avoid such flows being cleaned on the next restart of
ovs agent, as it fetches for stale flows.
Change-Id: I85d9e49c24ee7c
Closes-bug: #1708731