Just some info to review the logs:
Port:
- id: 427e785f-...
- ip: 10.0.0.105
- mac: fa:16:3e:d2:16:58
- subnet: 0a891adb-...
- net: 90e0670a-...
SG:
- id: 929f0211-...
- rule(ssh): 524aa39b-...
The port (in compute1, OVS agent logs), is:
- bond: 08:53:16.262
- processed by the OVS agent: 08:53:18.384
- preparing filters for port: 08:53:19.657
- iptables finishes applying 83 rules: 08:53:19.742
The main problem here is, unlike in OVS firewall, the IPtables rules are not logged (even in DEBUG level). I'm going to propose a patch to have this output in the logs.
Just some info to review the logs:
Port:
- id: 427e785f-...
- ip: 10.0.0.105
- mac: fa:16:3e:d2:16:58
- subnet: 0a891adb-...
- net: 90e0670a-...
SG:
- id: 929f0211-...
- rule(ssh): 524aa39b-...
The port (in compute1, OVS agent logs), is:
- bond: 08:53:16.262
- processed by the OVS agent: 08:53:18.384
- preparing filters for port: 08:53:19.657
- iptables finishes applying 83 rules: 08:53:19.742
The main problem here is, unlike in OVS firewall, the IPtables rules are not logged (even in DEBUG level). I'm going to propose a patch to have this output in the logs.