Hello Salvatore, Unfortunately, you are hitting a known problem of ODL Boron. The clean up of classifier and chains is not working very well and sometimes it leaves old flows which break things. We filed a bug about this in ODL and it should be fixed in ODL Carbon which was release three weeks ago. Due to the OPNFV Summit preparations, we were not able to check if it works though :(. @Jaime: Perhaps you tested it with the dovs tool of ODL?
Anyway, ODL Carbon will be part of OPNFV Euphrates and we are currently working on the integration of OpenStack Ocata + ODL Carbon + OVS&NSH + Tacker. We have the first two pieces working and we are looking into the rest. We had a presentation in the OPNFV Summit this week about what we want to do for SFC in OPNFV Euphrates: https://docs.google.com/presentation/d/1hyPzac-E0NDhd9dsleFy_ohGazzjivr IPeTweAgPxdM/edit?usp=sharing and one thing is to create a test case which checks if all flows are deleted correctly to make sure that we don't hit this problem. However, we are right now very busy... would you perhaps be interested in helping out creating that test case? We could help you :)! Thanks, Manuel On Thu, 2017-06-15 at 16:00 +0200, Salvatore Campanella wrote: > Hi folk! > > I am Salvatore Campanella and I work for Telecom Italia S.p.a. in NFV group. > I am trying to work with a single chain: > > > tacker sfc-create chain -chain firewall1,firewall2,firewall3The three firewalls are vnfs created with tacker ( using sfc-danube.qcow2 taken from the community). > > > Then, I create three different sfc-classifiers, all for the same chain: > > > classifier1 for the traffic on port 80classifier2 for the traffic on port 22classifier3 for the traffic on port 443A this point, I can block or not the traffic on every port as I want. > So, the use case work correctly. > > > Afterwards I delete all the classifiers and the chain. > > > > What happens is that classifiers are effectively deleted only after the chain deletion. (so it means that I cannot modify the chain if I wish) > > > Furthermore, I notice that traffic on port 80, 22 and 443 doesn't work because there some pending flows on br-int switch (on table 11 specifically). > > Any hint? Could Someone help me? > > Thank you very much > > Salvatore Campanella > > > _______________________________________________ > opnfv-tech-discuss mailing list > [email protected] > https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
_______________________________________________ opnfv-tech-discuss mailing list [email protected] https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
