Reviewed: https://review.openstack.org/509228 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0456515a7a06ee96c2929c684a82737a1067ce72 Submitter: Jenkins Branch: master
commit 0456515a7a06ee96c2929c684a82737a1067ce72 Author: Jakub Libosvar <[email protected]> Date: Tue Oct 3 16:58:32 2017 +0000 br_int: Make removal of DVR flows more strict As ingres traffic to instance ports when using DVR uses same matching openflow rule as openvswitch firewall driver, it happens that setting admin_state_up of router deletes firewall rules. This patch makes the deletion more strict because DVR and ovs-firewall flows differ in priority. Thus using priority when removing DVR flows won't affect ovs-firewall flows. Closes-bug: #1721084 Change-Id: I4eb61b2824579a4f8ba219cd1b1dcf57d38ebc89 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1721084 Title: openvswitch firewall driver is dropping packets when router migrated from DVR to HA Status in neutron: Fix Released Bug description: Openvswitch firewall driver is dropping packets when router is migrated from DVR to HA. I see the packet is dropped at table 72 cookie=0x6b90d3f7582969b5, duration=62.044s, table=72, n_packets=7, n_bytes=518, idle_age=1, priority=50,ct_state=+inv+trk actions=drop complete br-int flows are - http://paste.openstack.org/show/622528/ output of "ovs-ofctl show br-int" http://paste.openstack.org/show/622530/ But with iptables firewall driver this works fine. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1721084/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
