Reviewed: https://review.opendev.org/738551 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=959d8b6d73e2a6ab1a45c9a7b0b05ae163e650fc Submitter: Zuul Branch: master
commit 959d8b6d73e2a6ab1a45c9a7b0b05ae163e650fc Author: LIU Yulong <[email protected]> Date: Fri Jul 10 17:25:15 2020 +0800 Local mac direct flow for non-openflow firewall When there is no openflow firewall, aka the ovs agent security group is disabled or Noop/HybridIptable, this patch will introduce a different ingress pipeline for bridge ports which will avoid ingress flood: (1) table=0, in_port=patch_bridge,dl_vlan=physical_vlan action=mod_vlan:local_vlan,goto:60 (original) (2) table=60, in_port=patch_bridge action=goto:61 (new) (3) table=61, dl_dst=local_port_mac,dl_vlan=local_vlan, action=strip_vlan,output:<ofport> (changes) And changes the local ports pipeline: (1) table=0, in_port=local_ofport action=goto:25 (original) (2) table=25, in_port=local_ofport,dl_src=local_port_mac action=goto:60 (original) (3) table=60, in_port=local_ofport,dl_src=local_port_mac action=local_vlan->reg6,goto:61 (changes) (4) table=61, dl_dst=local_port_mac,reg6=local_vlan, action=output:<ofport> (changes) Closes-Bug: #1884708 Closes-Bug: #1881070 Related-Bug: #1732067 Related-Bug: #1866445 Related-Bug: #1883321 Change-Id: Iecf9cffaf02616342f1727ad7db85545d8adbec2 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1881070 Title: the accepted-egress-direct-flows can't be deleted when the VM is deleted Status in neutron: Fix Released Bug description: When vm is deleted or migrate to other compute node, the function 'delete_accepted_egress_direct_flow' was not executed. This will resule in stale flows in table 61. reproduction steps: 1. Create a VM, which mac is fa:16:3e:2a:4c:9f 2. Show the flows in br-int: cookie=0xf19902187e0bc0bf, duration=76.736s, table=1, n_packets=0, n_bytes=0, priority=20,dl_vlan=9,dl_dst=fa:16:3e:2a:4c:9f actions=mod_dl_src:fa:16:3e:e4:8a:e4,resubmit(,60) cookie=0xf19902187e0bc0bf, duration=74.976s, table=25, n_packets=126, n_bytes=11031, priority=2,in_port="qvode3db9ac-24",dl_src=fa:16:3e:2a:4c:9f actions=resubmit(,60) cookie=0xf19902187e0bc0bf, duration=76.732s, table=60, n_packets=28, n_bytes=3314, priority=20,dl_vlan=9,dl_dst=fa:16:3e:2a:4c:9f actions=strip_vlan,output:"qvode3db9ac-24" cookie=0xf19902187e0bc0bf, duration=76.299s, table=60, n_packets=126, n_bytes=11031, priority=9,in_port="qvode3db9ac-24",dl_src=fa:16:3e:2a:4c:9f actions=resubmit(,61) cookie=0xf19902187e0bc0bf, duration=76.299s, table=61, n_packets=62, n_bytes=6401, priority=12,dl_dst=fa:16:3e:2a:4c:9f actions=output:"qvode3db9ac-24" cookie=0xf19902187e0bc0bf, duration=76.299s, table=61, n_packets=24, n_bytes=1782, priority=10,in_port="qvode3db9ac-24",dl_src=fa:16:3e:2a:4c:9f,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=mod_vlan_vid:9,output:"patch-tun" 3. Delete the VM 4. Show the flows in br-int again: cookie=0xf19902187e0bc0bf, duration=134.991s, table=61, n_packets=62, n_bytes=6401, priority=12,dl_dst=fa:16:3e:2a:4c:9f actions=output:58 As shown above, the flow remains after deleting the virtual machine. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1881070/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
