Reviewed: https://review.openstack.org/472691
Committed:
https://git.openstack.org/cgit/openstack/neutron/commit/?id=ce8a0b2b7d73caf078c6634d6dded5117dbed265
Submitter: Jenkins
Branch: master
commit ce8a0b2b7d73caf078c6634d6dded5117dbed265
Author: Jakub Libosvar <libos...@redhat.com>
Date: Fri Jun 9 13:41:57 2017 +0000
dvr: Move normal/output br-int flows to table TRANSIENT
DVR flows are not compatible with OVS firewall flows as firewall flows
have higher priority. As a consequence, rules for DVR were never match
as firewall uses output directly.
This patch replaces flows using normal or output actions and resends
packets to TRANSIENT table instead. This transient table then uses
either those normal or output action rules. With this split, we will be
able to match egress/ingress flows in TRANSIENT table instead of
LOCAL_SWITCHING putting DVR pipeline in front of OVS firewall pipeline.
Change-Id: I9f738047f131b42d11a90f539435006d16ea7883
Closes-bug: #1696983
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1696983
Title:
ovs-fw: flows on br-int are overlapping with dvr flows
Status in neutron:
Fix Released
Bug description:
DVR flows use normal action in table 0 on br-int. In ovs firewall,
table 0 is used as a detector for ingress and egress VM traffic,
sending packets for further filtering in the pipeline. As DVR flows
have lower priority, DVR flows are not matched and mac translation
doesn't work.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1696983/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
