Juniper Openstack

ACL is not programmed in agent, for multi-services-chain

Bug #1540444 reported by Sunil Basker
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
Trunk
Fix Committed
Critical
Sachin Bansal
Juniper Openstack r3.0-fcs

Bug Description

ACL is not getting propagated/programmed at the agent, when multi-service-chain is configured

steps:
-> create left-vn & right-vn, set "multi services" checkbox
-> create two in-network/firewall SI, icmp-svc & other-svc
-> define policy to carry icmp traffic and tcp traffic through icmp-svc and other-svc respectively. Attach policy to both the VN.
-> generate ping traffic

Traffic is not directed through icmp-svc.

VRFs and appropriate routes are seen in agent introspect, but doesn't show any ACL or ACL doesn't point to appropriate VRF.

setup:
nodea30 & nodea31

Tags: blocker
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/16792
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/16792
Committed: http://github.org/Juniper/contrail-controller/commit/76ddefd2998a8ca90dc46851336c8661c11b364b
Submitter: Zuul
Branch: master

commit 76ddefd2998a8ca90dc46851336c8661c11b364b
Author: Sachin Bansal <email address hidden>
Date: Tue Feb 2 11:44:45 2016 -0800

Use virtual network name instead of object reference

Change-Id: Ibebe223291963ac132ea5a473fbe5554d8e87f9f
Closes-Bug: 1540444

Nischal Sheth (nsheth)
information type: Proprietary → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.