Comment 19 for bug 2024160

Revision history for this message
Mohammed Naser (mnaser) wrote :

So, running an `ovn-trace` for both the sub-port and the trunk, when port security is disabled, shows that it kills it early when it sees VLAN traffic. I suspect this is another bug:

```
❯ kubectl -n openstack exec pods/ovn-ovsdb-sb-2 -- ovn-trace --friendly-names --ovs neutron-ea05f3c2-b370-49e6-ab71-635376211fd5 '
  inport=="bffe6ba0-6bdc-4f99-b43e-a5dc9e5b6aea" &&
  vlan.vid==20 &&
  eth.src==52:54:00:3f:1d:a9 &&
  ip4.src==172.17.0.11 &&
  ip4.dst==172.17.0.100 &&
  ip.ttl == 64 &&
  icmp4.type == 8'
Defaulted container "ovsdb" out of: ovsdb, init (init)
# icmp,reg14=0xf,dl_vlan=20,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:1d:a9,dl_dst=00:00:00:00:00:00,nw_src=172.17.0.11,nw_dst=172.17.0.100,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0

ingress(dp="zuul-ci-net-17dc44ba", inport="controller-ffd424a4-3b96-489a-84dd-e6d742e9cf8e-20")
-----------------------------------------------------------------------------------------------
 0. ls_in_check_port_sec (northd.c:8377): vlan.present, priority 100, uuid d24b30bb
    drop;
```