[R4.1-36]: flow drop reason is UNKNOWN when it's dropped due to security firewalls
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R3.2 |
Fix Committed
|
Medium
|
Hari Prasad Killi | |||
R4.0 |
Fix Committed
|
Medium
|
Hari Prasad Killi | |||
R4.1 |
Fix Committed
|
Medium
|
Hari Prasad Killi | |||
Trunk |
Fix Committed
|
Medium
|
Hari Prasad Killi |
Bug Description
Had a service group rule(in security framework firewall) which allows only tcp traffic across VN1 and VN2.
so ping would be dropped across VNs which works fine but the drop reason is UNKNOWN in the flow as well as logged sessions.
Index Source:
-------
192620<=>286196 2.2.2.4:29469 1 (2)
(Gen: 1, K(nh):19, Action:D(Unknown), Flags:, QOS:-1, S(nh):35, Stats:0/0,
SPort 59900, TTL 0, Sinfo 0.0.0.0)
286196<=>192620 1.1.1.3:29469 1 (2)
(Gen: 1, K(nh):19, Action:D(Unknown), Flags:, QOS:-1, S(nh):19, Stats:1/98,
SPort 52803, TTL 0, Sinfo 4.0.0.0)
2017-11-03 Fri 15:03:41:412.816 IST nodec62 [Thread 140283233392384, Pid 19302]: [SYS_INFO]: SessionEndpoint
Review in progress for https:/ /review. opencontrail. org/37236
Submitter: Hari Prasad Killi (<email address hidden>)