*** gongysh has joined #openstack-dragonflow | 00:10 | |
*** zenoway has joined #openstack-dragonflow | 01:03 | |
*** zenoway has quit IRC | 01:08 | |
*** wangyongben has joined #openstack-dragonflow | 01:23 | |
*** zenoway has joined #openstack-dragonflow | 01:39 | |
*** zenoway has quit IRC | 01:44 | |
*** gongysh has quit IRC | 01:50 | |
*** wangyongben has quit IRC | 02:34 | |
*** wangyongben has joined #openstack-dragonflow | 02:34 | |
*** zenoway has joined #openstack-dragonflow | 02:38 | |
*** wangyongben has quit IRC | 02:40 | |
*** wangyongben has joined #openstack-dragonflow | 02:40 | |
*** zenoway has quit IRC | 02:43 | |
*** wangyongben has quit IRC | 03:00 | |
*** wangyongben has joined #openstack-dragonflow | 03:02 | |
*** irenab_ has joined #openstack-dragonflow | 03:53 | |
*** irenab has quit IRC | 03:54 | |
*** irenab_ is now known as irenab | 03:54 | |
*** oanson has joined #openstack-dragonflow | 05:12 | |
*** yamamoto has joined #openstack-dragonflow | 05:14 | |
*** yamamoto has quit IRC | 05:23 | |
*** yamamoto has joined #openstack-dragonflow | 05:37 | |
*** yamamoto has quit IRC | 05:43 | |
*** yuanwei has quit IRC | 06:29 | |
*** yuanwei has joined #openstack-dragonflow | 06:40 | |
*** yamamoto has joined #openstack-dragonflow | 06:44 | |
*** yuli_s has joined #openstack-dragonflow | 06:44 | |
*** irenab_ has joined #openstack-dragonflow | 06:47 | |
*** wangyongben has quit IRC | 06:50 | |
*** oanson has quit IRC | 06:50 | |
*** irenab has quit IRC | 06:50 | |
*** irenab_ is now known as irenab | 06:50 | |
*** yamamoto has quit IRC | 06:52 | |
*** oanson has joined #openstack-dragonflow | 07:03 | |
*** yamamoto has joined #openstack-dragonflow | 07:30 | |
*** yamamoto has quit IRC | 07:34 | |
*** nick-ma has quit IRC | 07:56 | |
*** nick-ma has joined #openstack-dragonflow | 08:07 | |
openstackgerrit | yuan wei proposed openstack/dragonflow: Impliment security group fullstack and ut cases https://review.openstack.org/299105 | 08:11 |
---|---|---|
*** yuli_s has quit IRC | 08:12 | |
*** thingee has quit IRC | 08:12 | |
*** yuli_s has joined #openstack-dragonflow | 08:18 | |
*** yamamoto has joined #openstack-dragonflow | 08:35 | |
yuli_s | yuanwei, u here ? | 08:36 |
yuanwei | Hi, yuli, I'm here | 08:40 |
yuli_s | cool | 08:44 |
*** yamamoto has quit IRC | 08:44 | |
yuli_s | i have runed a new stack | 08:45 |
yuli_s | i have a another problem | 08:45 |
yuli_s | i created new SG1: | 08:46 |
yuli_s | this SG has 2 default rules: Egress IPv4/6 Any Any Allow | 08:47 |
yuli_s | I added new rule: ssh port 22 Ingress allow | 08:47 |
yuli_s | i created 2 vms with this SG as you advised - I selected this SG when I created VMs | 08:48 |
yuli_s | in one vm I run the following command: nc -lp 8080 | 08:48 |
openstack | Launchpad bug 9035 in pcmcia-cs (Ubuntu) "duplicate for #8080 SMC 2632W-V2 not detected automatically" [Medium,Fix released] https://launchpad.net/bugs/9035 - Assigned to Matt Zimmerman (mdz) | 08:48 |
yuli_s | and in another VM: nc 10.0.0.5 8080 | 08:48 |
yuli_s | and can make a connection | 08:49 |
yuli_s | and it is not blocked | 08:49 |
yuanwei | I'm not familiar with nc comand. Did the command "nc -lp 8080" created a server listening tcp 8080? | 08:52 |
openstack | Launchpad bug 9035 in pcmcia-cs (Ubuntu) "duplicate for #8080 SMC 2632W-V2 not detected automatically" [Medium,Fix released] https://launchpad.net/bugs/9035 - Assigned to Matt Zimmerman (mdz) | 08:52 |
yuli_s | yuanwei, yes | 08:59 |
yuanwei | ok, I will try this on my environment. | 09:00 |
yuli_s | thanks | 09:00 |
yuanwei | :) | 09:00 |
*** thingee has joined #openstack-dragonflow | 09:05 | |
*** gongysh has joined #openstack-dragonflow | 09:23 | |
*** yamamoto has joined #openstack-dragonflow | 09:24 | |
*** yamamoto has quit IRC | 09:26 | |
*** yamamoto has joined #openstack-dragonflow | 09:37 | |
yuanwei | yuli: ping | 10:11 |
yuli_s | yuanwei, i am here | 10:19 |
yuanwei | I tested it on my environment, and reproduced this problem | 10:23 |
yuli_s | ok, great | 10:23 |
yuanwei | I found conj_id=0 can match any packet without a conj_id | 10:24 |
yuli_s | hm, so, you might start from conj_id=1 ? | 10:24 |
yuanwei | yes | 10:24 |
oanson | That might solve the issue I am seeing as well | 10:25 |
yuli_s | ok, great, so, the fix is small | 10:25 |
yuli_s | ;) | 10:25 |
oanson | (allowed packets between two SGs on the same L2 network) | 10:25 |
yuanwei | Yes :) | 10:25 |
yuanwei | I will update the patch right now | 10:26 |
yuli_s | great | 10:26 |
openstackgerrit | yuan wei proposed openstack/dragonflow: This patch implements security group app https://review.openstack.org/280538 | 10:28 |
oanson | yuanwei, I have installed the fix and re-run the DF controller. I still see flows with conj_id=0. Is this expected? | 10:32 |
yuanwei | Ohh...I will check this locally | 10:34 |
oanson | I restarted ovs-vswitchd and the issue resolved. Could have been an old flow. | 10:35 |
oanson | My test now passes :) | 10:35 |
yuanwei | ok :) | 10:36 |
yuanwei | that is great:) | 10:37 |
yuli_s | oanson, great ! | 10:42 |
yuli_s | yuanwei, I recreated the tests | 10:47 |
yuli_s | I edleted VMs | 10:47 |
yuli_s | and restarted df-l3-agent | 10:47 |
yuli_s | and restarted df-controller | 10:48 |
yuli_s | the vms are not able to connect to gateway now | 10:48 |
yuli_s | ping to gw or 8.8.8.8 not working from VM | 10:49 |
yuli_s | strange, | 11:03 |
yuli_s | I can do ssh from VM1 to VM2 ! | 11:03 |
yuli_s | but no ping to gw ping 10.0.0.1 is working | 11:03 |
*** openstackgerrit has quit IRC | 11:11 | |
*** yamamoto has quit IRC | 11:20 | |
*** yamamoto has joined #openstack-dragonflow | 11:21 | |
*** yamamoto has quit IRC | 11:21 | |
*** yamamoto has joined #openstack-dragonflow | 11:22 | |
yuli_s | from VM icmp packet that is send to gw, goes to: table=78, n_packets=454, n_bytes=46770, priority=100,reg7=0x3 actions=output:2 | 11:24 |
*** yamamoto has quit IRC | 11:27 | |
yuli_s | yuanwei, any ideas ? | 11:32 |
*** yamamoto has joined #openstack-dragonflow | 11:50 | |
*** openstackgerrit has joined #openstack-dragonflow | 12:05 | |
*** gongysh has quit IRC | 12:13 | |
oanson | yuanwei, The issue yuli_s sees happens to me as well - I have no ping to default gw. | 12:14 |
*** Shlomo_N has quit IRC | 12:16 | |
*** Shlomo_N has joined #openstack-dragonflow | 12:17 | |
openstackgerrit | Eran Gampel proposed openstack/dragonflow: Add support for register_listen_address in the ZMQ driver https://review.openstack.org/305183 | 12:45 |
oanson | yuanwei, yuli_s, I have removed and recreated the router interface, and the problem resolved. | 13:07 |
oanson | I think this is an unrelated issue. | 13:07 |
oanson | yuli_s, please test as well and verify. | 13:07 |
yuli_s | oanson, strange | 13:10 |
oanson | yuli_s, this also happens in a new devstack environment. Latest dragonflow master (neutron, and other plugins taken from github) | 13:10 |
oanson | Removing and re-adding the router interface solves the issue. | 13:10 |
yuli_s | oanson, yes, | 13:16 |
yuli_s | after recreating router interface to local demo net it works | 13:16 |
*** oanson has quit IRC | 13:33 | |
openstackgerrit | Merged openstack/dragonflow: This patch implements security group app https://review.openstack.org/280538 | 14:04 |
yuli_s | the sg code was merged | 14:08 |
yuli_s | now we need to make it work with DNAT and add support for port update | 14:08 |
*** gongysh has joined #openstack-dragonflow | 15:04 | |
*** yamamoto has quit IRC | 15:07 | |
*** todin has quit IRC | 16:07 | |
*** todin has joined #openstack-dragonflow | 16:07 | |
*** yamamoto has joined #openstack-dragonflow | 16:08 | |
*** yamamoto has quit IRC | 16:17 | |
*** todin_ has joined #openstack-dragonflow | 16:25 | |
*** todin has quit IRC | 16:31 | |
*** gongysh has quit IRC | 17:22 | |
*** yamamoto has joined #openstack-dragonflow | 17:49 | |
*** oanson has joined #openstack-dragonflow | 18:23 | |
*** oanson has quit IRC | 19:04 | |
*** yamamoto has quit IRC | 19:27 | |
*** yamamoto has joined #openstack-dragonflow | 19:30 | |
*** yamamoto has quit IRC | 20:16 | |
*** yamamoto has joined #openstack-dragonflow | 21:17 | |
*** yamamoto has quit IRC | 21:41 | |
*** Shlomo_N has quit IRC | 21:41 | |
*** Shlomo_N has joined #openstack-dragonflow | 21:41 | |
*** nick-ma has quit IRC | 21:45 | |
*** nick-ma has joined #openstack-dragonflow | 21:55 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!