Re: I think I've fixed SecGrps and SecGrpRules

Vishal Thapar <vishal.thapar@...>

Looks like rest calls are going from ODL Mech driver to ODL for security group as well as VM Port [IP .


Neutron log: 3389 and 3402

pcap: Frame 406 and 555.


Found this entry in karaf.log:

Line 569: 2015-06-18 01:51:59,928 | INFO  | ntDispatcherImpl | OF13Provider                     | 272 - - 1.1.0.SNAPSHOT | programLocalRules: could not find ofPort for Port tap1220d276-15 on Node Uri [_value=ovsdb://uuid/b45dcd8f-5e20-42a0-abc0-f1373dc18f6c/bridge/br-int]


Relevant entries are line 567 to 570. This is where someone more familiar with OVSDB would be able to help.






From: ovsdb-dev-bounces@... [mailto:ovsdb-dev-bounces@...] On Behalf Of Suryanarayanan, Aswin
Sent: 17 June 2015 16:51
To: Anil Vishnoi; Edward Warnicke
Cc: ovsdb-dev@...; groupbasedpolicy-dev@...; Kenchappa, Ravindra; neutron-dev@...
Subject: Re: [ovsdb-dev] I think I've fixed SecGrps and SecGrpRules


Thanks Anil for the suggestions.


Hi Ed,


The logs and pcap are attached in the below link. There are some logs security groups in neutron server log. But I was not able to confirm whether the request reached ODL correctly. I am trying to understand the same.  But no flows related to security groups where  inserted. Let me know if any further logs are required.


The log is for the use case  Create Network -> Create Subnet -> Spawn VM.


Thanks and Regards



From: Anil Vishnoi [mailto:vishnoianil@...]
Sent: Wednesday, June 17, 2015 3:06 AM
To: Edward Warnicke
Cc: Suryanarayanan, Aswin; ovsdb-dev@...; groupbasedpolicy-dev@...; neutron-dev@...; Kenchappa, Ravindra
Subject: Re: [ovsdb-dev] I think I've fixed SecGrps and SecGrpRules


I would say just enable the debug log in odl mechanism driver and you will get all the rest call details that it's sending to odl controller. 


On Wed, Jun 17, 2015 at 1:00 AM, Edward Warnicke <hagbard@...> wrote:



If you could stick the pcap files somwhere like google drive or dropbox and share them that would also be mega useful :)




On Tue, Jun 16, 2015 at 12:29 PM, Suryanarayanan, Aswin <aswin.suryanarayanan@...> wrote:

Hi Ed,


We checked with break points in  NeutronSecurityRulesNorthbound and NeutronSecurityGroupsNorthbound in neutron ODL. We will analyze with wireshark and get back.




From: Edward Warnicke [mailto:hagbard@...]
Sent: Tuesday, June 16, 2015 11:40 PM
To: Suryanarayanan, Aswin
Cc: ovsdb-dev@...; Kenchappa, Ravindra; neutron-dev@...; groupbasedpolicy-dev@...
Subject: Re: [ovsdb-dev] I think I've fixed SecGrps and SecGrpRules


Looping in other interested parties.




Lets start debugging at the top :)


1)  When you create a VM, what call are you expecting to see to ODL, and how are you verifying you don't see it (wireshark, etc)


The reason I ask, is because the issue could be in any of the following components:


1) Neutron

2) ML2

3) ODL ML2 Driver (in Stackforge)

4) ODL Neutron Northbound (in ODL)

5) The provider


Usually, the simplest way to start debugging for me is to answer the question:


On the wire, do I see the REST calls I expected.


Once we know the answer to that, we can drill further down :)






On Tue, Jun 16, 2015 at 11:44 AM, Suryanarayanan, Aswin <aswin.suryanarayanan@...> wrote:

Hi Ed,


Me and Ravi  tired with the devstack kilo with latest code from networking-odl(few changes in neutron as well) along with latest ODL. We observed that when we created a network from horizon we received a call to NeutronSecurityRulesNorthbound  createSecurityRules with empty list. But when we created a vm call didn’t seem to reach Neutron northbound in ODL and no flows where inserted Table 40 or Table 90.  Shouldn’t we have the default rules to be added?  Could you please clarify?  Also when we tried to create SG from horizon UI, none of the call hit the Neutron Security Groups in ODL. Do that require any further changes in networking-odl/neutron?



ovsdb-dev mailing list



ovsdb-dev mailing list





Join to automatically receive all group messages.