Bug 1906932

Summary: intermittent ping loss with default sec-group and all-open sec group both used
Product: Red Hat OpenStack Reporter: Jeremy <jmelvin>
Component: python-networking-ovnAssignee: ffernand <ffernand>
Status: CLOSED DUPLICATE QA Contact: Eran Kuris <ekuris>
Severity: medium Docs Contact:
Priority: medium    
Version: 16.1 (Train)CC: apevec, dalvarez, dceara, ffernand, lhh, majopela, nusiddiq, scohen
Target Milestone: ---Flags: ffernand: needinfo-
ffernand: needinfo-
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovn2.13-20.09.0-4.el7fdp ovn2.13-20.09.0-4.el8fdp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-16 11:12:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeremy 2020-12-11 20:14:02 UTC 
Description of problem:
In osp13 ovs we would use default sec group and we would add another all-open sec-group, in osp16 with ovn we do this and sometimes we drop 50% pings. Same exact setup in 13 doesn't do this. Also in osp16 if we remove the default group and just use all-open we dont have the issue. It's intermittent ..
This is an issue as default is auto added, and second group is added for specific vms. 
 
 
 
Manage Security Group Rules: default (dd7ded0d-2681-4569-bbac-18634df06f30)
 
Displaying 4 items
Direction       Ether Type      IP Protocol     Port Range      Remote IP Prefix        Remote Security Group   Actions
Egress  IPv4    Any     Any     0.0.0.0/0       -      
Egress  IPv6    Any     Any     ::/0    -      
Ingress IPv4    Any     Any     -       default
Ingress IPv6    Any     Any     -       default
Displaying 4 items
 
 
Manage Security Group Rules: all-open (2fca26aa-63c5-4e62-9971-4d9fd0df431e) (We created this...)
 
Displaying 3 items
Direction       Ether Type      IP Protocol     Port Range      Remote IP Prefix        Remote Security Group   Actions
Egress  IPv4    Any     Any     0.0.0.0/0       -      
Egress  IPv6    Any     Any     ::/0    -      
Ingress IPv4    Any     Any     0.0.0.0/0

Version-Release number of selected component (if applicable):
ctl.ctlplane.localdomain:8787/rhosp-rhel8/openstack-ovn-controller               16.1   af92f2db4925   6 weeks ago   646 MB


How reproducible:
intermittent

Steps to Reproduce:
1.ping with vm that has all-open and default sec-group
2.
3.

Actual results:
intermittent ping loss, or 50% ping loss

Expected results:
0% ping loss

Additional info:
Comment 10 ffernand 2020-12-16 11:12:42 UTC 
After looking at the rules and consulting with OVN core folks, I believe this is a duplicate bug
of https://bugzilla.redhat.com/show_bug.cgi?id=1871931

Please make sure you use ovn2.13-20.09.0-4.el8fdp or newer in order to avoid this issue.

*** This bug has been marked as a duplicate of bug 1871931 ***