Hi!
First: we couldn't reproduce the problem on our stage env yet. We tried a
mix of Phoronix Test Suite, Ciscos TRex traffic simulator and the etcd
setup. I'm not sure how to share the 200 lines flow properly. I will try to
send it as an text file attachment. Hopefully it will not be stripped.
So here is the default security group in the project with the etcd setup.
--- cut ---
"rules": [
{
"id": "047325dc-30a8-4257-a99f-a4829a9ef233",
"tenant_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa",
"security_group_id": "53ddbee9-d1f2-4586-b471-76b4923c4ec0",
"ethertype": "IPv6",
"direction": "egress",
"protocol": null,
"port_range_min": null,
"port_range_max": null,
"remote_ip_prefix": null,
"remote_group_id": null,
"description": null,
"tags": [],
"created_at": "2021-11-23T14:05:41Z",
"updated_at": "2021-11-23T14:05:41Z",
"revision_number": 0,
"project_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa"
},
{
"id": "05401a2a-8e0c-4a5a-b180-18708b4f013f",
"tenant_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa",
"security_group_id": "53ddbee9-d1f2-4586-b471-76b4923c4ec0",
"ethertype": "IPv4",
"direction": "egress",
"protocol": null,
"port_range_min": null,
"port_range_max": null,
"remote_ip_prefix": null,
"remote_group_id": null,
"description": null,
"tags": [],
"created_at": "2021-11-23T14:05:41Z",
"updated_at": "2021-11-23T14:05:41Z",
"revision_number": 0,
"project_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa"
},
{
"id": "1d7e67ac-0dfb-40f6-af40-c70964f06d85",
"tenant_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa",
"security_group_id": "53ddbee9-d1f2-4586-b471-76b4923c4ec0",
"ethertype": "IPv4",
"direction": "ingress",
"protocol": "icmp",
"port_range_min": null,
"port_range_max": null,
"remote_ip_prefix": "0.0.0.0/0",
"remote_group_id": null,
"description": "",
"tags": [],
"created_at": "2021-11-23T14:05:58Z",
"updated_at": "2021-11-23T14:05:58Z",
"revision_number": 0,
"project_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa"
},
{
"id": "35c132bc-5807-47a0-a700-3142897dc184",
"tenant_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa",
"security_group_id": "53ddbee9-d1f2-4586-b471-76b4923c4ec0",
"ethertype": "IPv6",
"direction": "ingress",
"protocol": null,
"port_range_min": null,
"port_range_max": null,
"remote_ip_prefix": null,
"remote_group_id": "53ddbee9-d1f2-4586-b471-76b4923c4ec0",
"description": null,
"tags": [],
"created_at": "2021-11-23T14:05:41Z",
"updated_at": "2021-11-23T14:05:41Z",
"revision_number": 0,
"project_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa"
},
{
"id": "582d622e-6990-4ea9-a36b-b67c79a55fd3",
"tenant_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa",
"security_group_id": "53ddbee9-d1f2-4586-b471-76b4923c4ec0",
"ethertype": "IPv4",
"direction": "ingress",
"protocol": "tcp",
"port_range_min": 22,
"port_range_max": 22,
"remote_ip_prefix": "0.0.0.0/0",
"remote_group_id": null,
"description": "",
"tags": [],
"created_at": "2021-11-23T14:05:55Z",
"updated_at": "2021-11-23T14:05:55Z",
"revision_number": 0,
"project_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa"
},
{
"id": "5b8ea15f-d9e5-4f55-a173-b9f6aae791fb",
"tenant_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa",
"security_group_id": "53ddbee9-d1f2-4586-b471-76b4923c4ec0",
"ethertype": "IPv4",
"direction": "ingress",
"protocol": null,
"port_range_min": null,
"port_range_max": null,
"remote_ip_prefix": null,
"remote_group_id": "53ddbee9-d1f2-4586-b471-76b4923c4ec0",
"description": null,
"tags": [],
"created_at": "2021-11-23T14:05:41Z",
"updated_at": "2021-11-23T14:05:41Z",
"revision_number": 0,
"project_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa"
},
{
"id": "af17a560-4d0f-4341-aa8a-b98797cbd1af",
"tenant_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa",
"security_group_id": "53ddbee9-d1f2-4586-b471-76b4923c4ec0",
"ethertype": "IPv4",
"direction": "egress",
"protocol": "icmp",
"port_range_min": null,
"port_range_max": null,
"remote_ip_prefix": "0.0.0.0/0",
"remote_group_id": null,
"description": "",
"tags": [],
"created_at": "2021-11-23T14:06:01Z",
"updated_at": "2021-11-23T14:06:01Z",
"revision_number": 0,
"project_id": "fc1345e8baaf46aaba4a8c5a8b9f14fa"
}
--- cut ---
and this is the flow as requested.
May be I should mention that the etcd cluster is only communicating via tcp
on ports 2379/2380 from node to node within its network. Not to the outside
world.
I hope this gives a little more insight. I'm new openvswitch and OVN. So if
I did miss any important detail I should add, please let me know.
Kind regards,
Christian Stelter
Datapath: "neutron-5dae9205-00ba-46fe-aea6-9fabb77e3790" aka
"etcd-test-network" (6ac736f5-da01-4668-9410-13fb8007b465) Pipeline: ingress
table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]),
action=(drop;)
table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present),
action=(drop;)
table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
"29316b1b-2dd9-4438-b104-58ba2da7d8a5"), action=(next;)
table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.src == {fa:16:3e:e9:23:89}),
action=(next;)
table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.src == {fa:16:3e:7d:e0:97}),
action=(next;)
table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.src == {fa:16:3e:79:12:ca}),
action=(next;)
table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.src == {fa:16:3e:5d:9d:af}),
action=(next;)
table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.src == {fa:16:3e:29:46:6b}),
action=(next;)
table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.src == {fa:16:3e:da:46:01}),
action=(next;)
table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
"d5dbc1d5-fdb1-4d8f-a072-0f9a489d1bd7"), action=(next;)
table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.src == {fa:16:3e:c0:c3:8f}),
action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.src == fa:16:3e:e9:23:89 &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.src == fa:16:3e:e9:23:89 &&
ip4.src == {192.168.0.222}), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.src == fa:16:3e:7d:e0:97 &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.src == fa:16:3e:7d:e0:97 &&
ip4.src == {192.168.0.164}), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.src == fa:16:3e:79:12:ca &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.src == fa:16:3e:79:12:ca &&
ip4.src == {192.168.0.13}), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.src == fa:16:3e:5d:9d:af &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.src == fa:16:3e:5d:9d:af &&
ip4.src == {192.168.0.60}), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.src == fa:16:3e:29:46:6b &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.src == fa:16:3e:29:46:6b &&
ip4.src == {192.168.0.108}), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.src == fa:16:3e:da:46:01 &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.src == fa:16:3e:da:46:01 &&
ip4.src == {192.168.0.66}), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.src == fa:16:3e:c0:c3:8f &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=90 , match=(inport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.src == fa:16:3e:c0:c3:8f &&
ip4.src == {192.168.0.52}), action=(next;)
table=1 (ls_in_port_sec_ip ), priority=80 , match=(inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.src == fa:16:3e:e9:23:89 && ip),
action=(drop;)
table=1 (ls_in_port_sec_ip ), priority=80 , match=(inport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.src == fa:16:3e:7d:e0:97 && ip),
action=(drop;)
table=1 (ls_in_port_sec_ip ), priority=80 , match=(inport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.src == fa:16:3e:79:12:ca && ip),
action=(drop;)
table=1 (ls_in_port_sec_ip ), priority=80 , match=(inport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.src == fa:16:3e:5d:9d:af && ip),
action=(drop;)
table=1 (ls_in_port_sec_ip ), priority=80 , match=(inport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.src == fa:16:3e:29:46:6b && ip),
action=(drop;)
table=1 (ls_in_port_sec_ip ), priority=80 , match=(inport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.src == fa:16:3e:da:46:01 && ip),
action=(drop;)
table=1 (ls_in_port_sec_ip ), priority=80 , match=(inport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.src == fa:16:3e:c0:c3:8f && ip),
action=(drop;)
table=1 (ls_in_port_sec_ip ), priority=0 , match=(1), action=(next;)
table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.src == fa:16:3e:e9:23:89 &&
arp.sha == fa:16:3e:e9:23:89 && arp.spa == {192.168.0.222}), action=(next;)
table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.src == fa:16:3e:7d:e0:97 &&
arp.sha == fa:16:3e:7d:e0:97 && arp.spa == {192.168.0.164}), action=(next;)
table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.src == fa:16:3e:79:12:ca &&
arp.sha == fa:16:3e:79:12:ca && arp.spa == {192.168.0.13}), action=(next;)
table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.src == fa:16:3e:5d:9d:af &&
arp.sha == fa:16:3e:5d:9d:af && arp.spa == {192.168.0.60}), action=(next;)
table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.src == fa:16:3e:29:46:6b &&
arp.sha == fa:16:3e:29:46:6b && arp.spa == {192.168.0.108}), action=(next;)
table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.src == fa:16:3e:da:46:01 &&
arp.sha == fa:16:3e:da:46:01 && arp.spa == {192.168.0.66}), action=(next;)
table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.src == fa:16:3e:c0:c3:8f &&
arp.sha == fa:16:3e:c0:c3:8f && arp.spa == {192.168.0.52}), action=(next;)
table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && (arp || nd)), action=(drop;)
table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && (arp || nd)), action=(drop;)
table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && (arp || nd)), action=(drop;)
table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && (arp || nd)), action=(drop;)
table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && (arp || nd)), action=(drop;)
table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && (arp || nd)), action=(drop;)
table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && (arp || nd)), action=(drop;)
table=2 (ls_in_port_sec_nd ), priority=0 , match=(1), action=(next;)
table=3 (ls_in_pre_acl ), priority=110 , match=(eth.dst ==
76:83:e2:9f:f2:f2), action=(next;)
table=3 (ls_in_pre_acl ), priority=110 , match=(ip && inport ==
"29316b1b-2dd9-4438-b104-58ba2da7d8a5"), action=(next;)
table=3 (ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra ||
mldv1 || mldv2), action=(next;)
table=3 (ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[0] =
1; next;)
table=3 (ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
table=4 (ls_in_pre_lb ), priority=110 , match=(eth.dst ==
76:83:e2:9f:f2:f2), action=(next;)
table=4 (ls_in_pre_lb ), priority=110 , match=(nd || nd_rs || nd_ra ||
mldv1 || mldv2), action=(next;)
table=4 (ls_in_pre_lb ), priority=0 , match=(1), action=(next;)
table=5 (ls_in_pre_stateful ), priority=100 , match=(reg0[0] == 1),
action=(ct_next;)
table=5 (ls_in_pre_stateful ), priority=0 , match=(1), action=(next;)
table=6 (ls_in_acl ), priority=65535, match=(!ct.est && ct.rel &&
!ct.new && !ct.inv && ct_label.blocked == 0), action=(next;)
table=6 (ls_in_acl ), priority=65535, match=(ct.est && !ct.rel &&
!ct.new && !ct.inv && ct.rpl && ct_label.blocked == 0), action=(next;)
table=6 (ls_in_acl ), priority=65535, match=(ct.inv || (ct.est &&
ct.rpl && ct_label.blocked == 1)), action=(drop;)
table=6 (ls_in_acl ), priority=65535, match=(nd || nd_ra || nd_rs ||
mldv1 || mldv2), action=(next;)
table=6 (ls_in_acl ), priority=34000, match=(eth.dst ==
76:83:e2:9f:f2:f2), action=(next;)
table=6 (ls_in_acl ), priority=2002 , match=((!ct.trk || (!ct.new &&
ct.est && !ct.rpl && ct_label.blocked == 0)) && (inport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4 && ip4.dst == 0.0.0.0/0 &&
icmp4)), action=(next;)
table=6 (ls_in_acl ), priority=2002 , match=((!ct.trk || (!ct.new &&
ct.est && !ct.rpl && ct_label.blocked == 0)) && (inport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4)), action=(next;)
table=6 (ls_in_acl ), priority=2002 , match=((!ct.trk || (!ct.new &&
ct.est && !ct.rpl && ct_label.blocked == 0)) && (inport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip6)), action=(next;)
table=6 (ls_in_acl ), priority=2002 , match=(((ct.new && !ct.est) ||
(!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1)) && (inport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4 && ip4.dst == 0.0.0.0/0 &&
icmp4)), action=(reg0[1] = 1; next;)
table=6 (ls_in_acl ), priority=2002 , match=(((ct.new && !ct.est) ||
(!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1)) && (inport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4)), action=(reg0[1] = 1; next;)
table=6 (ls_in_acl ), priority=2002 , match=(((ct.new && !ct.est) ||
(!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1)) && (inport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip6)), action=(reg0[1] = 1; next;)
table=6 (ls_in_acl ), priority=2001 , match=((!ct.trk || !ct.est ||
(ct.est && ct_label.blocked == 1)) && (inport == @neutron_pg_drop && ip)),
action=(/* drop */)
table=6 (ls_in_acl ), priority=2001 , match=(ct.est &&
ct_label.blocked == 0 && (inport == @neutron_pg_drop && ip)),
action=(ct_commit(ct_label=1/1); /* drop */)
table=6 (ls_in_acl ), priority=1 , match=(ip && (!ct.est ||
(ct.est && ct_label.blocked == 1))), action=(reg0[1] = 1; next;)
table=6 (ls_in_acl ), priority=0 , match=(1), action=(next;)
table=7 (ls_in_qos_mark ), priority=0 , match=(1), action=(next;)
table=8 (ls_in_qos_meter ), priority=0 , match=(1), action=(next;)
table=9 (ls_in_lb ), priority=0 , match=(1), action=(next;)
table=10(ls_in_stateful ), priority=100 , match=(reg0[1] == 1),
action=(ct_commit(ct_label=0/1); next;)
table=10(ls_in_stateful ), priority=100 , match=(reg0[2] == 1),
action=(ct_lb;)
table=10(ls_in_stateful ), priority=0 , match=(1), action=(next;)
table=11(ls_in_pre_hairpin ), priority=0 , match=(1), action=(next;)
table=12(ls_in_hairpin ), priority=1 , match=(reg0[6] == 1),
action=(eth.dst <-> eth.src;outport = inport;flags.loopback = 1;output;)
table=12(ls_in_hairpin ), priority=0 , match=(1), action=(next;)
table=13(ls_in_arp_rsp ), priority=100 , match=(arp.tpa == 192.168.0.1
&& arp.op == 1 && inport == "29316b1b-2dd9-4438-b104-58ba2da7d8a5"),
action=(next;)
table=13(ls_in_arp_rsp ), priority=100 , match=(arp.tpa == 192.168.0.13
&& arp.op == 1 && inport == "71392db0-a6d7-4957-b364-db7694c0558f"),
action=(next;)
table=13(ls_in_arp_rsp ), priority=100 , match=(arp.tpa ==
192.168.0.164 && arp.op == 1 && inport ==
"2d970338-ae2b-491e-a704-3c4caace5424"), action=(next;)
table=13(ls_in_arp_rsp ), priority=100 , match=(arp.tpa == 192.168.0.2
&& arp.op == 1 && inport == "d5dbc1d5-fdb1-4d8f-a072-0f9a489d1bd7"),
action=(next;)
table=13(ls_in_arp_rsp ), priority=100 , match=(arp.tpa ==
192.168.0.222 && arp.op == 1 && inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63"), action=(next;)
table=13(ls_in_arp_rsp ), priority=100 , match=(arp.tpa == 192.168.0.52
&& arp.op == 1 && inport == "f5fb1595-ec1a-449c-98a4-b50006166ebe"),
action=(next;)
table=13(ls_in_arp_rsp ), priority=100 , match=(nd_ns && ip6.dst ==
{fe80::f816:3eff:fe4a:42c, ff02::1:ff4a:42c} && nd.target ==
fe80::f816:3eff:fe4a:42c && inport == "29316b1b-2dd9-4438-b104-58ba2da7d8a5"),
action=(next;)
table=13(ls_in_arp_rsp ), priority=50 , match=(arp.tpa == 192.168.0.1
&& arp.op == 1), action=(eth.dst = eth.src; eth.src = fa:16:3e:4a:04:2c; arp.op
= 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = fa:16:3e:4a:04:2c; arp.tpa =
arp.spa; arp.spa = 192.168.0.1; outport = inport; flags.loopback = 1; output;)
table=13(ls_in_arp_rsp ), priority=50 , match=(arp.tpa == 192.168.0.13
&& arp.op == 1), action=(eth.dst = eth.src; eth.src = fa:16:3e:79:12:ca; arp.op
= 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = fa:16:3e:79:12:ca; arp.tpa =
arp.spa; arp.spa = 192.168.0.13; outport = inport; flags.loopback = 1; output;)
table=13(ls_in_arp_rsp ), priority=50 , match=(arp.tpa ==
192.168.0.164 && arp.op == 1), action=(eth.dst = eth.src; eth.src =
fa:16:3e:7d:e0:97; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha =
fa:16:3e:7d:e0:97; arp.tpa = arp.spa; arp.spa = 192.168.0.164; outport =
inport; flags.loopback = 1; output;)
table=13(ls_in_arp_rsp ), priority=50 , match=(arp.tpa == 192.168.0.2
&& arp.op == 1), action=(eth.dst = eth.src; eth.src = fa:16:3e:42:8c:a8; arp.op
= 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = fa:16:3e:42:8c:a8; arp.tpa =
arp.spa; arp.spa = 192.168.0.2; outport = inport; flags.loopback = 1; output;)
table=13(ls_in_arp_rsp ), priority=50 , match=(arp.tpa ==
192.168.0.222 && arp.op == 1), action=(eth.dst = eth.src; eth.src =
fa:16:3e:e9:23:89; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha =
fa:16:3e:e9:23:89; arp.tpa = arp.spa; arp.spa = 192.168.0.222; outport =
inport; flags.loopback = 1; output;)
table=13(ls_in_arp_rsp ), priority=50 , match=(arp.tpa == 192.168.0.52
&& arp.op == 1), action=(eth.dst = eth.src; eth.src = fa:16:3e:c0:c3:8f; arp.op
= 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = fa:16:3e:c0:c3:8f; arp.tpa =
arp.spa; arp.spa = 192.168.0.52; outport = inport; flags.loopback = 1; output;)
table=13(ls_in_arp_rsp ), priority=50 , match=(nd_ns && ip6.dst ==
{fe80::f816:3eff:fe4a:42c, ff02::1:ff4a:42c} && nd.target ==
fe80::f816:3eff:fe4a:42c), action=(nd_na_router { eth.src = fa:16:3e:4a:04:2c;
ip6.src = fe80::f816:3eff:fe4a:42c; nd.target = fe80::f816:3eff:fe4a:42c;
nd.tll = fa:16:3e:4a:04:2c; outport = inport; flags.loopback = 1; output; };)
table=13(ls_in_arp_rsp ), priority=0 , match=(1), action=(next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.src == fa:16:3e:e9:23:89 &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(reg0[3] = put_dhcp_opts(offerip = 192.168.0.222,
classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.src == fa:16:3e:e9:23:89 &&
ip4.src == 192.168.0.222 && ip4.dst == {192.168.0.1, 255.255.255.255} &&
udp.src == 68 && udp.dst == 67), action=(reg0[3] = put_dhcp_opts(offerip =
192.168.0.222, classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.src == fa:16:3e:7d:e0:97 &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(reg0[3] = put_dhcp_opts(offerip = 192.168.0.164,
classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.src == fa:16:3e:7d:e0:97 &&
ip4.src == 192.168.0.164 && ip4.dst == {192.168.0.1, 255.255.255.255} &&
udp.src == 68 && udp.dst == 67), action=(reg0[3] = put_dhcp_opts(offerip =
192.168.0.164, classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.src == fa:16:3e:79:12:ca &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(reg0[3] = put_dhcp_opts(offerip = 192.168.0.13,
classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.src == fa:16:3e:79:12:ca &&
ip4.src == 192.168.0.13 && ip4.dst == {192.168.0.1, 255.255.255.255} && udp.src
== 68 && udp.dst == 67), action=(reg0[3] = put_dhcp_opts(offerip =
192.168.0.13, classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.src == fa:16:3e:5d:9d:af &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(reg0[3] = put_dhcp_opts(offerip = 192.168.0.60,
classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.src == fa:16:3e:5d:9d:af &&
ip4.src == 192.168.0.60 && ip4.dst == {192.168.0.1, 255.255.255.255} && udp.src
== 68 && udp.dst == 67), action=(reg0[3] = put_dhcp_opts(offerip =
192.168.0.60, classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.src == fa:16:3e:29:46:6b &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(reg0[3] = put_dhcp_opts(offerip = 192.168.0.108,
classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.src == fa:16:3e:29:46:6b &&
ip4.src == 192.168.0.108 && ip4.dst == {192.168.0.1, 255.255.255.255} &&
udp.src == 68 && udp.dst == 67), action=(reg0[3] = put_dhcp_opts(offerip =
192.168.0.108, classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.src == fa:16:3e:da:46:01 &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(reg0[3] = put_dhcp_opts(offerip = 192.168.0.66,
classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.src == fa:16:3e:da:46:01 &&
ip4.src == 192.168.0.66 && ip4.dst == {192.168.0.1, 255.255.255.255} && udp.src
== 68 && udp.dst == 67), action=(reg0[3] = put_dhcp_opts(offerip =
192.168.0.66, classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.src == fa:16:3e:c0:c3:8f &&
ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
67), action=(reg0[3] = put_dhcp_opts(offerip = 192.168.0.52,
classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=100 , match=(inport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.src == fa:16:3e:c0:c3:8f &&
ip4.src == 192.168.0.52 && ip4.dst == {192.168.0.1, 255.255.255.255} && udp.src
== 68 && udp.dst == 67), action=(reg0[3] = put_dhcp_opts(offerip =
192.168.0.52, classless_static_route = {169.254.169.254/32,192.168.0.2,
0.0.0.0/0,192.168.0.1}, dns_server = {8.8.4.4, 8.8.8.8}, domain_name =
"app-int.prod1.lost-in-ovn.io.", lease_time = 43200, mtu = 1442, netmask =
255.255.255.0, router = 192.168.0.1, server_id = 192.168.0.1); next;)
table=14(ls_in_dhcp_options ), priority=0 , match=(1), action=(next;)
table=15(ls_in_dhcp_response), priority=100 , match=(inport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.src == fa:16:3e:e9:23:89 && ip4
&& udp.src == 68 && udp.dst == 67 && reg0[3]), action=(eth.dst = eth.src;
eth.src = fa:16:3e:33:d1:4c; ip4.src = 192.168.0.1; udp.src = 67; udp.dst = 68;
outport = inport; flags.loopback = 1; output;)
table=15(ls_in_dhcp_response), priority=100 , match=(inport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.src == fa:16:3e:7d:e0:97 && ip4
&& udp.src == 68 && udp.dst == 67 && reg0[3]), action=(eth.dst = eth.src;
eth.src = fa:16:3e:33:d1:4c; ip4.src = 192.168.0.1; udp.src = 67; udp.dst = 68;
outport = inport; flags.loopback = 1; output;)
table=15(ls_in_dhcp_response), priority=100 , match=(inport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.src == fa:16:3e:79:12:ca && ip4
&& udp.src == 68 && udp.dst == 67 && reg0[3]), action=(eth.dst = eth.src;
eth.src = fa:16:3e:33:d1:4c; ip4.src = 192.168.0.1; udp.src = 67; udp.dst = 68;
outport = inport; flags.loopback = 1; output;)
table=15(ls_in_dhcp_response), priority=100 , match=(inport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.src == fa:16:3e:5d:9d:af && ip4
&& udp.src == 68 && udp.dst == 67 && reg0[3]), action=(eth.dst = eth.src;
eth.src = fa:16:3e:33:d1:4c; ip4.src = 192.168.0.1; udp.src = 67; udp.dst = 68;
outport = inport; flags.loopback = 1; output;)
table=15(ls_in_dhcp_response), priority=100 , match=(inport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.src == fa:16:3e:29:46:6b && ip4
&& udp.src == 68 && udp.dst == 67 && reg0[3]), action=(eth.dst = eth.src;
eth.src = fa:16:3e:33:d1:4c; ip4.src = 192.168.0.1; udp.src = 67; udp.dst = 68;
outport = inport; flags.loopback = 1; output;)
table=15(ls_in_dhcp_response), priority=100 , match=(inport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.src == fa:16:3e:da:46:01 && ip4
&& udp.src == 68 && udp.dst == 67 && reg0[3]), action=(eth.dst = eth.src;
eth.src = fa:16:3e:33:d1:4c; ip4.src = 192.168.0.1; udp.src = 67; udp.dst = 68;
outport = inport; flags.loopback = 1; output;)
table=15(ls_in_dhcp_response), priority=100 , match=(inport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.src == fa:16:3e:c0:c3:8f && ip4
&& udp.src == 68 && udp.dst == 67 && reg0[3]), action=(eth.dst = eth.src;
eth.src = fa:16:3e:33:d1:4c; ip4.src = 192.168.0.1; udp.src = 67; udp.dst = 68;
outport = inport; flags.loopback = 1; output;)
table=15(ls_in_dhcp_response), priority=0 , match=(1), action=(next;)
table=16(ls_in_dns_lookup ), priority=100 , match=(udp.dst == 53),
action=(reg0[4] = dns_lookup(); next;)
table=16(ls_in_dns_lookup ), priority=0 , match=(1), action=(next;)
table=17(ls_in_dns_response ), priority=100 , match=(udp.dst == 53 &&
reg0[4]), action=(eth.dst <-> eth.src; ip6.src <-> ip6.dst; udp.dst = udp.src;
udp.src = 53; outport = inport; flags.loopback = 1; output;)
table=17(ls_in_dns_response ), priority=100 , match=(udp.dst == 53 &&
reg0[4]), action=(eth.dst <-> eth.src; ip4.src <-> ip4.dst; udp.dst = udp.src;
udp.src = 53; outport = inport; flags.loopback = 1; output;)
table=17(ls_in_dns_response ), priority=0 , match=(1), action=(next;)
table=18(ls_in_external_port), priority=0 , match=(1), action=(next;)
table=19(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
76:83:e2:9f:f2:f2), action=(handle_svc_check(inport);)
table=19(ls_in_l2_lkup ), priority=80 , match=(eth.src == {
fa:16:3e:4a:04:2c} && (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood";
output;)
table=19(ls_in_l2_lkup ), priority=75 , match=(flags[1] == 0 && arp.op
== 1 && arp.tpa == { RED.ACT.ED.25, RED.ACT.ED.39, 192.168.0.1,
RED.ACT.ED.252}), action=(outport = "29316b1b-2dd9-4438-b104-58ba2da7d8a5";
output;)
table=19(ls_in_l2_lkup ), priority=75 , match=(flags[1] == 0 && nd_ns
&& nd.target == { fe80::f816:3eff:fe4a:42c}), action=(outport =
"29316b1b-2dd9-4438-b104-58ba2da7d8a5"; output;)
table=19(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
action=(outport = "_MC_flood"; output;)
table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
fa:16:3e:29:46:6b), action=(outport = "9253545b-6863-4a4a-9359-c6e985ffa181";
output;)
table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
fa:16:3e:42:8c:a8), action=(outport = "d5dbc1d5-fdb1-4d8f-a072-0f9a489d1bd7";
output;)
table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
fa:16:3e:4a:04:2c), action=(outport = "29316b1b-2dd9-4438-b104-58ba2da7d8a5";
output;)
table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
fa:16:3e:5d:9d:af), action=(outport = "821ed66b-69eb-45c4-8d57-b145e984a26b";
output;)
table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
fa:16:3e:79:12:ca), action=(outport = "71392db0-a6d7-4957-b364-db7694c0558f";
output;)
table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
fa:16:3e:7d:e0:97), action=(outport = "2d970338-ae2b-491e-a704-3c4caace5424";
output;)
table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
fa:16:3e:c0:c3:8f), action=(outport = "f5fb1595-ec1a-449c-98a4-b50006166ebe";
output;)
table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
fa:16:3e:da:46:01), action=(outport = "ceb4f1c7-827c-4854-8b11-50618c8af63e";
output;)
table=19(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
fa:16:3e:e9:23:89), action=(outport = "2d532b48-a04e-45e0-9f8f-5ffe4c46db63";
output;)
Datapath: "neutron-5dae9205-00ba-46fe-aea6-9fabb77e3790" aka
"etcd-test-network" (6ac736f5-da01-4668-9410-13fb8007b465) Pipeline: egress
table=0 (ls_out_pre_lb ), priority=110 , match=(eth.src ==
76:83:e2:9f:f2:f2), action=(next;)
table=0 (ls_out_pre_lb ), priority=110 , match=(nd || nd_rs || nd_ra ||
mldv1 || mldv2), action=(next;)
table=0 (ls_out_pre_lb ), priority=0 , match=(1), action=(next;)
table=1 (ls_out_pre_acl ), priority=110 , match=(eth.src ==
76:83:e2:9f:f2:f2), action=(next;)
table=1 (ls_out_pre_acl ), priority=110 , match=(ip && outport ==
"29316b1b-2dd9-4438-b104-58ba2da7d8a5"), action=(next;)
table=1 (ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra ||
mldv1 || mldv2), action=(next;)
table=1 (ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[0] =
1; next;)
table=1 (ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
table=2 (ls_out_pre_stateful), priority=100 , match=(reg0[0] == 1),
action=(ct_next;)
table=2 (ls_out_pre_stateful), priority=0 , match=(1), action=(next;)
table=3 (ls_out_lb ), priority=0 , match=(1), action=(next;)
table=4 (ls_out_acl ), priority=65535, match=(!ct.est && ct.rel &&
!ct.new && !ct.inv && ct_label.blocked == 0), action=(next;)
table=4 (ls_out_acl ), priority=65535, match=(ct.est && !ct.rel &&
!ct.new && !ct.inv && ct.rpl && ct_label.blocked == 0), action=(next;)
table=4 (ls_out_acl ), priority=65535, match=(ct.inv || (ct.est &&
ct.rpl && ct_label.blocked == 1)), action=(drop;)
table=4 (ls_out_acl ), priority=65535, match=(nd || nd_ra || nd_rs ||
mldv1 || mldv2), action=(next;)
table=4 (ls_out_acl ), priority=34000, match=(eth.src ==
76:83:e2:9f:f2:f2), action=(next;)
table=4 (ls_out_acl ), priority=34000, match=(outport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.src == fa:16:3e:33:d1:4c &&
ip4.src == 192.168.0.1 && udp && udp.src == 67 && udp.dst == 68),
action=(ct_commit; next;)
table=4 (ls_out_acl ), priority=34000, match=(outport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.src == fa:16:3e:33:d1:4c &&
ip4.src == 192.168.0.1 && udp && udp.src == 67 && udp.dst == 68),
action=(ct_commit; next;)
table=4 (ls_out_acl ), priority=34000, match=(outport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.src == fa:16:3e:33:d1:4c &&
ip4.src == 192.168.0.1 && udp && udp.src == 67 && udp.dst == 68),
action=(ct_commit; next;)
table=4 (ls_out_acl ), priority=34000, match=(outport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.src == fa:16:3e:33:d1:4c &&
ip4.src == 192.168.0.1 && udp && udp.src == 67 && udp.dst == 68),
action=(ct_commit; next;)
table=4 (ls_out_acl ), priority=34000, match=(outport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.src == fa:16:3e:33:d1:4c &&
ip4.src == 192.168.0.1 && udp && udp.src == 67 && udp.dst == 68),
action=(ct_commit; next;)
table=4 (ls_out_acl ), priority=34000, match=(outport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.src == fa:16:3e:33:d1:4c &&
ip4.src == 192.168.0.1 && udp && udp.src == 67 && udp.dst == 68),
action=(ct_commit; next;)
table=4 (ls_out_acl ), priority=34000, match=(outport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.src == fa:16:3e:33:d1:4c &&
ip4.src == 192.168.0.1 && udp && udp.src == 67 && udp.dst == 68),
action=(ct_commit; next;)
table=4 (ls_out_acl ), priority=34000, match=(udp.src == 53),
action=(ct_commit; next;)
table=4 (ls_out_acl ), priority=2002 , match=((!ct.trk || (!ct.new &&
ct.est && !ct.rpl && ct_label.blocked == 0)) && (outport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4 && ip4.src ==
$pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0_ip4)), action=(next;)
table=4 (ls_out_acl ), priority=2002 , match=((!ct.trk || (!ct.new &&
ct.est && !ct.rpl && ct_label.blocked == 0)) && (outport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4 && ip4.src == 0.0.0.0/0 &&
icmp4)), action=(next;)
table=4 (ls_out_acl ), priority=2002 , match=((!ct.trk || (!ct.new &&
ct.est && !ct.rpl && ct_label.blocked == 0)) && (outport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4 && ip4.src == 0.0.0.0/0 && tcp
&& tcp.dst == 22)), action=(next;)
table=4 (ls_out_acl ), priority=2002 , match=((!ct.trk || (!ct.new &&
ct.est && !ct.rpl && ct_label.blocked == 0)) && (outport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip6 && ip6.src ==
$pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0_ip6)), action=(next;)
table=4 (ls_out_acl ), priority=2002 , match=(((ct.new && !ct.est) ||
(!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1)) && (outport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4 && ip4.src ==
$pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0_ip4)), action=(reg0[1] = 1; next;)
table=4 (ls_out_acl ), priority=2002 , match=(((ct.new && !ct.est) ||
(!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1)) && (outport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4 && ip4.src == 0.0.0.0/0 &&
icmp4)), action=(reg0[1] = 1; next;)
table=4 (ls_out_acl ), priority=2002 , match=(((ct.new && !ct.est) ||
(!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1)) && (outport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip4 && ip4.src == 0.0.0.0/0 && tcp
&& tcp.dst == 22)), action=(reg0[1] = 1; next;)
table=4 (ls_out_acl ), priority=2002 , match=(((ct.new && !ct.est) ||
(!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1)) && (outport ==
@pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0 && ip6 && ip6.src ==
$pg_53ddbee9_d1f2_4586_b471_76b4923c4ec0_ip6)), action=(reg0[1] = 1; next;)
table=4 (ls_out_acl ), priority=2001 , match=((!ct.trk || !ct.est ||
(ct.est && ct_label.blocked == 1)) && (outport == @neutron_pg_drop && ip)),
action=(/* drop */)
table=4 (ls_out_acl ), priority=2001 , match=(ct.est &&
ct_label.blocked == 0 && (outport == @neutron_pg_drop && ip)),
action=(ct_commit(ct_label=1/1); /* drop */)
table=4 (ls_out_acl ), priority=1 , match=(ip && (!ct.est ||
(ct.est && ct_label.blocked == 1))), action=(reg0[1] = 1; next;)
table=4 (ls_out_acl ), priority=0 , match=(1), action=(next;)
table=5 (ls_out_qos_mark ), priority=0 , match=(1), action=(next;)
table=6 (ls_out_qos_meter ), priority=0 , match=(1), action=(next;)
table=7 (ls_out_stateful ), priority=100 , match=(reg0[1] == 1),
action=(ct_commit(ct_label=0/1); next;)
table=7 (ls_out_stateful ), priority=100 , match=(reg0[2] == 1),
action=(ct_lb;)
table=7 (ls_out_stateful ), priority=0 , match=(1), action=(next;)
table=8 (ls_out_port_sec_ip ), priority=90 , match=(outport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.dst == fa:16:3e:e9:23:89 &&
ip4.dst == {255.255.255.255, 224.0.0.0/4, 192.168.0.222}), action=(next;)
table=8 (ls_out_port_sec_ip ), priority=90 , match=(outport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.dst == fa:16:3e:7d:e0:97 &&
ip4.dst == {255.255.255.255, 224.0.0.0/4, 192.168.0.164}), action=(next;)
table=8 (ls_out_port_sec_ip ), priority=90 , match=(outport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.dst == fa:16:3e:79:12:ca &&
ip4.dst == {255.255.255.255, 224.0.0.0/4, 192.168.0.13}), action=(next;)
table=8 (ls_out_port_sec_ip ), priority=90 , match=(outport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.dst == fa:16:3e:5d:9d:af &&
ip4.dst == {255.255.255.255, 224.0.0.0/4, 192.168.0.60}), action=(next;)
table=8 (ls_out_port_sec_ip ), priority=90 , match=(outport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.dst == fa:16:3e:29:46:6b &&
ip4.dst == {255.255.255.255, 224.0.0.0/4, 192.168.0.108}), action=(next;)
table=8 (ls_out_port_sec_ip ), priority=90 , match=(outport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.dst == fa:16:3e:da:46:01 &&
ip4.dst == {255.255.255.255, 224.0.0.0/4, 192.168.0.66}), action=(next;)
table=8 (ls_out_port_sec_ip ), priority=90 , match=(outport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.dst == fa:16:3e:c0:c3:8f &&
ip4.dst == {255.255.255.255, 224.0.0.0/4, 192.168.0.52}), action=(next;)
table=8 (ls_out_port_sec_ip ), priority=80 , match=(outport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.dst == fa:16:3e:e9:23:89 && ip),
action=(drop;)
table=8 (ls_out_port_sec_ip ), priority=80 , match=(outport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.dst == fa:16:3e:7d:e0:97 && ip),
action=(drop;)
table=8 (ls_out_port_sec_ip ), priority=80 , match=(outport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.dst == fa:16:3e:79:12:ca && ip),
action=(drop;)
table=8 (ls_out_port_sec_ip ), priority=80 , match=(outport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.dst == fa:16:3e:5d:9d:af && ip),
action=(drop;)
table=8 (ls_out_port_sec_ip ), priority=80 , match=(outport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.dst == fa:16:3e:29:46:6b && ip),
action=(drop;)
table=8 (ls_out_port_sec_ip ), priority=80 , match=(outport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.dst == fa:16:3e:da:46:01 && ip),
action=(drop;)
table=8 (ls_out_port_sec_ip ), priority=80 , match=(outport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.dst == fa:16:3e:c0:c3:8f && ip),
action=(drop;)
table=8 (ls_out_port_sec_ip ), priority=0 , match=(1), action=(next;)
table=9 (ls_out_port_sec_l2 ), priority=100 , match=(eth.mcast),
action=(output;)
table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
"29316b1b-2dd9-4438-b104-58ba2da7d8a5"), action=(output;)
table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
"2d532b48-a04e-45e0-9f8f-5ffe4c46db63" && eth.dst == {fa:16:3e:e9:23:89}),
action=(output;)
table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
"2d970338-ae2b-491e-a704-3c4caace5424" && eth.dst == {fa:16:3e:7d:e0:97}),
action=(output;)
table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
"71392db0-a6d7-4957-b364-db7694c0558f" && eth.dst == {fa:16:3e:79:12:ca}),
action=(output;)
table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
"821ed66b-69eb-45c4-8d57-b145e984a26b" && eth.dst == {fa:16:3e:5d:9d:af}),
action=(output;)
table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
"9253545b-6863-4a4a-9359-c6e985ffa181" && eth.dst == {fa:16:3e:29:46:6b}),
action=(output;)
table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
"ceb4f1c7-827c-4854-8b11-50618c8af63e" && eth.dst == {fa:16:3e:da:46:01}),
action=(output;)
table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
"d5dbc1d5-fdb1-4d8f-a072-0f9a489d1bd7"), action=(output;)
table=9 (ls_out_port_sec_l2 ), priority=50 , match=(outport ==
"f5fb1595-ec1a-449c-98a4-b50006166ebe" && eth.dst == {fa:16:3e:c0:c3:8f}),
action=(output;)_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
