Open vSwitch authorization flow disappear

DaD · April 13, 2015, 3:08pm

Hello,

I just have a strange issue and can not figure out where it comes from.

We have two Open vSwitch bridges:

out-bridge with a trunk on physical switches to get VLAN from the physical infrastructure
nebula for user networks, each nodes have this bridge with Open vSwitch VXLAN tunnels for inter-nodes communications, with spanning-tree as nebula4 is linked back to nebula1.

On a virtual router, the MAC address authorization flow disappeared, leaving only the action=drop.

In the logs, the last action done on the VM was the deployment:

Wed Apr  8 08:45:01 2015 [Z0][DiM][I]: New VM state is PENDING.
Wed Apr  8 08:45:19 2015 [Z0][DiM][I]: New VM state is ACTIVE.
Wed Apr  8 08:45:19 2015 [Z0][LCM][I]: New VM state is PROLOG.
Wed Apr  8 08:45:19 2015 [Z0][LCM][I]: New VM state is BOOT
Wed Apr  8 08:45:19 2015 [Z0][VMM][I]: Generating deployment file: /var/lib/one/vms/1554/deployment.2
Wed Apr  8 08:45:19 2015 [Z0][VMM][I]: ExitCode: 0
Wed Apr  8 08:45:19 2015 [Z0][VMM][I]: Successfully execute network driver operation: pre.
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: ExitCode: 0
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: Successfully execute virtualization driver operation: deploy.
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: post: Executed "sudo ovs-vsctl set Port vnet7 tag=4".
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: post: Executed "sudo ovs-ofctl add-flow out-bridge in_port=290,dl_src=02:00:c0:a8:e6:05,priority=40000,actions=normal".
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: post: Executed "sudo ovs-ofctl add-flow out-bridge in_port=290,priority=39000,actions=drop".
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: post: Executed "sudo ovs-vsctl set Port vnet8 tag=39".
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: post: Executed "sudo ovs-ofctl add-flow nebula in_port=531,dl_src=02:00:c0:a8:00:64,priority=40000,actions=normal".
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: post: Executed "sudo ovs-ofctl add-flow nebula in_port=531,priority=39000,actions=drop".
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: post: Executed "sudo ovs-vsctl set Port vnet9 tag=40".
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: post: Executed "sudo ovs-ofctl add-flow nebula in_port=532,dl_src=02:00:c0:a8:fd:64,priority=40000,actions=normal".
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: post: Executed "sudo ovs-ofctl add-flow nebula in_port=532,priority=39000,actions=drop".
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: ExitCode: 0
Wed Apr  8 08:45:20 2015 [Z0][VMM][I]: Successfully execute network driver operation: post.
Wed Apr  8 08:45:20 2015 [Z0][LCM][I]: New VM state is RUNNING

In the Open vSwitch the only reference to the problematic ports are:

2015-04-08T06:45:19.825Z|06640|bridge|INFO|bridge nebula: added interface vnet8 on port 531
2015-04-08T06:45:19.933Z|06641|bridge|INFO|bridge nebula: added interface vnet9 on port 532
2015-04-08T06:45:31.204Z|06642|ofproto|INFO|nebula: 4 flow_mods 10 s ago (4 adds)

I do not have the issue with the vnet7 interface in_port=290 of out-bridge.

Does someone have an idea what could remove the MAC addresse authorization flow?

Regards.

PS: I just see that I have other in_port= with only the action=drop.