* Disable policy bit on resolve NH in vrouter

In case of gateway interface, a subnet route is created with resolve NH with policy enabled if gateway has some policies the same bit gets copied over the ARP NH created from this nexthop. If policy bit is enabled in kernel then flow could get created with resolve NH as key, for the very nexthop packet different flow would be created using ARP NH, resolve the same by disabling policy in vrouter Closes-bug:#1566980 Change-Id: Idf70b22907902c2812624a6e7db74b438934c0fc
Juniper · May 11, 2016 · f8b8578 · f8b8578
1 parent 36053ae
commit f8b8578
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/src/vnsw/agent/vrouter/ksync/nexthop_ksync.cc b/src/vnsw/agent/vrouter/ksync/nexthop_ksync.cc
@@ -770,6 +770,17 @@ int NHKSyncEntry::Encode(sandesh_op::type op, char *buf, int buf_len) {
             break;
 
         case NextHop::RESOLVE:
+            if (policy_) {
+                //Policy bit is used in agent to copy over the
+                //field to ARP nexthop that gets created from
+                //resolve NH in case of gateway interface,
+                //but the same is not needed in vrouter.
+                //If policy bit is enabled then first packet
+                //resulting flow with key NH of resolve NH
+                //followed by next packet with ARP NH as key
+                //resulting in flow drops
+                flags &= ~NH_FLAG_POLICY_ENABLED;
+            }
             encoder.set_nhr_type(NH_RESOLVE);
             break;