[ovs-dev] packets coming to local port of the datapath does not go to NOX

Jesse Gross jesse at nicira.com
Wed Dec 1 03:24:53 UTC 2010


On Wed, Nov 24, 2010 at 12:19 AM, Vishal Swarankar
<vishal.swarnkar at gmail.com> wrote:
> Hi,
>
> I have following setup.
>
> Machine_1:
> ==========
>
> eth0 : 10.1.0.X with ip forwarding enabled
>
> br1 ( vswitch datapath) : 10.2.0.30 and a controller(NOX) set to 10.1.0.Y
>
> NOX: whenever a new datapath connects to NOX, it installs a flow saying
> forward all packets to controller ( actions:CONTROLLER)
>
> VM_1 with its eth0 tapped to br0 and has an IP 10.2.0.31
>
>
> Machine_2:
> ==========
>
> eth0 : 10.1.0.X with ip forwarding enabled
>
> br2 ( vswitch datapath) : 10.2.0.50 and a controller(NOX) set to 10.1.0.Y
>
> NOX: whenever a new datapath connects to NOX, it installs a flow saying
> forward all packets to controller ( actions:CONTROLLER)
>
> VM_2 with its eth0 tapped to br0 and has an IP 10.2.0.51
>
>
> Now I can ping VM_2 from VM_1 and vice versa and I can see that all packets
> are going through NOX ( n_packets increases in ovs-ofctl dump-flows ). But
> when I ping VM_1 from Machine_2 then the packets does not go to
> NOX(n_packets does not increase). Same behaviour for Machine_1 pinging VM_2.
>
> I can see that my routing table is correct on both machine and it has entry
> like
>
> 10.2.0.0  255.255.255.0 brX
>
> I can see ARP requests on the bridges but nothing is going to NOX. I tried
> to add an explicit rule in the vswitch datapath
> ::in_port=65534,actions:CONTROLLER, but the packets are not hitting this
> rule also.
>
> But if I ping VM_1 from Machine_1, i can see that all packets are hitting
> the rule correctly. e.g. if I ping for 3 packets, then I can see an
> increment of 8 packets in n_packets ( 1 ARP REQ, 1 ARP REP, 3 ICMP REQ, 3
> ICMP REP )
>
> Is this expected behaviour of vswitch ?

It sounds like you're running into a conflict with some of the rules
set up by in band control.  These are created to allow an OpenFlow
controller to function when the control plane and data plane networks
are the same.  It does this by creating a set of high priority rules
that cannot be overridden by the controller that allow control traffic
to pass.

One of these rules involves ARP requests from the local port.  It will
always send traffic to the switch normal action, regardless of what
the controller requests.

Since you are not actually using in band control, you can disable it with:
ovs-vsctl set controller BR connection_mode="out-of-band".

When writing this email, I noticed a problem with the rules being
removed after the connection mode has been changed.  We're looking
into the problem but for now you might have to restart ovs-vswitchd
for the change to take effect.




More information about the dev mailing list