[ovs-dev] packets coming to local port of the datapath does not go to NOX

Jyotiswarup Raiturkar jyotisr5 at googlemail.com
Wed Dec 1 04:04:41 UTC 2010


After the original mail, we got this working. We created an internal
port on each  bridge which create dummy netdev interface on each
machine (Machine_1 and Machine_2 below). This makes the packets hit
the rules.

BTW, we use in-band control; the NOX sets up rules on the vswitch
using the secure channel, and the same channel is shared with data
packets being forwarded.

-Jyotiswarup

On Wed, Dec 1, 2010 at 8:54 AM, Jesse Gross <jesse at nicira.com> wrote:
> On Wed, Nov 24, 2010 at 12:19 AM, Vishal Swarankar
> <vishal.swarnkar at gmail.com> wrote:
>> Hi,
>>
>> I have following setup.
>>
>> Machine_1:
>> ==========
>>
>> eth0 : 10.1.0.X with ip forwarding enabled
>>
>> br1 ( vswitch datapath) : 10.2.0.30 and a controller(NOX) set to 10.1.0.Y
>>
>> NOX: whenever a new datapath connects to NOX, it installs a flow saying
>> forward all packets to controller ( actions:CONTROLLER)
>>
>> VM_1 with its eth0 tapped to br0 and has an IP 10.2.0.31
>>
>>
>> Machine_2:
>> ==========
>>
>> eth0 : 10.1.0.X with ip forwarding enabled
>>
>> br2 ( vswitch datapath) : 10.2.0.50 and a controller(NOX) set to 10.1.0.Y
>>
>> NOX: whenever a new datapath connects to NOX, it installs a flow saying
>> forward all packets to controller ( actions:CONTROLLER)
>>
>> VM_2 with its eth0 tapped to br0 and has an IP 10.2.0.51
>>
>>
>> Now I can ping VM_2 from VM_1 and vice versa and I can see that all packets
>> are going through NOX ( n_packets increases in ovs-ofctl dump-flows ). But
>> when I ping VM_1 from Machine_2 then the packets does not go to
>> NOX(n_packets does not increase). Same behaviour for Machine_1 pinging VM_2.
>>
>> I can see that my routing table is correct on both machine and it has entry
>> like
>>
>> 10.2.0.0  255.255.255.0 brX
>>
>> I can see ARP requests on the bridges but nothing is going to NOX. I tried
>> to add an explicit rule in the vswitch datapath
>> ::in_port=65534,actions:CONTROLLER, but the packets are not hitting this
>> rule also.
>>
>> But if I ping VM_1 from Machine_1, i can see that all packets are hitting
>> the rule correctly. e.g. if I ping for 3 packets, then I can see an
>> increment of 8 packets in n_packets ( 1 ARP REQ, 1 ARP REP, 3 ICMP REQ, 3
>> ICMP REP )
>>
>> Is this expected behaviour of vswitch ?
>
> It sounds like you're running into a conflict with some of the rules
> set up by in band control.  These are created to allow an OpenFlow
> controller to function when the control plane and data plane networks
> are the same.  It does this by creating a set of high priority rules
> that cannot be overridden by the controller that allow control traffic
> to pass.
>
> One of these rules involves ARP requests from the local port.  It will
> always send traffic to the switch normal action, regardless of what
> the controller requests.
>
> Since you are not actually using in band control, you can disable it with:
> ovs-vsctl set controller BR connection_mode="out-of-band".
>
> When writing this email, I noticed a problem with the rules being
> removed after the connection mode has been changed.  We're looking
> into the problem but for now you might have to restart ovs-vswitchd
> for the change to take effect.
>




More information about the dev mailing list