[ovs-dev] How to add-flow to netdev datapth by ovs-appctl?

Ben Pfaff blp at ovn.org
Fri Dec 2 21:23:16 UTC 2016 

This is in the FAQ.

Q: My bridge br0 has host 192.168.0.1 on port 1 and host 192.168.0.2 on port 2.
I set up flows to forward only traffic destined to the other host and drop
other traffic, like this::

    priority=5,in_port=1,ip,nw_dst=192.168.0.2,actions=2
    priority=5,in_port=2,ip,nw_dst=192.168.0.1,actions=1
    priority=0,actions=drop

But it doesn't work--I don't get any connectivity when I do this.  Why?

    A: These flows drop the ARP packets that IP hosts use to establish IP
    connectivity over Ethernet.  To solve the problem, add flows to allow ARP
    to pass between the hosts::

        priority=5,in_port=1,arp,actions=2
        priority=5,in_port=2,arp,actions=1

    This issue can manifest other ways, too.  The following flows that match on
    Ethernet addresses instead of IP addresses will also drop ARP packets,
    because ARP requests are broadcast instead of being directed to a specific
    host::

        priority=5,in_port=1,dl_dst=54:00:00:00:00:02,actions=2
        priority=5,in_port=2,dl_dst=54:00:00:00:00:01,actions=1
        priority=0,actions=drop

    The solution already described above will also work in this case.  It may
    be better to add flows to allow all multicast and broadcast traffic::

        priority=5,in_port=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=2
        priority=5,in_port=2,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=1

On Sat, Dec 03, 2016 at 04:28:43AM +0800, ry0117 wrote:
> I used ovs-ofctl command add flows to ovsbridge which datapath_typ is netdev:
>     ovs-ofctl add-flow ovsBusiness "cookie=0x0, table=0, send_flow_rem priority=3566,ip,in_port=1 actions=output:8"
>     ovs-ofctl add-flow ovsBusiness "cookie=0x0, table=0, send_flow_rem priority=3566,ip,in_port=8 actions=output:1"
> but it doesn't work. 
> The network topo like this:
> 
> 
> |---------|         tap0 | -------|   dpdk0     |--------|
> |  VM1  |-----------> | OVS  |  ----------->| VM2  |
> |---------|                 | ------  |                 |-------- |      
> 
> 
> I can't ping the VM1 to VM2. Then I delete all the flows, and add a Normal action, VM1 could ping to VM2.
> Do you know why ? Can you give some suggestions or advice for my flows?
> 
> 
> Thanks very much.
> 
> 
> 
> 
> 
> 
> 
> 
> At 2016-12-03 02:51:19, "Ben Pfaff" <blp at ovn.org> wrote:
> >On Sat, Dec 03, 2016 at 02:41:28AM +0800, ry0117 wrote:
> >> Thanks for your reply~
> >> I'm very sorry. I've used ovs-ofctl command to add flow, just like:
> >>     ovs-ofctl add-flow ovsBusiness "cookie=0x0, table=0, send_flow_rem priority=3566,ip,in_port=1 actions=output:8"
> >> But now I want to add a flow: all packets receive from port 1 output from port 8 in netdev datapath. What should I do to add this flow?
> >
> >ovs-ofctl also works with the netdev datapath.  You don't need a
> >different command.

More information about the dev mailing list