[ovs-dev] ovn ping from VM to external gateway IP failed.
Numan Siddique
nusiddiq at redhat.com
Fri Dec 30 15:46:17 UTC 2016
On Fri, Dec 30, 2016 at 5:36 PM, Dong Jun <dongj at dtdream.com> wrote:
> Start devstack in one node(master code).
>
> (10.0.0.7)vm --- (10.0.0.1)dr(169.254.128.2) ---
> (169.254.128.1)ogr(172.24.4.10) --- (172.24.4.1)br-ex
> (fip 172.24.4.7)
>
> $ ip addr show eth0
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc pfifo_fast qlen
> 1000
> inet 10.0.0.7/26 brd 10.0.0.63 scope global eth0
> *ping from 10.0.0.7 to 172.24.4.1 FAILED,HELP is greatly appreciated**
> * $ ping 172.24.4.1
> PING 172.24.4.1 (172.24.4.1): 56 data bytes
> ^C
> --- 172.24.4.1 ping statistics ---
> 5 packets transmitted, 0 packets received, 100% packet loss
>
> Other OK
> ping from vm to 172.24.4.11 and another vm'fip are OK
> $ ping 172.24.4.10
> PING 172.24.4.10 (172.24.4.10): 56 data bytes
> 64 bytes from 172.24.4.10: seq=0 ttl=253 time=0.822 ms
> $ ping 172.24.4.8
> PING 172.24.4.8 (172.24.4.8): 56 data bytes
> 64 bytes from 172.24.4.8: seq=0 ttl=61 time=1.163 ms
> ping from 172.24.4.1 to 172.24.4.7 is OK
> root at c3:/opt/stack# ping 172.24.4.7
> PING 172.24.4.7 (172.24.4.7) 56(84) bytes of data.
> 64 bytes from 172.24.4.7: icmp_seq=1 ttl=62 time=0.903 ms
>
>
> Here is the right conntrack from 172.24.1 to 172.24.4.7
> root at c3:/opt/stack# conntrack -LN | grep icmp
> icmp 1 29 src=172.24.4.1 dst=10.0.0.7 type=8 code=0 id=11779
> src=10.0.0.7 dst=172.24.4.1 type=0 code=0 id=11779 mark=0 zone=9 use=1
> conntrack v1.4.3 (conntrack-tools): 205 flow entries have been shown.
> icmp 1 29 src=172.24.4.1 dst=172.24.4.7 type=8 code=0 id=11779
> src=10.0.0.7 dst=172.24.4.1 type=0 code=0 id=11779 mark=0 zone=4 use=1
> icmp 1 29 src=172.24.4.1 dst=172.24.4.7 type=8 code=0 id=11779
> src=172.24.4.7 dst=172.24.4.1 type=0 code=0 id=11779 mark=0 use=1
>
> *HERE IS some info for this issue ping from 10.0.0.7 to 172.24.4.1
> *
> root at c3:/opt/stack# conntrack -LN | grep icmp
> conntrack v1.4.3 (conntrack-tools): 220 flow entries have been shown.
> icmp 1 29 src=10.0.0.7 dst=172.24.4.1 type=8 code=0 id=32513
> src=172.24.4.1 dst=172.24.4.7 type=0 code=0 id=32513 mark=0 zone=3 use=1
> icmp 1 29 src=10.0.0.7 dst=172.24.4.1 type=8 code=0 id=32513
> [UNREPLIED] src=172.24.4.1 dst=10.0.0.7 type=0 code=0 id=32513 mark=0
> zone=9 use=1
> icmp 1 29 src=172.24.4.7 dst=172.24.4.1 type=8 code=0 id=32513
> src=172.24.4.1 dst=172.24.4.7 type=0 code=0 id=32513 mark=0 use=1
>
> root at c3:/opt/stack# ovs-appctl -t /usr/local/var/run/openvswitch/ovn-controller.30677.ctl
> ct-zone-list
> ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25 8
> f499ea31-da2c-4673-8313-efdf22f86308_dnat 6
> f499ea31-da2c-4673-8313-efdf22f86308_snat 7
> provnet-ca213de8-a0e1-4899-8fcf-4a894c876b80 5
> 417b4dfe-b64a-45fb-952b-9ddea624ae13 9
> 70ef5a38-7fde-477a-a437-0349d56adcf0_snat 3
> 94428e19-4bd0-4eb8-b77a-bcab69539a31_dnat 2
> 94428e19-4bd0-4eb8-b77a-bcab69539a31_snat 1
> 70ef5a38-7fde-477a-a437-0349d56adcf0_dnat 4
>
> root at c3:/opt/stack# ovs-dpctl dump-flows | grep 172
> recirc_id(0x84),dp_hash(0),skb_priority(0),in_port(4),skb_
> mark(0),ct_state(+new-est-rel-rpl-inv+trk-snat-dnat),ct_zone
> (0x4),ct_mark(0),ct_label(0),eth(src=fa:16:3e:1f:ab:18,dst=
> fa:16:3e:cf:28:38),eth_type(0x0800),ipv4(src=10.0.0.7,dst=
> 172.24.4.1,proto=1,tos=0,ttl=63,frag=no),icmp(type=8,code=0),
> packets:141, bytes:13818, used:0.296s, actions:set(eth(src=fa:16:3e:5
> 6:55:b0,dst=9e:eb:2d:f1:8e:42)),set(ipv4(src=10.0.0.7,dst=
> 172.24.4.1,ttl=62)),ct(commit,zone=3,nat(src=172.24.4.7)),recirc(0x85)
> recirc_id(0),dp_hash(0),skb_priority(0),in_port(2),skb_mark(
> 0),ct_state(-new+est-rel+rpl-inv+trk-snat-dnat),ct_zone(0),
> ct_mark(0),ct_label(0),eth(src=9e:eb:2d:f1:8e:42,dst=fa:
> 16:3e:56:55:b0),eth_type(0x0800),ipv4(src=172.24.4.1,
> dst=172.24.4.7,proto=1,tos=0,ttl=64,frag=no),icmp(type=0,code=0),
> packets:141, bytes:13818, used:0.296s, actions:ct(zone=3,nat),ct(comm
> it,zone=4,nat(dst=10.0.0.7)),recirc(0x7e)
> recirc_id(0x82),dp_hash(0),skb_priority(0),in_port(4),skb_
> mark(0),ct_state(+new-est-rel-rpl-inv+trk-snat-dnat),ct_zone
> (0x9),ct_mark(0),ct_label(0),eth(src=fa:16:3e:ba:a1:3b,dst=
> fa:16:3e:b0:15:8d),eth_type(0x0800),ipv4(src=10.0.0.7,dst=
> 172.24.4.1,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0),
> packets:141, bytes:13818, used:0.296s, actions:ct(commit,zone=9,label
> =0/0x1),ct(commit,zone=9,label=0/0x1),set(eth(src=fa:16:3e:
> 1f:ab:18,dst=fa:16:3e:cf:28:38)),set(ipv4(src=10.0.0.7,dst=
> 172.24.4.0/255.255.255.252,ttl=63)),ct(zone=4,nat),recirc(0x84)
> recirc_id(0x85),dp_hash(0),skb_priority(0),in_port(4),skb_
> mark(0),ct_state(-new+est-rel-rpl-inv+trk+snat-dnat),ct_zone
> (0x3),ct_mark(0),ct_label(0),eth(src=fa:16:3e:56:55:b0,dst=
> 9e:eb:2d:f1:8e:42),eth_type(0x0800),ipv4(src=172.24.4.7,
> dst=172.24.4.1,proto=1,tos=0,ttl=62,frag=no),icmp(type=8,code=0),
> packets:139, bytes:13622, used:0.296s, actions:2
> recirc_id(0x7e),dp_hash(0),skb_priority(0),in_port(2),skb_
> mark(0),ct_state(-new-est-rel-rpl+inv+trk-snat-dnat),ct_zone
> (0x4),ct_mark(0),ct_label(0),eth(src=9e:eb:2d:f1:8e:42,dst=
> fa:16:3e:56:55:b0),eth_type(0x0800),ipv4(src=172.24.4.1,
> dst=10.0.0.7,proto=1,tos=0,ttl=64,frag=no),icmp(type=0,code=0),
> packets:141, bytes:13818, used:0.296s, actions:drop
> recirc_id(0),dp_hash(0),skb_priority(0),in_port(4),skb_mark(
> 0),ct_state(-new-est-rel-rpl-inv-trk-snat-dnat),ct_zone(0),
> ct_mark(0),ct_label(0),eth(src=fa:16:3e:ba:a1:3b,dst=fa:
> 16:3e:b0:15:8d),eth_type(0x0800),ipv4(src=10.0.0.7,dst=
> 172.24.4.1,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0),
> packets:141, bytes:13818, used:0.296s, actions:ct(zone=9),recirc(0x82)
>
> root at c3:/opt/stack# ovs-vsctl show
> d5c83627-1a91-44d1-a792-47e2eea8053f
> Bridge br-int
> fail_mode: secure
> Port "tap417b4dfe-b6"
> Interface "tap417b4dfe-b6"
> Port br-int
> Interface br-int
> type: internal
> Port "patch-br-int-to-provnet-ca213de8-a0e1-4899-8fcf-4a894c876b8
> 0"
> Interface "patch-br-int-to-provnet-ca213
> de8-a0e1-4899-8fcf-4a894c876b80"
> type: patch
> options: {peer="patch-provnet-ca213de8-
> a0e1-4899-8fcf-4a894c876b80-to-br-int"}
> Port "tapee2f5eb8-60"
> Interface "tapee2f5eb8-60"
> Bridge br-ex
> Port br-ex
> Interface br-ex
> type: internal
> Port "patch-provnet-ca213de8-a0e1-4899-8fcf-4a894c876b80-to-br-in
> t"
> Interface "patch-provnet-ca213de8-a0e1-4
> 899-8fcf-4a894c876b80-to-br-int"
> type: patch
> options: {peer="patch-br-int-to-provnet
> -ca213de8-a0e1-4899-8fcf-4a894c876b80"}
>
> root at c3:/opt/stack# ovsdb-client dump unix:/usr/local/var/run/openvs
> witch/ovnnb_db.sock
> ACL table
> _uuid action direction
> external_ids log match
>
> priority
> ------------------------------------ ------------- ----------
> -------------------------------------------------------- -----
> ------------------------------------------------------------
> -------------------------------------------------------------------
> --------
> c3b16e8a-1f8a-4a00-8d2e-0931132a681d allow-related from-lport
> {"neutron:lport"="417b4dfe-b64a-45fb-952b-9ddea624ae13"} false "inport ==
> \"417b4dfe-b64a-45fb-952b-9ddea624ae13\" && ip4"
> 1002
> 6a23e6c2-ab5a-46f5-8d1b-ffa893d9ad18 allow-related from-lport
> {"neutron:lport"="417b4dfe-b64a-45fb-952b-9ddea624ae13"} false "inport ==
> \"417b4dfe-b64a-45fb-952b-9ddea624ae13\" && ip6"
> 1002
> 3cdaeaae-47d7-4990-814a-33c9a55eb0a1 allow-related from-lport
> {"neutron:lport"="ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25"} false "inport ==
> \"ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25\" && ip4"
> 1002
> c08d95fa-f5b8-4443-859b-e40f311aba25 allow-related from-lport
> {"neutron:lport"="ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25"} false "inport ==
> \"ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25\" && ip6"
> 1002
> f2bfe8c6-bdcd-4fc8-aa71-e36989fb3a42 allow-related to-lport
> {"neutron:lport"="417b4dfe-b64a-45fb-952b-9ddea624ae13"} false "outport
> == \"417b4dfe-b64a-45fb-952b-9ddea624ae13\" && ip4 && ip4.src ==
> $as_ip4_a480bf62_4b85_4d67_9459_39060c48cca2" 1002
> c3bd4323-5de1-44b3-8658-bd0539ac3723 allow-related to-lport
> {"neutron:lport"="417b4dfe-b64a-45fb-952b-9ddea624ae13"} false "outport
> == \"417b4dfe-b64a-45fb-952b-9ddea624ae13\" && ip4 && ip4.src == 0.0.0.0/0
> && icmp4" 1002
> 9c0950db-971f-4468-8b29-0b9315cc0c7e allow-related to-lport
> {"neutron:lport"="417b4dfe-b64a-45fb-952b-9ddea624ae13"} false "outport
> == \"417b4dfe-b64a-45fb-952b-9ddea624ae13\" && ip4 && ip4.src == 0.0.0.0/0
> && tcp && tcp.dst >= 1 && tcp.dst <= 65535" 1002
> 69be5cb5-c13f-4aa6-9cbc-2c91cc8fe656 allow-related to-lport
> {"neutron:lport"="417b4dfe-b64a-45fb-952b-9ddea624ae13"} false "outport
> == \"417b4dfe-b64a-45fb-952b-9ddea624ae13\" && ip6 && ip6.src ==
> $as_ip6_a480bf62_4b85_4d67_9459_39060c48cca2" 1002
> fa09771a-f84e-417f-aa58-04f15f00274d allow-related to-lport
> {"neutron:lport"="ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25"} false "outport
> == \"ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25\" && ip4 && ip4.src ==
> $as_ip4_a480bf62_4b85_4d67_9459_39060c48cca2" 1002
> 3a74a61d-5688-401f-9b9f-6b446fc0b2fa allow-related to-lport
> {"neutron:lport"="ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25"} false "outport
> == \"ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25\" && ip4 && ip4.src == 0.0.0.0/0
> && icmp4" 1002
> 008d3737-7cb8-449d-a789-cb63a861f2c2 allow-related to-lport
> {"neutron:lport"="ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25"} false "outport
> == \"ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25\" && ip4 && ip4.src == 0.0.0.0/0
> && tcp && tcp.dst >= 1 && tcp.dst <= 65535" 1002
> 83992f0a-b346-4208-a8f3-065b4698a4b7 allow-related to-lport
> {"neutron:lport"="ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25"} false "outport
> == \"ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25\" && ip6 && ip6.src ==
> $as_ip6_a480bf62_4b85_4d67_9459_39060c48cca2" 1002
> 7636befd-5cbd-48a9-a019-0a98d2718848 drop from-lport
> {"neutron:lport"="417b4dfe-b64a-45fb-952b-9ddea624ae13"} false "inport ==
> \"417b4dfe-b64a-45fb-952b-9ddea624ae13\" && ip"
> 1001
> 47b222eb-7509-4850-abb6-75f934235cc8 drop from-lport
> {"neutron:lport"="ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25"} false "inport ==
> \"ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25\" && ip"
> 1001
> 03103d0d-ccec-42ef-97d1-9803339ff606 drop to-lport
> {"neutron:lport"="417b4dfe-b64a-45fb-952b-9ddea624ae13"} false "outport
> == \"417b4dfe-b64a-45fb-952b-9ddea624ae13\" && ip"
> 1001
> c8f84aff-89f7-4264-b792-20c42d7970c6 drop to-lport
> {"neutron:lport"="ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25"} false "outport
> == \"ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25\" && ip"
> 1001
>
> Address_Set table
> _uuid addresses
> external_ids name
> ------------------------------------ ------------------------------------------
> --------------------------------------- ------------------------------
> ---------------
> 8fc2c3cf-9c10-43d5-af3f-9a47a93d5711 []
> {"neutron:security_group_name"=default}
> "as_ip4_3bd3768d_cf16_4437_a919_a5966f1b417c"
> 677b634c-51a5-4b46-9d22-d085ea919794 []
> {"neutron:security_group_name"=default}
> "as_ip4_6cd5bd39_10b2_4e3e_887f_c080c9817730"
> 3d39b290-416d-4094-8d16-cc6063afca0d []
> {"neutron:security_group_name"=default}
> "as_ip4_ff3bdb81_ff2e_4c8c_aca1_26b97361d045"
> dcb53ed1-dca8-4ed5-a79c-5127a965f55d []
> {"neutron:security_group_name"=default}
> "as_ip6_3bd3768d_cf16_4437_a919_a5966f1b417c"
> 719ed657-386f-4fe0-8c81-f34a1b061f74 []
> {"neutron:security_group_name"=default}
> "as_ip6_6cd5bd39_10b2_4e3e_887f_c080c9817730"
> ed1002a6-33e4-40e3-8d19-496196636864 []
> {"neutron:security_group_name"=default}
> "as_ip6_ff3bdb81_ff2e_4c8c_aca1_26b97361d045"
> 6144fe00-b1da-4f54-b2a9-ea998fbe4a30 ["10.0.0.10", "10.0.0.7"]
> {"neutron:security_group_name"=default}
> "as_ip4_a480bf62_4b85_4d67_9459_39060c48cca2"
> 153c9c49-fe5e-4dfe-b7ff-4500ab223e4e ["fd4a:42d2:eff0::5",
> "fd4a:42d2:eff0::7"] {"neutron:security_group_name"=default}
> "as_ip6_a480bf62_4b85_4d67_9459_39060c48cca2"
>
> Connection table
> _uuid external_ids inactivity_probe is_connected max_backoff other_config
> status target
> ----- ------------ ---------------- ------------ ----------- ------------
> ------ ------
>
> DHCP_Options table
> _uuid cidr external_ids
> options
> ------------------------------------ ---------------------
> --------------------------------------------------
> ------------------------------------------------------------
> ---------------------------------------------
> 0136a38d-79e4-4e70-a78d-9d5fb9aa7bee "10.0.0.0/26"
> {subnet_id="bc68b8af-78fd-4151-b7d0-7b4c2d3c2a3f"} {lease_time="43200",
> mtu="1442", router="10.0.0.1", server_id="10.0.0.1",
> server_mac="fa:16:3e:2e:84:8e"}
> c446d776-520c-4c9d-b8cc-990c219b3c6e "fd4a:42d2:eff0::/64"
> {subnet_id="96bc6dda-300f-424f-85ec-c2e61db93da2"}
> {server_id="fa:16:3e:48:56:67"}
>
> Load_Balancer table
> _uuid external_ids name protocol vips
> ----- ------------ ---- -------- ----
>
> Logical_Router table
> _uuid enabled external_ids
> load_balancer name nat
>
> options
> ports
> static_routes
> ------------------------------------ -------
> --------------------------------- -------------
> ----------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------
> ------------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------
> ------------------------------------------------------------
> ----------------
> bc0e338f-692f-4f9d-b5e1-070d60065213 true
> {"neutron:router_name"="router1"} []
> "neutron-26d2fa19-0bb8-42c3-9029-fd639f7ba5d5" []
>
> {}
> [3c633844-eea0-4430-ba45-f32e1d3b2634, 76abbe7c-8c44-4923-bffe-8bd38d4b2aff,
> f8fc2b7c-e13c-4449-9caf-058cbb8715f0] [92ad7d52-8efb-4486-bf95-0d6d25f1c11c]
>
> c26f8ca9-b7ed-46c7-b181-39f6505c7b05 true
> {"neutron:router_name"="router1"} []
> "ogr-26d2fa19-0bb8-42c3-9029-fd639f7ba5d5"
> [348b880c-ce4a-4b32-a235-37f867b0aec5, 468231a3-bc2c-4394-b191-4abffa7d18ca,
> 6865c238-64d6-43a6-8e70-38b5c6ad8958] {chassis="544b3857-2c60-4f63-b72f-3a46021cc71c"}
> [882581e3-8540-4440-bed4-91c4d918c157, cb5c0c3c-c479-4f59-b2a1-302328ac708e]
> [03bbf7c3-4915-44f1-adbf-389037b8f458,
> db694750-58f1-4e43-8c64-9e457222e09d]
>
> Logical_Router_Port table
> _uuid enabled external_ids mac
> name networks
> peer
> ------------------------------------ ------- ------------
> ------------------- -----------------------------------------------
> ------------------------------------ ----
> f8fc2b7c-e13c-4449-9caf-058cbb8715f0 [] {}
> "fa:16:3e:1f:ab:18" "lrp-dtsp-26d2fa19-0bb8-42c3-9029-fd639f7ba5d5" ["
> 169.254.128.2/30"] []
> cb5c0c3c-c479-4f59-b2a1-302328ac708e [] {}
> "fa:16:3e:56:55:b0" "lrp-7f0f78d1-3e5e-451d-915f-6e974b15ed70" ["
> 172.24.4.10/24", "2001:db8::6/64"] []
> 76abbe7c-8c44-4923-bffe-8bd38d4b2aff [] {}
> "fa:16:3e:97:14:0a" "lrp-c475a54d-4773-47f9-8a19-2c375e27b47a"
> ["fd4a:42d2:eff0::1/64"] []
> 3c633844-eea0-4430-ba45-f32e1d3b2634 [] {}
> "fa:16:3e:b0:15:8d" "lrp-00006956-65de-4703-a605-1a6a6df14ddf" ["
> 10.0.0.1/26"] []
> 882581e3-8540-4440-bed4-91c4d918c157 [] {}
> "fa:16:3e:cf:28:38" "lrp-gtsp-26d2fa19-0bb8-42c3-9029-fd639f7ba5d5" ["
> 169.254.128.1/30"] []
>
> Logical_Router_Static_Route table
> _uuid ip_prefix nexthop
> output_port policy
> ------------------------------------ ------------- ---------------
> ----------- ------
> 92ad7d52-8efb-4486-bf95-0d6d25f1c11c "0.0.0.0/0" "169.254.128.1" []
> []
> 03bbf7c3-4915-44f1-adbf-389037b8f458 "0.0.0.0/0" "172.24.4.1" []
> []
> db694750-58f1-4e43-8c64-9e457222e09d "10.0.0.0/26" "169.254.128.2" []
> []
>
> Logical_Switch table
> _uuid acls
>
>
>
>
>
>
>
> external_ids
> load_balancer name
> other_config ports
>
> qos_rules
> ------------------------------------ ------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> -------------------------------------- -----------------------------------------------
> ------------- ---------------------------------------------- ------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> -------------------------------- ---------
> 66f274f0-00e2-4c53-8260-8e68000b2ddc []
>
>
>
>
>
>
>
> {}
> [] "otls-26d2fa19-0bb8-42c3-9029-fd639f7ba5d5"
> {} [102f55b0-289b-47c3-99e4-ea418be7201f,
> 77c4d637-ffa2-437f-85fe-f499567cb112]
> []
> be1ded27-b01e-4ce9-a4ee-d1e28f826b77 []
>
>
>
>
>
>
>
> {"neutron:network_name"="OVN_L3_ADMIN_NETWORK"}
> [] "neutron-a68e8633-61a9-422d-bcb6-16756ce64982" {}
> [747a51a6-f685-40b2-8296-c465785bf900, ce2d6962-c05d-4cdc-bd8b-980b23b76d0c]
>
> []
> 947e40c3-b964-43ea-951c-195610823e2f [008d3737-7cb8-449d-a789-cb63a861f2c2,
> 03103d0d-ccec-42ef-97d1-9803339ff606, 3a74a61d-5688-401f-9b9f-6b446fc0b2fa,
> 3cdaeaae-47d7-4990-814a-33c9a55eb0a1, 47b222eb-7509-4850-abb6-75f934235cc8,
> 69be5cb5-c13f-4aa6-9cbc-2c91cc8fe656, 6a23e6c2-ab5a-46f5-8d1b-ffa893d9ad18,
> 7636befd-5cbd-48a9-a019-0a98d2718848, 83992f0a-b346-4208-a8f3-065b4698a4b7,
> 9c0950db-971f-4468-8b29-0b9315cc0c7e, c08d95fa-f5b8-4443-859b-e40f311aba25,
> c3b16e8a-1f8a-4a00-8d2e-0931132a681d, c3bd4323-5de1-44b3-8658-bd0539ac3723,
> c8f84aff-89f7-4264-b792-20c42d7970c6, f2bfe8c6-bdcd-4fc8-aa71-e36989fb3a42,
> fa09771a-f84e-417f-aa58-04f15f00274d] {"neutron:network_name"=private}
> [] "neutron-ee7092cb-0347-4682-b939-bc8e96aecf10"
> {} [744c8c84-d329-4dc5-96bc-b93d1e2632e3,
> a6b2425c-72c0-4548-a1e3-167679515856, ab967e01-99e8-4b8d-9cb5-40df242d4b13,
> e6207220-e021-4255-b24e-9ddc6ed4e122] []
> 4943c9c3-1719-4a09-ad5f-8ebe1dc7cbdd []
>
>
>
>
>
>
>
> {"neutron:network_name"=public}
> [] "neutron-ca213de8-a0e1-4899-8fcf-4a894c876b80"
> {} [01800fb3-fb84-40d4-9f1e-ab39b4068ef7,
> 17932ccd-a40d-45bd-b982-d6526a07ddee]
> []
>
> Logical_Switch_Port table
> _uuid addresses
> dhcpv4_options dhcpv6_options
> dynamic_addresses enabled external_ids name
> options
>
> parent_name port_security tag
> tag_request type up
> ------------------------------------ -------------------------------------------------
> ------------------------------------ ------------------------------------
> ----------------- ------- --------------------------
> ----------------------------------------------
> ------------------------------------------------------------
> -----------------------------------------------------------------
> ----------- ------------------------------------------------- ---
> ----------- -------- -----
> 102f55b0-289b-47c3-99e4-ea418be7201f ["fa:16:3e:1f:ab:18 169.254.128.2"]
> [] []
> [] [] {}
> "dtsp-26d2fa19-0bb8-42c3-9029-fd639f7ba5d5"
> {router-port="lrp-dtsp-26d2fa19-0bb8-42c3-9029-fd639f7ba5d5"}
> [] []
> [] [] router false
> 747a51a6-f685-40b2-8296-c465785bf900 ["fa:16:3e:1f:ab:18 169.254.128.2"]
> [] []
> [] false {"neutron:port_name"=DTSP}
> "4d41c15f-6362-4605-aa57-e56b945e3ff0" {}
>
> [] []
> [] [] "" false
> a6b2425c-72c0-4548-a1e3-167679515856 ["fa:16:3e:29:ad:a1 10.0.0.10
> fd4a:42d2:eff0::7"] 0136a38d-79e4-4e70-a78d-9d5fb9aa7bee
> c446d776-520c-4c9d-b8cc-990c219b3c6e [] true
> {"neutron:port_name"=""} "ee2f5eb8-60cd-4efa-94b5-0329ebe5fb25"
> {}
> []
> ["fa:16:3e:29:ad:a1 10.0.0.10 fd4a:42d2:eff0::7"] [] [] ""
> true
> 17932ccd-a40d-45bd-b982-d6526a07ddee ["fa:16:3e:56:55:b0 172.24.4.10
> 2001:db8::6"] [] []
> [] true {"neutron:port_name"=""}
> "7f0f78d1-3e5e-451d-915f-6e974b15ed70"
> {nat-addresses="fa:16:3e:56:55:b0 172.24.4.10 172.24.4.8 172.24.4.7",
> router-port="lrp-7f0f78d1-3e5e-451d-915f-6e974b15ed70"} [] []
> [] [] router true
> 744c8c84-d329-4dc5-96bc-b93d1e2632e3 ["fa:16:3e:97:14:0a
> fd4a:42d2:eff0::1"] [] []
> [] true
> {"neutron:port_name"=""} "c475a54d-4773-47f9-8a19-2c375e27b47a"
> {router-port="lrp-c475a54d-4773-47f9-8a19-2c375e27b47a"}
> [] []
> [] [] router false
> ab967e01-99e8-4b8d-9cb5-40df242d4b13 ["fa:16:3e:b0:15:8d 10.0.0.1"]
> [] []
> [] true {"neutron:port_name"=""}
> "00006956-65de-4703-a605-1a6a6df14ddf"
> {router-port="lrp-00006956-65de-4703-a605-1a6a6df14ddf"}
> [] []
> [] [] router false
> e6207220-e021-4255-b24e-9ddc6ed4e122 ["fa:16:3e:ba:a1:3b 10.0.0.7
> fd4a:42d2:eff0::5"] 0136a38d-79e4-4e70-a78d-9d5fb9aa7bee
> c446d776-520c-4c9d-b8cc-990c219b3c6e [] true
> {"neutron:port_name"=""} "417b4dfe-b64a-45fb-952b-9ddea624ae13"
> {}
> []
> ["fa:16:3e:ba:a1:3b 10.0.0.7 fd4a:42d2:eff0::5"] [] [] ""
> true
> 77c4d637-ffa2-437f-85fe-f499567cb112 ["fa:16:3e:cf:28:38 169.254.128.1"]
> [] []
> [] [] {}
> "gtsp-26d2fa19-0bb8-42c3-9029-fd639f7ba5d5"
> {router-port="lrp-gtsp-26d2fa19-0bb8-42c3-9029-fd639f7ba5d5"}
> [] []
> [] [] router true
> ce2d6962-c05d-4cdc-bd8b-980b23b76d0c ["fa:16:3e:cf:28:38 169.254.128.1"]
> [] []
> [] false {"neutron:port_name"=GTSP}
> "bde0c481-926e-4b47-8778-9ca6d9216b4a" {}
>
> [] []
> [] [] "" false
> 01800fb3-fb84-40d4-9f1e-ab39b4068ef7 [unknown]
> [] []
> [] [] {}
> "provnet-ca213de8-a0e1-4899-8fcf-4a894c876b80" {network_name=public}
>
> [] []
> [] [] localnet false
>
> NAT table
> _uuid external_ip logical_ip type
> ------------------------------------ ------------- -------------
> -------------
> 348b880c-ce4a-4b32-a235-37f867b0aec5 "172.24.4.10" "10.0.0.0/26" snat
> 468231a3-bc2c-4394-b191-4abffa7d18ca "172.24.4.7" "10.0.0.7"
> dnat_and_snat
> 6865c238-64d6-43a6-8e70-38b5c6ad8958 "172.24.4.8" "10.0.0.10"
> dnat_and_snat
>
> NB_Global table
> _uuid connections external_ids hv_cfg
> nb_cfg sb_cfg ssl
> ------------------------------------ ----------- ------------ ------
> ------ ------ ---
> df90d1e5-5ed5-4c2a-9cf3-9e0492bdcefd [] {} 0 0
> 0 []
>
> QoS table
> _uuid action direction external_ids match priority
> ----- ------ --------- ------------ ----- --------
>
> SSL table
> _uuid bootstrap_ca_cert ca_cert certificate external_ids private_key
> ----- ----------------- ------- ----------- ------------ -----------
>
>
Hi Dong Jun, I am also facing the same issue on my setup.
These are the findings of my investigation so far
Looks like this issue is seen after the commit
https://github.com/openvswitch/ovs/commit/f1a8bd06d58f2c5312622fbaeacbc6ce7576e347
which removes the usage of patch ports and uses the clone action instead.
I reverted to the commit just before it and SNAT/DNAT is working as
expected.
In my case, the gateway router is hosted on node 1 and the I am trying to
reach a VM (192.168.0.5) hosted on node 2 using the external ip
(10.2.7.105) associated with it. I could see that the node 1 is sending
the packet to node 2 through the geneve tunnel, but it is dropped by node 2
flows.
Below is the tcpdump of the packet
**************************
19:39:44.709907 IP 182.16.0.16.60069 > 182.16.0.15.geneve: Geneve, Flags
[none], vni 0x1: IP nusiddiq.blr.redhat.com > 192.168.0.5: ICMP echo
request, id 13240, seq 1, length 64
***************************
Below is the tcpdump of the packet with the ovn-controller (without the
above commit) in the working case
**************************
19:41:56.783570 IP 182.16.0.12.29778 > 182.16.0.15.geneve: Geneve, Flags
[C], vni 0x1, options [8 bytes]: IP nusiddiq.blr.redhat.com > 192.168.0.5:
ICMP echo request, id 13308, seq 1, length 64
19:41:56.784270 IP 182.16.0.15.14539 > 182.16.0.12.geneve: Geneve, Flags
[C], vni 0xf, options [8 bytes]: IP 192.168.0.5 > nusiddiq.blr.redhat.com:
ICMP echo reply, id 13308, seq 1, length 64
**************************
The options data has - 00030005
>From the packet, I could see that the packet from node 1 is missing the
geneve option fields which has inport and outport keys.
Thanks
Numan
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
More information about the dev
mailing list