[ovs-dev] SFC patches for OVN

Shuaijun Zhang szhang at research.ait.ie
Tue Feb 7 21:22:09 UTC 2017


Hi John,

port-security isn't set for any port, "ovn-nbctl lsp-get-port-security
PORTS" returns nothing.
Do I need to turn it on for all the VNF ports?

Thanks,
Jason

On 7 February 2017 at 20:51, John McDowall <jmcdowall at paloaltonetworks.com>
wrote:

> Jason,
>
>
>
> Did you turn off port-security for the VNF ports?
>
>
>
> Regards
>
>
>
> John
>
>
>
> *From: *Shuaijun Zhang <szhang at research.ait.ie>
> *Date: *Tuesday, February 7, 2017 at 12:48 PM
> *To: *John McDowall <jmcdowall at paloaltonetworks.com>, "flavio at flaviof.com"
> <flavio at flaviof.com>
> *Cc: *"ovs-dev at openvswitch.org" <ovs-dev at openvswitch.org>
> *Subject: *Re: [ovs-dev] SFC patches for OVN
>
>
>
> Hi John, Flavio,
>
>
>
> I have applied the patches and tried it by following the demo (by
> Flavio) in the video below:
>
> https://www.youtube.com/watch?v=PUZzhRxc6iA
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DPUZzhRxc6iA&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=s87TOhGERTLi6KqWA4YqAE0g7VZUixH4B_iVh737Yxw&s=TAphJtiHLTXpDwCm-ZslrqDvvkGydXkW39KBGGVJWKo&e=>
>
>
>
> There is a problem is in my test: the ping message doesn't get replied.
>
>
>
> In the demo, I see that when computer_1 ping computer_2,
>
> you can see the message reaches the ports in the computer_3
>
> and computer_1 can receive the reply.
>
> But in my test, message can reach to the ports (port pairs) in computer_3
> too,
>
> but computer_1 *doesn't *receive the reply.
>
>
>
> The difference between my setup and the demo is that
>
> I used ovn-docker-overlay-driver to create/bind the ports,
>
> and the demo may use script (vagrant) to create/bind ports
>
>
>
> Steps in my setup:
>
>     1. setup the ovn+docker environment by https://github.com/
> openvswitch/ovs/blob/master/Documentation/howto/docker.rst
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs_blob_master_Documentation_howto_docker.rst&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=s87TOhGERTLi6KqWA4YqAE0g7VZUixH4B_iVh737Yxw&s=SHGJ0-5GFfl0GzF8Q_F4SxKpkC7FEwWadV24v_K1wdk&e=>
>
>     2. create 7 containers on 4 hosts (c1 on host1, c2 on host2, c3 on
> host3,
>
> c4/c5/c6/c7 on host4), each container has one port bound. e.g. p1 on c1,
> p2 on c2 ...
>
>     3. Then I create pair ports, port groups, etc. same as in the demo.
> (p4 is the vnfa in the demo,
>
> p5 & p6 are the vnfb in the demo, p7 is vnfc). I can see that the *"ovn-sbctl
> dump-flows" gives *
>
> *same rules as in the demo, ovn-trace results same as in the demo*
>
>     4. Then ping from c1 to c2, the message shows in c4 (port pair
> "vnfa"), *but c2 *
>
> *doesn't receive the ping msg, and c1 doesn't receive the reply*. (I used
> "tcpdump"
>
> to monitor the eth interfaces)
>
>
>
> Do you have any idea about this problem?
>
>
>
> @Flavio, There may be something missing in my setup. So can I have the
> script you used in the demo to repeat your setup, if appropriate. Please.
>
>
>
> Thank you,
>
> Jason
>
>
>
>
>
> On 3 February 2017 at 20:58, John McDowall <jmcdowall at paloaltonetworks.com>
> wrote:
>
> Jason,
>
> I checked it against top of the git tree. So just download the patch and
> clone the lastest and then
>
> $ git apply –directory=ovn <patch>
>
> If you have any questions/feedback let me know.
>
> Regards
>
> John
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=s87TOhGERTLi6KqWA4YqAE0g7VZUixH4B_iVh737Yxw&s=Fq8yDdsY-uYJ5RNltm7eW3zcgU5lQnukR-xj5WRVHJI&e=>
>
>
>
>
>
> --
>
> Shuaijun (Jason) Zhang
> Senior Research Engineer
> Software Research Institute,
> Athlone Institute of Technology, IE
> Tel: +353 90 646 8196 <+353%2090%20646%208196>
> http://www.ait.ie/sri/
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ait.ie_sri_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=s87TOhGERTLi6KqWA4YqAE0g7VZUixH4B_iVh737Yxw&s=wXWts8zZeenowDVki0tfL2yzp_sNh9a_bWXWWNrXWCk&e=>
>



-- 
Shuaijun (Jason) Zhang
Senior Research Engineer
Software Research Institute,
Athlone Institute of Technology, IE
Tel: +353 90 646 8196
http://www.ait.ie/sri/


More information about the dev mailing list