[ovs-discuss] Openvswitch: Rules matching ports behaving strangely - Rules translation problem?

Andreas Wundsam andi at net.t-labs.tu-berlin.de
Mon Oct 19 23:29:34 UTC 2009


for my debugging work, I have built a prototype solution that uses
openvswitch with openflow as a monitoring/shadow vnets platform. In this
case, I am just matching on _ports_, nothing else.

I am now experiencing a problem, where the wildcard rules installed in
the openflow do not seem to correlate with the ones seen by  dpctl - and
hence, packets are being sent out at the wrong ports:

I have the following rules installed:
root at loadgen134:~# ovs-ofctl show tcp:
features_reply (xid=0x7cc372e8): ver:0x97, dpid:3
n_tables:2, n_buffers:256
features: capabilities:0x17, actions:0x3ff
 1(eth2): addr:00:1e:68:d9:d3:d4, config: 0, state:0
     current:    1GB-FD COPPER AUTO_NEG
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
     supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
 2(vif4.2): addr:fe:ff:ff:ff:ff:ff, config: 0, state:0
 3(vif10.2): addr:fe:ff:ff:ff:ff:ff, config: 0, state:0
     supported:  1GB-FD AUTO_PAUSE
 4(vif7.1): addr:fe:ff:ff:ff:ff:ff, config: 0, state:0
 5(vif7.2): addr:fe:ff:ff:ff:ff:ff, config: 0, state:0
 LOCAL(br_out): addr:00:1e:68:d9:d3:d4, config: 0, state:0
     supported:  100MB-FD 1GB-HD AUTO_PAUSE
get_config_reply (xid=0xd941a811): miss_send_len=0

root at loadgen134:~# ovs-ofctl dump-flows tcp:
stats_reply (xid=0x21082cb4): flags=none type=1(flow)
  duration=246194s, table_id=1, priority=32768, n_packets=0, n_bytes=0,
  duration=246194s, table_id=1, priority=32768, n_packets=0, n_bytes=0,
  duration=116s, table_id=1, priority=32768, n_packets=3, n_bytes=210,
  duration=246183s, table_id=1, priority=32768, n_packets=268,
n_bytes=26024, in_port=3,actions=drop
  duration=32s, table_id=1, priority=32768, n_packets=3, n_bytes=230,
  duration=246184s, table_id=1, priority=32768, n_packets=249464,
n_bytes=24255792, in_port=2,actions=output:1,output:4
  duration=246184s, table_id=1, priority=32768, n_packets=374321,
n_bytes=32390210, in_port=1,actions=output:2,output:4

So, drop LLC and LDDP, anything that comes in
  port 1,2 gets sent to (2,4) and (1,4) respectively
  everything that comes in on port 3,4,5 *should* be dropped

Instead, I see packets from 4 sometimes being delivered to all
interfaces. In fact dp-ctl sees a contradicting set of rules:

root at loadgen134:~# ovs-dpctl dump-flows br_out
port0001:vlan65535 mac00:1b:21:10:8c:7e->00:16:3e:76:4f:93 type0800
proto1 ip192.168.10.1-> port0->0, packets:125, bytes:12250,
used:0.708s, actions:0,2,5,4,3
port0001:vlan65535 mac00:24:97:f3:a8:4a->01:80:c2:00:00:00 type05ff
proto0 ip0.0.0.0-> port0->0, packets:18049, bytes:1082940,
used:0.606s, actions:2,4
port0002:vlan65535 mac00:16:3e:76:4f:93->00:1b:21:10:8c:7e type0800
proto1 ip192.168.10.2-> port8->0, packets:125, bytes:12250,
used:0.708s, actions:0,1,5,4,3

I am confused by the port0->0 and port8->0 in these listings -- my dp
does not have a port 8?!

root at loadgen134:~# ovs-dpctl show br_out
        flows: cur:3, soft-max:512, hard-max:262144
        ports: cur:6, max:1024
        groups: max:16
        lookups: frags:0, hit:1101489, missed:27945, lost:0
        queues: max-miss:100, max-action:100
        port 0: br_out (internal)
        port 1: eth2
        port 2: vif4.2
        port 3: vif10.2
        port 4: vif7.1
        port 5: vif7.2

Any suggestions on how to debug this?



System Info:
 - Xen 3.4.1 from Xen.org
 - Kernel 2.6.18-xen from xen.org with
 - Ubuntu 8.04LTS, 64bit
 - Openvswitch from git://openvswitch.org/openvswitch, 'master',
   commit id  417a8cb6a6f6f16a7dd from Wed Oct 7 10:19:31 2009 -0700

Andreas Wundsam
Technische Universität Berlin, Deutsche Telekom Laboratories
FG INET, Research Group Anja Feldmann

address: Sekr. TEL 16, FG INET, Ernst-Reuter-Platz 7, 10587 Berlin
e-mail: andi at net.t-labs.tu-berlin.de
web: http://www.net.t-labs.tu-berlin.de/people/andi.shtml

More information about the discuss mailing list