[ovs-discuss] kvm and open vSwitch, basic connectivity not working

Todd Deshane deshantm at gmail.com
Tue Feb 9 16:12:14 UTC 2010


Hi Jesse,

On Tue, Feb 9, 2010 at 10:44 AM, Jesse Gross <jesse at nicira.com> wrote:
> Normally when you create a bridge, you should include the bridge local port.
>  For example:
> bridge.internalbr.port=internalbr
> Not only can it cause problems if it is not included but you shouldn't need
> to use dummy0 since that line will create the bridge.
>

Thanks for this piece of information! I was hoping that something like
this existed, and even had thought it would based on the
documentation, but couldn't figure out this syntax. I've changed this
to the config and I am re-testing.

>>
>> So, I still don't have connectivity on Ubuntu, I'll test on Fedora
>> next, but I am unsure what else I can test/debug.
>>
>> Any ideas?
>
>  The best debugging tools are often the dump flows commands as they show
> what is actually happening to the packets.  While pinging between VMs, can
> you run:
> ovs-ofctl dump-flows internalbr
> ovs-dpctl dump-flows internalbr
> This will show what is happening in userspace and the kernel respectively.

ovs-dpctl dump-flows internalbr (seems to reveal the problem --
actions drop is specified)
in_port0003:vlan65535 mac52:54:00:12:34:56->52:54:00:12:34:56 type0800
proto1 ip10.0.0.2->10.0.0.3 port8->0, packets:45, bytes:4410,
used:0.896s, actions:drop

sudo ovs-ofctl dump-flows internalbr
Feb 09 10:59:00|00001|ofctl|INFO|connecting to
unix:/usr/local/var/run/internalbr.mgmt
stats_reply (xid=0x2f7fe731): flags=none type=1(flow)
  duration=604s, table_id=1, priority=0, n_packets=1766,
n_bytes=105868, actions=NORMAL


It was my understanding that there was a default flow that was simply
an accept all, so I didn't add any flows explicitly for testing basic
functionality. Is there something that I need to explicitly configure
to allow traffic to flow?

I do hope to have a setup that does explicitly only allow traffic
(whitelist-based) as my next step, so understanding the intricacies of
if it is possible to have a default deny all flows and only allow,
based on whitelist, is of top priority for me. I would like to try to
use a tool like ovs-dpctl or ovs-ofctl to add the flows specifically
and remove the default, but would like to make sure that I have basic
working functionality first and that I don't have something
mis-configured.

Further, does it make more sense for me to setup an open flow
controller (such as the basic one that comes with vswitch or a more
advanced one like nox), to accomplish this basic functionality or will
simply using the ovs-dpctl and ovs-ofctl commands suffice for basic
demonstration purposes?

Let me know your recommendations on how to best proceed.

Thanks,
Todd

-- 
Todd Deshane
http://todddeshane.net
http://runningxen.com




More information about the discuss mailing list