[ovs-discuss] kvm and open vSwitch, basic connectivity not working

Tue Feb 9 16:36:41 UTC 2010

On Tue, Feb 9, 2010 at 11:12 AM, Todd Deshane <deshantm at gmail.com> wrote:

>
> ovs-dpctl dump-flows internalbr (seems to reveal the problem --
> actions drop is specified)
> in_port0003:vlan65535 mac52:54:00:12:34:56->52:54:00:12:34:56 type0800
> proto1 ip10.0.0.2->10.0.0.3 port8->0, packets:45, bytes:4410,
> used:0.896s, actions:drop
>
>
Right, this is the problem.  Both VMs have the same MAC address, which
causes the traffic to be sent out the input port and as a result dropped.
 By default KVM assigns the same address to all network devices.  You can
change it by adding macaddr=XXX to the command line when you specify the
network card.

> sudo ovs-ofctl dump-flows internalbr
> Feb 09 10:59:00|00001|ofctl|INFO|connecting to
> unix:/usr/local/var/run/internalbr.mgmt
> stats_reply (xid=0x2f7fe731): flags=none type=1(flow)
>  duration=604s, table_id=1, priority=0, n_packets=1766,
> n_bytes=105868, actions=NORMAL
>
>
> It was my understanding that there was a default flow that was simply
> an accept all, so I didn't add any flows explicitly for testing basic
> functionality. Is there something that I need to explicitly configure
> to allow traffic to flow?
>

No, your understanding is correct.  I just wanted to make sure that nothing
funny was going on.

>
> I do hope to have a setup that does explicitly only allow traffic
> (whitelist-based) as my next step, so understanding the intricacies of
> if it is possible to have a default deny all flows and only allow,
> based on whitelist, is of top priority for me. I would like to try to
> use a tool like ovs-dpctl or ovs-ofctl to add the flows specifically
> and remove the default, but would like to make sure that I have basic
> working functionality first and that I don't have something
> mis-configured.
>

ovs-ofctl is the tool that you want to use.  In general ovs-dpctl isn't
needed too much except for debugging since ovs-vswitchd will do all of the
configuration of datapath.

> Further, does it make more sense for me to setup an open flow
> controller (such as the basic one that comes with vswitch or a more
> advanced one like nox), to accomplish this basic functionality or will
> simply using the ovs-dpctl and ovs-ofctl commands suffice for basic
> demonstration purposes?
>

For static things like a basic demonstration, ovs-ofctl is the easiest thing
to do.  Obviously if you need to be able to change things dynamically a
controller would greatly help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20100209/4f9bbb15/attachment-0002.html>