[ovs-discuss] Re : Re : ip_gre_mod.ko module

Dan Wendlandt dan at nicira.com
Mon Jun 28 23:53:49 UTC 2010


On Fri, Jun 25, 2010 at 6:03 AM, DarkBls <darkbls at yahoo.com> wrote:

> Il fix the problem, thank you for your help. I gave another IP / physical
> interface for the tunnel.
>
> I still have some questions about GRE Tunneling.
>
> For now I have:
>
> On phosphorus (eth0:192.168.93.201 / eth1:172.16.0.201)
> br0 (tap0 + gre0 -> 172.16.0.202)
>
> On sulphur: (eth0:192.168.93.202 / eth1:172.16.0.202)
> br0 (tap0 + gre0 -> 172.16.0.201)
>
> A VM on phosphorus can ping a Vm on sulphur through the GRE tunnel.
>
> What if I want to make several br (br1, br2 and br3) on phosphorus and I
> want them to be connected through their own GRE tunnel on their sulphur
> counterpart (br1, br2 and br3) only ?
>


Do you want to have multiple bridges on each server just to isolate one set
of VMs from another set of VMs?  If so, you could just have a single bridge
on each server joined by a single tunnel (like your initial example) but
place each set of VMs on a different VLAN for isolation.  The GRE tunnel
will carry the VLAN tagged traffic between the two bridges and the switch at
either end will enforce the VLAN isolation.

dan


>
>
>
> ------------------------------
> *De :* Jesse Gross <jesse at nicira.com>
>
> *À :* DarkBls <darkbls at yahoo.com>
> *Cc :* Justin Pettit <jpettit at nicira.com>; discuss at openvswitch.org
> *Envoyé le :* Mar 22 juin 2010, 0h 01min 22s
> *Objet :* Re: [ovs-discuss] Re : ip_gre_mod.ko module
>
> On Mon, Jun 21, 2010 at 3:47 AM, DarkBls <darkbls at yahoo.com> wrote:
>>
>> ovs-vsctl --db=tcp:192.168.93.201:1977 create interface name=gre0
>> type=gre options:remote_ip=192.168.93.204
>> e29c391b-2e07-4a2e-95de-99cf6f23158d
>> ovs-vsctl --db=tcp:192.168.93.201:1977 create port name=gre0
>> interfaces=[e29c391b-2e07-4a2e-95de-99cf6f23158d]
>> 01c689e2-ecab-4ee6-8902-6aba2efe2deb
>> ovs-vsctl --db=tcp:192.168.93.201:1977 add bridge br0 ports
>> 01c689e2-ecab-4ee6-8902-6aba2efe2deb
>>
>
> All this looks fine.
>
>
>>
>> I must have missed something since I don't see any port 47 opened on any
>> server
>>
>
> GRE runs over IP protocol 47, not TCP or UDP port 47 so you won't see it
> listed  in netstat -l.
>
> Since a flow is being setup that is sending traffic to the GRE port the
> configuration should be fine.  Can you do a tcpdump on the physical
> interface to see if there is GRE traffic?  Is it possible that something
> like iptables is blocking GRE traffic?
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20100628/88f0baf0/attachment-0001.html>


More information about the discuss mailing list