[ovs-discuss] How to make Open vSwitch kernel module drop all packet by default

Voravit T. voravit at kth.se
Wed Nov 2 14:20:51 UTC 2011


Hi,

I noticed that by default the openvswitch kernel module will forward an
incoming packet out on all ports.
I tried to overwrite this by introducing a controller that should drop
all packets.
But I didn't get it to work. Could anyone please let me know what I
missed here?

>From the screen output below you can see that there is a packet arrived
on port1 and is still being forwarded out on port 2 and 0.
The ovs-dpctl show a missed but the ovs-ofctl show a match.
Is this something to do with the actions=NORMAL? And how do I change it?

Below is how I setup my openvswitch and the controller:

insmod datapath/linux/openvswitch_mod.ko
ovsdb-tool create /usr/local/etc/openvswitch/conf.db
vswitchd/vswitch.ovsschema
ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock
--remote=db:Open_vSwitch,manager_options --pidfile --detach
ovs-vsctl --no-wait init
ovs-vswitchd --pidfile --detach
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth4
ovs-vsctl add-port br0 eth5
touch /usr/local/var/run/openvswitch/controller.sock
ovs-controller --noflow --pidfile --detach
punix:/usr/local/var/run/openvswitch/controller.sock
ovs-vsctl set-controller br0
punix:/usr/local/var/run/openvswitch/controller.sock


Here is the screen output:

host1:/# ovs-ofctl dump-flows br0
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=12512.233s, table=0, n_packets=0, n_bytes=0,
priority=0 actions=NORMAL

host1:/# ovs-dpctl dump-flows br0
in_port(1),eth(src=00:1b:21:57:ed:84,dst=00:1b:21:57:ed:85),eth_type(0x0800),ipv4(src=11.0.0.2,dst=13.0.0.2,proto=17,tos=0,frag=no),udp(src=9998,dst=9999),
packets:0, bytes:0, used:never, actions:2,0

host1:/# ovs-dpctl show br0
system at br0:
    lookups: hit:0 missed:7 lost:0
    flows: 0
    port 0: br0 (internal)
    port 1: eth4
    port 2: eth5

host1:/# ovs-ofctl dump-tables br0
OFPST_TABLE reply (xid=0x1): 255 tables
  0: classifier: wild=0x3fffff, max=1000000, active=1
               lookup=7, matched=7

Best regards,
Voravit T.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20111102/98d3f366/attachment.html>


More information about the discuss mailing list