[ovs-discuss] Tunneling to the same machine

Murphy McCauley murphy.mccauley at gmail.com
Sat Jun 8 02:07:51 UTC 2013


So I'm doing something that's probably a bit strange and (perhaps unsurprisingly) getting results that seem a bit strange.

What I've got is two bridges on a single machine, and I'd like to have GRE/VXLAN tunnels between them.  The reason for this is that while ultimately the controller code is meant to control bridges across multiple physical machines or VMs, I'd like to be able to test it in a single Mininet VM.  In this case, the ports attached to the bridges are all veth pairs which run into separate network namespaces, but I need the bridges to communicate between each other in the root namespace.  I realize that a more common way to link the bridges would be with patch interfaces, but that's not applicable to the configuration this will be in when running "for real", and moreover, it won't work with the NXM_NX_TUN_IPV4_DST approach I'm taking.

.. which is all to say that it'd be nice if I could get this working.

So what I'm doing is setting up two interfaces with IPs of, say, 172.16.0.1 and 172.16.0.2.  I'm then adding tunnels along the lines of:
ovs-vsctl add-port s1 tun0 -- set interface tun0 type=gre options:remote_ip=172.16.0.1 options:local_ip=172.16.0.2
ovs-vsctl add-port s2 tun1 -- set interface tun1 type=gre options:remote_ip=172.16.0.2 options:local_ip=172.16.0.1

For very loose definitions of "works", this works.  If I try to ping across the tunnel, I get *one* successful ping.  Snooping the traffic, I see a successful ARP, the first echo request and reply, and then… lots of requests with no replies.  If I kill ping and try to ping again immediately, I get nothing.  If I kill ping and wait a while or try pinging another address -- it works.

Investigating a bit further, I find there's something along the lines of a five or six second flow timeout at play here.  If I keep up activity, further packets never go through (neither ARP nor ICMP).  But after 5 (or 6?) seconds of silence, the whole thing is repeatable.  So a ping -i 6 will appear to work just fine.  It seems weird to me that the initial ARP and ping go through, but subsequent ones don't until the 5/6 seconds elapse, but there it is.

I've tried both GRE and VXLAN tunnels, assigning the endpoint IPs to different types of interfaces (dummy, loopback, veths, normal interfaces), both a 1.9 and 1.11 branch, Linux 3.5 and 3.8 (both 64 bit), and get similar results.  I also quickly glanced through the code but nothing immediately popped out at me as a likely explanation.

I'd welcome any suggestions for getting this working, alternate approaches, or explanations as to what's going on.  Maybe I'm just missing something obvious.

-- Murphy


More information about the discuss mailing list