[ovs-discuss] flow-based tunnel installs arp drop rule in datapath
Sam Hague
shague86 at gmail.com
Thu Aug 21 18:19:05 UTC 2014
Thanks Jesse. I guess that is because down in the datapath that tunnel port
is shared between the two bridges, right? Looks like the vxlan_sys_4789 is
the only port created. Changing the dst_port creates a different port, but
you would still end up sharing that port since you have to add the dst_port
to both sides of the tunnel.
Is there any config to get around this issue? I tried changing the in_key,
out_key, local_ip, remote_ip options and still had the same failure since
all the permutations still ended up with the shared datapath tunnel port.
Thought I could outsmart ovs and added arp responder rules to return the
arp; got past the arp issue, but then ip drop rules were installed.
Thanks, Sam
On Wed, Aug 20, 2014 at 5:36 PM, Jesse Gross <jesse at nicira.com> wrote:
> On Wed, Aug 20, 2014 at 2:58 PM, Sam Hague <shague86 at gmail.com> wrote:
> > Hi,
> >
> > why is an arp drop rule added in the datapath when two bridges are
> connected
> > via a flow-based tunnel and both bridges are on the same host?
> >
> > In the example picture I am attempting a ping from the client to the ws1.
> > Two bridges, sff1 and 2, ports listed also. Flows programmed are below
> the
> > picture. So arps from the client go into sff1(LOCAL), hit the broadcast
> rule
> > and arp sent out the tunnel. In the datapath, though, is the arp drop
> rule
> > so the arp request/response never completes.
> >
> > If I put the sff2 bridge on a different host then everything works well.
> >
> > I am guessing it is an issue with the shared datapath for both bridges
> when
> > on the same host and using flow-based tunnels. If I switch to port-based
> > tunnels then it works fine also. Is there some other config that can be
> > added to the bridges or different flows that can be used?
> >
> > sudo ovs-dpctl dump-flows
> >
> skb_priority(0),in_port(1),eth(src=f6:00:00:00:00:01/00:00:00:00:00:00,dst=ff:ff:ff:ff:ff:ff/01:00:00:00:00:00),eth_type(0x0806),
> > packets:0, bytes:0, used:never,
> >
> actions:set(tunnel(tun_id=0xa,src=192.168.120.45,dst=192.168.120.46,tos=0x0,ttl=64,flags(df,key))),2
> >
> skb_priority(0),tunnel(tun_id=0xa,src=192.168.120.45,dst=192.168.120.46,tos=0x0,ttl=64,flags(key)),in_port(2),skb_mark(0),eth(src=f6:00:00:00:00:01/00:00:00:00:00:00,dst=ff:ff:ff:ff:ff:ff/01:00:00:00:00:00),eth_type(0x0806),
> > packets:0, bytes:0, used:never, actions:drop
>
> I think this is hitting this flow:
> sudo ovs-ofctl add-flow sff1
>
> "dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=set_field:10->tun_id,set_field:192.168.120.46->tun_dst,set_field:192.168.120.45->tun_src,output:5"
>
> Since this will send it back out the input port, it is dropped instead.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20140821/0322ed16/attachment-0002.html>
More information about the discuss
mailing list