[ovs-discuss] openvswitch gre tunneling issues

Shivaramakrishnan Vaidyanathan shivaramakrishnan740 at gmail.com
Mon Mar 31 19:52:47 UTC 2014 

Though I am able to reach any of vm's on a host from another host machine.I
am not able to reach outside ip from the vm's.

Also,this is where I find it strange.I have a nfs server process running on
host1 vm1. When i try to write to a nfs share from a vm2 on another host2
connected via gre,i am not able to complete the write. Though the mount
succeeds.Is there any tweeking that needs to be done here?


On Mon, Mar 31, 2014 at 3:10 PM, Shivaramakrishnan Vaidyanathan <
shivaramakrishnan740 at gmail.com> wrote:

> Hello,
> Thanks a lot,It worked.
> I am able to communicate now between the two vm's on different hosts using
> multiple gre tunnels.
> But I am not able to communicate to an outside ip(say 4.2.2.2)  from vm.Is
> there a config required for this?
> How do i give outside connectivity for vm's.
>
>
> On Mon, Mar 31, 2014 at 2:41 PM, Gurucharan Shetty <shettyg at nicira.com>wrote:
>
>> On Mon, Mar 31, 2014 at 10:07 AM, Shivaramakrishnan Vaidyanathan
>> <shivaramakrishnan740 at gmail.com> wrote:
>> > Thanks a lot.
>> > According to what i understand,
>> > Host 1: IP -- a.b.c.d
>> >
>> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>> > options:remote_ip:p.q.r.s options:key=30
>> >
>> > Host2: IP -- p.q.r.s
>> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>> > options:remote_ip:a.b.c.d options:key=30
>> >
>> > Is this what you mentioned?Just to confirm.
>> Yes. You have 2 pairs of gre tunnels. Each pair should have the same
>> key. In the above example that you have given, you have set one pair
>> as 30. You can set the other pair as 40.
>>
>>
>> >
>> >
>> > On Mon, Mar 31, 2014 at 12:29 PM, Gurucharan Shetty <shettyg at nicira.com
>> >
>> > wrote:
>> >>
>> >> On Mon, Mar 31, 2014 at 9:20 AM, Shivaramakrishnan Vaidyanathan
>> >> <shivaramakrishnan740 at gmail.com> wrote:
>> >> > Thanks a lot Gurucharan.
>> >> > I am pretty new to openvswitch.Can you provide the command to achieve
>> >> > this?
>> >> > Looking forward to your reply.
>> >>
>> >> The man page says:
>> >> ....
>> >> ....
>> >> Tunnel Options:
>> >>        These options apply to interfaces with type of gre,  ipsec_gre,
>> >> gre64,
>> >>        ipsec_gre64, vxlan, and lisp.
>> >>
>> >>        Each  tunnel  must  be  uniquely identified by the combination
>> of
>> >> type,
>> >>        options:remote_ip, options:local_ip, and options:in_key.  If two
>> >> ports
>> >>        are defined that are the same except one has an optional
>> identifier
>> >> and
>> >>        the  other  does  not,  the  more  specific  one  is   matched
>> >> first.
>> >>        options:in_key  is  considered more specific than
>> options:local_ip
>> >> if a
>> >>        port defines one and another port defines the other.
>> >> ....
>> >> ...
>> >> options : key: optional string
>> >>               Optional.  Shorthand to set in_key and out_key at the
>> same
>> >> time.
>> >> ...
>> >> ...
>> >>
>> >> So you can do something like:
>> >> * If you create a new tunnel (the key should be same at both ends and
>> >> a different key at the other end):
>> >> ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>> >> options:remote_ip:p.q.r.s options:key=30
>> >>
>> >> (note that your command does not have a '=' and instead has a ':'.
>> >> Also your "ovs-vsctl show" does not print any o/p)
>> >>
>> >> * Or just add a key to a existing tunnel
>> >> ovs-vsctl set interface gre0 options:key=20
>> >>
>> >> If you can't debug well, start with a simpler configuration. i.e., a
>> >> single gre tunnel. Once you get that working, you can build on top of
>> >> it.
>> >>
>> >> >
>> >> >
>> >> > On Mon, Mar 31, 2014 at 12:15 PM, Gurucharan Shetty <
>> shettyg at nicira.com>
>> >> > wrote:
>> >> >>
>> >> >> On Mon, Mar 31, 2014 at 9:12 AM, Shivaramakrishnan Vaidyanathan
>> >> >> <shivaramakrishnan740 at gmail.com> wrote:
>> >> >> > So in that case,essentially we cant have multiple gre tunnels?
>> >> >> I think you can use unique keys to distinguish (Read "Tunnel
>> Options"
>> >> >> in "man ovs-vswitchd.conf.db").
>> >> >>
>> >> >> > Though I have multiple bridges that vm's  to communicate between
>> each
>> >> >> > other.
>> >> >> > The requirement is I need to have multiple internal bridges for
>> vm's
>> >> >> > and
>> >> >> > just one external bridge.
>> >> >> > Is there any alternative?
>> >> >> >
>> >> >> >
>> >> >> > On Mon, Mar 31, 2014 at 11:44 AM, Gurucharan Shetty
>> >> >> > <shettyg at nicira.com>
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> On Mon, Mar 31, 2014 at 8:36 AM, Shiva
>> >> >> >> <shivaramakrishnan740 at gmail.com>
>> >> >> >> wrote:
>> >> >> >> > Hello,
>> >> >> >> >
>> >> >> >> > I am setting up two gre tunnels between two hosts using the
>> same
>> >> >> >> > external
>> >> >> >> > bridge.In this case (br1).I use virbr3 and virbr2 for internal
>> >> >> >> > communication.
>> >> >> >> >
>> >> >> >> > This is my config steps:
>> >> >> >> > Hypervisor 1:
>> >> >> >> > External communication
>> >> >> >> > ovs-vsctl add-br br1
>> >> >> >> > ovs-vsctl add-port eth0
>> >> >> >> > ifconfig br1 p.q.r.s netmask 255.255.255.0
>> >> >> >> >
>> >> >> >> > Internal bridge for vm communication
>> >> >> >> > Tunnel1 :
>> >> >> >> >
>> >> >> >> > ovs-vsctl add-br virbr3
>> >> >> >> > ovs-vsctl show
>> >> >> >> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>> >> >> >> > options:remote_ip:a.b.c.d
>> >> >> >> >
>> >> >> >> > Tunnel2:
>> >> >> >> >
>> >> >> >> > ovs-vsctl add-br virbr2
>> >> >> >> > ovs-vsctl show
>> >> >> >> > ovs-vsctl add-port virbr2 gre0 -- set interface gre0 type=gre
>> >> >> >> > options:remote_ip:a.b.c.d
>> >> >> >> Consider the case for the traffic coming into Hypervisor1. I
>> don't
>> >> >> >> think it is possible to figure out which of the two end points
>> the
>> >> >> >> packet needs to be delivered to because the 2 gre tunnels are not
>> >> >> >> unique.
>> >> >> >>
>> >> >> >> I think if you delete one of your virbr* in each of the machines,
>> >> >> >> you
>> >> >> >> should be able to communicate.
>> >> >> >>
>> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Hypervisor 2:
>> >> >> >> > External communication
>> >> >> >> > ovs-vsctl add-br br1
>> >> >> >> > ovs-vsctl add-port eth0
>> >> >> >> > ifconfig br1 a.b.c.d netmask 255.255.255.0
>> >> >> >> >
>> >> >> >> > Internal bridge for vm communication
>> >> >> >> >
>> >> >> >> > Tunnel1:
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > ovs-vsctl add-br virbr3
>> >> >> >> > ovs-vsctl show
>> >> >> >> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>> >> >> >> > options:remote_ip:p.q.r.s
>> >> >> >> >
>> >> >> >> > Tunnel2:
>> >> >> >> >
>> >> >> >> > ovs-vsctl add-br virbr2
>> >> >> >> > ovs-vsctl show
>> >> >> >> > ovs-vsctl add-port virbr3 gre0 -- set interface gre0 type=gre
>> >> >> >> > options:remote_ip:p.q.r.s
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > I am not able to communicate outside world from the vm's.I am
>> just
>> >> >> >> > able
>> >> >> >> > to
>> >> >> >> > reach the host on which vm resides and viceversa.Can you please
>> >> >> >> > let
>> >> >> >> > me
>> >> >> >> > know
>> >> >> >> > what am i missing here?
>> >> >> >> >
>> >> >> >> > Your help in this regard is greatly appreciated.
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > _______________________________________________
>> >> >> >> > discuss mailing list
>> >> >> >> > discuss at openvswitch.org
>> >> >> >> > http://openvswitch.org/mailman/listinfo/discuss
>> >> >> >> >
>> >> >> >
>> >> >> >
>> >> >
>> >> >
>> >
>> >
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20140331/32cccb27/attachment-0002.html>

More information about the discuss mailing list