[ovs-discuss] openvswitch gre tunneling issues

Gurucharan Shetty shettyg at nicira.com
Mon Mar 31 20:10:00 UTC 2014


On Mon, Mar 31, 2014 at 12:52 PM, Shivaramakrishnan Vaidyanathan
<shivaramakrishnan740 at gmail.com> wrote:
> Though I am able to reach any of vm's on a host from another host machine.I
> am not able to reach outside ip from the vm's.
Well, if your bridge in the hypervisor does not have a way to reach
outside ips, your VMs can't either.

One way is to give your VMs 2 interfaces. One of them is a mgmt
interface which should be connected to a bridge in the hypervisor that
also has another port through which you can reach the internet. Other
VM interface is connected to a bridge that has GRE tunnels for your
data network.


>
> Also,this is where I find it strange.I have a nfs server process running on
> host1 vm1. When i try to write to a nfs share from a vm2 on another host2
> connected via gre,i am not able to complete the write. Though the mount
> succeeds.Is there any tweeking that needs to be done here?
I don't have any suggestions here. May be you should ask a separate
question for that.

>
>
> On Mon, Mar 31, 2014 at 3:10 PM, Shivaramakrishnan Vaidyanathan
> <shivaramakrishnan740 at gmail.com> wrote:
>>
>> Hello,
>> Thanks a lot,It worked.
>> I am able to communicate now between the two vm's on different hosts using
>> multiple gre tunnels.
>> But I am not able to communicate to an outside ip(say 4.2.2.2)  from vm.Is
>> there a config required for this?
>> How do i give outside connectivity for vm's.
>>
>>
>> On Mon, Mar 31, 2014 at 2:41 PM, Gurucharan Shetty <shettyg at nicira.com>
>> wrote:
>>>
>>> On Mon, Mar 31, 2014 at 10:07 AM, Shivaramakrishnan Vaidyanathan
>>> <shivaramakrishnan740 at gmail.com> wrote:
>>> > Thanks a lot.
>>> > According to what i understand,
>>> > Host 1: IP -- a.b.c.d
>>> >
>>> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>>> > options:remote_ip:p.q.r.s options:key=30
>>> >
>>> > Host2: IP -- p.q.r.s
>>> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>>> > options:remote_ip:a.b.c.d options:key=30
>>> >
>>> > Is this what you mentioned?Just to confirm.
>>> Yes. You have 2 pairs of gre tunnels. Each pair should have the same
>>> key. In the above example that you have given, you have set one pair
>>> as 30. You can set the other pair as 40.
>>>
>>>
>>> >
>>> >
>>> > On Mon, Mar 31, 2014 at 12:29 PM, Gurucharan Shetty
>>> > <shettyg at nicira.com>
>>> > wrote:
>>> >>
>>> >> On Mon, Mar 31, 2014 at 9:20 AM, Shivaramakrishnan Vaidyanathan
>>> >> <shivaramakrishnan740 at gmail.com> wrote:
>>> >> > Thanks a lot Gurucharan.
>>> >> > I am pretty new to openvswitch.Can you provide the command to
>>> >> > achieve
>>> >> > this?
>>> >> > Looking forward to your reply.
>>> >>
>>> >> The man page says:
>>> >> ....
>>> >> ....
>>> >> Tunnel Options:
>>> >>        These options apply to interfaces with type of gre,  ipsec_gre,
>>> >> gre64,
>>> >>        ipsec_gre64, vxlan, and lisp.
>>> >>
>>> >>        Each  tunnel  must  be  uniquely identified by the combination
>>> >> of
>>> >> type,
>>> >>        options:remote_ip, options:local_ip, and options:in_key.  If
>>> >> two
>>> >> ports
>>> >>        are defined that are the same except one has an optional
>>> >> identifier
>>> >> and
>>> >>        the  other  does  not,  the  more  specific  one  is   matched
>>> >> first.
>>> >>        options:in_key  is  considered more specific than
>>> >> options:local_ip
>>> >> if a
>>> >>        port defines one and another port defines the other.
>>> >> ....
>>> >> ...
>>> >> options : key: optional string
>>> >>               Optional.  Shorthand to set in_key and out_key at the
>>> >> same
>>> >> time.
>>> >> ...
>>> >> ...
>>> >>
>>> >> So you can do something like:
>>> >> * If you create a new tunnel (the key should be same at both ends and
>>> >> a different key at the other end):
>>> >> ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>>> >> options:remote_ip:p.q.r.s options:key=30
>>> >>
>>> >> (note that your command does not have a '=' and instead has a ':'.
>>> >> Also your "ovs-vsctl show" does not print any o/p)
>>> >>
>>> >> * Or just add a key to a existing tunnel
>>> >> ovs-vsctl set interface gre0 options:key=20
>>> >>
>>> >> If you can't debug well, start with a simpler configuration. i.e., a
>>> >> single gre tunnel. Once you get that working, you can build on top of
>>> >> it.
>>> >>
>>> >> >
>>> >> >
>>> >> > On Mon, Mar 31, 2014 at 12:15 PM, Gurucharan Shetty
>>> >> > <shettyg at nicira.com>
>>> >> > wrote:
>>> >> >>
>>> >> >> On Mon, Mar 31, 2014 at 9:12 AM, Shivaramakrishnan Vaidyanathan
>>> >> >> <shivaramakrishnan740 at gmail.com> wrote:
>>> >> >> > So in that case,essentially we cant have multiple gre tunnels?
>>> >> >> I think you can use unique keys to distinguish (Read "Tunnel
>>> >> >> Options"
>>> >> >> in "man ovs-vswitchd.conf.db").
>>> >> >>
>>> >> >> > Though I have multiple bridges that vm's  to communicate between
>>> >> >> > each
>>> >> >> > other.
>>> >> >> > The requirement is I need to have multiple internal bridges for
>>> >> >> > vm's
>>> >> >> > and
>>> >> >> > just one external bridge.
>>> >> >> > Is there any alternative?
>>> >> >> >
>>> >> >> >
>>> >> >> > On Mon, Mar 31, 2014 at 11:44 AM, Gurucharan Shetty
>>> >> >> > <shettyg at nicira.com>
>>> >> >> > wrote:
>>> >> >> >>
>>> >> >> >> On Mon, Mar 31, 2014 at 8:36 AM, Shiva
>>> >> >> >> <shivaramakrishnan740 at gmail.com>
>>> >> >> >> wrote:
>>> >> >> >> > Hello,
>>> >> >> >> >
>>> >> >> >> > I am setting up two gre tunnels between two hosts using the
>>> >> >> >> > same
>>> >> >> >> > external
>>> >> >> >> > bridge.In this case (br1).I use virbr3 and virbr2 for internal
>>> >> >> >> > communication.
>>> >> >> >> >
>>> >> >> >> > This is my config steps:
>>> >> >> >> > Hypervisor 1:
>>> >> >> >> > External communication
>>> >> >> >> > ovs-vsctl add-br br1
>>> >> >> >> > ovs-vsctl add-port eth0
>>> >> >> >> > ifconfig br1 p.q.r.s netmask 255.255.255.0
>>> >> >> >> >
>>> >> >> >> > Internal bridge for vm communication
>>> >> >> >> > Tunnel1 :
>>> >> >> >> >
>>> >> >> >> > ovs-vsctl add-br virbr3
>>> >> >> >> > ovs-vsctl show
>>> >> >> >> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>>> >> >> >> > options:remote_ip:a.b.c.d
>>> >> >> >> >
>>> >> >> >> > Tunnel2:
>>> >> >> >> >
>>> >> >> >> > ovs-vsctl add-br virbr2
>>> >> >> >> > ovs-vsctl show
>>> >> >> >> > ovs-vsctl add-port virbr2 gre0 -- set interface gre0 type=gre
>>> >> >> >> > options:remote_ip:a.b.c.d
>>> >> >> >> Consider the case for the traffic coming into Hypervisor1. I
>>> >> >> >> don't
>>> >> >> >> think it is possible to figure out which of the two end points
>>> >> >> >> the
>>> >> >> >> packet needs to be delivered to because the 2 gre tunnels are
>>> >> >> >> not
>>> >> >> >> unique.
>>> >> >> >>
>>> >> >> >> I think if you delete one of your virbr* in each of the
>>> >> >> >> machines,
>>> >> >> >> you
>>> >> >> >> should be able to communicate.
>>> >> >> >>
>>> >> >> >>
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >> > Hypervisor 2:
>>> >> >> >> > External communication
>>> >> >> >> > ovs-vsctl add-br br1
>>> >> >> >> > ovs-vsctl add-port eth0
>>> >> >> >> > ifconfig br1 a.b.c.d netmask 255.255.255.0
>>> >> >> >> >
>>> >> >> >> > Internal bridge for vm communication
>>> >> >> >> >
>>> >> >> >> > Tunnel1:
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >> > ovs-vsctl add-br virbr3
>>> >> >> >> > ovs-vsctl show
>>> >> >> >> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
>>> >> >> >> > options:remote_ip:p.q.r.s
>>> >> >> >> >
>>> >> >> >> > Tunnel2:
>>> >> >> >> >
>>> >> >> >> > ovs-vsctl add-br virbr2
>>> >> >> >> > ovs-vsctl show
>>> >> >> >> > ovs-vsctl add-port virbr3 gre0 -- set interface gre0 type=gre
>>> >> >> >> > options:remote_ip:p.q.r.s
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >> > I am not able to communicate outside world from the vm's.I am
>>> >> >> >> > just
>>> >> >> >> > able
>>> >> >> >> > to
>>> >> >> >> > reach the host on which vm resides and viceversa.Can you
>>> >> >> >> > please
>>> >> >> >> > let
>>> >> >> >> > me
>>> >> >> >> > know
>>> >> >> >> > what am i missing here?
>>> >> >> >> >
>>> >> >> >> > Your help in this regard is greatly appreciated.
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >> > _______________________________________________
>>> >> >> >> > discuss mailing list
>>> >> >> >> > discuss at openvswitch.org
>>> >> >> >> > http://openvswitch.org/mailman/listinfo/discuss
>>> >> >> >> >
>>> >> >> >
>>> >> >> >
>>> >> >
>>> >> >
>>> >
>>> >
>>
>>
>



More information about the discuss mailing list