[ovs-discuss] Tunneling Setup Questions

Tony Finn tony at tonyfinn.com
Sun Apr 12 14:04:36 UTC 2015 

Hi all,

I'm currently trying to set up a test setup for tunnelling using Open
vSwitch. As this was originally to to investigate Geneve, I have built
the latest release from the master branch, but the issues I have also
occur when I try to use GRE so I suspect the problem is user error
rather than anything to do with incomplete Geneve support.

The setup I'm trying to create is as follows:


client1(10.0.0.1) ---|        (br-ext 10.0.10.1)        (br-ext
10.0.10.2)     |---- client 3 (10.0.0.3)
                                   |--------- [OVS1] - - - - Tunnel - -
- - [OVS2]  --------|
client2 (10.0.0.2)---|        (br-int 10.0.0.5) (br-int 10.0.0.6) |----
client 4 (10.0.0.4)

All the clients and OVS devices are virtualbox VMs.

What I have done so far:

Setup two bridges on each OVS1 and OVS2. The first, br-ext has one port,
the external connection between OVS1 and OVS2. On OVS1 I have given it
the IP address 10.0.10.1 and on OVS2 I have given it the IP address
10.0.10.2. The second is br-int. On each OVS VM it is connected to three
ports - the two external connections to the client machines connected to
that OVS, and a tunnel port. The VMs themselves are given IP addresses
ranging from 10.0.0.1/24 to 10.0.0.4/24 .

I have tried using both Geneve and NVGRE for the tunnel port, using GRE
I used the command (on OVS1):

ovs-vsctl add-port br-int gre1 -- set interface gre1 type=gre
options:remote_ip=10.0.10.2

and on OVS2:

ovs-vsctl add-port br-int gre1 -- set interface gre1 type=gre
options:remote_ip=10.0.10.1

When trying Geneve I had used the same command except with type=geneve
and a port name of geneve1.

However, using both Geneve and NVGRE I had the same outcome:

client1 and client2 are able to ping OVS1's br-int
client3 and client4 are able to ping OVS2's br-int
OVS1 is able to ping OVS2's br-ext

However, clients, even those on the same OVS bridge are not able to ping
each other. Using Wireshark, I can see the ARP requests being sent from
the client, including GRE encapsulated packets being sent across the
tunnel. However, the clients do not appear to be receiving these packets
as they never send an ARP reply of their own.

Is there anything I have missed?

Other potentially useful information:

* This is all running on Arch Linux, using kernel 3.19 with the kernel
provided openvswitch module
* None of the physical interfaces involved are assigned IP addresses,
only the bridges
* The clients and OVS machines were cloned from each other, but MAC
addresses have been randomised.
* The OVS machines have one other interface, assigned an IP address
10.0.2.15/24 for external internet address. This is also the default
gateway on these machines.

Regards,
Tony Finn

More information about the discuss mailing list