[ovs-discuss] Routing at the termination point

Manik Sidana maniksidana019 at gmail.com
Fri Jul 17 15:07:51 UTC 2015


If the packets Mac address matches that of the ovs bridge, the packet would
be accepted by the bridge. Can you try the below
Create an SNAT rule using iptables and snat the packets with VM B's IP
address.
(Use -v option on iptables to see the rule hit counters) Use route command
and set a default route.
Do this without changing the Mac address
On 17 Jul 2015 17:26, "Abhishek Verma" <abhishekv.verma at gmail.com> wrote:

> I have set /proc/sys/net/ipv4/ip_forward=1 and have ensured that this is
> set to 1 for all the participating ports.
>
> I send the packet with the OVS bridge's MAC address. This means that when
> the GRE header is popped off, the packet's dest MAC is the same as that of
> the OVS bridge. I now expect the linux kernel to kick in. I however dont
> see the packet getting forwarded. Can somebody guide me on what else i can
> look at?
>
> From the logs you can see that the packet after GRE decap comes with the
> MAC address of the OVS bridge.
>
> root at akabra:/proc/sys/net/ipv4/conf# tcpdump -xx -ni OFSWITCH not port 22
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on OFSWITCH, link-type EN10MB (Ethernet), capture size 65535
> bytes
> 11:52:48.980347 IP 52.27.111.115 > 172.31.1.48: GREv0, key=0x258, length
> 106: IP 8.8.8.1 > 202.83.17.191: ICMP echo request, id 23162, seq 476,
> length 64
> 0x0000:  0645 1ad2 1ced 0628 ae10 f98a 0800 4500
> 0x0010:  007e 9f8d 4000 352f 54e6 341b 6f73 ac1f
> 0x0020:  0130 2000 6558 0000 0258 0645 1ad2 1ced
> 0x0030:  5e21 e8f3 446a 0800 4500 0054 bf46 4000
> 0x0040:  4001 8f47 0808 0801 ca53 11bf 0800 bb3f
> 0x0050:  5a7a 01dc 96ec a855 0000 0000 d854 0a00
> 0x0060:  0000 0000 1011 1213 1415 1617 1819 1a1b
> 0x0070:  1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
> 0x0080:  2c2d 2e2f 3031 3233 3435 3637
> 11:52:48.980347 IP 8.8.8.1 > 202.83.17.191: ICMP echo request, id 23162,
> seq 476, length 64
> 0x0000:  0645 1ad2 1ced 5e21 e8f3 446a 0800 4500
> 0x0010:  0054 bf46 4000 4001 8f47 0808 0801 ca53
> 0x0020:  11bf 0800 bb3f 5a7a 01dc 96ec a855 0000
> 0x0030:  0000 d854 0a00 0000 0000 1011 1213 1415
> 0x0040:  1617 1819 1a1b 1c1d 1e1f 2021 2223 2425
> 0x0050:  2627 2829 2a2b 2c2d 2e2f 3031 3233 3435
> 0x0060:  3637
>
> root at akabra:/proc/sys/net/ipv4/conf# ovs-ofctl show OFSWITCH
> OFPT_FEATURES_REPLY (xid=0x2): dpid:000006451ad21ced
> n_tables:254, n_buffers:256
> capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
> actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST
> SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
>  1(eth0): addr:06:45:1a:d2:1c:ed
>      config:     0
>      state:      0
>      speed: 0 Mbps now, 0 Mbps max
>  3(gre0): addr:da:67:8f:b2:c1:34
>      config:     0
>      state:      0
>      speed: 0 Mbps now, 0 Mbps max
>  LOCAL(OFSWITCH): addr:06:45:1a:d2:1c:ed
>      config:     0
>      state:      0
>      speed: 0 Mbps now, 0 Mbps max
> OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
>
> Thanks, Abhishek
>
> On Thu, Jul 16, 2015 at 2:57 PM, Abhishek Verma <abhishekv.verma at gmail.com
> > wrote:
>
>> Hi,
>>
>> I am using a GRE tunnel to connect two VMs, VM-A and VM-B. VM-B is
>> connected to other networks as well.
>>
>> I want the packets terminating at the GRE tunnel on VM-B, to do an L3
>> lookup, and to get forwarded based on the result of the L3 lookup.
>>
>> To do this, i changed the destination MAC at the ingress (on VM-A) to
>> match the MAC address of one of the ports on VM-B. This way when the
>> packets emerge from the GRE tunnel, they already have a dest MAC that
>> matches one of its port MACs. I assumed that because of this the kernel
>> will automatically do an L3 lookup and will forward the packet out to the
>> right place. However, this isnt happening, and am wondering why.
>>
>> I see that i am able to ping the interface if it resides on VM-B. I can
>> however, not get the VM-B to L3 route that packet out. I want the packet to
>> be looked up in the L3 kernel table and get forwarded out. Is there
>> anything that i am missing here.
>>
>> My configs:
>>
>> *The packet arrives on a GRE tunnel (port 4) and i hence add a rule which
>> says that anything arriving on port 4, should undergo normal (L2 and L3)
>> processing. However, since the dest MAC matches one of the port's MACs, i
>> expect the packet to undergo L3 processing.*
>>
>> root@:/home/ubuntu# ovs-ofctl show OFSWITCH
>> OFPT_FEATURES_REPLY (xid=0x2): dpid:000006451ad21ced
>> n_tables:254, n_buffers:256
>> capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
>> actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC
>> SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
>>  1(eth0): addr:06:45:1a:d2:1c:ed
>>      config:     0
>>      state:      0
>>      speed: 0 Mbps now, 0 Mbps max
>>  4(gre0): addr:06:48:6f:be:b0:f5
>>      config:     0
>>      state:      0
>>      speed: 0 Mbps now, 0 Mbps max
>>  LOCAL(OFSWITCH): addr:06:45:1a:d2:1c:ed
>>      config:     0
>>      state:      0
>>      speed: 0 Mbps now, 0 Mbps max
>> OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
>> root@:/home/ubuntu#
>>
>> root@:/home/ubuntu# ovs-ofctl dump-flows OFSWITCH
>> NXST_FLOW reply (xid=0x4):
>>  cookie=0x0, duration=147000.263s, table=0, n_packets=196105,
>> n_bytes=117995996, idle_age=0, hard_age=65534, priority=0 actions=NORMAL
>>  cookie=0x0, duration=1185.832s, table=0, n_packets=62, n_bytes=6076,
>> idle_age=971, priority=501,in_port=4 actions=NORMAL
>>
>>
>> Thanks, Abhishek
>>
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20150717/6c65d5b7/attachment-0002.html>


More information about the discuss mailing list