[ovs-discuss] Tracing packets using ofproto/trace after integration with Conntrack-OVN
Piyush R Srivastava1
pirsriva at in.ibm.com
Thu Feb 4 10:30:49 UTC 2016
Hi,
I'm using OVN with OpenStack. ( DevStack based installation ).
Problem- How to trace the packets using ovs-appctl ofproto/trace after
integration with conntrack?
Setup-
Topology
1 Network ( having 1 subnet )
2 VM's on the above network on the same hypervisor
1 router having subnet gateway for the above network
[root at rhel7-devstack-ovn-154 ~]# ovs-vsctl show
f1dfb494-b7cc-420c-b52c-7c3ddcb030e8
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "tapa4bd98dd-8a"
Interface "tapa4bd98dd-8a"
Port
"patch-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"
Interface
"patch-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"
type: patch
options:
{peer="patch-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"}
Port "tap43b166a1-d5"
Interface "tap43b166a1-d5"
Port
"patch-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"
Interface
"patch-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"
type: patch
options:
{peer="patch-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"}
Port "ovn-e443d9-0"
Interface "ovn-e443d9-0"
type: geneve
options: {key=flow, remote_ip="10.10.10.153"}
10.10.1.3 / fa:16:3e:67:8e:03 -> VM1
10.10.1.5 / fa:16:3e:68:78:29 -> VM2
10.10.1.1 / fa:16:3e:b6:14:52 -> Subnet gateway
Now PING to the subnet gateway port in router from VM1 is successful ( PING
10.10.1.1 from 10.10.1.3 )
I tried using ovs-appctl ofproto/trace to trace the packet and understand
the flow
[root at rhel7-devstack-ovn-154 ~]# ovs-appctl ofproto/trace br-int
"in_port=2, ct_state=new, dl_src=fa:16:3e:67:8e:03,
dl_dst=fa:16:3e:b6:14:52, dl_type=0x0800, nw_proto=1, nw_src=10.10.1.3,
nw_dst=10.10.1.1"
Bridge: br-int
Flow:
ct_state=new,icmp,in_port=2,vlan_tci=0x0000,dl_src=fa:16:3e:67:8e:03,dl_dst=fa:16:3e:b6:14:52,nw_src=10.10.1.3,nw_dst=10.10.1.1,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Rule: table=0 cookie=0 priority=100,in_port=2
OpenFlow actions=set_field:0x1->reg5,set_field:0x2->
metadata,set_field:0x2->reg6,resubmit(,16)
Resubmitted flow:
ct_state=new,icmp,reg5=0x1,reg6=0x2,metadata=0x2,in_port=2,vlan_tci=0x0000,dl_src=fa:16:3e:67:8e:03,dl_dst=fa:16:3e:b6:14:52,nw_src=10.10.1.3,nw_dst=10.10.1.1,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0
reg5=0x1 reg6=0x2 reg7=0x0
Resubmitted odp: drop
Resubmitted megaflow:
recirc_id=0,ip,reg5=0,reg6=0,metadata=0,in_port=2,vlan_tci=0x0000/0x1000,dl_src=fa:16:3e:67:8e:03,nw_frag=no
Rule: table=16 cookie=0
priority=50,reg6=0x2,metadata=0x2,dl_src=fa:16:3e:67:8e:03
OpenFlow actions=resubmit(,17)
Resubmitted flow: unchanged
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0
reg4=0x0 reg5=0x1 reg6=0x2 reg7=0x0
Resubmitted odp: drop
Resubmitted megaflow:
recirc_id=0,ip,reg5=0,reg6=0,metadata=0,in_port=2,vlan_tci=0x0000/0x1000,dl_src=fa:16:3e:67:8e:03,nw_frag=no
Rule: table=17 cookie=0 priority=100,ip,metadata=0x2
OpenFlow actions=ct(table=18,zone=NXM_NX_REG5[0..15])
Final flow:
ct_state=new,icmp,reg5=0x1,reg6=0x2,metadata=0x2,in_port=2,vlan_tci=0x0000,dl_src=fa:16:3e:67:8e:03,dl_dst=fa:16:3e:b6:14:52,nw_src=10.10.1.3,nw_dst=10.10.1.1,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Megaflow:
recirc_id=0,ip,in_port=2,vlan_tci=0x0000/0x1000,dl_src=fa:16:3e:67:8e:03,nw_frag=no
Datapath actions: ct(zone=1),recirc(0x41)
THE ABOVE COMMAND IS TRACING TILL TABLE 17 ONLY AND NOT FURTHER.
Last rule in it hit Table 17 says-
cookie=0x0, duration=250750.685s, table=17, n_packets=369, n_bytes=50101,
idle_age=5659, hard_age=65534, priority=100,ip,metadata=0x2 actions=ct
(table=18,zone=NXM_NX_REG5[0..15])
Now how do i trace where the packet went / what happened further in
connection tracker and Table 18?
It is possible to trace using ofproto/trace or is there some other method
needed for tracing the exact pipeline of packet?
Thanks and regards,
Piyush Raman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160204/4f9a64b3/attachment-0002.html>
More information about the discuss
mailing list