[ovs-discuss] Tracing packets using ofproto/trace after integration with Conntrack-OVN

Piyush R Srivastava1 pirsriva at in.ibm.com
Thu Feb 4 10:30:49 UTC 2016



Hi,

I'm using OVN with OpenStack. ( DevStack based installation ).

Problem- How to trace the packets using ovs-appctl ofproto/trace after
integration with conntrack?

Setup-
Topology
1 Network ( having 1 subnet )
2 VM's on the above network on the same hypervisor
1 router having subnet gateway for the above network

[root at rhel7-devstack-ovn-154 ~]# ovs-vsctl show
f1dfb494-b7cc-420c-b52c-7c3ddcb030e8
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "tapa4bd98dd-8a"
            Interface "tapa4bd98dd-8a"
        Port
"patch-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"
            Interface
"patch-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"
                type: patch
                options:
{peer="patch-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"}
        Port "tap43b166a1-d5"
            Interface "tap43b166a1-d5"
        Port
"patch-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"
            Interface
"patch-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"
                type: patch
                options:
{peer="patch-ce6a9eb0-a9fa-4988-ba58-6a67dee96457-to-lrp-ce6a9eb0-a9fa-4988-ba58-6a67dee96457"}
        Port "ovn-e443d9-0"
            Interface "ovn-e443d9-0"
                type: geneve
                options: {key=flow, remote_ip="10.10.10.153"}

10.10.1.3 /  fa:16:3e:67:8e:03  -> VM1
10.10.1.5 /  fa:16:3e:68:78:29 -> VM2
10.10.1.1 /  fa:16:3e:b6:14:52 -> Subnet gateway

Now PING to the subnet gateway port in router from VM1 is successful ( PING
10.10.1.1 from 10.10.1.3 )


I tried using ovs-appctl ofproto/trace to trace the packet and understand
the flow

[root at rhel7-devstack-ovn-154 ~]# ovs-appctl  ofproto/trace br-int
"in_port=2, ct_state=new, dl_src=fa:16:3e:67:8e:03,
dl_dst=fa:16:3e:b6:14:52, dl_type=0x0800, nw_proto=1, nw_src=10.10.1.3,
nw_dst=10.10.1.1"
Bridge: br-int
Flow:
ct_state=new,icmp,in_port=2,vlan_tci=0x0000,dl_src=fa:16:3e:67:8e:03,dl_dst=fa:16:3e:b6:14:52,nw_src=10.10.1.3,nw_dst=10.10.1.1,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0

Rule: table=0 cookie=0 priority=100,in_port=2
OpenFlow actions=set_field:0x1->reg5,set_field:0x2->
metadata,set_field:0x2->reg6,resubmit(,16)

        Resubmitted flow:
ct_state=new,icmp,reg5=0x1,reg6=0x2,metadata=0x2,in_port=2,vlan_tci=0x0000,dl_src=fa:16:3e:67:8e:03,dl_dst=fa:16:3e:b6:14:52,nw_src=10.10.1.3,nw_dst=10.10.1.1,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0
reg5=0x1 reg6=0x2 reg7=0x0
        Resubmitted  odp: drop
        Resubmitted megaflow:
recirc_id=0,ip,reg5=0,reg6=0,metadata=0,in_port=2,vlan_tci=0x0000/0x1000,dl_src=fa:16:3e:67:8e:03,nw_frag=no
        Rule: table=16 cookie=0
priority=50,reg6=0x2,metadata=0x2,dl_src=fa:16:3e:67:8e:03
        OpenFlow actions=resubmit(,17)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0
reg4=0x0 reg5=0x1 reg6=0x2 reg7=0x0
                Resubmitted  odp: drop
                Resubmitted megaflow:
recirc_id=0,ip,reg5=0,reg6=0,metadata=0,in_port=2,vlan_tci=0x0000/0x1000,dl_src=fa:16:3e:67:8e:03,nw_frag=no
                Rule: table=17 cookie=0 priority=100,ip,metadata=0x2
                OpenFlow actions=ct(table=18,zone=NXM_NX_REG5[0..15])

Final flow:
ct_state=new,icmp,reg5=0x1,reg6=0x2,metadata=0x2,in_port=2,vlan_tci=0x0000,dl_src=fa:16:3e:67:8e:03,dl_dst=fa:16:3e:b6:14:52,nw_src=10.10.1.3,nw_dst=10.10.1.1,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Megaflow:
recirc_id=0,ip,in_port=2,vlan_tci=0x0000/0x1000,dl_src=fa:16:3e:67:8e:03,nw_frag=no
Datapath actions: ct(zone=1),recirc(0x41)

THE ABOVE COMMAND IS TRACING TILL TABLE 17 ONLY AND NOT FURTHER.
Last rule in it hit Table 17 says-
 cookie=0x0, duration=250750.685s, table=17, n_packets=369, n_bytes=50101,
idle_age=5659, hard_age=65534, priority=100,ip,metadata=0x2 actions=ct
(table=18,zone=NXM_NX_REG5[0..15])


Now how do i trace where the packet went / what happened further in
connection tracker and Table 18?
It is possible to trace using ofproto/trace or is there some other method
needed for tracing the exact pipeline of packet?


Thanks and regards,
Piyush Raman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160204/4f9a64b3/attachment-0002.html>


More information about the discuss mailing list