[ovs-discuss] Does OpenvSwitch support modify the packet's IP address and then output this packet?

Ben Pfaff blp at ovn.org
Wed Jul 13 20:57:03 UTC 2016


I'm glad to hear that you figured out the problem.

On Wed, Jul 13, 2016 at 09:05:31PM +0800, Shawn Lin wrote:
> Hi Ben,
> 
> Thank you for your reply. And I am sorry that I post this question twice. I
> just clicked Send but there was nothing happened so I just re-click it
> again. Really sorry for that.
> 
> *ovs-appctl ofproto/trace *gives me the answer.
> 
> mininet> *sh ovs-ofctl add-flow s1 in_port=1,actions=output:1 -O OpenFlow13*
> mininet>
> mininet> sh ovs-appctl ofproto/trace s1 in_port=1
> Flow:
> metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
> Rule: table=0 cookie=0 in_port=1
> OpenFlow actions=output:1
> *skipping output to input port*
> 
> Final flow: unchanged
> Relevant fields: skb_priority=0,in_port=1,dl_type=0x0000,nw_frag=no
> *Datapath actions: drop*
> 
> And actually, there is one specific port reserved for output to input port ,*
> no need* to use* output:1*, below is information about this port in
> *openflow-spec-v1.3.0*
> 
> *OFPP_IN_PORT = 0xfffffff8, /* Send the packet out the input port. This
> reserved port must be explicitly used in order to send back out of the
> input port. */ *
> 
> So I just changed the *actions=output:1* into *actions=in_port*, and it
> works!
> 
> mininet> *sh ovs-ofctl add-flow s1 in_port=2,actions=in_port -O OpenFlow13*
> mininet>
> mininet>
> mininet> sh ovs-appctl ofproto/trace s1 in_port=2
> Flow:
> metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
> Rule: table=0 cookie=0 in_port=2
> *OpenFlow actions=IN_PORT*
> 
> Final flow: unchanged
> Relevant fields: skb_priority=0,in_port=2,dl_type=0x0000,nw_frag=no
> *Datapath actions: 6*
> 
> 
> Thanks again!
> 
> Shawn Lin
> 
> 
> On Wed, Jul 13, 2016 at 12:12 PM, Ben Pfaff <blp at ovn.org> wrote:
> 
> > On Mon, Jul 11, 2016 at 09:41:36PM +0800, Shawn Lin wrote:
> > > I am trying to use OpenvSwitch to exchange the source IP address and the
> > > destination IP address of a packet, and then forward this packet out to a
> > > host.
> > >
> > > I do this test in *Mininet(2.2.1) *and *OpenvSwitch(2.0.2)*, And below is
> > > the command:
> > >
> > > Topology in Mininet is quite simple,
> > > *h1-s1-h2*
> > >
> > > I use this command to add the flow.
> > > *mininet> sh ovs-ofctl add-flow s1
> > >
> > dl_type=0x0800,dl_type=0x0800,nw_dst=10.0.0.2,actions=mod_dl_src:00:00:00:00:00:02,mod_dl_dst:00:00:00:00:00:01,mod_nw_src:10.0.0.2,mod_nw_dst=10.0.0.1,output:1
> > > -O OpenFlow13*
> > >
> > > And then I could see the result when I show flows in the switch s1,
> > >
> > > *mininet>* *sh ovs-ofctl dump-flows s1 -O OpenFlow13*
> > > OFPST_FLOW reply (OF1.3) (xid=0x2):
> > >
> > >
> > >
> > > * cookie=0x0, duration=418.133s, table=0, n_packets=1813,
> > n_bytes=2731190,
> > > ip,nw_dst=10.0.0.2
> > >
> > actions=mod_dl_src:00:00:00:00:00:02,mod_dl_dst:00:00:00:00:00:01,mod_nw_src:10.0.0.2,mod_nw_dst:10.0.0.1,output:1
> > >      *
> > > * In my understanding, this flow would change the packets' src IP, dst
> > IP,
> > > src Mac, dst Mac, and then forward it out port 1 which is s1-eth1.  *
> > >
> > >  cookie=0x2b0000000000000f, duration=2982.739s, table=0, n_packets=1,
> > > n_bytes=42, priority=2,in_port=1 actions=output:2,CONTROLLER:65535
> > >
> > >
> > >  cookie=0x2b0000000000000e, duration=2982.739s, table=0, n_packets=1,
> > > n_bytes=42, priority=2,in_port=2 actions=output:1,CONTROLLER:65535
> > >
> > >
> > >  cookie=0x2b0000000000000f, duration=2986.774s, table=0, n_packets=0,
> > > n_bytes=0, priority=100,dl_type=0x88cc actions=CONTROLLER:65535
> > >
> > >
> > >  cookie=0x2b0000000000000f, duration=2986.774s, table=0, n_packets=0,
> > > n_bytes=0, priority=0 actions=drop
> > >
> > > And then in terminal, I use tcpdump to catch the packets through s1-eth1,
> > > *tcpdump -i s1-eth1 -w result.pcap*
> > >
> > > I scan all packets and find that these packets are all with *src IP
> > > 10.0.0.1, and dst IP 10.0.0.2.*
> > > At the same time, the *n_bytes* in flow shows that this flow has been
> > hit.
> > >
> > > So Am I doing some wrong configuration? Or which version of OVS support
> > > this feature? Any suggestions or comments are welcomed!
> >
> > Every version of OVS ever released supports this feature.  Your flow
> > looks OK to me.  It's hard to guess what's going wrong.  You might want
> > to use "ovs-appctl ofproto/trace" or "ovs-dpctl dump-flows" to try to
> > peer deeper into what's going on.
> >



More information about the discuss mailing list