[ovs-discuss] For the love of Pete, why does br-ex have a drop flow?!!

Ben Pfaff blp at ovn.org
Thu Jun 9 20:40:30 UTC 2016


On Thu, Jun 09, 2016 at 01:58:45PM -0600, Sterdnot Shaken wrote:
> *This question pertains to both OVS (we're running 2.5.0) as well as
> Openstack (Mitaka).*
> 
> Nothing seems to be able to get through br-ex... When I try and ping
> something external from the instance, traffic gets through the DVR router,
> which sends traffic to the SNAT namespace, to be able to forward traffic
> externally, needs to populate it's next-hop arp entry, so it sends out an
> arp request... That arp request makes it to the br-ex bridge, where,
> according to the flows on that bridge, simply drops the arp request (see
> flows below...)
> 
> ovs-ofctl dump-flows br-ex NXST_FLOW reply (xid=0x4):
> cookie=0x9aed292defb23897, duration=4247.101s, *table=0*, n_packets=2719,
> n_bytes=141881, idle_age=0, priority=2,*in_port=1 actions=resubmit(,1)*
> cookie=0x9aed292defb23897, duration=4248.055s, table=0, n_packets=0,
> n_bytes=0, idle_age=4248, priority=0 actions=NORMAL
> cookie=0x9aed292defb23897, duration=4247.066s, table=0, n_packets=297239,
> n_bytes=12534954, idle_age=0, priority=1 actions=resubmit(,3)
> cookie=0x9aed292defb23897, duration=4247.033s, *table=1*, n_packets=2719,
> n_bytes=141881, idle_age=0, priority=0 *actions=resubmit(,2)*
> cookie=0x9aed292defb23897, duration=4247.004s, *table=2*, n_packets=2719,
> n_bytes=141881, idle_age=0, priority=2,*in_port=1 actions=drop*
> 
> I can (and have) manually added flows with higher priorities, to allow the
> arp traffic out, but manual isn't the right solution...
> 
> WHY!!!!! Why are these flows here? Any help would be greatly appreciated!

OVS isn't adding these flows, it's just implementing them, so it's
probably better to ask about this on an openstack mailing list.



More information about the discuss mailing list