[ovs-discuss] ovs not receiving flows

Matthew.Stevens at ecs.vuw.ac.nz Matthew.Stevens at ecs.vuw.ac.nz
Thu May 19 02:38:17 UTC 2016 

Greetings,

I am going through some learning pains with OpenvSwitch. I have three
hosts, each on VirtualBox with the central host running OpenvSwitch. I can
ping from both hosts to the OpenvSwitch host and the OpenvSwitch host can
ping back, but I cannot ping between hosts.

This email first describes the architecture, the problem observed and then
the detailed setup of OpenvSwitch within VirtualBox. My apologies for its
length :-)

The 3 host architecture represents an internal host, an external host and
a gateway between them. Both hosts are on different sub-nets, my intention
(eventually) is to install flow rules that will allow udp/tcp traffic
between them. The ovs is hosted on a VM to simplify the plug-n-play nature
of the experiment I am conducting.

The behaviour I see in OpenvSwitch is I can see packet counts increasing
in the in_port, but the flow rules I install do not record any packet
counts. The flow rules used are as broad as I can make them,
"priority=1,actions=NORMAL" plus I have tried other variants using the
in_port, icmp, nw_src, nw_dst.

I suspect the VM is just broadcasting the icmp packets out all ports
(other than the arriving port). I can see the icmp request on the
controller with tcpdump, but it is clear from using tcpdump on the
destination host that nothing arrives on the destination host.

So pinging H1 --> H2
The network looks like H1 -- SW -- H2
The switch has (1)eth0 connected to H1, (2)eth1 connected to H2
$ sudu ovs-ctl dump-flows br0 --- shows (1) receiving packets and (2)
transmitting packets
$ sudo tcpdump -i eth1 -- on the SW host, shows icmp packets leaving (2)eth1
$ sudo tcpdump -i eth0 -- on the H2 host does not pick up any traffic
$ sudo tcpdump -i eth0 -- on the controller shows it is receiving icmp
packets (possibly broadcast by the SW VM)

Keep in  mind the switch can successfully ping both hosts and the
controller. Also that attempts to use flow rules are ignored, the flows
rules are not hit at all.

ARP messaging is also affected (probably part of the same problem). As a
work around the ARP tables on all three hosts have MAC addresses manually
installed. It is not a good solution, but enabled moving forward a little.

I am picking this is not expected behaviour. So I will elaborate on the
detailed ovs set-up, hopefully this may spark an "a-ha!" moment and
someone will point out the obvious mistake...

The VMs are VirtualBox 5 (with Guest Additions), the OS in each case is
Ubuntu v14.04.2.

With ARP addressing manually provided, the two end hosts can ping and be
pinged from the ovs host, so I'm confident I can skip detailing them.

The ovs host is standard Ubuntu with a couple of flag changes. It is
installed then the flowing commands run.

$ sudo apt-get update

$ sudo gedit /etc/sysctl.conf
    adding (needed for other parts of the experiment)
    net.ipv4.tcp_syn_retries=1

$ sudo apt-get install openvswitch-switch

# installation ok, shows version number
$ sudo ovs-vsctl show

$ sudo ovs-vsctl add-br br0
$ sudo ovs-vsctl add-port br0 eth0
$ sudo ovs-vsctl add-port br0 eth1
$ sudo ovs-vsctl add-port br0 eth2

$ sudo gedit /etc/network/interfaces
   # add
   # loopback
    auto lo
    iface lo inet loopback
   # set-up by OpenvSwitch
    auto br0
    iface br0 inet static
      address 192.168.10.10
      netmask 255.255.255.0
   # Adaptor 1 (gateway for subnet)
    auto eth0
    iface eth0 inet static
      address 192.168.60.1
      netmask 255.255.255.0
   # Adaptor 2 (gateway for subnet)
    auto eth1
    iface eth1 inet static
      address 192.168.66.1
      netmask 255.255.255.0
   # Adaptor 3 (controller adaptor br0)
    auto eth2
    iface eth2 inet static
      address 192.168.10.1
      netmask 255.255.255.0

$ sudo ovs-vsctl set bridge br0 protocols=OpenFlow10

$ sudo ovs-vsctl set-controller br0 tcp:192.168.10.1:6633

# set reverse path filter/forwarding, allows pings to reach VM
# set it at 0 (the default) and pings fail
$ sudo gedit /etc/sysctl.conf
    # add
    net.ipv4.conf.all.rp_filter=2

# Manually add arp entries (should not need to do this, but it
# allows pinging the switch VM). End hosts also have arp
# entries manually installed.
$ sudo arp -i eth0 -s 192.168.60.6 08:00:27:7c:1a:19
$ sudo arp -i eth1 -s 192.168.60.6 08:00:27:23:0c:b7

Any thoughts on the possible problems would be gratefully received.

Cheers!
Matt

More information about the discuss mailing list