[ovs-discuss] Flow rules not applied on LOCAL port when rules are pushed by an OpenFlow controller
Vincent CATROS
Vincent.CATROS at b-com.com
Fri May 27 07:24:24 UTC 2016
Hello,
It seems that flow rules are not applied on LOCAL port when rules are pushed by an OpenFlow controller.
The problem is probably between my chair and my screen :) but if someone could help me to understand the situation I would greatly appreciate.
My setup is very simple
- A PC running OVS. Let call it "s1". This PC has 2 network interfaces:
- eth0 (10.0.0.2) is used to communicate with the OF controller
- eth1 is enslave to my OVS switch (br-test) 192.168.1.1 is configured on "br-test"
- a client PC. Let call it "c1". This PC is directly connected to eth1 on "s1". Network interface is set to 192.168.1.2
- a OF controller (ONOS in my case) at 10.0.0.3
First let me describe a test I would call "normal"
My OVS switch "s1" is not connected to any controller
ovs-vsctl show
32cdf1f6-4963-46a4-8696-0199484fe3e0
Bridge br-test
fail_mode: secure
Port "eth1"
Interface "eth1"
Port br-test
Interface br-test
type: internal
ovs_version: "2.5.0"
2 rules are added in order to count packets
ovs-ofctl add-flow br-test priority=10,actions=NORMAL
ovs-ofctl add-flow br-test arp,priority=11,actions=NORMAL
I checked those rules are actually in the switch
ovs-ofctl dump-flows br-test
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=18.343s, table=0, n_packets=0, n_bytes=0, idle_age=18, priority=11,arp actions=NORMAL
cookie=0x0, duration=23.321s, table=0, n_packets=0, n_bytes=0, idle_age=23, priority=10 actions=NORMAL
I send 1 ARP packet
from c1 to a non existing IP address
arping -c1 192.168.1.4
Timeout
1 packet has match the ARP rule
ovs-ofctl dump-flows br-test
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=27.252s, table=0, n_packets=1, n_bytes=42, idle_age=3, priority=11,arp actions=NORMAL
cookie=0x0, duration=32.230s, table=0, n_packets=0, n_bytes=0, idle_age=32, priority=10 actions=NORMAL
this is normal
If I send 1 ARP packet from "s1" (emited on the LOCAL OVS switch) to a non existing IP address
arping -c1 192.168.1.4
Timeout
1 more packet has match the ARP rule
ovs-ofctl dump-flows br-test
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=73.074s, table=0, n_packets=2, n_bytes=102, idle_age=10, priority=11,arp actions=NORMAL
cookie=0x0, duration=78.052s, table=0, n_packets=0, n_bytes=0, idle_age=78, priority=10 actions=NORMAL
this is also normal
Now, let me describe the "strange" behaviour
I connect "br-test" to my ONOS controller
ovs-vsctl set-controller br-test tcp:10.0.0.3:6633
ovs-vsctl show
32cdf1f6-4963-46a4-8696-0199484fe3e0
Bridge br-test
Controller "tcp:10.0.0.3:6633"
is_connected: true
fail_mode: secure
Port "eth1"
Interface "eth1"
Port br-test
Interface br-test
type: internal
ovs_version: "2.5.0"
We can check that ARP rule has not been matched for the moment
ovs-ofctl dump-flows br-test
NXST_FLOW reply (xid=0x4):
cookie=0xe00000f5ad7ff, duration=9.456s, table=0, n_packets=0, n_bytes=0, idle_age=9, priority=5,ip actions=CONTROLLER:65535
cookie=0xe000011a55234, duration=9.456s, table=0, n_packets=0, n_bytes=0, idle_age=9, priority=40000,arp actions=CONTROLLER:65535
cookie=0xe00001195f878, duration=9.456s, table=0, n_packets=0, n_bytes=0, idle_age=9, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535
cookie=0xe00000f5ad8b9, duration=9.456s, table=0, n_packets=0, n_bytes=0, idle_age=9, priority=5,arp actions=CONTROLLER:65535
cookie=0xe00001195ea2e, duration=9.456s, table=0, n_packets=0, n_bytes=0, idle_age=9, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535
I send 1 ARP request from "c1" to an unknown IP address
arping -c 1 192.168.1.4
Timeout
Then we can check that ARP rule has been matched
ovs-ofctl dump-flows br-test
NXST_FLOW reply (xid=0x4):
cookie=0xe00000f5ad7ff, duration=28.298s, table=0, n_packets=0, n_bytes=0, idle_age=28, priority=5,ip actions=CONTROLLER:65535
cookie=0xe000011a55234, duration=28.298s, table=0, n_packets=1, n_bytes=60, idle_age=4, priority=40000,arp actions=CONTROLLER:65535
cookie=0xe00001195f878, duration=28.298s, table=0, n_packets=0, n_bytes=0, idle_age=28, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535
cookie=0xe00000f5ad8b9, duration=28.298s, table=0, n_packets=0, n_bytes=0, idle_age=28, priority=5,arp actions=CONTROLLER:65535
cookie=0xe00001195ea2e, duration=28.298s, table=0, n_packets=0, n_bytes=0, idle_age=28, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535
So far everything is normal
Now, I will send 1 ARP packet from "s1" (on the LOCAL OVS port) to an unknown IP address
arping -c 1 192.168.1.4
Timeout
If we check rules matching.
ovs-ofctl dump-flows br-test
NXST_FLOW reply (xid=0x4):
cookie=0xe00000f5ad7ff, duration=38.774s, table=0, n_packets=0, n_bytes=0, idle_age=38, priority=5,ip actions=CONTROLLER:65535
cookie=0xe000011a55234, duration=38.774s, table=0, n_packets=1, n_bytes=60, idle_age=15, priority=40000,arp actions=CONTROLLER:65535
cookie=0xe00001195f878, duration=38.774s, table=0, n_packets=0, n_bytes=0, idle_age=38, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535
cookie=0xe00000f5ad8b9, duration=38.774s, table=0, n_packets=0, n_bytes=0, idle_age=38, priority=5,arp actions=CONTROLLER:65535
cookie=0xe00001195ea2e, duration=38.774s, table=0, n_packets=0, n_bytes=0, idle_age=38, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535
We see that ARP rule has not been matched
This is weird.
And more....
If I send an ARP from "s1" LOCAL port to "c1"
arping -c 1 192.168.1.2
ARPING 192.168.1.2
60 bytes from 08:00:27:f0:80:4e (192.168.1.2): index=0 time=9.662 msec
It works request and reply ... but no matching is signaled...
ovs-ofctl dump-flows br-test
NXST_FLOW reply (xid=0x4):
cookie=0xe00000f5ad7ff, duration=49.278s, table=0, n_packets=0, n_bytes=0, idle_age=49, priority=5,ip actions=CONTROLLER:65535
cookie=0xe000011a55234, duration=49.278s, table=0, n_packets=1, n_bytes=60, idle_age=25, priority=40000,arp actions=CONTROLLER:65535
cookie=0xe00001195f878, duration=49.278s, table=0, n_packets=0, n_bytes=0, idle_age=49, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535
cookie=0xe00000f5ad8b9, duration=49.278s, table=0, n_packets=0, n_bytes=0, idle_age=49, priority=5,arp actions=CONTROLLER:65535
cookie=0xe00001195ea2e, duration=49.278s, table=0, n_packets=0, n_bytes=0, idle_age=49, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535
This is really weird... it seems that packets are going through the datapath without activating OF rules.
I even checked OF connection between OVS and ONOS... no PACKET_IN issued.
Any idea?
Regards
Vincent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160527/e6f21546/attachment-0002.html>
More information about the discuss
mailing list