[ovs-discuss] Flow rules not applied on LOCAL port when rules are pushed by an OpenFlow controller
Vincent CATROS
Vincent.CATROS at b-com.com
Fri May 27 13:53:29 UTC 2016
Hi Xiao,
Bingo... you are right.
Using "ovs-appctl bridge/dump-flows" I found those "hidden" flows. Now, I can see my "missing" ARP are actually matched by those rules.
Thanks a lot.
Best regards.
Vincent
________________________________________
De : Xiao Liang <shaw.leon at gmail.com>
Envoyé : vendredi 27 mai 2016 14:13
À : Vincent CATROS
Cc : discuss at openvswitch.org
Objet : Re: [ovs-discuss] Flow rules not applied on LOCAL port when rules are pushed by an OpenFlow controller
On Fri, May 27, 2016 at 3:24 PM, Vincent CATROS
<Vincent.CATROS at b-com.com> wrote:
>
> Hello,
>
>
> It seems that flow rules are not applied on LOCAL port when rules are pushed
> by an OpenFlow controller.
>
>
> The problem is probably between my chair and my screen :) but if someone
> could help me to understand the situation I would greatly appreciate.
>
>
> My setup is very simple
>
>
> - A PC running OVS. Let call it "s1". This PC has 2 network interfaces:
>
> - eth0 (10.0.0.2) is used to communicate with the OF controller
>
> - eth1 is enslave to my OVS switch (br-test) 192.168.1.1 is
> configured on "br-test"
>
> - a client PC. Let call it "c1". This PC is directly connected to eth1 on
> "s1". Network interface is set to 192.168.1.2
>
> - a OF controller (ONOS in my case) at 10.0.0.3
>
>
>
> First let me describe a test I would call "normal"
>
>
> My OVS switch "s1" is not connected to any controller
>
>
> ovs-vsctl show
> 32cdf1f6-4963-46a4-8696-0199484fe3e0
> Bridge br-test
> fail_mode: secure
> Port "eth1"
> Interface "eth1"
> Port br-test
> Interface br-test
> type: internal
> ovs_version: "2.5.0"
>
>
>
> 2 rules are added in order to count packets
> ovs-ofctl add-flow br-test priority=10,actions=NORMAL
> ovs-ofctl add-flow br-test arp,priority=11,actions=NORMAL
>
>
> I checked those rules are actually in the switch
>
>
>
> ovs-ofctl dump-flows br-test
>
> NXST_FLOW reply (xid=0x4):
>
> cookie=0x0, duration=18.343s, table=0, n_packets=0, n_bytes=0, idle_age=18,
> priority=11,arp actions=NORMAL
>
> cookie=0x0, duration=23.321s, table=0, n_packets=0, n_bytes=0, idle_age=23,
> priority=10 actions=NORMAL
>
>
>
> I send 1 ARP packet
> from c1 to a non existing IP address
>
> arping -c1 192.168.1.4
> Timeout
>
>
>
> 1 packet has match the ARP rule
>
> ovs-ofctl dump-flows br-test
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=27.252s, table=0, n_packets=1, n_bytes=42, idle_age=3,
> priority=11,arp actions=NORMAL
> cookie=0x0, duration=32.230s, table=0, n_packets=0, n_bytes=0, idle_age=32,
> priority=10 actions=NORMAL
>
>
> this is normal
>
>
>
> If I send 1 ARP packet from "s1" (emited on the LOCAL OVS switch) to a non
> existing IP address
>
>
>
> arping -c1 192.168.1.4
>
> Timeout
>
>
>
> 1 more packet has match the ARP rule
>
>
>
> ovs-ofctl dump-flows br-test
>
> NXST_FLOW reply (xid=0x4):
>
> cookie=0x0, duration=73.074s, table=0, n_packets=2, n_bytes=102,
> idle_age=10, priority=11,arp actions=NORMAL
>
> cookie=0x0, duration=78.052s, table=0, n_packets=0, n_bytes=0, idle_age=78,
> priority=10 actions=NORMAL
>
>
>
> this is also normal
>
>
> Now, let me describe the "strange" behaviour
>
>
> I connect "br-test" to my ONOS controller
>
> ovs-vsctl set-controller br-test tcp:10.0.0.3:6633
>
>
> ovs-vsctl show
>
> 32cdf1f6-4963-46a4-8696-0199484fe3e0
>
> Bridge br-test
>
> Controller "tcp:10.0.0.3:6633"
>
> is_connected: true
>
> fail_mode: secure
>
> Port "eth1"
>
> Interface "eth1"
>
> Port br-test
>
> Interface br-test
>
> type: internal
>
> ovs_version: "2.5.0"
>
>
> We can check that ARP rule has not been matched for the moment
>
>
>
> ovs-ofctl dump-flows br-test
> NXST_FLOW reply (xid=0x4):
> cookie=0xe00000f5ad7ff, duration=9.456s, table=0, n_packets=0, n_bytes=0,
> idle_age=9, priority=5,ip actions=CONTROLLER:65535
> cookie=0xe000011a55234, duration=9.456s, table=0, n_packets=0, n_bytes=0,
> idle_age=9, priority=40000,arp actions=CONTROLLER:65535
> cookie=0xe00001195f878, duration=9.456s, table=0, n_packets=0, n_bytes=0,
> idle_age=9, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535
> cookie=0xe00000f5ad8b9, duration=9.456s, table=0, n_packets=0, n_bytes=0,
> idle_age=9, priority=5,arp actions=CONTROLLER:65535
> cookie=0xe00001195ea2e, duration=9.456s, table=0, n_packets=0, n_bytes=0,
> idle_age=9, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535
>
>
> I send 1 ARP request from "c1" to an unknown IP address
>
>
> arping -c 1 192.168.1.4
>
> Timeout
>
>
> Then we can check that ARP rule has been matched
>
>
>
> ovs-ofctl dump-flows br-test
> NXST_FLOW reply (xid=0x4):
> cookie=0xe00000f5ad7ff, duration=28.298s, table=0, n_packets=0, n_bytes=0,
> idle_age=28, priority=5,ip actions=CONTROLLER:65535
> cookie=0xe000011a55234, duration=28.298s, table=0, n_packets=1, n_bytes=60,
> idle_age=4, priority=40000,arp actions=CONTROLLER:65535
> cookie=0xe00001195f878, duration=28.298s, table=0, n_packets=0, n_bytes=0,
> idle_age=28, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535
> cookie=0xe00000f5ad8b9, duration=28.298s, table=0, n_packets=0, n_bytes=0,
> idle_age=28, priority=5,arp actions=CONTROLLER:65535
> cookie=0xe00001195ea2e, duration=28.298s, table=0, n_packets=0, n_bytes=0,
> idle_age=28, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535
>
>
> So far everything is normal
>
>
> Now, I will send 1 ARP packet from "s1" (on the LOCAL OVS port) to an
> unknown IP address
>
>
> arping -c 1 192.168.1.4
>
> Timeout
>
>
> If we check rules matching.
>
>
>
> ovs-ofctl dump-flows br-test
> NXST_FLOW reply (xid=0x4):
> cookie=0xe00000f5ad7ff, duration=38.774s, table=0, n_packets=0, n_bytes=0,
> idle_age=38, priority=5,ip actions=CONTROLLER:65535
> cookie=0xe000011a55234, duration=38.774s, table=0, n_packets=1, n_bytes=60,
> idle_age=15, priority=40000,arp actions=CONTROLLER:65535
> cookie=0xe00001195f878, duration=38.774s, table=0, n_packets=0, n_bytes=0,
> idle_age=38, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535
> cookie=0xe00000f5ad8b9, duration=38.774s, table=0, n_packets=0, n_bytes=0,
> idle_age=38, priority=5,arp actions=CONTROLLER:65535
> cookie=0xe00001195ea2e, duration=38.774s, table=0, n_packets=0, n_bytes=0,
> idle_age=38, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535
>
>
> We see that ARP rule has not been matched
>
Seems like in-band control flows. Please check following in FAQ.md:
"Q: I hear OVS has a couple of kinds of flows. Can you tell me about them?"
>
> This is weird.
>
>
> And more....
>
>
> If I send an ARP from "s1" LOCAL port to "c1"
>
> arping -c 1 192.168.1.2
>
> ARPING 192.168.1.2
>
> 60 bytes from 08:00:27:f0:80:4e (192.168.1.2): index=0 time=9.662 msec
>
>
> It works request and reply ... but no matching is signaled...
>
>
>
> ovs-ofctl dump-flows br-test
> NXST_FLOW reply (xid=0x4):
> cookie=0xe00000f5ad7ff, duration=49.278s, table=0, n_packets=0, n_bytes=0,
> idle_age=49, priority=5,ip actions=CONTROLLER:65535
> cookie=0xe000011a55234, duration=49.278s, table=0, n_packets=1, n_bytes=60,
> idle_age=25, priority=40000,arp actions=CONTROLLER:65535
> cookie=0xe00001195f878, duration=49.278s, table=0, n_packets=0, n_bytes=0,
> idle_age=49, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535
> cookie=0xe00000f5ad8b9, duration=49.278s, table=0, n_packets=0, n_bytes=0,
> idle_age=49, priority=5,arp actions=CONTROLLER:65535
> cookie=0xe00001195ea2e, duration=49.278s, table=0, n_packets=0, n_bytes=0,
> idle_age=49, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535
>
>
> This is really weird... it seems that packets are going through the datapath
> without activating OF rules.
>
>
> I even checked OF connection between OVS and ONOS... no PACKET_IN issued.
>
>
> Any idea?
>
>
> Regards
>
> Vincent
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
>
More information about the discuss
mailing list