[ovs-discuss] Strange flows in bridge/dump-flows

Ben Pfaff blp at ovn.org
Fri Nov 18 23:38:35 UTC 2016


The FAQ says:

Q: Some of the traffic that I'd expect my OpenFlow controller to see doesn't
actually appear through the OpenFlow connection, even though I know that it's
going through.

    A: By default, Open vSwitch assumes that OpenFlow controllers are connected
    "in-band", that is, that the controllers are actually part of the network
    that is being controlled.  In in-band mode, Open vSwitch sets up special
    "hidden" flows to make sure that traffic can make it back and forth between
    OVS and the controllers.  These hidden flows are higher priority than any
    flows that can be set up through OpenFlow, and they are not visible through
    normal OpenFlow flow table dumps.

    Usually, the hidden flows are desirable and helpful, but occasionally they
    can cause unexpected behavior.  You can view the full OpenFlow flow table,
    including hidden flows, on bridge br0 with the command::

        $ ovs-appctl bridge/dump-flows br0

    to help you debug.  The hidden flows are those with priorities
    greater than 65535 (the maximum priority that can be set with
    OpenFlow).

    The DESIGN file at the top level of the Open vSwitch source
    distribution describes the in-band model in detail.

    If your controllers are not actually in-band (e.g. they are on
    localhost via 127.0.0.1, or on a separate network), then you should
    configure your controllers in "out-of-band" mode.  If you have one
    controller on bridge br0, then you can configure out-of-band mode
    on it with::

        $ ovs-vsctl set controller br0 connection-mode=out-of-band

Q: Some of the OpenFlow flows that my controller sets up don't seem to apply to
certain traffic, especially traffic between OVS and the controller itself.

    A: See above.

Q: I configured all my controllers for out-of-band control mode but "ovs-appctl
bridge/dump-flows" still shows some hidden flows.

    A: You probably have a remote manager configured (e.g. with "ovs-vsctl
    set-manager").  By default, Open vSwitch assumes that managers need in-band
    rules set up on every bridge.  You can disable these rules on bridge br0
    with::

        $ ovs-vsctl set bridge br0 other-config:disable-in-band=true

    This actually disables in-band control entirely for the bridge, as if all
    the bridge's controllers were configured for out-of-band control.


On Fri, Nov 18, 2016 at 06:41:54AM +0000, Ali Volkan Atli wrote:
> 
> Hi Ben
> 
> When there is not any flow in OvS flow-table, if b8:af:67:84:90:d7 mac address sends an ARP request, OvS floods the ARP request all ports except incoming port using xlate_normal_flood(). Also if there is a loop between ports, it causes an ARP storm. How can I prevent this problem?
> 
> - Volkan
> 
> #8  0x0000000000618b9b in output_normal (ctx=0x7fff85ff7270, out_xbundle=0x16ac1a0, vlan=0) at ofproto/ofproto-dpif-xlate.c:1896
> #9  0x0000000000619bc8 in xlate_normal_flood (ctx=0x7fff85ff7270, in_xbundle=0x16ac610, vlan=0) at ofproto/ofproto-dpif-xlate.c:2247
> #10 0x000000000061a80d in xlate_normal (ctx=0x7fff85ff7270) at ofproto/ofproto-dpif-xlate.c:2454
> #11 0x000000000061f2eb in xlate_output_action (ctx=0x7fff85ff7270, port=65530, max_len=0, may_packet_in=true) at ofproto/ofproto-dpif-xlate.c:3920
> #12 0x0000000000620f0b in do_xlate_actions (ofpacts=0x16b5fd8, ofpacts_len=16, ctx=0x7fff85ff7270) at ofproto/ofproto-dpif-xlate.c:4727
> #13 0x00000000006234e3 in xlate_actions (xin=0x7fff85ff8290, xout=0x7fff85ff8870) at ofproto/ofproto-dpif-xlate.c:5571
> 
> $ ovs-appctl bridge/dump-flows br0
> ...
> duration=14s, n_packets=0, n_bytes=0, priority=180004,arp,dl_src=b8:af:67:84:90:d7,arp_op=1,actions=NORMAL
> duration=14s, n_packets=0, n_bytes=0, priority=180003,arp,dl_dst=b8:af:67:84:90:d7,arp_op=2,actions=NORMAL
> ...
> 
> $ ovs-ofctl dump-flows br0
> NXST_FLOW reply (xid=0x4):
> 
> 
> ________________________________________
> From: Ben Pfaff [blp at ovn.org]
> Sent: Friday, November 18, 2016 2:49 AM
> To: Ali Volkan Atli
> Cc: discuss at openvswitch.org
> Subject: Re: [ovs-discuss] Strange flows in bridge/dump-flows
> 
> ovs-vswitchd(8) says:
> 
>        bridge/dump-flows bridge
>               Lists  all  flows  in bridge, including those normally hidden to
>               commands such as ovs-ofctl dump-flows.  Flows set up  by  mecha‐
>               nisms  such as in-band control and fail-open are hidden from the
>               controller since it is not allowed to modify or override them.
> 
> 
> On Thu, Nov 17, 2016 at 03:42:48PM +0000, Ali Volkan Atli wrote:
> >
> > When I connect my (ryu) controller to OvS (with DPDK) while all data-ports are down, I always see the strange flows in bridge/dump-flows below. Then when b8:af:67:84:90:d7 tries to send an arp packet, OvS floods it. Could someone please explain why (or who) adds these flows into OvS? Thanks in advance..
> >
> > - Volkan
> >
> > ovs-appctl bridge/dump-flows br0
> >
> > duration=12s, n_packets=0, n_bytes=0, priority=180008,tcp,nw_src=192.168.3.17,tp_src=6633,actions=NORMAL
> > duration=12s, n_packets=0, n_bytes=0, priority=180007,tcp,nw_dst=192.168.3.17,tp_dst=6633,actions=NORMAL
> > duration=12s, n_packets=0, n_bytes=0, priority=180006,arp,arp_spa=192.168.3.17,arp_op=1,actions=NORMAL
> > duration=12s, n_packets=0, n_bytes=0, priority=180005,arp,arp_tpa=192.168.3.17,arp_op=2,actions=NORMAL
> > duration=12s, n_packets=0, n_bytes=0, priority=180004,arp,dl_src=b8:af:67:84:90:d7,arp_op=1,actions=NORMAL
> > duration=10s, n_packets=0, n_bytes=0, priority=180002,arp,dl_src=00:1b:21:84:d1:a0,arp_op=1,actions=NORMAL
> > duration=12s, n_packets=0, n_bytes=0, priority=180003,arp,dl_dst=b8:af:67:84:90:d7,arp_op=2,actions=NORMAL
> > duration=10s, n_packets=0, n_bytes=0, priority=180001,arp,dl_dst=00:1b:21:84:d1:a0,arp_op=2,actions=NORMAL
> > duration=10s, n_packets=0, n_bytes=0, priority=180000,udp,in_port=LOCAL,dl_src=00:1b:21:84:d1:a0,tp_src=68,tp_dst=67,actions=NORMAL
> > table_id=254, duration=12s, n_packets=0, n_bytes=0, priority=2,recirc_id=0,actions=drop
> > table_id=254, duration=12s, n_packets=0, n_bytes=0, priority=0,reg0=0x1,actions=controller(reason=)
> > table_id=254, duration=12s, n_packets=0, n_bytes=0, priority=0,reg0=0x2,actions=drop
> > table_id=254, duration=12s, n_packets=0, n_bytes=0, priority=0,reg0=0x3,actions=drop
> >
> > argela at anah:~/loop_workspace/ovs-master$ ovs-ofctl dump-flows br0
> > NXST_FLOW reply (xid=0x4):
> >
> > Configuration steps are below.
> >
> > pkill -9 ovs
> > rm -rf /usr/local/var/run/openvswitch
> > rm -rf /usr/local/etc/openvswitch/
> > rm -f /usr/local/etc/openvswitch/conf.db
> > mkdir -p /usr/local/etc/openvswitch
> > mkdir -p /usr/local/var/run/openvswitch
> > ovsdb-tool create /usr/local/etc/openvswitch/conf.db /usr/local/share/openvswitch/vswitch.ovsschema
> > ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,Open_vSwitch,manager_options --pidfile --detach
> > ovs-vsctl --no-wait init
> > ovs-vsctl --no-wait set Open_vSwitch . other_config:dpdk-init=true
> > ovs-vswitchd unix:/usr/local/var/run/openvswitch/db.sock --pidfile
> >
> > ovs-vsctl add-br br0 -- set bridge br0 datapath_type=netdev
> > ovs-vsctl set-controller br0 tcp:192.168.3.17:6633
> >
> > ovs-vsctl add-port br0 dpdk0 -- set Interface dpdk0 type=dpdk
> > ovs-vsctl add-port br0 dpdk1 -- set Interface dpdk1 type=dpdk
> > ovs-vsctl add-port br0 dpdk2 -- set Interface dpdk2 type=dpdk
> > ovs-vsctl add-port br0 dpdk3 -- set Interface dpdk3 type=dpdk
> > ovs-vsctl add-port br0 dpdk4 -- set Interface dpdk4 type=dpdk
> > ovs-vsctl add-port br0 dpdk5 -- set Interface dpdk5 type=dpdk
> > ovs-vsctl add-port br0 dpdk6 -- set Interface dpdk6 type=dpdk
> > ovs-vsctl add-port br0 dpdk7 -- set Interface dpdk7 type=dpdk
> > ovs-vsctl add-port br0 dpdk8 -- set Interface dpdk8 type=dpdk
> > ovs-vsctl add-port br0 dpdk9 -- set Interface dpdk9 type=dpdk
> > ovs-vsctl add-port br0 dpdk10 -- set Interface dpdk10 type=dpdk
> > ovs-vsctl add-port br0 dpdk11 -- set Interface dpdk11 type=dpdk
> > ovs-vsctl add-port br0 dpdk12 -- set Interface dpdk12 type=dpdk
> > ovs-vsctl add-port br0 dpdk13 -- set Interface dpdk13 type=dpdk
> > ovs-vsctl add-port br0 dpdk14 -- set Interface dpdk14 type=dpdk
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


More information about the discuss mailing list