[ovs-discuss] Static CAM table

Tom Gajewski tom.gajewski at paperspace.com
Tue Oct 18 17:51:33 UTC 2016


Yes of course I've opened up the switch again after flushing ;]
Basically I have:

 cookie=0x0, duration=61132.153s, table=0, n_packets=112313104,
n_bytes=18199375313, idle_age=0, priority=0 actions=NORMAL
 cookie=0x0, duration=61107.945s, table=0, n_packets=7122,
n_bytes=467057, idle_age=1576, dl_dst=so:me:ma:cc actions=output:13

That's all, port 13 is set to no-flood of course. The above breaks
return traffic out of port 13 -- even if there is an entry for
so:me:ma:cc in the mac-table -- but the flow is working since I see
ICMP requests coming in to the VM behind port 13 so this isn't an arp
issue -- VM inside port 13 even knows the MAC of the ICMP requester, I
checked.

Everything works fine if: 1) port 13 is no-flood 2) mac-table has a
current entry for mac to port 13 mapping 3) absence of this flow:
dl_dst=so:me:ma:cc actions=output:13

I could add this flow to make sure
arp,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:all -- in fact just did,
made no difference, just saw a flood of arp requests come in which
defeats my goal anyway and still didn't help. But yea, I'm missing
something for the return....not sure what it can be as yes the VM
inside port 13 already knows the MAC of the request so can't be arp...

On Tue, Oct 18, 2016 at 10:12 AM, Justin Pettit <jpettit at ovn.org> wrote:
>
>> On Oct 18, 2016, at 2:38 AM, Tom Gajewski <tom.gajewski at paperspace.com> wrote:
>>
>> Ben, you had asked about my flow table. I've tried this with a
>> completely clear table and not -- same behavior. There has to be some
>> logic I'm missing here. Back story is that I'm trying to compensate
>> for the inability to populate local mac-table with this flow as I want
>> to run ports in 'no-flood' mode. I just tried with a clear flow table
>> and even flood enabled but once I set this:
>>
>> cookie=0x0, duration=260.750s, table=0, n_packets=81, n_bytes=8054,
>> idle_age=0, dl_dst=so:me:ma:cc actions=output:13
>>
>> The weird thing is I actually see this flow working in tcpdump.
>> Meaning, without the above a flow and without a mac-table entry for
>> so:me:ma:cc the vif/port is dead silent. Once I add the above flow
>> tcpdump looks correct -- heck, I even see the incoming ICMP packet
>> inside the VM but the ping never completes, it never makes its way
>> back all I see is one way ICMP echo requests. So am I being stupid
>> here do I need another flow to facilitate the return? (mac-table still
>> doesn't have an entry when I observe ICMP request within VM).
>
> It sounds like you have a flow table that allows traffic toward port 13, but, if you've flushed all the other flows, are you allowing the return traffic?  Also, if you've flushed the flow table, you may need to handle broadcast mac addresses for things like ARP requests.
>
> --Justin
>
>



More information about the discuss mailing list