[ovs-discuss] Conntrack issue in OVS (2.6)+DPDK

Darrell Ball dball at vmware.com
Wed Aug 23 18:50:58 UTC 2017


Hi Rohith

I might have missed the alias earlier.

From the below o/p, I see the rule
cookie=0x6900000, duration=15546.577s, table=244, n_packets=0, n_bytes=0, priority=62020,ct_state=-new-est+rel-inv+trk actions=resubmit(,220)
not being hit.

I also see the rule
cookie=0x6900001, duration=2819.230s, table=244, n_packets=2, n_bytes=196, priority=50, ct_state=+new+trk,metadata=0x1a530000000000/0x1fffff0000000000 actions=drop
having a drop action.

What is the expectation of the test ?
Is table 244 intended to drop non-related and non-established packets ?

Thanks Darrell

From: <ovs-discuss-bounces at openvswitch.org> on behalf of Rohith Basavaraja <rohith.basavaraja at ericsson.com>
Date: Wednesday, August 23, 2017 at 3:03 AM
To: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
Subject: [ovs-discuss] Conntrack issue in OVS (2.6)+DPDK

Hi,

I see that if I have following rules, i.e not allow any new connections and allow only established and related flows,

cookie=0x6900001, duration=2819.230s, table=244, n_packets=2, n_bytes=196, priority=50, ct_state=+new+trk,metadata=0x1a530000000000/0x1fffff0000000000 actions=drop
cookie=0x6900000, duration=15546.577s, table=244, n_packets=0, n_bytes=0, priority=62020,ct_state=-new-est+rel-inv+trk actions=resubmit(,220)
cookie=0x6900000, duration=15546.552s, table=244, n_packets=3819, n_bytes=431050, priority=62020,ct_state=-new+est-rel-inv+trk actions=resubmit(,220)

We are still seeing that new connections are getting allowed, we see this behavior/issue only OVS + DPDK and not in OVS kernel mode.

Wanted to check if this issue is already reported elsewhere or it’s new issue.

Thanks
Rohith




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170823/4dbc2a90/attachment.html>


More information about the discuss mailing list