[ovs-discuss] about L3 Route problem with two host
feihu929 at sina.com
feihu929 at sina.com
Fri Jul 14 13:58:10 UTC 2017
I build a L3 Route Test with Three Host(network1/ovn-central, network2/ovn-host, network3/ovn-host), each ovn-host node run 2 vm and conntected by 2 logical switch, the two logical switch connected by 1 logical router, as below
network1
---------------
| ovn-central |
---------------
/ \
/ \
/ \
/ \
/ \
/ \
/ \
--------------- ---------------
| -------- | lswtich 1 | -------- |
| | vm1 |---|---------------------| | vm1 |---|
| -------- | | | -------- |
| | | | |
| | | | |
| | ------------- | |
| ovn-host | | lrouter 1 | | ovn-host |
| | ------------- | |
| | | | |
| | | | |
| -------- | lswtich 2 | -------- |
| | vm1 |---|---------------------| | vm1 |---|
| -------- | | -------- |
| | | |
--------------- ---------------
network2 network3
When testing, I encount a problem as below.
1. the vm1 can ping vm2 which in the same logical switch not in the same host node.
2. the vm1 can ping vm3 which not in the same logical switch and in the same host node.
3. the vm1 CAN NOT ping vm4 which not in the same logical switch and not in the same host node.
the host (network1/2/3) is centos7 with openvswitch/ovn 2.6.1
the build command as below
---------------------------
# Create the first logical switch and its two ports.
ovn-nbctl ls-add sw0
ovn-nbctl lsp-add sw0 sw0-port1
ovn-nbctl lsp-set-addresses sw0-port1 "00:00:00:00:00:01 10.0.0.51"
ovn-nbctl lsp-set-port-security sw0-port1 "00:00:00:00:00:01 10.0.0.51"
ovn-nbctl lsp-add sw0 sw0-port2
ovn-nbctl lsp-set-addresses sw0-port2 "00:00:00:00:00:02 10.0.0.52"
ovn-nbctl lsp-set-port-security sw0-port2 "00:00:00:00:00:02 10.0.0.52"
# Create the second logical switch and its two ports.
ovn-nbctl ls-add sw1
ovn-nbctl lsp-add sw1 sw1-port1
ovn-nbctl lsp-set-addresses sw1-port1 "00:00:00:00:00:03 192.168.1.51"
ovn-nbctl lsp-set-port-security sw1-port1 "00:00:00:00:00:03 192.168.1.51"
ovn-nbctl lsp-add sw1 sw1-port2
ovn-nbctl lsp-set-addresses sw1-port2 "00:00:00:00:00:04 192.168.1.52"
ovn-nbctl lsp-set-port-security sw1-port2 "00:00:00:00:00:04 192.168.1.52"
# Create a logical router between sw0 and sw1.
ovn-nbctl create Logical_Router name=lr0
ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 10.0.0.1/24
ovn-nbctl lsp-add sw0 sw0-lrp0 \
-- set Logical_Switch_Port sw0-lrp0 type=router \
options:router-port=lrp0 addresses='"00:00:00:00:ff:01"'
ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 192.168.1.1/24
ovn-nbctl lsp-add sw1 sw1-lrp1 \
-- set Logical_Switch_Port sw1-lrp1 type=router \
options:router-port=lrp1 addresses='"00:00:00:00:ff:02"'
$ ovn-nbctl show
switch bf4ba6c6-91c5-4f56-9981-72643816f923 (sw1)
port sw1-lrp1
addresses: ["00:00:00:00:ff:02"]
port sw1-port2
addresses: ["00:00:00:00:00:04 192.168.1.52"]
port sw1-port1
addresses: ["00:00:00:00:00:03 192.168.1.51"]
switch 13b80127-4b36-46ea-816a-1ba4ffd6ac57 (sw0)
port sw0-port1
addresses: ["00:00:00:00:00:01 10.0.0.51"]
port sw0-lrp0
addresses: ["00:00:00:00:ff:01"]
port sw0-port2
addresses: ["00:00:00:00:00:02 10.0.0.52"]
router 68935017-967a-4c4a-9dad-5d325a9f203a (lr0)
port lrp0
mac: "00:00:00:00:ff:01"
networks: ["10.0.0.1/24"]
port lrp1
mac: "00:00:00:00:ff:02"
networks: ["192.168.1.1/24"]
# on network2 host
ip netns add vm1
ovs-vsctl add-port br-int vm1 -- set interface vm1 type=internal
ip link set vm1 netns vm1
ovs-vsctl set Interface vm1 external_ids:iface-id=sw0-port1
ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:01
ip netns exec vm1 ip addr add 10.0.0.51/24 dev vm1
ip netns exec vm1 ip link set vm1 up
ip netns exec vm1 ip route add default via 10.0.0.1 dev vm1
ip netns add vm3
ovs-vsctl add-port br-int vm3 -- set interface vm3 type=internal
ip link set vm3 netns vm3
ovs-vsctl set Interface vm3 external_ids:iface-id=sw1-port1
ip netns exec vm3 ip link set vm3 address 00:00:00:00:00:03
ip netns exec vm3 ip addr add 192.168.1.51/24 dev vm3
ip netns exec vm3 ip link set vm3 up
ip netns exec vm3 ip route add default via 192.168.1.1 dev vm3
# on network3 host
ip netns add vm2
ovs-vsctl add-port br-int vm2 -- set interface vm2 type=internal
ip link set vm2 netns vm2
ovs-vsctl set Interface vm2 external_ids:iface-id=sw0-port2
ip netns exec vm2 ip link set vm2 address 00:00:00:00:00:02
ip netns exec vm2 ip addr add 10.0.0.52/24 dev vm2
ip netns exec vm2 ip link set vm2 up
ip netns exec vm2 ip route add default via 10.0.0.1 dev vm2
ip netns add vm4
ovs-vsctl add-port br-int vm4 -- set interface vm4 type=internal
ip link set vm4 netns vm4
ovs-vsctl set Interface vm4 external_ids:iface-id=sw1-port2
ip netns exec vm4 ip link set vm4 address 00:00:00:00:00:04
ip netns exec vm4 ip addr add 192.168.1.52/24 dev vm4
ip netns exec vm4 ip link set vm4 up
ip netns exec vm4 ip route add default via 192.168.1.1 dev vm4
[root at network1 ~]# ovn-sbctl show
Chassis "8b3511e6-ae41-4988-ae91-cc829fb1878c"
hostname: "network3"
Encap vxlan
ip: "10.2.170.113"
options: {csum="true"}
Port_Binding "sw1-port2"
Port_Binding "sw0-port2"
Chassis "e8821b82-a4a5-4b3b-9f2a-36f9be23ba3e"
hostname: "network1"
Encap vxlan
ip: "10.2.170.111"
options: {csum="true"}
Chassis "d934c4d5-9374-4dd2-a51e-8fafd45519c0"
hostname: "network2"
Encap vxlan
ip: "10.2.170.112"
options: {csum="true"}
Port_Binding "sw1-port1"
Port_Binding "sw0-port1"
#ping vm2 from vm 1
[root at network2 ~]# ip netns exec vm1 ping 10.0.0.52
PING 10.0.0.52 (10.0.0.52) 56(84) bytes of data.
64 bytes from 10.0.0.52: icmp_seq=1 ttl=64 time=0.971 ms
64 bytes from 10.0.0.52: icmp_seq=2 ttl=64 time=0.233 ms
64 bytes from 10.0.0.52: icmp_seq=3 ttl=64 time=0.266 ms
#ping vm3 from vm 1
[root at network2 ~]# ip netns exec vm1 ping 192.168.1.51
PING 192.168.1.51 (192.168.1.51) 56(84) bytes of data.
64 bytes from 192.168.1.51: icmp_seq=1 ttl=63 time=0.515 ms
64 bytes from 192.168.1.51: icmp_seq=2 ttl=63 time=0.043 ms
64 bytes from 192.168.1.51: icmp_seq=3 ttl=63 time=0.037 ms
#ping vm4 from vm 1
[root at network2 ~]# ip netns exec vm1 ping 192.168.1.52
PING 192.168.1.52 (192.168.1.52) 56(84) bytes of data.
^C
--- 192.168.1.52 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms
#ping vm4 from vm 3
[root at network2 ~]# ip netns exec vm3 ping 192.168.1.52
PING 192.168.1.52 (192.168.1.52) 56(84) bytes of data.
64 bytes from 192.168.1.52: icmp_seq=1 ttl=64 time=1.14 ms
64 bytes from 192.168.1.52: icmp_seq=2 ttl=64 time=0.210 ms
64 bytes from 192.168.1.52: icmp_seq=3 ttl=64 time=0.264 ms
#when ping vm4 from vm 1, the network 3 already recived the ping packet
[root at network3 ~]# ovs-tcpdump -i ovn-d934c4-0 host 192.168.1.52 -e
tcpdump: WARNING: miovn-d934c4-0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on miovn-d934c4-0, link-type EN10MB (Ethernet), capture size 65535 bytes
21:46:50.214453 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 1, length 64
21:46:51.213986 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 2, length 64
21:46:52.214016 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 3, length 64
21:46:53.214042 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 4, length 64
21:46:54.214029 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 5, length 64
# the ovn-d934c4-0 as below
[root at network3 ~]# ovs-vsctl show
6cec42de-1724-4e87-847c-01070c068015
Bridge br-int
fail_mode: secure
Port "patch-lrp0-to-sw0-lrp0"
Interface "patch-lrp0-to-sw0-lrp0"
type: patch
options: {peer="patch-sw0-lrp0-to-lrp0"}
Port br-int
Interface br-int
type: internal
Port "ovn-d934c4-0"
Interface "ovn-d934c4-0"
type: vxlan
options: {csum="true", key=flow, remote_ip="10.2.170.112"}
Port "ovn-e8821b-0"
Interface "ovn-e8821b-0"
type: vxlan
options: {csum="true", key=flow, remote_ip="10.2.170.111"}
Port "patch-sw0-lrp0-to-lrp0"
Interface "patch-sw0-lrp0-to-lrp0"
type: patch
options: {peer="patch-lrp0-to-sw0-lrp0"}
Port "patch-lrp1-to-sw1-lrp1"
Interface "patch-lrp1-to-sw1-lrp1"
type: patch
options: {peer="patch-sw1-lrp1-to-lrp1"}
Port "patch-sw1-lrp1-to-lrp1"
Interface "patch-sw1-lrp1-to-lrp1"
type: patch
options: {peer="patch-lrp1-to-sw1-lrp1"}
Port "vm4"
Interface "vm4"
type: internal
Port "vm2"
Interface "vm2"
type: internal
ovs_version: "2.6.1"
More information about the discuss
mailing list