[ovs-discuss] OpenFlow rules with GRE tunnel

Georges Mondji mondjigeorges at gmail.com
Tue Oct 10 02:35:46 UTC 2017


Hi,

I am facing a problem that is the following:

I have 2 hosts that I connect via gre tunnel.

On host 1:

I use mininet to connect 4 hosts to openvswitch bridge s1:

mininet> dump
<Host h1: h1-eth0:10.0.0.1 pid=2223>
<Host h2: h2-eth0:10.0.0.2 pid=2226>
<Host h3: h3-eth0:10.0.0.3 pid=2228>
<Host h4: h4-eth0:10.0.0.4 pid=2230>
<OVSSwitch s1:
lo:127.0.0.1,s1-eth1:None,s1-eth2:None,s1-eth3:None,s1-eth4:None pid=2235>
<Controller c0: 127.0.0.1:6633 pid=2216>


# ovs-vsctl show
9eb8e438-e489-411f-bdde-b6075026d199
    Bridge "s1"
        Controller "ptcp:6634"
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "s1-eth2"
            Interface "s1-eth2"
        Port "s1-eth1"
            Interface "s1-eth1"
        Port "s1-eth4"
            Interface "s1-eth4"
        Port "s1-eth3"
            Interface "s1-eth3"
        Port "gre0"
            Interface "gre0"
                type: gre
                options: {remote_ip="192.168.56.109"}
        Port "s1"
            Interface "s1"
                type: internal

# ovs-ofctl show s1
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000000000000001
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src
mod_dl_d
st mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(s1-eth1): addr:62:fd:09:5e:bc:99
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 2(s1-eth2): addr:92:b4:7a:77:58:e8
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 3(s1-eth3): addr:62:e8:08:fc:ef:d6
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 4(s1-eth4): addr:ea:8f:c6:f6:37:43
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 10(gre0): addr:86:f6:b8:e3:72:4e
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(s1): addr:22:0c:37:f1:9a:42
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0


==> on host2

I have connect a docker container (with ip 10.0.0.1 ) directly to
openvswitch brideg s1 on port 1

# ovs-vsctl show
e793ccff-6257-4865-a75b-0f0e87150fdc
    Bridge "s1"
        Port "s1"
            Interface "s1"
                type: internal
        Port "gre0"
            Interface "gre0"
                type: gre
                options: {remote_ip="192.168.56.101"}

#ovs-ofctl show s1
OFPT_FEATURES_REPLY (xid=0x2): dpid:00000edef8ab794e
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src
mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(8cfb87deac6b4_l): addr:92:4c:79:47:a9:68
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 10(gre0): addr:e2:9c:97:ac:e4:ff
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(s1): addr:0e:de:f8:ab:79:4e
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0



At this point:

pingall work

mininet> pingall
*** Ping: testing ping reachability
h1 -> h2 h3 h4
h2 -> h1 h3 h4
h3 -> h1 h2 h4
h4 -> h1 h2 h3
*** Results: 0% dropped (12/12 received)

And h1, .., h4 can ping individually the container (10.0.0.11) on host 2


When I add rules below on the switch:

 hosts h1, .., h4 can ping the container on host2
mininet> h1 ping -c 4 10.0.0.11
PING 10.0.0.11 (10.0.0.11) 56(84) bytes of data.
64 bytes from 10.0.0.11: icmp_req=1 ttl=64 time=8.05 ms
64 bytes from 10.0.0.11: icmp_req=2 ttl=64 time=0.546 ms
64 bytes from 10.0.0.11: icmp_req=3 ttl=64 time=0.402 ms
64 bytes from 10.0.0.11: icmp_req=4 ttl=64 time=0.369 ms

--- 10.0.0.11 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3011ms
rtt min/avg/max/mdev = 0.369/2.342/8.051/3.296 ms


but h1 cannot ping h2 or h3 or h4 so pingall failed

mininet> pingall
*** Ping: testing ping reachability
h1 -> X X X
h2 -> X X X
h3 -> X X X
h4 -> X X X
*** Results: 100% dropped (0/12 received)


Here are openflow rules :

==> On Host 1

ovs-ofctl add-flow s1
dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,actions=output:10

ovs-ofctl add-flow s1 icmp,in_port=1,actions=output:10
ovs-ofctl add-flow s1 icmp,in_port=2,actions=output:10
ovs-ofctl add-flow s1 icmp,in_port=3,actions=output:10
ovs-ofctl add-flow s1 icmp,in_port=4,actions=output:10

ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.1,actions=output:1
ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.2,actions=output:2
ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.3,actions=output:3
ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.4,actions=output:4


==> On host 2

ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.11,actions=output:1'],
shell = True)

ovs-ofctl add-flow s1 icmp,in_port=1,nw_dst=10.0.0.1,actions=output:10
ovs-ofctl add-flow s1 icmp,in_port=1,nw_dst=10.0.0.2,actions=output:10
ovs-ofctl add-flow s1 icmp,in_port=1,nw_dst=10.0.0.3,actions=output:10
ovs-ofctl add-flow s1 icmp,in_port=1,nw_dst=10.0.0.4,actions=output:10

So the openflow rules are not good. can you help me about what is missing
in these rules ?

Thanks,

Georges
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20171009/be4988af/attachment.html>


More information about the discuss mailing list