[ovs-discuss] OpenFlow rules with GRE tunnel

Vikrant Aggarwal ervikrant06 at gmail.com
Thu Oct 12 06:05:15 UTC 2017


May be following commands can help to figure out the issues, as this is a
mininet setup not sure whether all will be applicable or not.

- Port number along with port name

# ovs-ofctl dump-ports-desc <ovs bridge>

- Try commands like ovs-trace [1] to understand where it's getting dropped.

- It will be good to see the full output of dump-flows.

# ovs-ofctl dump-flows <ovs bridge>

[1] http://docs.openvswitch.org/en/latest/topics/tracing/

Thanks & Regards,
Vikrant Aggarwal



On Tue, Oct 10, 2017 at 8:05 AM, Georges Mondji <mondjigeorges at gmail.com>
wrote:

>
> Hi,
>
> I am facing a problem that is the following:
>
> I have 2 hosts that I connect via gre tunnel.
>
> On host 1:
>
> I use mininet to connect 4 hosts to openvswitch bridge s1:
>
> mininet> dump
> <Host h1: h1-eth0:10.0.0.1 pid=2223>
> <Host h2: h2-eth0:10.0.0.2 pid=2226>
> <Host h3: h3-eth0:10.0.0.3 pid=2228>
> <Host h4: h4-eth0:10.0.0.4 pid=2230>
> <OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None,s1-eth3:None,s1-eth4:None
> pid=2235>
> <Controller c0: 127.0.0.1:6633 pid=2216>
>
>
> # ovs-vsctl show
> 9eb8e438-e489-411f-bdde-b6075026d199
>     Bridge "s1"
>         Controller "ptcp:6634"
>         Controller "tcp:127.0.0.1:6633"
>             is_connected: true
>         fail_mode: secure
>         Port "s1-eth2"
>             Interface "s1-eth2"
>         Port "s1-eth1"
>             Interface "s1-eth1"
>         Port "s1-eth4"
>             Interface "s1-eth4"
>         Port "s1-eth3"
>             Interface "s1-eth3"
>         Port "gre0"
>             Interface "gre0"
>                 type: gre
>                 options: {remote_ip="192.168.56.109"}
>         Port "s1"
>             Interface "s1"
>                 type: internal
>
> # ovs-ofctl show s1
> OFPT_FEATURES_REPLY (xid=0x2): dpid:0000000000000001
> n_tables:254, n_buffers:256
> capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
> actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src
> mod_dl_d
>                                     st mod_nw_src mod_nw_dst mod_nw_tos
> mod_tp_src mod_tp_dst
>  1(s1-eth1): addr:62:fd:09:5e:bc:99
>      config:     0
>      state:      0
>      current:    10GB-FD COPPER
>      speed: 10000 Mbps now, 0 Mbps max
>  2(s1-eth2): addr:92:b4:7a:77:58:e8
>      config:     0
>      state:      0
>      current:    10GB-FD COPPER
>      speed: 10000 Mbps now, 0 Mbps max
>  3(s1-eth3): addr:62:e8:08:fc:ef:d6
>      config:     0
>      state:      0
>      current:    10GB-FD COPPER
>      speed: 10000 Mbps now, 0 Mbps max
>  4(s1-eth4): addr:ea:8f:c6:f6:37:43
>      config:     0
>      state:      0
>      current:    10GB-FD COPPER
>      speed: 10000 Mbps now, 0 Mbps max
>  10(gre0): addr:86:f6:b8:e3:72:4e
>      config:     0
>      state:      0
>      speed: 0 Mbps now, 0 Mbps max
>  LOCAL(s1): addr:22:0c:37:f1:9a:42
>      config:     PORT_DOWN
>      state:      LINK_DOWN
>      speed: 0 Mbps now, 0 Mbps max
> OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
>
>
> ==> on host2
>
> I have connect a docker container (with ip 10.0.0.1 ) directly to
> openvswitch brideg s1 on port 1
>
> # ovs-vsctl show
> e793ccff-6257-4865-a75b-0f0e87150fdc
>     Bridge "s1"
>         Port "s1"
>             Interface "s1"
>                 type: internal
>         Port "gre0"
>             Interface "gre0"
>                 type: gre
>                 options: {remote_ip="192.168.56.101"}
>
> #ovs-ofctl show s1
> OFPT_FEATURES_REPLY (xid=0x2): dpid:00000edef8ab794e
> n_tables:254, n_buffers:0
> capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
> actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src
> mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
>  1(8cfb87deac6b4_l): addr:92:4c:79:47:a9:68
>      config:     0
>      state:      0
>      current:    10GB-FD COPPER
>      speed: 10000 Mbps now, 0 Mbps max
>  10(gre0): addr:e2:9c:97:ac:e4:ff
>      config:     0
>      state:      0
>      speed: 0 Mbps now, 0 Mbps max
>  LOCAL(s1): addr:0e:de:f8:ab:79:4e
>      config:     PORT_DOWN
>      state:      LINK_DOWN
>      speed: 0 Mbps now, 0 Mbps max
> OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
>
>
>
> At this point:
>
> pingall work
>
> mininet> pingall
> *** Ping: testing ping reachability
> h1 -> h2 h3 h4
> h2 -> h1 h3 h4
> h3 -> h1 h2 h4
> h4 -> h1 h2 h3
> *** Results: 0% dropped (12/12 received)
>
> And h1, .., h4 can ping individually the container (10.0.0.11) on host 2
>
>
> When I add rules below on the switch:
>
>  hosts h1, .., h4 can ping the container on host2
> mininet> h1 ping -c 4 10.0.0.11
> PING 10.0.0.11 (10.0.0.11) 56(84) bytes of data.
> 64 bytes from 10.0.0.11: icmp_req=1 ttl=64 time=8.05 ms
> 64 bytes from 10.0.0.11: icmp_req=2 ttl=64 time=0.546 ms
> 64 bytes from 10.0.0.11: icmp_req=3 ttl=64 time=0.402 ms
> 64 bytes from 10.0.0.11: icmp_req=4 ttl=64 time=0.369 ms
>
> --- 10.0.0.11 ping statistics ---
> 4 packets transmitted, 4 received, 0% packet loss, time 3011ms
> rtt min/avg/max/mdev = 0.369/2.342/8.051/3.296 ms
>
>
> but h1 cannot ping h2 or h3 or h4 so pingall failed
>
> mininet> pingall
> *** Ping: testing ping reachability
> h1 -> X X X
> h2 -> X X X
> h3 -> X X X
> h4 -> X X X
> *** Results: 100% dropped (0/12 received)
>
>
> Here are openflow rules :
>
> ==> On Host 1
>
> ovs-ofctl add-flow s1 dl_src=00:00:00:00:00:00,dl_
> dst=00:00:00:00:00:00,actions=output:10
>
> ovs-ofctl add-flow s1 icmp,in_port=1,actions=output:10
> ovs-ofctl add-flow s1 icmp,in_port=2,actions=output:10
> ovs-ofctl add-flow s1 icmp,in_port=3,actions=output:10
> ovs-ofctl add-flow s1 icmp,in_port=4,actions=output:10
>
> ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.1,actions=output:1
> ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.2,actions=output:2
> ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.3,actions=output:3
> ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.4,actions=output:4
>
>
> ==> On host 2
>
> ovs-ofctl add-flow s1 icmp,in_port=10,nw_dst=10.0.0.11,actions=output:1'],
> shell = True)
>
> ovs-ofctl add-flow s1 icmp,in_port=1,nw_dst=10.0.0.1,actions=output:10
> ovs-ofctl add-flow s1 icmp,in_port=1,nw_dst=10.0.0.2,actions=output:10
> ovs-ofctl add-flow s1 icmp,in_port=1,nw_dst=10.0.0.3,actions=output:10
> ovs-ofctl add-flow s1 icmp,in_port=1,nw_dst=10.0.0.4,actions=output:10
>
> So the openflow rules are not good. can you help me about what is missing
> in these rules ?
>
> Thanks,
>
> Georges
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20171012/a8a09ff3/attachment-0001.html>


More information about the discuss mailing list