[ovs-discuss] ovn-trace not showing full logical flow

Ben Pfaff blp at ovn.org
Sun Sep 17 16:57:53 UTC 2017


On Sun, Sep 17, 2017 at 05:03:19PM +0530, Vikrant Aggarwal wrote:
>  0. ls_in_port_sec_l2 (ovn-northd.c:2979): inport ==
> "4c72cee2-35b7-4bcd-8c77-135a22d16df1" && eth.src == {fa:16:3e:55:3f:be},
> priority 50, uuid b6b8d57a
>     next;
>  1. ls_in_port_sec_ip (ovn-northd.c:2113): inport ==
> "4c72cee2-35b7-4bcd-8c77-135a22d16df1" && eth.src == fa:16:3e:55:3f:be &&
> ip4.src == {10.10.10.4}, priority 90, uuid ba02f466
>     next;
>  3. ls_in_pre_acl (ovn-northd.c:2397): ip, priority 100, uuid 25d55e7b
>     reg0[0] = 1;
>     next;
>  5. ls_in_pre_stateful (ovn-northd.c:2515): reg0[0] == 1, priority 100,
> uuid b84a160f
>     ct_next;
>     *** ct_* actions not implemented

ovn-trace in Open vSwitch 2.7 doesn't support the ct_* actions, which
means that tracing through a distributed firewall tends to end up this
way.

ovn-trace in Open vSwitch 2.8 does support these actions, so you'll see
more success there.


More information about the discuss mailing list