[ovs-discuss] OVS VXLAN local_ip does not seem to function - Bug

Padgett, Marcus Marcus.Padgett at windstream.com
Fri May 4 14:17:14 UTC 2018 

Good morning,

I just wanted to follow up to see if anything had been discovered in relation to this issue as well as provide some additional information.

I originally tested this on 2.5.2.  I have since tested this setup on 2.5.4, 2.6.1, and 2.9.0.  It appears to still be an issue unfortunately.  I'm not ruling out an error in my configuration, but based on my testing with other traffic, this should work assuming OVS is setting the source IP (local_ip) correctly.

What I currently have setup is the mangle iptables matching for source IP and setting a MARK to then force that traffic out a specific interface using ip rules.  This is set on the OUTPUT chain for local process traffic prior to routing is processed, so in theory, as the packet is formed by OVS.

Here's my settings from the 2.9.0 install;
root at ubuntu-2:~# ovs-vsctl -V
ovs-vsctl (Open vSwitch) 2.9.0
DB Schema 7.15.1

root at ubuntu-2:~# ovs-vswitchd --version
ovs-vswitchd (Open vSwitch) 2.9.0

The output from OVS-vsctl show;
        Port "vxlan2"
            Interface "vxlan2"
                type: vxlan
                options: {key="102", local_ip="172.16.253.14", remote_ip="40.138.35.40"}
        Port "vxlan1"
            Interface "vxlan1"
                type: vxlan
                options: {key="101", local_ip="172.16.252.113", remote_ip="40.138.35.40"}

In the mangle table, this is the output (with counters);
Chain OUTPUT (policy ACCEPT 37 packets, 13896 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 MARK       udp  --  *      *       172.16.253.14        0.0.0.0/0            udp dpt:4789 MARK set 0xd1
2     1704  213K MARK       udp  --  *      *       172.16.252.113       0.0.0.0/0            udp dpt:4789 MARK set 0xd2

Here are my routing rules and tables;
root at ubuntu-2:~# ip rule show
0:      from all fwmark 0xd1 lookup rt1 
5:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default 

root at ubuntu-2:~# ip route show table rt1
default via 172.16.253.1 dev ens4  src 172.16.253.14 
172.16.253.0/24 dev ens4  scope link  src 172.16.253.14

root at ubuntu-2:~# ip route show
default via 172.16.252.1 dev ens3 
169.254.169.254 via 172.16.252.1 dev ens3 
172.16.252.0/24 dev ens3  proto kernel  scope link  src 172.16.252.113 
172.16.253.0/24 dev ens4  proto kernel  scope link  src 172.16.253.14 

Thank you,
Marcus Padgett
Sr Engineer – Service Architecture | Windstream

-----Original Message-----
From: Gregory Rose [mailto:gvrose8192 at gmail.com] 
Sent: Saturday, April 28, 2018 6:05 PM
To: Ben Pfaff <blp at ovn.org>; Padgett, Marcus <Marcus.Padgett at windstream.com>
Cc: bugs at openvswitch.org
Subject: Re: [ovs-discuss] OVS VXLAN local_ip does not seem to function - Bug

On 4/28/2018 12:00 PM, Ben Pfaff wrote:
> Greg, if you have a moment, would you mind taking a look at this 
> sometime?  I am curious why there would be a difference between GRE 
> and VXLAN here.

I'm fairly socked under with some other work but I'll give it a look this weekend.

Thanks,

- Greg

>
> Marcus, 2.5.2 is pretty old, even within the 2.5.x branch.  I don't, 
> however, see a commit that obviously would fix it within that branch.
> Still, if you have a chance, you might try the latest master, or 
> 2.9.0, to see if it behaves the same way.
>
> Thanks,
>
> Ben.
>
> On Thu, Apr 26, 2018 at 01:17:44PM +0000, Padgett, Marcus wrote:
>> I have an issue with OVS VXLAN and using the local_ip option for the interface.  Some of the IP addresses have been changed in the email since I don't know exactly who sees this.
>>
>> What you did that make the problem appear.
>> Using a server with two interfaces with two default routes, I want to build a VXLAN tunnel over each link to a destination switch.  I am utilizing iptables to mark and ip rules to re-direct the traffic for the second tunnel out the correct interface.  I have built the VXLAN tunnel in OVS trying to use the "local_ip" option.
>> EXAMPLE:
>> sudo ovs-vsctl add-port ovs-br1 tun1 -- set Interface tun1 type=vxlan 
>> options:remote_ip=172.17.253.1 options:key=testflow2 
>> options:local_ip=172.16.253.16
>>
>> What you expected to happen.
>>              I expected the VXLAN tunnel to be sent using the specified source IP address of 172.16.253.16 out the correct interface.
>>
>> What actually happened.
>>              The VXLAN tunnel exits the correct interface based on my routing rules, however was formed utilizing the other interface's IP address (172.16.252.108).
>>              EXAMPLE:
>> 08:24:42.779236 IP 172.16.252.108.57418 > 172.17.253.1.4789: VXLAN, 
>> flags [I] (0x08), vni 0 LLDP, length 79
>> 08:24:42.779437 IP 172.16.252.108.34566 > 172.17.253.1.4789: VXLAN, 
>> flags [I] (0x08), vni 0
>> 02:eb:86:0d:38:74 (oui Unknown) > Broadcast, ethertype Unknown (0x8942), length 93:
>>          0x0000:  0207 0486 e5fb d3da 4204 0502 0000 000e  ........B.......
>>          0x0010:  0602 0078 fe12 a423 0501 4f4e 4f53 2044  ...x...#..ONOS.D
>>          0x0020:  6973 636f 7665 7279 fe17 a423 0502 6f66  iscovery...#..of
>>          0x0030:  3a30 3030 3038 3665 3566 6264 3364 6134  :000086e5fbd3da4
>>          0x0040:  3208 0a75 6370 652d 7475 6e2d 3200 00    2..tun1..
>>
>> The Open vSwitch version number (as output by ovs-vswitchd --version).
>> ovs-vswitchd (Open vSwitch) 2.5.2
>> Compiled Oct 17 2017 16:38:57
>>
>> The kernel version on which Open vSwitch is running (from /proc/version) and the distribution and version number of your OS (e.g. "Centos 5.0").
>>              Linux version 4.4.0-87-generic (buildd at lcy01-31) (gcc 
>> version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #110-Ubuntu 
>> SMP Tue Jul 18 12:55:35 UTC 2017
>>
>> The output of ovs-dpctl show.
>> system at ovs-system:
>>          lookups: hit:191881 missed:5814 lost:0
>>          flows: 4
>>          masks: hit:471168 total:4 hit/pkt:2.38
>>          port 0: ovs-system (internal)
>>          port 1: ovs-br1 (internal)
>>          port 2: vxlan_sys_4789 (vxlan)
>>          port 3: ovs-lan (internal)
>>          port 4: k8s-br (internal)
>>          port 5: mirror-br (internal)
>>          port 6: ens6
>>          port 7: wan2 (internal)
>>
>> Any other information that you think might be relevant.
>> Everything works fine when building with GRE instead of VXLAN, all the same routing and firewall rules.  The rules are not matching any protocol specific parameters, just matching on destination IP address to mark the traffic.
>>
>> Thank you,
>> Marcus Padgett
>> Sr Engineer - Service Architecture | Windstream 
>> Marcus.Padgett at windstream.com<http://www.windstreambusiness.com/>
>>
>> This email message and any attachments are for the sole use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments.
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

More information about the discuss mailing list