[ovs-discuss] [OVN] Does OVN support connection from one router by another

Numan Siddique nusiddiq at redhat.com
Thu Aug 29 06:23:05 UTC 2019


Hi Yun,

It is supported.

>From the ovn-trace, looks like it is getting dropped because of ACL rules.

Can you share output of "ovn-nbctl show"

Thanks
Numan


On Thu, Aug 29, 2019 at 11:48 AM taoyunupt <taoyunupt at 126.com> wrote:

> Hi,
>     I try this feature by OVN/OVS 2.10 with OpenStack(Rocky), but failed.
> I have config static route for two routers.
>     The topology is as the following. The static route for  tyx-router3 is
>  {"destination": "192.168.5.0/24", "nexthop": "192.168.4.7"} , for
> tyx-router4 is  {"destination": "192.168.3.0/24", "nexthop":
> "192.168.4.1"}.
>
>
> (192.168.3.4)vm1------tyx-net3------tyx-router-ext3------tyx-net4(192.168.4.1)--------------tyx-net4(192.168.4.7)-------tyx-router-ext4-------tyx-net5-------vm3(92.168.5.28
> )
>
>
> The following is the print of  'ovn-trace'
>
> [root at ovn1 ~]# ovn-trace  tyx-net3  'inport ==
> "fa890c59-004c-4e38-85e5-a65282ed5fc5" && eth.src == fa:16:3e:f9:3f:f6 &&
> ip4.src == 192.168.3.4 && ip4.dst == 192.168.5.28  && eth.dst ==
> fa:16:3e:e7:e0:d3 && icmp4.type == 8 && icmp4.code == 0 && ip.ttl == 64'
> #
> icmp,reg14=0x2,vlan_tci=0x0000,dl_src=fa:16:3e:f9:3f:f6,dl_dst=fa:16:3e:e7:e0:d3,nw_src=192.168.3.4,nw_dst=192.168.5.28,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
>
> ingress(dp="tyx-net3", inport="fa890c")
> ---------------------------------------
>  0. ls_in_port_sec_l2 (ovn-northd.c:4060): inport == "fa890c" && eth.src
> == {fa:16:3e:f9:3f:f6}, priority 50, uuid 9108f8d0
>     next;
>  1. ls_in_port_sec_ip (ovn-northd.c:2815): inport == "fa890c" && eth.src
> == fa:16:3e:f9:3f:f6 && ip4.src == {192.168.3.4}, priority 90, uuid 8b1a9b58
>     next;
>  3. ls_in_pre_acl (ovn-northd.c:3192): ip, priority 100, uuid c725e5e1
>     reg0[0] = 1;
>     next;
>  5. ls_in_pre_stateful (ovn-northd.c:3319): reg0[0] == 1, priority 100,
> uuid 82635bb8
>     ct_next;
>
> ct_next(ct_state=est|trk /* default (use --ct to customize) */)
> ---------------------------------------------------------------
>  6. ls_in_acl (ovn-northd.c:3506): !ct.new && ct.est && !ct.rpl &&
> ct_label.blocked == 0 && (inport ==
> @pg_e2c85897_5172_4f7e_8e8f_955e45fcfe4e && ip4), priority 2002, uuid
> e9514494
>     next;
> 16. ls_in_l2_lkup (ovn-northd.c:4435): eth.dst == fa:16:3e:e7:e0:d3,
> priority 50, uuid 9b6212a8
>     outport = "636446";
>     output;
>
> egress(dp="tyx-net3", inport="fa890c", outport="636446")
> --------------------------------------------------------
>  1. ls_out_pre_acl (ovn-northd.c:3148): ip && outport == "636446",
> priority 110, uuid 8f379e0c
>     next;
>  9. ls_out_port_sec_l2 (ovn-northd.c:4518): outport == "636446", priority
> 50, uuid a567859a
>     output;
>     /* output to "636446", type "patch" */
>
> ingress(dp="tyx-router-ext3", inport="lrp-636446")
> --------------------------------------------------
>  0. lr_in_admission (ovn-northd.c:5064): eth.dst == fa:16:3e:e7:e0:d3 &&
> inport == "lrp-636446", priority 50, uuid bb3283bd
>     next;
>  7. lr_in_ip_routing (ovn-northd.c:4646): ip4.dst == 192.168.5.0/24,
> priority 49, uuid e2b70316
>     ip.ttl--;
>     reg0 = 192.168.4.7;
>     reg1 = 192.168.4.1;
>     eth.src = fa:16:3e:5d:fe:30;
>     outport = "lrp-af7920";
>     flags.loopback = 1;
>     next;
>  8. lr_in_arp_resolve (ovn-northd.c:6464): outport == "lrp-af7920" && reg0
> == 192.168.4.7, priority 100, uuid 0267358e
>     eth.dst = fa:16:3e:67:fc:74;
>     next;
> 10. lr_in_arp_request (ovn-northd.c:6560): 1, priority 0, uuid b83b5768
>     output;
>
> egress(dp="tyx-router-ext3", inport="lrp-636446", outport="lrp-af7920")
> -----------------------------------------------------------------------
>  3. lr_out_delivery (ovn-northd.c:6588): outport == "lrp-af7920", priority
> 100, uuid 34800ee4
>     output;
>     /* output to "lrp-af7920", type "patch" */
>
> ingress(dp="tyx-net4", inport="af7920")
> ---------------------------------------
>  0. ls_in_port_sec_l2 (ovn-northd.c:4060): inport == "af7920", priority
> 50, uuid f7e17de8
>     next;
> 16. ls_in_l2_lkup (ovn-northd.c:4435): eth.dst == fa:16:3e:67:fc:74,
> priority 50, uuid 1a933421
>     outport = "31b779";
>     output;
>
> egress(dp="tyx-net4", inport="af7920", outport="31b779")
> --------------------------------------------------------
>  4. ls_out_acl (ovn-northd.c:3574): outport == @neutron_pg_drop && ip,
> priority 2001, uuid 11f7b9a5
>     drop;
>
>
> Thanks,
> Yun
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20190829/d2ebb662/attachment.html>


More information about the discuss mailing list