[ovs-discuss] [OVN] Does OVN support connection from one router by another

taoyunupt taoyunupt at 126.com
Thu Aug 29 09:21:17 UTC 2019


Hi,Numan,


Thanks for you reply. This is the print of  "ovn-nbctl show"


switch 508ad343-913e-4a6d-9a91-23e9de468b68 (neutron-030095c8-0caa-4f98-9520-632317b2c837) (aka tyx-net4)
    port af792055-72af-4f7a-8484-66db316228f4
        type: router
        router-port: lrp-af792055-72af-4f7a-8484-66db316228f4
    port 31b77956-94f3-421f-a2e8-50ff48893c23
        type: router
        router-port: lrp-31b77956-94f3-421f-a2e8-50ff48893c23




switch aba4a7d7-0b11-487b-9193-913a3a839632 (neutron-5fcc9c4d-de46-4c8e-a10b-3ac79c33e5a2) (aka tyx-net3)
    port fa890c59-004c-4e38-85e5-a65282ed5fc5
        addresses: ["fa:16:3e:f9:3f:f6 192.168.3.4"]
    port 63644656-cc45-4eff-87d1-6414c77556d6
        type: router
        router-port: lrp-63644656-cc45-4eff-87d1-6414c77556d6








switch b3e5075c-ce72-43ef-bd54-af0e03913d2a (neutron-b38f764a-bbb2-4cda-a3f4-7ad347d6be4a) (aka tyx-net5)
    port 39d68607-c28d-437c-9f56-adcbe4ec6a05
        type: router
        router-port: lrp-39d68607-c28d-437c-9f56-adcbe4ec6a05
    port a47ffe63-cc98-4c07-8abb-19692ba2d806
        addresses: ["fa:16:3e:6a:89:47 192.168.5.28"]


router 024210fb-ed5d-4fda-88aa-2a332a962fd4 (neutron-1994d60c-c7dc-4431-9b89-b42bb6288eb7) (aka tyx-router-ext4)
    port lrp-39d68607-c28d-437c-9f56-adcbe4ec6a05
        mac: "fa:16:3e:66:b2:e6"
        networks: ["192.168.5.1/24"]
    port lrp-31b77956-94f3-421f-a2e8-50ff48893c23
        mac: "fa:16:3e:67:fc:74"
        networks: ["192.168.4.7/24"]


router 2fcf7dfe-0658-4a01-a2e9-4bebc1089ad6 (neutron-22d95dc6-1c03-4e9f-b50f-d08a311cf79c) (aka tyx-router-ext3)
    port lrp-63644656-cc45-4eff-87d1-6414c77556d6
        mac: "fa:16:3e:e7:e0:d3"
        networks: ["192.168.3.1/24"]
    port lrp-8e11cadb-6953-430d-a481-59bdd1f19c56
        mac: "fa:16:3e:9c:f3:3a"
        networks: ["10.142.174.27/24"]
        gateway chassis: [09662100-c00c-414b-bf25-1c18e24bff62]
    port lrp-af792055-72af-4f7a-8484-66db316228f4
        mac: "fa:16:3e:5d:fe:30"
        networks: ["192.168.4.1/24"]
    nat 6f6e60ea-6277-45d7-a704-a4501180c8bb
        external ip: "10.142.174.27"
        logical ip: "192.168.4.0/24"
        type: "snat"
    nat 9931f064-59d6-4e2d-ab4c-ade06a3f296d
        external ip: "10.142.174.27"
        logical ip: "192.168.3.0/24"
        type: "snat"





在 2019-08-29 14:23:05,"Numan Siddique" <nusiddiq at redhat.com> 写道:

Hi Yun,


It is supported.


From the ovn-trace, looks like it is getting dropped because of ACL rules.


Can you share output of "ovn-nbctl show"


Thanks
Numan




On Thu, Aug 29, 2019 at 11:48 AM taoyunupt <taoyunupt at 126.com> wrote:

Hi,
    I try this feature by OVN/OVS 2.10 with OpenStack(Rocky), but failed. I have config static route for two routers.
    The topology is as the following. The static route for  tyx-router3 is  {"destination": "192.168.5.0/24", "nexthop": "192.168.4.7"} , for tyx-router4 is  {"destination": "192.168.3.0/24", "nexthop": "192.168.4.1"}.
     
  (192.168.3.4)vm1------tyx-net3------tyx-router-ext3------tyx-net4(192.168.4.1)--------------tyx-net4(192.168.4.7)-------tyx-router-ext4-------tyx-net5-------vm3(92.168.5.28 )


    
The following is the print of  'ovn-trace'


[root at ovn1 ~]# ovn-trace  tyx-net3  'inport == "fa890c59-004c-4e38-85e5-a65282ed5fc5" && eth.src == fa:16:3e:f9:3f:f6 && ip4.src == 192.168.3.4 && ip4.dst == 192.168.5.28  && eth.dst == fa:16:3e:e7:e0:d3 && icmp4.type == 8 && icmp4.code == 0 && ip.ttl == 64'
# icmp,reg14=0x2,vlan_tci=0x0000,dl_src=fa:16:3e:f9:3f:f6,dl_dst=fa:16:3e:e7:e0:d3,nw_src=192.168.3.4,nw_dst=192.168.5.28,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0


ingress(dp="tyx-net3", inport="fa890c")
---------------------------------------
 0. ls_in_port_sec_l2 (ovn-northd.c:4060): inport == "fa890c" && eth.src == {fa:16:3e:f9:3f:f6}, priority 50, uuid 9108f8d0
    next;
 1. ls_in_port_sec_ip (ovn-northd.c:2815): inport == "fa890c" && eth.src == fa:16:3e:f9:3f:f6 && ip4.src == {192.168.3.4}, priority 90, uuid 8b1a9b58
    next;
 3. ls_in_pre_acl (ovn-northd.c:3192): ip, priority 100, uuid c725e5e1
    reg0[0] = 1;
    next;
 5. ls_in_pre_stateful (ovn-northd.c:3319): reg0[0] == 1, priority 100, uuid 82635bb8
    ct_next;


ct_next(ct_state=est|trk /* default (use --ct to customize) */)
---------------------------------------------------------------
 6. ls_in_acl (ovn-northd.c:3506): !ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (inport == @pg_e2c85897_5172_4f7e_8e8f_955e45fcfe4e && ip4), priority 2002, uuid e9514494
    next;
16. ls_in_l2_lkup (ovn-northd.c:4435): eth.dst == fa:16:3e:e7:e0:d3, priority 50, uuid 9b6212a8
    outport = "636446";
    output;


egress(dp="tyx-net3", inport="fa890c", outport="636446")
--------------------------------------------------------
 1. ls_out_pre_acl (ovn-northd.c:3148): ip && outport == "636446", priority 110, uuid 8f379e0c
    next;
 9. ls_out_port_sec_l2 (ovn-northd.c:4518): outport == "636446", priority 50, uuid a567859a
    output;
    /* output to "636446", type "patch" */


ingress(dp="tyx-router-ext3", inport="lrp-636446")
--------------------------------------------------
 0. lr_in_admission (ovn-northd.c:5064): eth.dst == fa:16:3e:e7:e0:d3 && inport == "lrp-636446", priority 50, uuid bb3283bd
    next;
 7. lr_in_ip_routing (ovn-northd.c:4646): ip4.dst == 192.168.5.0/24, priority 49, uuid e2b70316
    ip.ttl--;
    reg0 = 192.168.4.7;
    reg1 = 192.168.4.1;
    eth.src = fa:16:3e:5d:fe:30;
    outport = "lrp-af7920";
    flags.loopback = 1;
    next;
 8. lr_in_arp_resolve (ovn-northd.c:6464): outport == "lrp-af7920" && reg0 == 192.168.4.7, priority 100, uuid 0267358e
    eth.dst = fa:16:3e:67:fc:74;
    next;
10. lr_in_arp_request (ovn-northd.c:6560): 1, priority 0, uuid b83b5768
    output;


egress(dp="tyx-router-ext3", inport="lrp-636446", outport="lrp-af7920")
-----------------------------------------------------------------------
 3. lr_out_delivery (ovn-northd.c:6588): outport == "lrp-af7920", priority 100, uuid 34800ee4
    output;
    /* output to "lrp-af7920", type "patch" */


ingress(dp="tyx-net4", inport="af7920")
---------------------------------------
 0. ls_in_port_sec_l2 (ovn-northd.c:4060): inport == "af7920", priority 50, uuid f7e17de8
    next;
16. ls_in_l2_lkup (ovn-northd.c:4435): eth.dst == fa:16:3e:67:fc:74, priority 50, uuid 1a933421
    outport = "31b779";
    output;


egress(dp="tyx-net4", inport="af7920", outport="31b779")
--------------------------------------------------------
 4. ls_out_acl (ovn-northd.c:3574): outport == @neutron_pg_drop && ip, priority 2001, uuid 11f7b9a5
    drop;




Thanks,
Yun
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20190829/6c61c783/attachment.html>


More information about the discuss mailing list