[ovs-discuss] About VXLAN connecting container and physical machine

i_j_e_x_a at yahoo.co.jp i_j_e_x_a at yahoo.co.jp
Sun Sep 6 17:35:41 UTC 2020


Hi.

Thanks for reply. I added some flow controls but the result is not effective. Here's the detail.

To see dump of vxlan packets on the ovs whose port has physical connection to 34:95:db:28:4a:5e,
it was found that the arp reply arrived to the ovs.

[machine4]
2020-09-07 02:08:34.471064 Out 34:95:db:28:4a:5e ethertype ARP (0x0806),
  length 44: Request who-has 172.20.0.21 tell 172.20.0.100, length 28

[machien1]
2020-09-07 02:08:34.471727 Out 70:85:c2:44:70:37 ethertype IPv4 (0x0800),
  length 112: 192.168.1.2.34064 > 192.168.1.30.4789: VXLAN, flags [I] (0x08), vni 1025
  34:95:db:28:4a:5e > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806),
  length 60: Request who-has 172.20.0.21 tell 172.20.0.100, length 46
2020-09-07 02:08:34.471749 Out 70:85:c2:44:70:37 ethertype IPv4 (0x0800),
  length 112: 192.168.1.2.34064 > 192.168.64.1.4789: VXLAN, flags [I] (0x08), vni 1025
  34:95:db:28:4a:5e > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806),
  length 60: Request who-has 172.20.0.21 tell 172.20.0.100, length 46
2020-09-07 02:08:34.477723  In 08:00:27:c2:5a:9f ethertype IPv4 (0x0800),
  length 94: 192.168.1.30.50525 > 192.168.1.2.4789: VXLAN, flags [I] (0x08), vni 1025
  e6:c2:22:f9:1c:41 > 34:95:db:28:4a:5e, ethertype ARP (0x0806),
  length 42: Reply 172.20.0.21 is-at e6:c2:22:f9:1c:41, length 28

Since it is necessary for the ovs to transfer arp reply to the destination, I added the following.

  # ovs-ofctl add-flow ovsbr0 dl_type=0x0806,nw_proto=2,dl_dst=34:95:db:28:4a:5e,actions=output:15

However, the arp replies are not transferred to machine4.

  # ovs-ofctl dump-flows ovsbr0
  cookie=0x0, duration=172.977s, table=0, n_packets=0, n_bytes=0, arp,dl_dst=34:95:db:28:4a:5e,arp_op=2 actions=output:enp1s0f2
  cookie=0x0, duration=253.776s, table=0, n_packets=10, n_bytes=670, priority=0 actions=NORMAL

Let me know what's wrong with the configuration. 

Regards,

> 2020/08/31 10:50、Heim, Dennis <Dennis.Heim at wwt.com>のメール:
> 
> When I have done VXLAN, I did it with a controller. Remember VXLAN defines the data plane, but not the control plane (Mac address, etc).
> 
> -----Original Message-----
> From: discuss <ovs-discuss-bounces at openvswitch.org> On Behalf Of i_j_e_x_a at yahoo.co.jp
> Sent: Sunday, August 30, 2020 1:17 PM
> To: ovs-discuss at openvswitch.org
> Subject: [ovs-discuss] About VXLAN connecting container and physical machine
> 
> Hi.
> 
> I tried to establish L2 network between a docker container and a physical machine by using vxlan of OVS. The container host is different from the physical machine. So far, it is not successful. I'd like to have comments on how to do this.
> 
> Here's the detail.
> 
> As shown in the figure and description below, there are five physical machines, machine1, machine2, machine3, machine4, and machine5. On all of them are running linux. Each of machine1, machine2 and machine3 has a OVS bridge.
> 
> Connection between docker2 and docker3 works fine. Connection between machine4 and machine5 also works fine. When ovsbr1 is down, machine4 and machine5 connection fails. Therefore, it is sure that ovsbr1 is forwarding packets between machine4 and machine5.
> 
> However, connection between docker2 and machine4 is not established. Ping never reaches between these. I dumped packets and found the following.
> 
> Docker2 ping to machine4 did not succeed, during which
>  a) arp requests arriveed on machine1 via the vxlan channel.
>  b) no arp request arrived on machine4.
> Docker2 ping to docker3 succeeded, during which
>  c) arp requests arrived on machine3 via the vxlan channel.
>  d) arp requests arrived on docker3 and docker3 replied.
> 
> To summerize, OVS does not forward arp request comming from vxlan to its connected physical ports in this configuration.
> 
> Please let me know how to establish connection between docker2 and machine4 in this configuration.
> 
> Regards,
> 
>                                       +-------+         +-------+
>                                       |docker2|         |docker3|
>                                       +--+----+         +--+----+
>                                          |eth2             |eth3
>                                          |                 |
>                                 ovsbr2+--+--+     ovsbr3+--+--+
>      +-----------------+         +-------------+   +-------------+
>      |     machine1    |         |   machine2  |   |   machine3  |
>      +---------------+-+         +----+--------+   +----+--------+
> ovsbr1+-+--+         |                |                 |
>         |  |         |                |                 |
> enp1s0f0+  +enp1s0f1 |enp3s0    enp0s3|           enp0s3|
>         |   \        +----------------+-----------------+    
>         |    \                 physical switch
>         |     \
>         |eth4  \eth5
>   +-----+----+  +----------+
>   | machine4 |  | machine5 |
>   +----------+  +----------+
> 
> 
> Machine1:
>  Three physical ports, enp1s0f0, enp1s0f1 and enp3s0.
>  A ovs switch named ovsbr1.
>  Enp1s0f[01] are logically connected to ovsbr1.
>  Enp1s0f0 is physically connected to machine4.
>  Enp1s0f1 is physically connected to machine5.
>  Enp3s0 is physically connected to the physical switch.
> 
> Machine2:
>  One physical port, enp0s3 which is connected to the physical switch.
>  One ovs switch named ovsbr2.
>  One docker container, named Docker0 on the machine, is connected to ovsbr2.
> 
> Machine3:
>  One physical port, enp0s3 which is connected to the physical switch.
>  One ovs switch named ovsbr3.
>  One docker container, named Docker1 on the machine, is connected to ovsbr3.
> 
> Machine4, Machine5:
>  Each has one physical port, whose names are eth4 and eth5 respectivly.
>  Eth4 is physically connect to enp1s0f0.
>  Eth5 is physically connect to enp1s0f1.
> 
> Ovsbr1 has a VXLAN port whose remote is ovsbr2.
> Ovsbr2 has two VXLAN ports whose remote are ovsbr1 and ovsbr3.
> Ovsbr3 has a VXLAN port whose remote is ovsbr2.
> 
> 
> IPv4:
>  machine1:enp3s0  192.168.1.1/24
>  machine2:enp0s3  192.168.1.2/24
>  machine3:enp0s3  192.168.1.3/24
>  docker0:eth2     172.20.0.2/24
>  docker1:eth3     172.20.0.3/24
>  machine4:eth4    172.20.0.4/24
>  machine5:eth5    172.20.0.5/24
> 
> machine1# ovs-vsctl show
>    Bridge ovsbr0
>        Port vxlan1025.2
>            Interface vxlan1025.2
>                type: vxlan
>                options: {key="1025", remote_ip="192.168.1.2"}
>        Port ovsbr0
>            Interface ovsbr1
>                type: internal
>        Port enp1s0f1
>            Interface enp1s0f1
>        Port enp1s0f0
>            Interface enp1s0f0
>    ovs_version: "2.13.1"
> 
> machine2# ovs-vsctl show
>    Bridge ovsbr0
>        Port ovsbr0
>            Interface ovsbr0
>                type: internal
>        Port vxlan1025.1
>            Interface vxlan1025.1
>                type: vxlan
>                options: {key="1025", remote_ip="192.168.1.1"}
>        Port vxlan1025.3
>            Interface vxlan1025.3
>                type: vxlan
>                options: {key="1025", remote_ip="192.168.1.3"}
>        Port ba1e1f0927484_l
>            Interface ba1e1f0927484_l
>    ovs_version: "2.13.0"
> 
> machine3# ovs-vsctl show
>    Bridge ovsbr0
>        Port a2cedfb6beb34_l
>            Interface a2cedfb6beb34_l
>        Port vxlan1025
>            Interface vxlan1025.2
>                type: vxlan
>                options: {key="1025", remote_ip="192.168.1.2"}
>        Port ovsbr0
>            Interface ovsbr0
>                type: internal
>    ovs_version: "2.13.0"
> 
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7CDennis.Heim%40wwt.com%7C26ec2c2919cd42c1dd6a08d84d194c89%7Ca2d8e6b4e26e44218f3dec288c827c7d%7C1%7C1%7C637344118344749366&sdata=KrNdRmIbtZHpw72LL7xqUqS4ZgpGD06oFW7QWWrxrew%3D&reserved=0



More information about the discuss mailing list