Bryant is right
topo:
vm1(1.1.1.2/24)--lswitch--(1.1.1.1)lrouter(2.2.2.1)--lswitch--vm2(2.2.2.2/24)
vm1 and vm2 is on2 different host, vm1 on host1 vm2 on host2
When ping from vm1 to vm2 , the result of ovs-dpctl dump-flows on host2:
ingress:
recirc_id(0),tunnel(tun_id=0x3,src=10.160.1.122,dst=10.160.1.80,ttl=64,geneve({class=0xffff,type=0,len=4,0x20003}),flags(-df-csum+key)),in_port(2),skb_mark(0),eth_type(0x0800),ipv4(frag=no),
packets:23, bytes:2254, used:0.314s,
actions:ct(zone=1,mark=0/0,label=0/0),recirc(0x6)
recirc_id(0x6),tunnel(tun_id=0x3,src=10.160.1.122,dst=10.160.1.80,ttl=64,geneve({class=0xffff,type=0,len=4}),flags(-df-csum+key)),in_port(2),skb_mark(0),ct_state(-new+est-rel-inv+trk),eth(dst=fa:16:3e:a5:d0:28),eth_type(0x0800),ipv4(frag=no),
packets:22, bytes:2156, used:0.314s, actions:3
egress
recirc_id(0),in_port(3),eth(src=fa:16:3e:a5:d0:28),eth_type(0x0800),ipv4(frag=no),
packets:23, bytes:2254, used:0.313s,
actions:ct(zone=1,mark=0/0,label=0/0),recirc(0x7)
recirc_id(0x7),in_port(3),ct_state(-new+est-rel-inv+trk),eth(dst=fa:16:3e:e6:6d:03),eth_type(0x0800),ipv4(frag=no),
packets:23, bytes:2254, used:0.313s,
actions:ct(zone=1,mark=0/0,label=0/0),recirc(0x8)
recirc_id(0x8),in_port(3),ct_state(-new+est-rel-inv+trk),eth(src=fa:16:3e:a5:d0:28,dst=fa:16:3e:e6:6d:03),eth_type(0x0800),ipv4(src=2.2.2.2/255.255.255.254,dst=1.1.1.3,ttl=64,frag=no),
packets:23, bytes:2254, used:0.313s, actions:set(eth(bad key length 24,
expected 12)(fa 16 3e 8f 97 13 fa 16 3e de 5f 6c 20 00 0b 00 1c 00 07 00
02 02 02
02)),set(ipv4(src=2.2.2.2/255.255.255.254,dst=1.1.1.3,ttl=63)),_ct(mark=0/0,label=0/0)_,recirc(0x9)
recirc_id(0x9),in_port(3),ct_state(-new-est-rel+inv+trk),eth_type(0x0800),ipv4(frag=no),
packets:23, bytes:2254, used:0.313s,actions:drop
_ct(mark=0/0,label=0/0)_ not in the ingress way
ovs-ofctl dump-flows br-int:
table=0, in_port=7
actions=load:0x3->OXM_OF_METADATA[],load:0x2->NXM_NX_REG6[],resubmit(,16) port7
is gateway port, reg5 is not set
table=0, in_port=8
actions=load:0x1->NXM_NX_REG5[],load:0x3->OXM_OF_METADATA[],load:0x3->NXM_NX_REG6[],resubmit(,16)
table=17, priority=100,ip,metadata=0x3
actions=ct(table=18,zone=NXM_NX_REG5[0..15])
table 17 can not distinguish the traffic between port7 and port8, so
dpflow has _ct(mark=0/0,label=0/0)_
在 2015/12/3 4:22, Russell Bryant 写道:
I /think/ I understand what you're saying ... that in the case of 2
ports on 2 logical switches connected by a logical router with 1 port
on each host, the path through conntrack is not symmetric and leads to
packets getting dropped when we don't want them to be.
I'm setting this up with a 2-node OpenStack environment to take a
closer look.
—
Reply to this email directly or view it on GitHub
<https://github.com/openvswitch/ovs/pull/92#issuecomment-161422337>.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
