Hi,
for my debugging work, I have built a prototype solution that uses
openvswitch with openflow as a monitoring/shadow vnets platform. In this
case, I am just matching on _ports_, nothing else.
I am now experiencing a problem, where the wildcard rules installed in
the openflow do not seem to correlate with the ones seen by dpctl - and
hence, packets are being sent out at the wrong ports:
I have the following rules installed:
r...@loadgen134:~# ovs-ofctl show tcp:127.0.0.1
features_reply (xid=0x7cc372e8): ver:0x97, dpid:3
n_tables:2, n_buffers:256
features: capabilities:0x17, actions:0x3ff
1(eth2): addr:00:1e:68:d9:d3:d4, config: 0, state:0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
2(vif4.2): addr:fe:ff:ff:ff:ff:ff, config: 0, state:0
3(vif10.2): addr:fe:ff:ff:ff:ff:ff, config: 0, state:0
supported: 1GB-FD AUTO_PAUSE
4(vif7.1): addr:fe:ff:ff:ff:ff:ff, config: 0, state:0
5(vif7.2): addr:fe:ff:ff:ff:ff:ff, config: 0, state:0
LOCAL(br_out): addr:00:1e:68:d9:d3:d4, config: 0, state:0
supported: 100MB-FD 1GB-HD AUTO_PAUSE
get_config_reply (xid=0xd941a811): miss_send_len=0
r...@loadgen134:~# ovs-ofctl dump-flows tcp:127.0.0.1
stats_reply (xid=0x21082cb4): flags=none type=1(flow)
duration=246194s, table_id=1, priority=32768, n_packets=0, n_bytes=0,
dl_type=0x002e,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,tp_src=0,tp_dst=0,actions=drop
duration=246194s, table_id=1, priority=32768, n_packets=0, n_bytes=0,
dl_type=0x88cc,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,tp_src=0,tp_dst=0,actions=drop
duration=116s, table_id=1, priority=32768, n_packets=3, n_bytes=210,
in_port=4,actions=drop
duration=246183s, table_id=1, priority=32768, n_packets=268,
n_bytes=26024, in_port=3,actions=drop
duration=32s, table_id=1, priority=32768, n_packets=3, n_bytes=230,
in_port=5,actions=drop
duration=246184s, table_id=1, priority=32768, n_packets=249464,
n_bytes=24255792, in_port=2,actions=output:1,output:4
duration=246184s, table_id=1, priority=32768, n_packets=374321,
n_bytes=32390210, in_port=1,actions=output:2,output:4
So, drop LLC and LDDP, anything that comes in
port 1,2 gets sent to (2,4) and (1,4) respectively
everything that comes in on port 3,4,5 *should* be dropped
Instead, I see packets from 4 sometimes being delivered to all
interfaces. In fact dp-ctl sees a contradicting set of rules:
r...@loadgen134:~# ovs-dpctl dump-flows br_out
port0001:vlan65535 mac00:1b:21:10:8c:7e->00:16:3e:76:4f:93 type0800
proto1 ip192.168.10.1->192.168.10.2 port0->0, packets:125, bytes:12250,
used:0.708s, actions:0,2,5,4,3
port0001:vlan65535 mac00:24:97:f3:a8:4a->01:80:c2:00:00:00 type05ff
proto0 ip0.0.0.0->0.0.0.0 port0->0, packets:18049, bytes:1082940,
used:0.606s, actions:2,4
port0002:vlan65535 mac00:16:3e:76:4f:93->00:1b:21:10:8c:7e type0800
proto1 ip192.168.10.2->192.168.10.1 port8->0, packets:125, bytes:12250,
used:0.708s, actions:0,1,5,4,3
I am confused by the port0->0 and port8->0 in these listings -- my dp
does not have a port 8?!
r...@loadgen134:~# ovs-dpctl show br_out
dp4:
flows: cur:3, soft-max:512, hard-max:262144
ports: cur:6, max:1024
groups: max:16
lookups: frags:0, hit:1101489, missed:27945, lost:0
queues: max-miss:100, max-action:100
port 0: br_out (internal)
port 1: eth2
port 2: vif4.2
port 3: vif10.2
port 4: vif7.1
port 5: vif7.2
Any suggestions on how to debug this?
Best,
Andi
System Info:
- Xen 3.4.1 from Xen.org
- Kernel 2.6.18-xen from xen.org with
- Ubuntu 8.04LTS, 64bit
- Openvswitch from git://openvswitch.org/openvswitch, 'master',
commit id 417a8cb6a6f6f16a7dd from Wed Oct 7 10:19:31 2009 -0700
--
Andreas Wundsam
Technische Universität Berlin, Deutsche Telekom Laboratories
FG INET, Research Group Anja Feldmann
address: Sekr. TEL 16, FG INET, Ernst-Reuter-Platz 7, 10587 Berlin
e-mail: [email protected]
web: http://www.net.t-labs.tu-berlin.de/people/andi.shtml
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
