On Fri, Feb 12, 2010 at 12:27 AM, Justin Pettit <[email protected]> wrote: > Those flow entries all look reasonable to me. I don't see anything that > would allow SSH or ICMP. Are you sure that you have the correct datapath > configured? I notice all those packet and byte counters are zero. Can you > try running some of your traffic and then seeing which counters increment? > > You also may want to look at the "ovs-dpctl dump-flows" command. This will > show you what traffic the kernel is actually seeing. If you're running your > SSH traffic and don't see an entry from ovs-dpctl, then you're definitely > looking at the wrong datapath. (Keep in mind that the datapath is just a > flow cache, so if a flow is idle for five seconds, it will be evicted from > the kernel.)
A closer look at the tables revealed the problem. The default flow, to allow all, was being left in the flow table. I think what was happening is that, after the HUP, I was trying to remove it too soon (before the switch daemon was awake) and this may not have been deterministic. So I think the next problem that I would like to solve is getting the host network to work correctly. When I do the obvious of simply copying the flows for the VM and changing the mac address to that of eth0, the host is not able to work as I would have expected. It can dhcp, but that seems like all it can do. It can't lookup any over dns, or anything else. The strange thing is that its flows don't seem to be showing up anywhere (I check the switch logs), I only seem ARP traffic for the eth0 mac and nothing else. I am wondering if the host is a special case, since it doesn't have its own interface. More specifically, it would normally communicate over eth0, but eth0 is a port on externalbr, which traffic must be flowing through fine, since with the VM I can browse the web (as allowed specifically). I tried some debugging with dpctl on both the internalbr and externalbr, but I am pretty sure I still only see the arp traffic. I could probably live without some networking on the host (until I can figure it out), but I still do need the host to be able to manage and connect to the VMs. Is there a way for me to create some sort of bridge or other networking device that the host could use for this sort of thing? A dummy to the internal network maybe? I'm just not sure the details of the limitation that I am running up against. Any suggestions or tips? Thanks! Todd _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
