On Fri, May 27, 2016 at 3:24 PM, Vincent CATROS <vincent.cat...@b-com.com> wrote: > > Hello, > > > It seems that flow rules are not applied on LOCAL port when rules are pushed > by an OpenFlow controller. > > > The problem is probably between my chair and my screen :) but if someone > could help me to understand the situation I would greatly appreciate. > > > My setup is very simple > > > - A PC running OVS. Let call it "s1". This PC has 2 network interfaces: > > - eth0 (10.0.0.2) is used to communicate with the OF controller > > - eth1 is enslave to my OVS switch (br-test) 192.168.1.1 is > configured on "br-test" > > - a client PC. Let call it "c1". This PC is directly connected to eth1 on > "s1". Network interface is set to 192.168.1.2 > > - a OF controller (ONOS in my case) at 10.0.0.3 > > > > First let me describe a test I would call "normal" > > > My OVS switch "s1" is not connected to any controller > > > ovs-vsctl show > 32cdf1f6-4963-46a4-8696-0199484fe3e0 > Bridge br-test > fail_mode: secure > Port "eth1" > Interface "eth1" > Port br-test > Interface br-test > type: internal > ovs_version: "2.5.0" > > > > 2 rules are added in order to count packets > ovs-ofctl add-flow br-test priority=10,actions=NORMAL > ovs-ofctl add-flow br-test arp,priority=11,actions=NORMAL > > > I checked those rules are actually in the switch > > > > ovs-ofctl dump-flows br-test > > NXST_FLOW reply (xid=0x4): > > cookie=0x0, duration=18.343s, table=0, n_packets=0, n_bytes=0, idle_age=18, > priority=11,arp actions=NORMAL > > cookie=0x0, duration=23.321s, table=0, n_packets=0, n_bytes=0, idle_age=23, > priority=10 actions=NORMAL > > > > I send 1 ARP packet > from c1 to a non existing IP address > > arping -c1 192.168.1.4 > Timeout > > > > 1 packet has match the ARP rule > > ovs-ofctl dump-flows br-test > NXST_FLOW reply (xid=0x4): > cookie=0x0, duration=27.252s, table=0, n_packets=1, n_bytes=42, idle_age=3, > priority=11,arp actions=NORMAL > cookie=0x0, duration=32.230s, table=0, n_packets=0, n_bytes=0, idle_age=32, > priority=10 actions=NORMAL > > > this is normal > > > > If I send 1 ARP packet from "s1" (emited on the LOCAL OVS switch) to a non > existing IP address > > > > arping -c1 192.168.1.4 > > Timeout > > > > 1 more packet has match the ARP rule > > > > ovs-ofctl dump-flows br-test > > NXST_FLOW reply (xid=0x4): > > cookie=0x0, duration=73.074s, table=0, n_packets=2, n_bytes=102, > idle_age=10, priority=11,arp actions=NORMAL > > cookie=0x0, duration=78.052s, table=0, n_packets=0, n_bytes=0, idle_age=78, > priority=10 actions=NORMAL > > > > this is also normal > > > Now, let me describe the "strange" behaviour > > > I connect "br-test" to my ONOS controller > > ovs-vsctl set-controller br-test tcp:10.0.0.3:6633 > > > ovs-vsctl show > > 32cdf1f6-4963-46a4-8696-0199484fe3e0 > > Bridge br-test > > Controller "tcp:10.0.0.3:6633" > > is_connected: true > > fail_mode: secure > > Port "eth1" > > Interface "eth1" > > Port br-test > > Interface br-test > > type: internal > > ovs_version: "2.5.0" > > > We can check that ARP rule has not been matched for the moment > > > > ovs-ofctl dump-flows br-test > NXST_FLOW reply (xid=0x4): > cookie=0xe00000f5ad7ff, duration=9.456s, table=0, n_packets=0, n_bytes=0, > idle_age=9, priority=5,ip actions=CONTROLLER:65535 > cookie=0xe000011a55234, duration=9.456s, table=0, n_packets=0, n_bytes=0, > idle_age=9, priority=40000,arp actions=CONTROLLER:65535 > cookie=0xe00001195f878, duration=9.456s, table=0, n_packets=0, n_bytes=0, > idle_age=9, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535 > cookie=0xe00000f5ad8b9, duration=9.456s, table=0, n_packets=0, n_bytes=0, > idle_age=9, priority=5,arp actions=CONTROLLER:65535 > cookie=0xe00001195ea2e, duration=9.456s, table=0, n_packets=0, n_bytes=0, > idle_age=9, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535 > > > I send 1 ARP request from "c1" to an unknown IP address > > > arping -c 1 192.168.1.4 > > Timeout > > > Then we can check that ARP rule has been matched > > > > ovs-ofctl dump-flows br-test > NXST_FLOW reply (xid=0x4): > cookie=0xe00000f5ad7ff, duration=28.298s, table=0, n_packets=0, n_bytes=0, > idle_age=28, priority=5,ip actions=CONTROLLER:65535 > cookie=0xe000011a55234, duration=28.298s, table=0, n_packets=1, n_bytes=60, > idle_age=4, priority=40000,arp actions=CONTROLLER:65535 > cookie=0xe00001195f878, duration=28.298s, table=0, n_packets=0, n_bytes=0, > idle_age=28, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535 > cookie=0xe00000f5ad8b9, duration=28.298s, table=0, n_packets=0, n_bytes=0, > idle_age=28, priority=5,arp actions=CONTROLLER:65535 > cookie=0xe00001195ea2e, duration=28.298s, table=0, n_packets=0, n_bytes=0, > idle_age=28, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535 > > > So far everything is normal > > > Now, I will send 1 ARP packet from "s1" (on the LOCAL OVS port) to an > unknown IP address > > > arping -c 1 192.168.1.4 > > Timeout > > > If we check rules matching. > > > > ovs-ofctl dump-flows br-test > NXST_FLOW reply (xid=0x4): > cookie=0xe00000f5ad7ff, duration=38.774s, table=0, n_packets=0, n_bytes=0, > idle_age=38, priority=5,ip actions=CONTROLLER:65535 > cookie=0xe000011a55234, duration=38.774s, table=0, n_packets=1, n_bytes=60, > idle_age=15, priority=40000,arp actions=CONTROLLER:65535 > cookie=0xe00001195f878, duration=38.774s, table=0, n_packets=0, n_bytes=0, > idle_age=38, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535 > cookie=0xe00000f5ad8b9, duration=38.774s, table=0, n_packets=0, n_bytes=0, > idle_age=38, priority=5,arp actions=CONTROLLER:65535 > cookie=0xe00001195ea2e, duration=38.774s, table=0, n_packets=0, n_bytes=0, > idle_age=38, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535 > > > We see that ARP rule has not been matched >
Seems like in-band control flows. Please check following in FAQ.md: "Q: I hear OVS has a couple of kinds of flows. Can you tell me about them?" > > This is weird. > > > And more.... > > > If I send an ARP from "s1" LOCAL port to "c1" > > arping -c 1 192.168.1.2 > > ARPING 192.168.1.2 > > 60 bytes from 08:00:27:f0:80:4e (192.168.1.2): index=0 time=9.662 msec > > > It works request and reply ... but no matching is signaled... > > > > ovs-ofctl dump-flows br-test > NXST_FLOW reply (xid=0x4): > cookie=0xe00000f5ad7ff, duration=49.278s, table=0, n_packets=0, n_bytes=0, > idle_age=49, priority=5,ip actions=CONTROLLER:65535 > cookie=0xe000011a55234, duration=49.278s, table=0, n_packets=1, n_bytes=60, > idle_age=25, priority=40000,arp actions=CONTROLLER:65535 > cookie=0xe00001195f878, duration=49.278s, table=0, n_packets=0, n_bytes=0, > idle_age=49, priority=40000,dl_type=0x8942 actions=CONTROLLER:65535 > cookie=0xe00000f5ad8b9, duration=49.278s, table=0, n_packets=0, n_bytes=0, > idle_age=49, priority=5,arp actions=CONTROLLER:65535 > cookie=0xe00001195ea2e, duration=49.278s, table=0, n_packets=0, n_bytes=0, > idle_age=49, priority=40000,dl_type=0x88cc actions=CONTROLLER:65535 > > > This is really weird... it seems that packets are going through the datapath > without activating OF rules. > > > I even checked OF connection between OVS and ONOS... no PACKET_IN issued. > > > Any idea? > > > Regards > > Vincent > > > _______________________________________________ > discuss mailing list > discuss@openvswitch.org > http://openvswitch.org/mailman/listinfo/discuss > _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
