[jira] [Updated] (CLOUDSTACK-6762) [OVS]Flow rules to drop Broadcast/Multicast traffic on tunnel ports are not added in bridge flow table

Mon, 26 May 2014 03:35:30 -0700 

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sanjeev N updated CLOUDSTACK-6762:
----------------------------------

    Attachment: management-server.rar

> [OVS]Flow rules to drop Broadcast/Multicast traffic on tunnel ports are not 
> added in bridge flow table 
> -------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6762
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6762
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server, Network Controller
>    Affects Versions: 4.4.0
>         Environment: Latest build from 4.4 with commit 
> d130530bd3e1cd6d8249d5045e00e4e4e2201521
>            Reporter: Sanjeev N
>            Assignee: Murali Reddy
>            Priority: Critical
>              Labels: ovs
>             Fix For: 4.4.0
>
>         Attachments: management-server.rar
>
>
> [OVS]Flow rules to drop Broadcast/Multicast traffic on tunnel ports are not 
> added in bridge flow table 
> Steps to reproduce:
> ================
> 1.Bring up CS in advanced zone with two hosts in xen cluster
> 2.Add physical network with isolation type GRE
> 3.Create an isolated network offering with connectivity service and OVS asc 
> the provider
> 4.Create a user account and deploy one vm with above network offering and 
> make sure that vm comes on host1 and VR comes on host2
> 5.Verify the flow table on the ovs bridge created for this network
> Result:
> ======
> flow table rules to drop multicast and broacast traffic on tunnel ports are 
> not added on the host where VR is running but the same rules are added on the 
> host where vm is running
> VR is running on the following host:
> [root@Rack1Pod1Host14 ~]# ovs-ofctl dump-flows xapi3
> NXST_FLOW reply (xid=0x4):
>  cookie=0x0, duration=988.459s, table=0, n_packets=5, n_bytes=810, 
> priority=1100,dl_dst=ff:ff:ff:ff:ff:ff actions=output:2
>  cookie=0x0, duration=988.469s, table=0, n_packets=0, n_bytes=0, 
> priority=1200,ip,in_port=2,nw_dst=224.0.0.0/24 actions=NORMAL
>  cookie=0x0, duration=1011.44s, table=0, n_packets=20, n_bytes=2354, 
> priority=0 actions=NORMAL
>  cookie=0x0, duration=988.45s, table=0, n_packets=0, n_bytes=0, 
> priority=1100,ip,nw_dst=224.0.0.0/24 actions=output:2
>  cookie=0x0, duration=988.479s, table=0, n_packets=0, n_bytes=0, 
> priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff actions=NORMAL
> [root@Rack1Pod1Host14 ~]#
> VM is running on the following host:
> ============================
> [root@Rack1Pod1Host13 ~]# ovs-ofctl dump-flows xapi3
> NXST_FLOW reply (xid=0x4):
>  cookie=0x0, duration=456.937s, table=0, n_packets=0, n_bytes=0, 
> priority=1100,dl_dst=ff:ff:ff:ff:ff:ff actions=output:2
>  cookie=0x0, duration=456.951s, table=0, n_packets=0, n_bytes=0, 
> priority=1200,ip,in_port=2,nw_dst=224.0.0.0/24 actions=NORMAL
>  cookie=0x0, duration=551.614s, table=0, n_packets=0, n_bytes=0, 
> priority=1000,ip,in_port=1,nw_dst=224.0.0.0/24 actions=drop
>  cookie=0x0, duration=551.932s, table=0, n_packets=15, n_bytes=1836, 
> priority=0 actions=NORMAL
>  cookie=0x0, duration=456.926s, table=0, n_packets=0, n_bytes=0, 
> priority=1100,ip,nw_dst=224.0.0.0/24 actions=output:2
>  cookie=0x0, duration=551.624s, table=0, n_packets=0, n_bytes=0, 
> priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff actions=drop
>  cookie=0x0, duration=456.962s, table=0, n_packets=9, n_bytes=2178, 
> priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff actions=NORMAL
> On both the hosts port 1 is tunnel port and port 2 is vif.
> Following is the log snippet for xapi3 from host where VR is running:
> 2014-05-26 08:06:14    DEBUG [root] About to manually create the bridge:xapi3
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--', 
> '--may-exist', 'add-br', 'xapi3', '--', 'set', 'bridge', 'xapi3', 
> 'other_config:gre_key=OVSTunnel983']
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 
> 'Bridge', 'xapi3', 
> 'external_ids:xs-network-uuid=9d7ff1a3-342a-b206-ca09-7fbe8bcabfd0']
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 
> 'Bridge', 'xapi3', 'stp_enable=true']
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'get', 
> 'bridge', 'xapi3', 'other_config:gre_key']
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/opt/xensource/bin/xe', 
> 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:14    DEBUG [root] Setup_ovs_bridge completed with 
> result:SUCCESS:xapi3
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> '--timeout=30', 'wait-until', 'bridge', 'xapi3', '--', 'get', 'bridge', 
> 'xapi3', 'name']
> 2014-05-26 08:06:14    DEBUG [root] bridge xapi3 for creating tunnel - 
> VERIFIED
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'add-port', 'xapi3', 't983-4-1', '--', 'set', 'interface', 't983-4-1', 
> 'type=gre', 'options:key=983', 'options:remote_ip=10.147.40.13']
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/opt/xensource/bin/xe', 
> 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,actions=drop']
> 2014-05-26 08:06:14    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,ip,nw_dst=224.0.0.0/24,actions=drop']
> 2014-05-26 08:06:23    DEBUG [root] Executing:['/opt/xensource/bin/xe', 
> 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:24    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'br-to-vlan', 'xapi3']
> 2014-05-26 08:06:24    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'list-ports', 'xapi3']
> 2014-05-26 08:06:24    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff,actions=NORMAL']
> 2014-05-26 08:06:24    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,ip,nw_dst=224.0.0.0/24,actions=NORMAL']
> 2014-05-26 08:06:24    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:2']
> 2014-05-26 08:06:24    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=output:2']
> 2014-05-26 08:06:44    DEBUG [root] Executing:['/opt/xensource/bin/xe', 
> 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:44    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'br-to-vlan', 'xapi3']
> 2014-05-26 08:06:44    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'list-ports', 'xapi3']
> 2014-05-26 08:06:44    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'del-flows', 'xapi3', ',in_port=2']
> 2014-05-26 08:06:44    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=']
> 2014-05-26 08:06:44    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=']
> 2014-05-26 08:07:09    DEBUG [root] Executing:['/opt/xensource/bin/xe', 
> 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:07:09    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'br-to-vlan', 'xapi3']
> 2014-05-26 08:07:09    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'list-ports', 'xapi3']
> 2014-05-26 08:07:09    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff,actions=NORMAL']
> 2014-05-26 08:07:09    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,ip,nw_dst=224.0.0.0/24,actions=NORMAL']
> 2014-05-26 08:07:09    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:2']
> 2014-05-26 08:07:09    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=output:2']
> [root@Rack1Pod1Host14 ~]#
> log snippet for xapi3 from the host where vm is running:
> ============================================
> [root@Rack1Pod1Host13 ~]# grep xapi3 /var/log/cloud/ovstunnel.log
> 2014-05-26 08:06:20    DEBUG [root] About to manually create the bridge:xapi3
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--', 
> '--may-exist', 'add-br', 'xapi3', '--', 'set', 'bridge', 'xapi3', 
> 'other_config:gre_key=OVSTunnel983']
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 
> 'Bridge', 'xapi3', 
> 'external_ids:xs-network-uuid=9d7ff1a3-342a-b206-ca09-7fbe8bcabfd0']
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 
> 'Bridge', 'xapi3', 'stp_enable=true']
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'get', 
> 'bridge', 'xapi3', 'other_config:gre_key']
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/opt/xensource/bin/xe', 
> 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:20    DEBUG [root] Setup_ovs_bridge completed with 
> result:SUCCESS:xapi3
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> '--timeout=30', 'wait-until', 'bridge', 'xapi3', '--', 'get', 'bridge', 
> 'xapi3', 'name']
> 2014-05-26 08:06:20    DEBUG [root] bridge xapi3 for creating tunnel - 
> VERIFIED
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'add-port', 'xapi3', 't983-1-4', '--', 'set', 'interface', 't983-1-4', 
> 'type=gre', 'options:key=983', 'options:remote_ip=10.147.40.14']
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/opt/xensource/bin/xe', 
> 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,actions=drop']
> 2014-05-26 08:06:20    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,ip,nw_dst=224.0.0.0/24,actions=drop']
> 2014-05-26 08:07:55    DEBUG [root] Executing:['/opt/xensource/bin/xe', 
> 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:07:55    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'br-to-vlan', 'xapi3']
> 2014-05-26 08:07:55    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 
> 'list-ports', 'xapi3']
> 2014-05-26 08:07:55    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff,actions=NORMAL']
> 2014-05-26 08:07:55    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,ip,nw_dst=224.0.0.0/24,actions=NORMAL']
> 2014-05-26 08:07:55    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:2']
> 2014-05-26 08:07:55    DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 
> 'add-flow', 'xapi3', 
> 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=output:2']



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to