Hi Ramon, We need to add flows to br-tun bridge on compute node. Kindly note that since in our design, we have used eth2 attached to br-int of ESX, added br-int in promiscuous mode, so there is no segregation of vm's based on tenant for ESX host.
When we add eth2 to br-int of OVS, we assign a tag to that port. root@nova-compute:~# ovs-vsctl add-port br-int eth2 tag=1 You can now check what is the port-id associated to eth2 in OVS's br-int by using the command:- root@nova-compute:~# ovs-dpctl show br-int Note down the port-number associated to eth2 since it would be used while adding flow-rules to br-tun. On br-tun, we need to add rules for outgoing packet as well as for incoming packet. For outgoing packet, we will add rule to encapsulate the packet in GRE tunnel header. Similarly, for incoming packet, we will add rule to remove the GRE header. Listed below are the rules which we added:- root@nova-compute:~# ovs-ofctl add-flow br-tun priority=4,in_port=1,dl_vlan=1,actions=set_tunnel:0x1,NORMAL root@nova-compute:~# ovs-ofctl add-flow br-tun priority=3,tun_id=0x1,actions=mod_vlan_vid:1,NORMAL Here, in_port is the port-number of eth2 on br-int. Actions represents what is to be done if the packet matches with that flow. If you face any issues, you can do tcpdump on each interface/switch starting from eth2 -> br-int -> br-tun -> eth1 and similarly on network node. You can dump the flows of OVS using commands "ovs-ofctl dump-flows <bridg-name>" and can then check the packet_counters associatef with those flows to see which flow is getting hit. If you are entering any wrong rules, you can debug them using this. Hope it will help you. Thanks and Regards Rahul Sharma
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
