Hi Roberto, The del-flows command accepts many filters to be passed as parameters, and the more specific the filters are, the less flows will be deleted. Maybe something is not working fine as it should not delete all flows in table 11, unless all flows in table 11 actually match the 'dst_port=22' filter.
BR, Juan On vie, 2017-05-12 at 08:27 +0000, Congiu Roberto wrote: Hi Manuel, Yes. It happens only when I try to create classifiers multiple times. I got that it is a bug, but in Danube the offline installation for Fuel is not ready for ODL plugin, so for the moment I am trying to “play” a bit with this release. Is there a “workaround” to remove the left flows manually? I noticed that the classifier’s flows are not deleted correctly, but when I try to remove them manually with the command: Ovs-ofctl del-flows –protocol=OpenFlow13 br-int “dst_port=22” it actually deletes all the flows under table=11 and the node stops to work properly. Any hint? Thank you, R. ------------------------------------------------------------------ Telecom Italia | TIM Roberto Congiu Network Function Virtualization Via G.Reiss Romoli 274, 10148 Torino Office: +39 011 228 6469 Mobile: +39 335 7532462 Da: Manuel Buil [mailto:[email protected]] Inviato: lunedì 8 maggio 2017 21:08 A: Congiu Roberto <[email protected]>; [email protected] Oggetto: Re: R: [opnfv-tech-discuss] [SFC]:Use case on Colorado release with Fuel installer Hello Roberto, I just realized that you might be hitting a known bug in ODL Boron. Are you experiencing this problem after a fresh deploy of OPNFV or only after you have created and deleted the classification rules several times? There is a bug in ODL Boron which appears after creating and deleting the classification rules several times. The problem is that when creating a second classification rule, ODL replaces the first one, so if you first create the SSH classification rule and afterwards the HTTP rule, it might be that you end up with the HTTP rule only. You could check if you are hitting this bug by looking at table 11 of the compute where the VNFs are (this is where the classification rules are created): ovs-ofctl -O Openflow13 dump-flows br-int table=11 Check if you see two rules, one matching on tp_dst=80 and another one on tp_dst=22. These rules should be similar to this one: cookie=0x1110010001570255, duration=261.264s, table=11, n_packets=0, n_bytes=0, tcp,reg0=0x1,tp_dst=80 actions=move:NXM_NX_TUN_ID[0..31]->NXM_NX_NSH_C2[],push_nsh,load:0x1->NXM_NX_NSH_MDTYPE[],load:0x3->NXM_NX_NSH_NP[],load:0xc0a80008->NXM_NX_NSH_C1[],load:0x9d->NXM_NX_NSP[0..23],load:0xff->NXM_NX_NSI[],load:0xc0a80006->NXM_NX_TUN_IPV4_DST[],load:0x9d->NXM_NX_TUN_ID[0..31],output:8 Hopefully that is the problem! If not I'll need the dumps. Regards, Manuel On Mon, 2017-05-08 at 08:24 +0000, Congiu Roberto wrote: Hi Manuel, Thank you for this reply. I’ll provide you with all the dumps. Just for starter, consider that I am on Colorado ( Danube with fuel installer is not ready yet for local mirror so I cannot move on the next release) and I have 3 controllers (just one tagged as ODL and tacker) and 2 compute nodes. All the VMs created for this two chains are in the same compute node. (even the two SFc) Thanks ------------------------------------------------------------------ Telecom Italia | TIM Roberto Congiu Network Function Virtualization Via G.Reiss Romoli 274, 10148 Torino Office: +39 011 228 6469 Mobile: +39 335 7532462 Da: Manuel Buil [mailto:[email protected]] Inviato: venerdì 5 maggio 2017 15:59 A: Congiu Roberto <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Oggetto: Re: [opnfv-tech-discuss] [SFC]:Use case on Colorado release with Fuel installer HI Roberto, It is strange that one works and the other one does not. The use case you are testing is being tested everyday in the CI and it works, so I wonder what might be wrong. Are you using the Colorado release? How many compute and controllers you are using? Can you please send us a dump of your flows please using hatebin or pastebin? Thanks, Manuel On Fri, 2017-05-05 at 12:38 +0000, Congiu Roberto wrote: Hi folk! I am playing a little bit with the chains and there something I would like to share. I am trying to create two chains: * tacker sfc-create chain1 –chain firewall1 * tacker sfc-create chain2 –chain firewall2 The two firewalls are of course two vnfs created with tacker (with sfc-danube.qcow2, taken from the community). Afterwards I create two different sfc-classifiers (block traffic 80 in one chain and block traffic 22 on the other one). What happens is that the traffic is routed correctly only on the first chain created; the second one does not seem working. So, basically, the http traffic is blocked correctly because goes to the first SF on the first chain, but the ssh traffic does not pass the second chain and goes lost somewhere. The dump-flows seem correct; both the flows terminate on the same port 18 (vxgpe of the br-int) Any hint? Is it a use case that should work? Thank you very much ------------------------------------------------------------------ Telecom Italia | TIM Roberto Congiu Network Function Virtualization Via G.Reiss Romoli 274, 10148 Torino Office: +39 011 228 6469 Mobile: +39 335 7532462 Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie. This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks. Rispetta l'ambiente. Non stampare questa mail se non è necessario. _______________________________________________ opnfv-tech-discuss mailing list [email protected]<mailto:[email protected]> https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss _______________________________________________ opnfv-tech-discuss mailing list [email protected]<mailto:[email protected]> https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
_______________________________________________ opnfv-tech-discuss mailing list [email protected] https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
