Sorry. The answer for ICMP6 type 135 request is looks like following:
*# ovs-dpctl --more --names dump-flows filter="icmp6"* ufid:fb335040-2772-448e-8fc3-c489754013da, recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(bond0.6),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x86dd),ipv6(src=::/::,dst=::/::,label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),icmpv6(type=135,code=0/0),nd(target=::/::,sll=00:00:00:00:00:00/00:00:00:00:00:00,tll=00:00:00:00:00:00/00:00:00:00:00:00), packets:10, bytes:860, used:0.275s, actions:vnet1 ufid:43e8508a-1164-419a-945d-dd0d7f57d0a2, recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(vnet1),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x86dd),ipv6(src=::/::,dst=::/::,label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),icmpv6(type=136,code=0/0),nd(target=::/::,sll=00:00:00:00:00:00/00:00:00:00:00:00,tll=00:00:00:00:00:00/00:00:00:00:00:00), packets:0, bytes:0, used:never, actions:bond0.6 2017-11-06 14:31 GMT+02:00 Andrey Ziltsov <[email protected]>: > Hallo!!! > > On external interface bond0.6 we have following traffic: > > *# tcpdump -e -nn -i bond0.6 icmp6 and ip6[40] == 135 | grep > xxxx:xxxx:2:2::a5* > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on bond0.6, link-type EN10MB (Ethernet), capture size 262144 > bytes > 13:39:28.724325 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6 > (0x86dd), length 86: fe80::xxxx:xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6, > neighbor solicitation, who has xxxx:xxxx:2:2::a5, length 32 > 13:39:29.723075 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6 > (0x86dd), length 86: fe80::xxxx:xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6, > neighbor solicitation, who has xxxx:xxxx:2:2::a5, length 32 > 13:39:30.723165 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6 > (0x86dd), length 86: fe80::xxxx:xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6, > neighbor solicitation, who has xxxx:xxxx:2:2::a5, length 32 > 13:39:31.739472 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6 > (0x86dd), length 86: fe80::xxxx:xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6, > neighbor solicitation, who has xxxx:xxxx:2:2::a5, length 32 > 13:39:32.738971 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6 > (0x86dd), length 86: fe80::xxxx:xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6, > neighbor solicitation, who has xxxx:xxxx:2:2::a5, length 32 > 13:39:33.738933 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6 > (0x86dd), length 86: fe80::xxxx:xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6, > neighbor solicitation, who has xxxx:xxxx:2:2::a5, length 32 > 13:39:34.755430 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6 > (0x86dd), length 86: fe80::xxxx:xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6, > neighbor solicitation, who has xxxx:xxxx:2:2::a5, length 32 > > The output of "ovs-appctl ofproto/trace" have a right output port in > datapath action: > > *# ovs-appctl ofproto/trace public-switch > in_port=1,icmp6,icmpv6_type=135,nd_target=xxxx:xxxx:2:2::a5,dl_src=xx:xx:xx:1b:b3:67,dl_dst=33:33:ff:00:00:a5,ipv6_src=fe80::xxxx:xxff:fe1b:b367,ipv6_dst=ff02::1:ff00:a5* > Flow: icmp6,in_port=1,vlan_tci=0x0000,dl_src=xx:xx:xx:1b:b3: > 67,dl_dst=33:33:ff:00:00:a5,ipv6_src=fe80::xxxx:xxff:fe1b: > b367,ipv6_dst=ff02::1:ff00:a5,ipv6_label=0x00000,nw_tos=0, > nw_ecn=0,nw_ttl=0,icmp_type=135,icmp_code=0,nd_target= > xxxx:xxxx:2:2::a5,nd_sll=00:00:00:00:00:00,nd_tll=00:00:00:00:00:00 > > bridge("public-switch") > ----------------------- > 0. icmp6,in_port=1,icmp_type=135, priority 10005, cookie 0x10005 > resubmit(,2) > 2. icmp6,icmp_type=135,nd_target=xxxx:xxxx:2:2::a5, priority 108, cookie > 0x124994 > output:27 > > Final flow: unchanged > Megaflow: recirc_id=0,eth,icmp6,in_port=1,nw_frag=no,icmp_type=0x87/ > 0xff,nd_target=xxxx:xxxx:2:2::a5 > Datapath actions: 3 > > > The output of "ovs-appctl dpif/show": > > *# ovs-appctl dpif/show* > system@ovs-system: hit:479117438 missed:112792546 > public-switch: > bond0.6 1/2: (system) > public-switch 65534/1: (internal) > vnet0 27/3: (system) > vnet1 28/4: (system) > > The configuration file of external interface bond0.6: > > *# cat /etc/sysconfig/network-scripts/ifcfg-bond0.6 * > DEVICE=bond0.6 > VLAN=yes > ONBOOT=yes > BOOTPROTO=static > > TYPE="OVSPort" > DEVICETYPE="ovs" > OVS_BRIDGE="public-switch" > > > The configuration file of openvswitch bridge public-switch: > > *# cat /etc/sysconfig/network-scripts/ifcfg-public-switch * > DEVICE=public-switch > ONBOOT=yes > BOOTPROTO=static > > TYPE="OVSBridge" > DEVICETYPE="ovs" > > > For example, the answer for ICMP6 type 135 request is looks like > following: > > *# ovs-dpctl --more --names dump-flows filter="icmp6"* > > ufid:c171538c-9800-472c-9666-253f1873f478, recirc_id(0),dp_hash(0/0),skb_ > priority(0/0),in_port(bond0.6),skb_mark(0/0),ct_state(0/0), > ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00: > 00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00: > 00:00:00:00),eth_type(0x86dd),ipv6(src=::/::,dst=::/::, > label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),icmpv6( > type=135,code=0/0),nd(target=::/::,sll=00:00:00:00:00:00/00: > 00:00:00:00:00,tll=00:00:00:00:00:00/00:00:00:00:00:00), packets:115, > bytes:9890, used:0.752s, actions:vnet1 > > ufid:9b2cf37e-52c1-4874-bb9f-d21bd319c054, recirc_id(0),dp_hash(0/0),skb_ > priority(0/0),in_port(vnet1),skb_mark(0/0),ct_state(0/0), > ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00: > 00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00: > 00:00:00:00),eth_type(0x86dd),ipv6(src=::/::,dst=::/::, > label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),icmpv6( > type=136,code=0/0),nd(target=::/::,sll=00:00:00:00:00:00/00: > 00:00:00:00:00,tll=00:00:00:00:00:00/00:00:00:00:00:00), packets:79, > bytes:6794, used:0.760s, actions:drop > > If we add two flows as following: > > cookie=0x1, table=3, priority=1 actions=output:"bond0.6" > cookie=0x10005, priority=10005,icmp6,in_port=vnet1,icmp_type=136 > actions=resubmit(,3) > > > 2017-11-03 20:04 GMT+02:00 Ben Pfaff <[email protected]>: > >> On Fri, Nov 03, 2017 at 04:18:25PM +0200, Andrey Ziltsov wrote: >> > Hallo!!! >> > >> > We have a problem with flow field "nd_target" at IPv6. >> > >> > For example. >> > >> > We have two VM with virtual interfaces vnet0 and vnet1. >> > >> > At the bridge set fail_mode to "secure": >> > >> > *# ovs-vsctl list br public-switch | grep fail_mode* >> > fail_mode : secure >> > >> > The interface bond0.6 is external interface. >> > >> > We added only three flows for the test : >> > >> > *# ovs-ofctl --no-stat dump-flows public-switch --sort=priority* >> > cookie=0x123575, table=2, priority=1,icmp6,icmp_type=135 >> > actions=output:vnet1 >> > cookie=0x124994, table=2, >> > priority=108,icmp6,icmp_type=135,nd_target=XXXX:XXXX:2:2::a5 >> > actions=output:vnet0 >> > cookie=0x10005, priority=10005,icmp6,in_port="bond0.6",icmp_type=135 >> > actions=resubmit(,2) >> > >> > So, all ICMP6 traffic with type 135 going on bond0.6 resubmit to table 2 >> > and the if nd_target field equals to IPv6 address XXXX:XXXX:2:2::a5 the >> > traffic send to vnet0 (VM1 have IPv6 XXXX:XXXX:2:2::a5). All other >> traffic >> > should go to vnet1 (VM2). >> >> Hmm, that does seem wrong. Can you try out an example packet with >> "ovs-appctl ofproto/trace" and paste the output? >> > > -- Respectfully, Andrei Ziltsov FASTVPS technical department С уважением, Андрей Жильцов Специалист службы поддержки FASTVPS
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
