I think there is some misunderstanding, I don't think OVS is working incorrectly or has a problem. I believe it is working exactly how it is configured. I believe OpenStack is just configuring OVS, and it has put in a flow rule or something that is allowing outbound for a network/subnet but not inbound. I'm asking how to figure out where in OVS it is stopping at.
> On Feb 28, 2019, at 5:51 PM, Ben Pfaff <[email protected]> wrote: > > Do you have a reason to believe that it's a problem in OVS, rather than > a problem in what OpenStack is telling OVS to do? > > On Thu, Feb 28, 2019 at 04:48:44PM -0600, John Carew wrote: >> I agree, but I want to diagnose what is causing it in ovs first before I go >> to them. >> >> John >> >>>> On Feb 28, 2019, at 4:33 PM, Ben Pfaff <[email protected]> wrote: >>>> >>>> On Wed, Feb 27, 2019 at 09:26:16PM -0600, John Carew wrote: >>>> I have setup OpenStack with OVS. I have a single Hyper-V server running the >>>> controller and three CentOS instances(10.0.0.x) on a private subnet. I >>>> created a router in OpenStack with SNAT disabled, as I only want it to >>>> route >>>> traffic between the private subnet(10.0.0.x) and the external >>>> subnet(172.16.1.x)/internet. All of the instances can ping each other along >>>> with the external network(172.16.1.x). From the external network, I can >>>> ping >>>> the interface of the ovs router on the external network. I can not though >>>> ping inside the private network. A trace route stops at the IP of the OVS >>>> router. With wireshark, I do not see anything coming from the external pc’s >>>> IP. If I trace route it, I see packets making all the way to the OVS router >>>> and then stop. Since I can ping one way, and not the other; I believe there >>>> is something in the router/OVS that is stopping the packets to route into >>>> the private subnet. What do I need to look at? (I have disabled all >>>> firewalls on all OSes involved.) >>> >>> An OpenStack mailing list might be a better place to track this down. >>> OpenStack programs and configures OVS; OVS by itself doesn't have much >>> to do with what's going on. _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
