Hello everyone,
I'm Benjamin, a french developer working at Vates (the editor of XCP-ng
a XenServer fork).
I've been working in the network area of XCP-ng in order to create a SDN
Controller controlling openvswitch on several hosts.
Everything is working great as for now!
I am using openvswitch v2.11.0.
However I'm trying to add IPSEC support into XCP-ng and I'm facing an issue.
I've successfully installed libreswan version 3.26, and the
openvswitch-ipsec service from rhel and the python script ovs-monitor-ipsec.
I'm using Pre-Shared Key for IPSEC.
When I attempt to create tunnels, everything seems to go smoothly:
- there's no error in ovs-vswitchd.log nor in ovs-monitor-ipsec.log
- ovs-appctl -t ovs-monitor-ipsec tunnels/show shows me the tunnels with
correct configurations and active connections.
But there's no traffic passing on the tunnels created by openvswitch and
since there's no helpful log I don't know how to investigate the issue.
I hoped you could point me in the right direction.
Here's what appears in ovs-vswitchd.log after tunnels creation:
2019-09-09T08:16:49.311Z|00018|tunnel(handler7)|WARN|receive tunnel port
not found
(pkt_mark=0x1,udp,tun_id=0x3,tun_src=192.168.5.28,tun_dst=192.168.5.27,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_flags=key,in_port=4,vlan_tci=0x0000,dl_src=b2:bc:3c:29:bd:fd,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=0.0.0.0,nw_dst=255.255.255.255,nw_tos=16,nw_ecn=0,nw_ttl=128,tp_src=68,tp_dst=67)
2019-09-09T08:16:49.311Z|00019|ofproto_dpif_upcall(handler7)|INFO|Dropped
1 log messages in last 214 seconds (most recently, 214 seconds ago) due
to excessive rate
2019-09-09T08:16:49.311Z|00020|ofproto_dpif_upcall(handler7)|INFO|received
packet on unassociated datapath port 4
2019-09-09T08:16:49.914Z|00003|tunnel(revalidator6)|WARN|receive tunnel
port not found
(pkt_mark=0x1,udp,tun_id=0x3,tun_src=192.168.5.28,tun_dst=192.168.5.27,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_flags=key,in_port=4,vlan_tci=0x0000,dl_src=b2:bc:3c:29:bd:fd,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=0.0.0.0,nw_dst=255.255.255.255,nw_tos=16,nw_ecn=0,nw_ttl=128,tp_src=68,tp_dst=67)
There's plenty of errors like this after the tunnels are created and I
attempt to ping through the tunnels.
Does that ring a bell to anyone?
Do not hesitate to ask me anything that can help debug this issue.
Thank you,
Benjamin Reis
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
