Re: [openstack-dev] [networking-sfc][devstack][mitaka] Chain doesn't work

2016-11-04 Thread Cathy Zhang 
Hi Alioune,

SFC is working fine. Your problem is with configuration of your specific 
Service Function.
AFAIK, Farhad has responded to your question before.
https://www.mail-archive.com/openstack-dev@lists.openstack.org/msg95199.html

Thanks,
Cathy

From: Alioune [mailto:baliou...@gmail.com]
Sent: Wednesday, November 02, 2016 5:40 AM
To: OpenStack Development Mailing List (not for usage questions)
Cc: Cathy Zhang; Mohan Kumar
Subject: Re: [networking-sfc][devstack][mitaka] Chain doesn't work

Any suggestion ?

On Monday, 24 October 2016, Alioune 
> wrote:
Hi all,
I'm trying to implement service chain in OpenStack using networking-sfc 
(stable/mitaka) and OVS 2.5.90

The following is the architecture I used :

SRC DST
  ||
  == br-int 
 |
   SF1
SF1: 55.55.55.3
SRC: 55.55.55.4
DST: 55.55.55.5

I can create port-pairs, port-pair-group, classifier and chain with these 
commands:

neutron flow-classifier-create  --ethertype IPv4  --source-ip-prefix 
55.55.55.4/32  --logical-source-port 
0009034f-4c39-4cbf-be7d-fcf82dad024c  --protocol icmp  FC1
neutron port-pair-create --ingress=p1 --egress=p1 PP1
neutron port-pair-group-create --port-pair PP1 PG1
neutron port-chain-create --port-pair-group PG1 --flow-classifier FC1 PC1
I could ping from SRC to DST before setting the chain, but after the chain 
creating ping doesn't work.
ICMP echo request packets arrive to SF1 port but it doesn't send back the 
packets in order to allow them to get their destination DST (see output below).
The Opendaylight/SFC project uses NSH aware service function (SF) that send 
back packets to the chains after analyzing them, I would like to know :
- How networking-sfc configures SF to send back packets to the chain as seem in 
some of your presentation ?
- What's wrong in my configurations (see commands and ovs-ofctl output below) ? 
I've followed the main steps described in your wiki page.
Best Regards,


vagrant@vagrant-ubuntu-trusty-64:~$ neutron port-list
+--+--+---+--+
| id   | name | mac_address   | fixed_ips   
 |
+--+--+---+--+
| 0009034f-4c39-4cbf-be7d-fcf82dad024c |  | fa:16:3e:dd:16:f7 | 
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": 
"55.55.55.4"}|
| 082e896d-5982-458c-96e7-0dd372d3d7d9 | p1   | fa:16:3e:90:b4:67 | 
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": 
"55.55.55.3"}|
| 2ad109e4-42a8-4554-b884-a32344e91036 |  | fa:16:3e:74:9a:fa | 
{"subnet_id": "3cf6eb27-7258-4252-8f3d-b6f9d27c948b", "ip_address": 
"192.168.105.2"} |
| 51f055c0-ff4d-47f4-9328-9a0d7ca204f3 |  | fa:16:3e:da:f9:93 | 
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": 
"55.55.55.1"}|
| 656ad901-2bc0-407a-a581-da955ecf3b59 |  | fa:16:3e:7f:44:01 | 
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": 
"55.55.55.2"}|
| b1d14a4f-cde6-4c44-b42e-0f0466dba32a |  | fa:16:3e:a6:c6:35 | 
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": 
"55.55.55.5"}|
+--+--+---+--+

vagrant@vagrant-ubuntu-trusty-64:~$ ifconfig |grep 082e896d
qbr082e896d-59 Link encap:Ethernet  HWaddr b6:96:27:fa:ab:af
qvb082e896d-59 Link encap:Ethernet  HWaddr b6:96:27:fa:ab:af
qvo082e896d-59 Link encap:Ethernet  HWaddr 7e:1a:7b:7d:09:df
tap082e896d-59 Link encap:Ethernet  HWaddr fe:16:3e:90:b4:67

vagrant@vagrant-ubuntu-trusty-64:~$ sudo tcpdump -i tap082e896d-59 icmp
tcpdump: WARNING: tap082e896d-59: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap082e896d-59, link-type EN10MB (Ethernet), capture size 65535 
bytes
10:51:10.229674 IP 55.55.55.4 > 55.55.55.5: ICMP echo 
request, id 15617, seq 61, length 64
10:51:11.230318 IP 55.55.55.4 > 55.55.55.5: ICMP echo 
request, id 15617, seq 62, length 64
10:51:12.233451 IP 55.55.55.4 > 55.55.55.5: ICMP echo 
request, id 15617, seq 63, length 64
10:51:13.234496 IP 55.55.55.4 > 55.55.55.5: ICMP echo 
request, id 15617, seq 64, length 64
10:51:14.235583 IP 55.55.55.4 > 55.55.55.5: ICMP echo 
request, id 15617, seq 65, length 64
10:51:15.236585 IP 55.55.55.4 > 55.55.55.5: ICMP echo 
request, id

Re: [openstack-dev] [networking-sfc][devstack][mitaka] Chain doesn't work

2016-11-02 Thread Alioune 
Any suggestion ?

On Monday, 24 October 2016, Alioune  wrote:

> Hi all,
>
> I'm trying to implement service chain in OpenStack using networking-sfc
> (stable/mitaka) and OVS 2.5.90
>
>
> The following is the architecture I used :
>
> SRC DST
>   ||
>   == br-int 
>  |
>SF1
> SF1: 55.55.55.3
> SRC: 55.55.55.4
> DST: 55.55.55.5
>
> I can create port-pairs, port-pair-group, classifier and chain with these
> commands:
>
> neutron flow-classifier-create  --ethertype IPv4  --source-ip-prefix
> 55.55.55.4/32  --logical-source-port 0009034f-4c39-4cbf-be7d-fcf82dad024c
> --protocol icmp  FC1
> neutron port-pair-create --ingress=p1 --egress=p1 PP1
> neutron port-pair-group-create --port-pair PP1 PG1
> neutron port-chain-create --port-pair-group PG1 --flow-classifier FC1 PC1
>
> I could ping from SRC to DST before setting the chain, but after the chain
> creating ping doesn't work.
>
> ICMP echo request packets arrive to SF1 port but it doesn't send back the
> packets in order to allow them to get their destination DST (see output
> below).
>
> The Opendaylight/SFC project uses NSH aware service function (SF) that
> send back packets to the chains after analyzing them, I would like to know :
>
> - How networking-sfc configures SF to send back packets to the chain as
> seem in some of your presentation ?
> - What's wrong in my configurations (see commands and ovs-ofctl output
> below) ? I've followed the main steps described in your wiki page.
>
> Best Regards,
>
>
> vagrant@vagrant-ubuntu-trusty-64:~$ neutron port-list
> +--+--+-
> --+-
> -+
> | id   | name | mac_address   |
> fixed_ips
> |
> +--+--+-
> --+-
> -+
> | 0009034f-4c39-4cbf-be7d-fcf82dad024c |  | fa:16:3e:dd:16:f7 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.4"}|
> | 082e896d-5982-458c-96e7-0dd372d3d7d9 | p1   | fa:16:3e:90:b4:67 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.3"}|
> | 2ad109e4-42a8-4554-b884-a32344e91036 |  | fa:16:3e:74:9a:fa |
> {"subnet_id": "3cf6eb27-7258-4252-8f3d-b6f9d27c948b", "ip_address":
> "192.168.105.2"} |
> | 51f055c0-ff4d-47f4-9328-9a0d7ca204f3 |  | fa:16:3e:da:f9:93 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.1"}|
> | 656ad901-2bc0-407a-a581-da955ecf3b59 |  | fa:16:3e:7f:44:01 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.2"}|
> | b1d14a4f-cde6-4c44-b42e-0f0466dba32a |  | fa:16:3e:a6:c6:35 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.5"}|
> +--+--+-
> --+-
> -+
>
> vagrant@vagrant-ubuntu-trusty-64:~$ ifconfig |grep 082e896d
> qbr082e896d-59 Link encap:Ethernet  HWaddr b6:96:27:fa:ab:af
> qvb082e896d-59 Link encap:Ethernet  HWaddr b6:96:27:fa:ab:af
> qvo082e896d-59 Link encap:Ethernet  HWaddr 7e:1a:7b:7d:09:df
> tap082e896d-59 Link encap:Ethernet  HWaddr fe:16:3e:90:b4:67
>
> vagrant@vagrant-ubuntu-trusty-64:~$ sudo tcpdump -i tap082e896d-59 icmp
> tcpdump: WARNING: tap082e896d-59: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on tap082e896d-59, link-type EN10MB (Ethernet), capture size
> 65535 bytes
> 10:51:10.229674 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 61, length 64
> 10:51:11.230318 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 62, length 64
> 10:51:12.233451 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 63, length 64
> 10:51:13.234496 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 64, length 64
> 10:51:14.235583 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 65, length 64
> 10:51:15.236585 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 66, length 64
> 10:51:16.237568 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 67, length 64
> 10:51:17.238974 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 68, length 64
> 10:51:18.244244 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 69, length 64
> 10:51:19.245758 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 70, length 64
> 10:51:20.246521 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 71, length 64
>
>
>
> vagrant@vagrant-ubuntu-trusty-64:~/openstack_networking/simple-sf$

Re: [openstack-dev] [networking-sfc][devstack][mitaka]

2016-10-12 Thread Henry Fourie 
Navdeep,
  Post port-chain, port-pair-group, port-pair config to questions at 
https://launchpad.net/networking-sfc
  Use these commands to determine traffic flow and post results also.

  sudo ovs-ofctl -O openflow13 dump-flows br-int

  sudo ovs-ofctl -O Openflow13 dump-groups br-int


-Louis

From: Navdeep Uniyal [mailto:navdeep.uni...@neclab.eu]
Sent: Wednesday, October 12, 2016 3:06 AM
To: Cathy Zhang
Cc: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [networking-sfc][devstack][mitaka]

Hi Cathy,

Thanks for your reply. I have the setup done without any errors with only one 
vm in the chain. I want to move all the icmp traffic from vm1 to vm3 via vm2. 
My Flow classifier looks like:
"neutron flow-classifier-create --ethertype IPv4 --source-ip-prefix 
10.0.0.18/32 --destination-ip-prefix 10.0.0.6/32 --protocol icmp FC1"
But using tcpdump on vm2 ingress port, I could not see any traffic. Please let 
me know how can I debug this and what could be the possible issue.


Best Regards,
Navdeep Uniyal


From: Cathy Zhang [mailto:cathy.h.zh...@huawei.com]
Sent: Dienstag, 11. Oktober 2016 19:50
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [networking-sfc][devstack][mitaka]

Hi Navdeep,

Please see inline.

Cathy

From: Navdeep Uniyal [mailto:navdeep.uni...@neclab.eu]
Sent: Tuesday, October 11, 2016 5:42 AM
To: openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>
Subject: [openstack-dev] [networking-sfc][devstack][mitaka]

Hi all,

I have been trying out networking-sfc to create service function chain in 
Openstack. I could create all the port pairs, port-pair-groups, flow classifier 
and the chain but I could not see the packets on the desired hops.
I am trying to create a simple sfc with 3 VMs(vm1 to vm3) in the setup. I just 
want to check how it works. In my setup, vm1 is the Traffic generator(iperf) 
and vm3 is the traffic receiver(iperf server). Now, the  2 vms (vm2 and 3) are 
in the same network with vm1 and I want to move the iperf traffic from 
vm1->vm2->vm3. In order to achieve this, I have created 2 port pairs of vm2  
and vm3 and both pairs are in separate port pair groups (PG1 and PG2), also 
created a Flow classifier FC1 and finally chain with PG1, PG2 and FC1.  Now my 
question is, is my setup correct in order to achieve the sfc result as I stated 
above? Do I need to include the vm1 in the port pair group?

Cathy> You only need to include VM2 in a port pair group. Traffic source and 
traffic destination do not need to be included in the chain's port pair group, 
instead their IP addresses should be included in the flow classifier so that 
the system knows which flow needs to go through the chain. Here is a link to 
thw wiki.
https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining

Cathy




Below is the flow classifier:

++--+
| Field  | Value
|
++--+
| description  |
  |
| destination_ip_prefix   |  |
| destination_port_range_max |  |
| destination_port_range_min |  |
| ethertype| IPv4   
  |
| id | 
e5000ade-50ad-41ed-a159-b89c4blp97ec |
| l7_parameters  | {}   
|
| logical_destination_port   |  |
| logical_source_port   | 63cdf664-dd67-455c-8345-f01ef58c23e5 |
| name| FC1 
 |
| project_id   | 
6b90cd3356144681b44274d4881c5fc7 |
| protocol  | tcp   
   |
| source_ip_prefix  | 10.0.0.18/32  
   |
| source_port_range_max  |  |
| source_port_range_min  |  |
| tenant_id | 
6b90cd3310104681b44274d4881c5fc7 |
++--+



Is there any wiki with some example case explained with testing scenario?


Best Regards,
Navdeep Uniyal
Email: navdeep.uni...@neclab.eu<mailto:navdeep.uni...@neclab.eu>
-
Software Engineer
NEC Europe Ltd.
NEC Laboratories Europe
Kurfürstenanlage 36, D-69115 Heidelberg,

NEC Europe Ltd | Registered Office: Athene, Odyssey Busines

Re: [openstack-dev] [networking-sfc][devstack][mitaka]

2016-10-12 Thread Navdeep Uniyal 
Hi Cathy,

Thanks for your reply. I have the setup done without any errors with only one 
vm in the chain. I want to move all the icmp traffic from vm1 to vm3 via vm2. 
My Flow classifier looks like:
"neutron flow-classifier-create --ethertype IPv4 --source-ip-prefix 
10.0.0.18/32 --destination-ip-prefix 10.0.0.6/32 --protocol icmp FC1"
But using tcpdump on vm2 ingress port, I could not see any traffic. Please let 
me know how can I debug this and what could be the possible issue.


Best Regards,
Navdeep Uniyal


From: Cathy Zhang [mailto:cathy.h.zh...@huawei.com]
Sent: Dienstag, 11. Oktober 2016 19:50
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [networking-sfc][devstack][mitaka]

Hi Navdeep,

Please see inline.

Cathy

From: Navdeep Uniyal [mailto:navdeep.uni...@neclab.eu]
Sent: Tuesday, October 11, 2016 5:42 AM
To: openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>
Subject: [openstack-dev] [networking-sfc][devstack][mitaka]

Hi all,

I have been trying out networking-sfc to create service function chain in 
Openstack. I could create all the port pairs, port-pair-groups, flow classifier 
and the chain but I could not see the packets on the desired hops.
I am trying to create a simple sfc with 3 VMs(vm1 to vm3) in the setup. I just 
want to check how it works. In my setup, vm1 is the Traffic generator(iperf) 
and vm3 is the traffic receiver(iperf server). Now, the  2 vms (vm2 and 3) are 
in the same network with vm1 and I want to move the iperf traffic from 
vm1->vm2->vm3. In order to achieve this, I have created 2 port pairs of vm2  
and vm3 and both pairs are in separate port pair groups (PG1 and PG2), also 
created a Flow classifier FC1 and finally chain with PG1, PG2 and FC1.  Now my 
question is, is my setup correct in order to achieve the sfc result as I stated 
above? Do I need to include the vm1 in the port pair group?

Cathy> You only need to include VM2 in a port pair group. Traffic source and 
traffic destination do not need to be included in the chain's port pair group, 
instead their IP addresses should be included in the flow classifier so that 
the system knows which flow needs to go through the chain. Here is a link to 
thw wiki.
https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining

Cathy




Below is the flow classifier:

++--+
| Field  | Value
|
++--+
| description  |
  |
| destination_ip_prefix   |  |
| destination_port_range_max |  |
| destination_port_range_min |  |
| ethertype| IPv4   
  |
| id | 
e5000ade-50ad-41ed-a159-b89c4blp97ec |
| l7_parameters  | {}   
|
| logical_destination_port   |  |
| logical_source_port   | 63cdf664-dd67-455c-8345-f01ef58c23e5 |
| name| FC1 
 |
| project_id   | 
6b90cd3356144681b44274d4881c5fc7 |
| protocol  | tcp   
   |
| source_ip_prefix  | 10.0.0.18/32  
   |
| source_port_range_max  |  |
| source_port_range_min  |  |
| tenant_id | 
6b90cd3310104681b44274d4881c5fc7 |
++--+



Is there any wiki with some example case explained with testing scenario?


Best Regards,
Navdeep Uniyal
Email: navdeep.uni...@neclab.eu<mailto:navdeep.uni...@neclab.eu>
-
Software Engineer
NEC Europe Ltd.
NEC Laboratories Europe
Kurfürstenanlage 36, D-69115 Heidelberg,

NEC Europe Ltd | Registered Office: Athene, Odyssey Business Park, West End  
Road, London, HA4 6QE, GB | Registered in England 2832014
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [networking-sfc][devstack][mitaka]

2016-10-11 Thread Cathy Zhang 
Hi Navdeep,

Please see inline.

Cathy

From: Navdeep Uniyal [mailto:navdeep.uni...@neclab.eu]
Sent: Tuesday, October 11, 2016 5:42 AM
To: openstack-dev@lists.openstack.org
Subject: [openstack-dev] [networking-sfc][devstack][mitaka]

Hi all,

I have been trying out networking-sfc to create service function chain in 
Openstack. I could create all the port pairs, port-pair-groups, flow classifier 
and the chain but I could not see the packets on the desired hops.
I am trying to create a simple sfc with 3 VMs(vm1 to vm3) in the setup. I just 
want to check how it works. In my setup, vm1 is the Traffic generator(iperf) 
and vm3 is the traffic receiver(iperf server). Now, the  2 vms (vm2 and 3) are 
in the same network with vm1 and I want to move the iperf traffic from 
vm1->vm2->vm3. In order to achieve this, I have created 2 port pairs of vm2  
and vm3 and both pairs are in separate port pair groups (PG1 and PG2), also 
created a Flow classifier FC1 and finally chain with PG1, PG2 and FC1.  Now my 
question is, is my setup correct in order to achieve the sfc result as I stated 
above? Do I need to include the vm1 in the port pair group?

Cathy> You only need to include VM2 in a port pair group. Traffic source and 
traffic destination do not need to be included in the chain's port pair group, 
instead their IP addresses should be included in the flow classifier so that 
the system knows which flow needs to go through the chain. Here is a link to 
thw wiki.
https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining

Cathy




Below is the flow classifier:

++--+
| Field  | Value
|
++--+
| description  |
  |
| destination_ip_prefix   |  |
| destination_port_range_max |  |
| destination_port_range_min |  |
| ethertype| IPv4   
  |
| id | 
e5000ade-50ad-41ed-a159-b89c4blp97ec |
| l7_parameters  | {}   
|
| logical_destination_port   |  |
| logical_source_port   | 63cdf664-dd67-455c-8345-f01ef58c23e5 |
| name| FC1 
 |
| project_id   | 
6b90cd3356144681b44274d4881c5fc7 |
| protocol  | tcp   
   |
| source_ip_prefix  | 10.0.0.18/32  
   |
| source_port_range_max  |  |
| source_port_range_min  |  |
| tenant_id | 
6b90cd3310104681b44274d4881c5fc7 |
++--+



Is there any wiki with some example case explained with testing scenario?


Best Regards,
Navdeep Uniyal
Email: navdeep.uni...@neclab.eu
-
Software Engineer
NEC Europe Ltd.
NEC Laboratories Europe
Kurfürstenanlage 36, D-69115 Heidelberg,

NEC Europe Ltd | Registered Office: Athene, Odyssey Business Park, West End  
Road, London, HA4 6QE, GB | Registered in England 2832014
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev