[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[networking-sfc] Unable to get Service Function Chain Mechanism working in Neutron


I have been trying to enable the networking SFC mechanism in OpenStack. I have successfully created port pairs, port pair groups, port chain and a flow classifier. However, I am unable to get the service chain working. The architecture of the set up I have deployed is attached. I have used the queens version of OpenStack.

The steps that I followed are as below.
*             Create port
    neutron port-create --name <p1-p6> sfc-Network
*             Create VMs and attach the interfaces with them accordingly
       VM1 - P1 & P2; VM2 - P3 & P4; VM3 - P5 & P6
*             Create port pairs
    neutron port-pair-create pp1 -- ingress p1 -- egress p2
    neutron port-pair-create pp2 -- ingress p3 -- egress p4
    neutron port-pair-create pp3 -- ingress p5 -- egress p6
*             Create port pair groups
    neutron port-pair-group-create -- port-pair pp1 ppg1
    neutron port-pair-group-create -- port-pair pp2 ppg2
    neutron port-pair-group-create -- port-pair pp3 ppg3
*             Create flow classifier
    neutron flow-classifier-create --source-ip-prefix <ip of p1> --destination-ip-prefix <ip of p6> --logical-source-port p1 fc1
*             Create port chain
    neutron port-chain-create --port-pair-group ppg1 --port-pair-group ppg2 --port-pair-group ppg3 --flow-classifier fc1 pc1
I am testing this architecture by sending a ping request from VM1 to VM3. Therefore, the destination port is P6. If SFC is working correctly, I should be able to see the packets go through the VM2 to VM3 when I do a tcpdump in VM2. As I am new to OpenStack and SFC, I am not certain if this is logically correct.
I would like to pose two questions.
1)            All the VMs are on the same network,  is it logically correct to expect the ping packets to be routed from VM1 > VM2 > VM3 in the SFC scenario? Because all the ports are on the same network, I get a ping response but it is not via VM2 even though the port chain is created through VM2.
2)            If not, how do I make sure that the packets are routed through VM2 which is the second port pair in the port pair chain. Could it be something to do with the OpenVSwitch configuration?

Any help would be highly appreciated.

Kalyani Rajkumar
High Performance Networks Group, University of Bristol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture1.png
Type: image/png
Size: 12566 bytes
Desc: Picture1.png
URL: <>