[Openstack] [netvirt-dev] VM as a router with ODL/OpenStack
Iâ??ve just noticed that I donâ??t think the packet is ever actually making it through to OVS.
If I do a â??ovs-dpctl dump-flowsâ?? then I see the immediate drop on ingress port 5.
But if I extend that to â??ovs-ofctl -O OpenFlow13 dump-flows br-intâ?? the only entry I see is:
cookie=0x8000003, duration=3823.308s, table=21, n_packets=0, n_bytes=0, priority=18,ip,metadata=0x30d40/0xfffffe,nw_dst=18.104.22.168/8 actions=group:150007
Iâ??ve just checked the port names and â??Port 5â?? is:
name : "br-prov2-patch"
ofport : 5
From: Aswin Suryanarayanan [mailto:asuryana at redhat.com]
Sent: 20 July 2018 10:45
To: Lake D Mr (PG/R - Elec Electronic Eng) <d.lake at surrey.ac.uk>
Cc: odl netvirt dev <netvirt-dev at lists.opendaylight.org>; openstack at lists.openstack.org; Ge C Dr (Elec Electronic Eng) <c.ge at surrey.ac.uk>
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack
On Fri, Jul 20, 2018 at 1:02 PM, <d.lake at surrey.ac.uk<mailto:d.lake at surrey.ac.uk>> wrote:
Iâ??m trying to use a VM as a router in an OpenStack + ODL installation.
I have the VM set up with two internal addresses - 10.10.5.21 and 10.10.6.21. They are allocated floating public addresses of 10.201.81.21 and 10.201.82.21 respectively.
I am using a TREx load generator which sources from 22.214.171.124/8<http://126.96.36.199/8> and sinks to 188.8.131.52/8<http://184.108.40.206/8>.
I have added routes both ways on the routers between the floating and private addresses.
I have read that I need to disable â??port securityâ?? on the VM ports to allow IP spoofing - does this also include the router ports?
Router ports have port security disabled by default , no need to do that explicitly.
Also, when I start a test session generating traffic from 220.127.116.11 -> 18.104.22.168. I see a flow in OVS which matches but has an action of â??drop.â??
Which table exactly is the packet dropped?
How do I overcome this?
Thanks in advance
Sent from my iPhone
netvirt-dev mailing list
netvirt-dev at lists.opendaylight.org<mailto:netvirt-dev at lists.opendaylight.org>
-------------- next part --------------
An HTML attachment was scrubbed...