[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack] [netvirt-dev] VM as a router with ODL/OpenStack

Hi Aswin

Iâ??ve just noticed that I donâ??t think the packet is ever actually making it through to OVS.

If I do a â??ovs-dpctl dump-flowsâ?? then I see the immediate drop on ingress port 5.

But if I extend that to â??ovs-ofctl -O OpenFlow13 dump-flows br-intâ?? the only entry I see is:

cookie=0x8000003, duration=3823.308s, table=21, n_packets=0, n_bytes=0, priority=18,ip,metadata=0x30d40/0xfffffe,nw_dst= actions=group:150007

Iâ??ve just checked the port names and â??Port 5â?? is:

name                : "br-prov2-patch"
ofport              : 5


From: Aswin Suryanarayanan [mailto:asuryana at]
Sent: 20 July 2018 10:45
To: Lake D Mr (PG/R - Elec Electronic Eng) <d.lake at>
Cc: odl netvirt dev <netvirt-dev at>; openstack at; Ge C Dr (Elec Electronic Eng) < at>
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack

On Fri, Jul 20, 2018 at 1:02 PM, <d.lake at<mailto:d.lake at>> wrote:

Iâ??m trying to use a VM as a router in an OpenStack + ODL installation.

I have the VM set up with two internal addresses - and   They are allocated floating public addresses of and respectively.

I am using a TREx load generator which sources from<> and sinks to<>.

I have added routes both ways on the routers between the floating and private addresses.

I have read that I need to disable â??port securityâ?? on the VM ports to allow IP spoofing - does this also include the router ports?

Router ports have port security disabled by default , no need to do that explicitly.

Also, when I start a test session generating traffic from -> I see a flow in OVS which matches but has an action of â??drop.â??

Which table exactly is the packet dropped?

How do I overcome this?

Thanks in advance


Sent from my iPhone

netvirt-dev mailing list
netvirt-dev at<mailto:netvirt-dev at>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>