git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack] [netvirt-dev] VM as a router with ODL/OpenStack


With â??ovs-ofctl -O OpenFlow13 dump-flows br-intâ??  I donâ??t see ANY entries for packets to 48.0.0.0/8 or 16.0.0.0/8

Only this one entry (which I think is a static route which I have in the router between the floating network and the private network).

David

From: Aswin Suryanarayanan [mailto:asuryana at redhat.com]
Sent: 20 July 2018 12:28
To: Lake D Mr (PG/R - Elec Electronic Eng) <d.lake at surrey.ac.uk>
Cc: odl netvirt dev <netvirt-dev at lists.opendaylight.org>; openstack at lists.openstack.org; Ge C Dr (Elec Electronic Eng) <c.ge at surrey.ac.uk>
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack



On Fri, Jul 20, 2018 at 4:32 PM, <d.lake at surrey.ac.uk<mailto:d.lake at surrey.ac.uk>> wrote:
Hi Aswin

Iâ??ve just noticed that I donâ??t think the packet is ever actually making it through to OVS.

If I do a â??ovs-dpctl dump-flowsâ?? then I see the immediate drop on ingress port 5.

But if I extend that to â??ovs-ofctl -O OpenFlow13 dump-flows br-intâ?? the only entry I see is:

cookie=0x8000003, duration=3823.308s, table=21, n_packets=0, n_bytes=0, priority=18,ip,metadata=0x30d40/0xfffffe,nw_dst=48.0.0.0/8 actions=group:150007

Oh I think it is hard to understand  the reason from this flow. Were you able to identify where the packet is dropped from â??ovs-ofctl -O OpenFlow13 dump-flows br-intâ?? ?

Iâ??ve just checked the port names and â??Port 5â?? is:

name                : "br-prov2-patch"
ofport              : 5


David

From: Aswin Suryanarayanan [mailto:asuryana at redhat.com<mailto:asuryana at redhat.com>]
Sent: 20 July 2018 10:45
To: Lake D Mr (PG/R - Elec Electronic Eng) <d.lake at surrey.ac.uk<mailto:d.lake at surrey.ac.uk>>
Cc: odl netvirt dev <netvirt-dev at lists.opendaylight.org<mailto:netvirt-dev at lists.opendaylight.org>>; openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>; Ge C Dr (Elec Electronic Eng) <c.ge at surrey.ac.uk<mailto:c.ge at surrey.ac.uk>>
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack



On Fri, Jul 20, 2018 at 1:02 PM, <d.lake at surrey.ac.uk<mailto:d.lake at surrey.ac.uk>> wrote:
Hello

Iâ??m trying to use a VM as a router in an OpenStack + ODL installation.

I have the VM set up with two internal addresses - 10.10.5.21 and 10.10.6.21.   They are allocated floating public addresses of 10.201.81.21 and 10.201.82.21 respectively.

I am using a TREx load generator which sources from 16.0.0.0/8<http://16.0.0.0/8> and sinks to 48.0.0.0/8<http://48.0.0.0/8>.

I have added routes both ways on the routers between the floating and private addresses.

I have read that I need to disable â??port securityâ?? on the VM ports to allow IP spoofing - does this also include the router ports?

Router ports have port security disabled by default , no need to do that explicitly.

Also, when I start a test session generating traffic from 16.0.0.0 -> 48.0.0.0. I see a flow in OVS which matches but has an action of â??drop.â??

Which table exactly is the packet dropped?

How do I overcome this?

Thanks in advance

David

Sent from my iPhone

_______________________________________________
netvirt-dev mailing list
netvirt-dev at lists.opendaylight.org<mailto:netvirt-dev at lists.opendaylight.org>
https://lists.opendaylight.org/mailman/listinfo/netvirt-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20180720/abcea7e3/attachment.html>