[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack] [netvirt-dev] VM as a router with ODL/OpenStack

With â??ovs-ofctl -O OpenFlow13 dump-flows br-intâ??  I donâ??t see ANY entries for packets to or

Only this one entry (which I think is a static route which I have in the router between the floating network and the private network).


From: Aswin Suryanarayanan [mailto:asuryana at]
Sent: 20 July 2018 12:28
To: Lake D Mr (PG/R - Elec Electronic Eng) <d.lake at>
Cc: odl netvirt dev <netvirt-dev at>; openstack at; Ge C Dr (Elec Electronic Eng) < at>
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack

On Fri, Jul 20, 2018 at 4:32 PM, <d.lake at<mailto:d.lake at>> wrote:
Hi Aswin

Iâ??ve just noticed that I donâ??t think the packet is ever actually making it through to OVS.

If I do a â??ovs-dpctl dump-flowsâ?? then I see the immediate drop on ingress port 5.

But if I extend that to â??ovs-ofctl -O OpenFlow13 dump-flows br-intâ?? the only entry I see is:

cookie=0x8000003, duration=3823.308s, table=21, n_packets=0, n_bytes=0, priority=18,ip,metadata=0x30d40/0xfffffe,nw_dst= actions=group:150007

Oh I think it is hard to understand  the reason from this flow. Were you able to identify where the packet is dropped from â??ovs-ofctl -O OpenFlow13 dump-flows br-intâ?? ?

Iâ??ve just checked the port names and â??Port 5â?? is:

name                : "br-prov2-patch"
ofport              : 5


From: Aswin Suryanarayanan [mailto:asuryana at<mailto:asuryana at>]
Sent: 20 July 2018 10:45
To: Lake D Mr (PG/R - Elec Electronic Eng) <d.lake at<mailto:d.lake at>>
Cc: odl netvirt dev <netvirt-dev at<mailto:netvirt-dev at>>; openstack at<mailto:openstack at>; Ge C Dr (Elec Electronic Eng) < at< at>>
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack

On Fri, Jul 20, 2018 at 1:02 PM, <d.lake at<mailto:d.lake at>> wrote:

Iâ??m trying to use a VM as a router in an OpenStack + ODL installation.

I have the VM set up with two internal addresses - and   They are allocated floating public addresses of and respectively.

I am using a TREx load generator which sources from<> and sinks to<>.

I have added routes both ways on the routers between the floating and private addresses.

I have read that I need to disable â??port securityâ?? on the VM ports to allow IP spoofing - does this also include the router ports?

Router ports have port security disabled by default , no need to do that explicitly.

Also, when I start a test session generating traffic from -> I see a flow in OVS which matches but has an action of â??drop.â??

Which table exactly is the packet dropped?

How do I overcome this?

Thanks in advance


Sent from my iPhone

netvirt-dev mailing list
netvirt-dev at<mailto:netvirt-dev at>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>