[openstack-dev] [Nova][Neutron] Linuxbridge as the default in DevStack [was: Status of the nova-network to Neutron migration work]
afazekas at redhat.com
Tue Apr 28 08:22:44 UTC 2015
You can tcpdump the ovs ports as usual.
Please keep in mind ovs does not have `single contention` port.
OVS does MAC learning by default and you may not see `learned` uni-cast traffic
on a random trunk port. You MAY see BUM traffic, but many of them also can be canceled
by neutron-ml2-ovs, AFAIK it is not enabled by default.
OVS behaves like a real switch, real switches also does not have 5 Tbit/sec ports for monitoring :(
If you need to tcpudump on a port which is not visible in the userspace (internal patch links) by default
you should do port mirroring. 
Usually you do not need to dump the traffic,
What you should do as basic trouble shooting is checking the tags on the ports,
(`ovsdb-client dump` show everything, excluding the oflow rules)
Hopefully the root cause is fixed, but you should check is the port not trunk
when it needs to be tagged.
Neutron also dedicates the vlan-4095 on br-int as dead vlan,
If you have a port in this, it can mean a miss configuration
or a message lost in the void or something Exceptional happened.
If you really need to redirect exceptional `out of band` traffic to a special port
or to an external service (controller) it would be more complex thing
then just doing the mirroring.
OVS does not generates ICMP packets in many cases when a real `L3` switch would do,
thats why the MTU size differences causes issues and requires extra care at configuration,
when ovs used with tunneling. (OVS also can be used with vlans)
Probably this caused the most headache for many user.
Somewhere I read the ovs had the PMTUD support, but it was removed because
it was not conforming to the standard.
It just does silent packet drop :(
----- Original Message -----
> From: "Jeremy Stanley" <fungi at yuggoth.org>
> To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
> Sent: Tuesday, April 21, 2015 5:00:24 PM
> Subject: Re: [openstack-dev] [Nova][Neutron] Linuxbridge as the default in DevStack [was: Status of the nova-network
> to Neutron migration work]
> On 2015-04-21 03:19:04 -0400 (-0400), Attila Fazekas wrote:
> > IMHO the OVS is less complex than netfilter (iptables, *tables),
> > if someone able to deal with reading the netfilter rules he should
> > be able to deal with OVS as well.
> In a simple DevStack setup, you really have that many
> iptables/ebtables rules?
> > OVS has debugging tools for internal operations, I guess you are
> > looking for something else. I do not have any `good debugging`
> > tool for net-filter either.
> Complexity of connecting tcpdump to the bridge was the primary
> concern here (convenient means of debugging network problems when
> you're using OVS, less tools for debugging OVS itself though it can
> come down to that at times as well). Also ebtables can easily be
> configured to log every frame it blocks, forwards or rewrites
> (presumably so can the OVS flow handler? but how?).
> Jeremy Stanley
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev