[openstack-dev] [networking-sfc][devstack][mitaka] Chain doesn't work
Cathy Zhang
Cathy.H.Zhang at huawei.com
Fri Nov 4 18:08:52 UTC 2016
Hi Alioune,
SFC is working fine. Your problem is with configuration of your specific Service Function.
AFAIK, Farhad has responded to your question before.
https://www.mail-archive.com/openstack-dev@lists.openstack.org/msg95199.html
Thanks,
Cathy
From: Alioune [mailto:balioune3 at gmail.com]
Sent: Wednesday, November 02, 2016 5:40 AM
To: OpenStack Development Mailing List (not for usage questions)
Cc: Cathy Zhang; Mohan Kumar
Subject: Re: [networking-sfc][devstack][mitaka] Chain doesn't work
Any suggestion ?
On Monday, 24 October 2016, Alioune <balioune3 at gmail.com<mailto:balioune3 at gmail.com>> wrote:
Hi all,
I'm trying to implement service chain in OpenStack using networking-sfc (stable/mitaka) and OVS 2.5.90
The following is the architecture I used :
SRC DST
| |
========== br-int ============
|
SF1
SF1: 55.55.55.3
SRC: 55.55.55.4
DST: 55.55.55.5
I can create port-pairs, port-pair-group, classifier and chain with these commands:
neutron flow-classifier-create --ethertype IPv4 --source-ip-prefix 55.55.55.4/32<http://55.55.55.4/32> --logical-source-port 0009034f-4c39-4cbf-be7d-fcf82dad024c --protocol icmp FC1
neutron port-pair-create --ingress=p1 --egress=p1 PP1
neutron port-pair-group-create --port-pair PP1 PG1
neutron port-chain-create --port-pair-group PG1 --flow-classifier FC1 PC1
I could ping from SRC to DST before setting the chain, but after the chain creating ping doesn't work.
ICMP echo request packets arrive to SF1 port but it doesn't send back the packets in order to allow them to get their destination DST (see output below).
The Opendaylight/SFC project uses NSH aware service function (SF) that send back packets to the chains after analyzing them, I would like to know :
- How networking-sfc configures SF to send back packets to the chain as seem in some of your presentation ?
- What's wrong in my configurations (see commands and ovs-ofctl output below) ? I've followed the main steps described in your wiki page.
Best Regards,
vagrant at vagrant-ubuntu-trusty-64:~$ neutron port-list
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 0009034f-4c39-4cbf-be7d-fcf82dad024c | | fa:16:3e:dd:16:f7 | {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": "55.55.55.4"} |
| 082e896d-5982-458c-96e7-0dd372d3d7d9 | p1 | fa:16:3e:90:b4:67 | {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": "55.55.55.3"} |
| 2ad109e4-42a8-4554-b884-a32344e91036 | | fa:16:3e:74:9a:fa | {"subnet_id": "3cf6eb27-7258-4252-8f3d-b6f9d27c948b", "ip_address": "192.168.105.2"} |
| 51f055c0-ff4d-47f4-9328-9a0d7ca204f3 | | fa:16:3e:da:f9:93 | {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": "55.55.55.1"} |
| 656ad901-2bc0-407a-a581-da955ecf3b59 | | fa:16:3e:7f:44:01 | {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": "55.55.55.2"} |
| b1d14a4f-cde6-4c44-b42e-0f0466dba32a | | fa:16:3e:a6:c6:35 | {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address": "55.55.55.5"} |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
vagrant at vagrant-ubuntu-trusty-64:~$ ifconfig |grep 082e896d
qbr082e896d-59 Link encap:Ethernet HWaddr b6:96:27:fa:ab:af
qvb082e896d-59 Link encap:Ethernet HWaddr b6:96:27:fa:ab:af
qvo082e896d-59 Link encap:Ethernet HWaddr 7e:1a:7b:7d:09:df
tap082e896d-59 Link encap:Ethernet HWaddr fe:16:3e:90:b4:67
vagrant at vagrant-ubuntu-trusty-64:~$ sudo tcpdump -i tap082e896d-59 icmp
tcpdump: WARNING: tap082e896d-59: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap082e896d-59, link-type EN10MB (Ethernet), capture size 65535 bytes
10:51:10.229674 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 61, length 64
10:51:11.230318 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 62, length 64
10:51:12.233451 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 63, length 64
10:51:13.234496 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 64, length 64
10:51:14.235583 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 65, length 64
10:51:15.236585 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 66, length 64
10:51:16.237568 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 67, length 64
10:51:17.238974 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 68, length 64
10:51:18.244244 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 69, length 64
10:51:19.245758 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 70, length 64
10:51:20.246521 IP 55.55.55.4 > 55.55.55.5<http://55.55.55.5>: ICMP echo request, id 15617, seq 71, length 64
vagrant at vagrant-ubuntu-trusty-64:~/openstack_networking/simple-sf$ sudo ovs-ofctl dump-flows br-int -O OpenFlow13
2016-10-24T11:28:43Z|00001|ofp_actions|INFO|OFPAT_SET_MPLS_TTL is deprecated in OpenFlow13 (use Set-Field)
OFPST_FLOW reply (OF1.3) (xid=0x2):
cookie=0xbbf3cb977f3738c7, duration=2418.957s, table=0, n_packets=2297, n_bytes=225106, priority=30,icmp,in_port=5,nw_src=55.55.55.4 actions=group:1
cookie=0xbbf3cb977f3738c7, duration=2418.955s, table=0, n_packets=0, n_bytes=0, priority=30,icmp,in_port=4,nw_src=55.55.55.4 actions=NORMAL
cookie=0xbbf3cb977f3738c7, duration=8868.309s, table=0, n_packets=0, n_bytes=0, priority=20,mpls actions=resubmit(,10)
cookie=0xbbf3cb977f3738c7, duration=2882.723s, table=0, n_packets=0, n_bytes=0, priority=10,icmp6,in_port=5,icmp_type=136 actions=resubmit(,24)
cookie=0xbbf3cb977f3738c7, duration=2866.752s, table=0, n_packets=0, n_bytes=0, priority=10,icmp6,in_port=6,icmp_type=136 actions=resubmit(,24)
cookie=0xbbf3cb977f3738c7, duration=2650.698s, table=0, n_packets=0, n_bytes=0, priority=10,icmp6,in_port=4,icmp_type=136 actions=resubmit(,24)
cookie=0xbbf3cb977f3738c7, duration=2882.708s, table=0, n_packets=71, n_bytes=2982, priority=10,arp,in_port=5 actions=resubmit(,24)
cookie=0xbbf3cb977f3738c7, duration=2866.738s, table=0, n_packets=70, n_bytes=2940, priority=10,arp,in_port=6 actions=resubmit(,24)
cookie=0xbbf3cb977f3738c7, duration=2650.684s, table=0, n_packets=4, n_bytes=168, priority=10,arp,in_port=4 actions=resubmit(,24)
cookie=0xbbf3cb977f3738c7, duration=2882.737s, table=0, n_packets=70, n_bytes=8378, priority=9,in_port=5 actions=resubmit(,25)
cookie=0xbbf3cb977f3738c7, duration=2866.767s, table=0, n_packets=22, n_bytes=2332, priority=9,in_port=6 actions=resubmit(,25)
cookie=0xbbf3cb977f3738c7, duration=2650.715s, table=0, n_packets=15, n_bytes=1724, priority=9,in_port=4 actions=resubmit(,25)
cookie=0xbbf3cb977f3738c7, duration=8868.755s, table=0, n_packets=163, n_bytes=18908, priority=0 actions=NORMAL
cookie=0xbbf3cb977f3738c7, duration=2419.054s, table=5, n_packets=2297, n_bytes=225106, priority=0,ip,dl_dst=fa:16:3e:90:b4:67 actions=push_mpls:0x8847,set_field:511->mpls_label,set_mpls_ttl(255),push_vlan:0x8100,set_field:4097->vlan_vid,resubmit(,10)
cookie=0xbbf3cb977f3738c7, duration=2418.916s, table=10, n_packets=2297, n_bytes=225106, priority=1,mpls,dl_vlan=1,dl_dst=fa:16:3e:90:b4:67,mpls_label=511 actions=pop_vlan,pop_mpls:0x0800,output:4
cookie=0xbbf3cb977f3738c7, duration=8868.303s, table=10, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0xbbf3cb977f3738c7, duration=8868.749s, table=23, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0xbbf3cb977f3738c7, duration=2882.730s, table=24, n_packets=0, n_bytes=0, priority=2,icmp6,in_port=5,icmp_type=136,nd_target=fe80::f816:3eff:fedd:16f7 actions=NORMAL
cookie=0xbbf3cb977f3738c7, duration=2866.760s, table=24, n_packets=0, n_bytes=0, priority=2,icmp6,in_port=6,icmp_type=136,nd_target=fe80::f816:3eff:fea6:c635 actions=NORMAL
cookie=0xbbf3cb977f3738c7, duration=2650.708s, table=24, n_packets=0, n_bytes=0, priority=2,icmp6,in_port=4,icmp_type=136,nd_target=fe80::f816:3eff:fe90:b467 actions=NORMAL
cookie=0xbbf3cb977f3738c7, duration=2882.715s, table=24, n_packets=68, n_bytes=2856, priority=2,arp,in_port=5,arp_spa=55.55.55.4 actions=resubmit(,25)
cookie=0xbbf3cb977f3738c7, duration=2866.743s, table=24, n_packets=67, n_bytes=2814, priority=2,arp,in_port=6,arp_spa=55.55.55.5 actions=resubmit(,25)
cookie=0xbbf3cb977f3738c7, duration=2650.690s, table=24, n_packets=1, n_bytes=42, priority=2,arp,in_port=4,arp_spa=55.55.55.3 actions=resubmit(,25)
cookie=0xbbf3cb977f3738c7, duration=8868.743s, table=24, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0xbbf3cb977f3738c7, duration=2882.753s, table=25, n_packets=138, n_bytes=11130, priority=2,in_port=5,dl_src=fa:16:3e:dd:16:f7 actions=NORMAL
cookie=0xbbf3cb977f3738c7, duration=2866.783s, table=25, n_packets=87, n_bytes=4882, priority=2,in_port=6,dl_src=fa:16:3e:a6:c6:35 actions=NORMAL
cookie=0xbbf3cb977f3738c7, duration=2650.730s, table=25, n_packets=14, n_bytes=1502, priority=2,in_port=4,dl_src=fa:16:3e:90:b4:67 actions=NORMAL
--
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161104/cebd922c/attachment.html>
More information about the OpenStack-dev
mailing list