Dear Sir,

We are testing a simple SFC in OpenStack (Stein) + OpenDaylight (Neon) + Open vSwitch (v2.11.1). It's an all-in-one deployment.

We have read the document:

https://readthedocs.org/projects/odl-sfc/downloads/pdf/latest/

and

https://github.com/opnfv/sfc/blob/master/docs/release/scenarios/os-odl-sfc-noha/scenario.description.rst

image.png

Our SFC topology:

enter image description here

All on the same compute node.

Build SFC through API:

  1. openstack sfc flow classifier create --source-ip-prefix 10.20.0.0/24 --logical-source-port p0 FC1

  2. openstack sfc port pair create --description "Firewall SF instance 1" --ingress p1 --egress p1 --service-function-parameters correlation=None PP1

  3. openstack sfc port pair group create --port-pair PP1 PPG1

  4. openstack sfc port chain create --port-pair-group PPG1 --flow-classifier FC1 --chain-parameters correlation=nsh PC1

Ping from client to server, but packet did not pass through firewall,open vswitch log show:

enter image description here

Flow table: 

enter image description here

trace flow:

enter image description here

Is there something wrong with the OpenStack instructions? 

It seems SFC proxy not work or there may be some bugs in "networking-sfc"?

Thanks!


Sincerely,
Jhen-Hao

From NTU CSIE

Sender notified by
Mailtrack 03/04/21, 05:26:34 PM