Hi,

 

I have been trying to enable the networking SFC mechanism in OpenStack. I have successfully created port pairs, port pair groups, port chain and a flow classifier. However, I am unable to get the service chain working. The architecture of the set up I have deployed is attached. I have used the queens version of OpenStack.

 

The steps that I followed are as below.

•             Create port

    neutron port-create --name <p1-p6> sfc-Network

•             Create VMs and attach the interfaces with them accordingly

       VM1 – P1 & P2; VM2 – P3 & P4; VM3 – P5 & P6

•             Create port pairs

    neutron port-pair-create pp1 -- ingress p1 -- egress p2

    neutron port-pair-create pp2 -- ingress p3 -- egress p4

    neutron port-pair-create pp3 -- ingress p5 -- egress p6

•             Create port pair groups

    neutron port-pair-group-create -- port-pair pp1 ppg1

    neutron port-pair-group-create -- port-pair pp2 ppg2

    neutron port-pair-group-create -- port-pair pp3 ppg3

•             Create flow classifier

    neutron flow-classifier-create --source-ip-prefix <ip of p1> --destination-ip-prefix <ip of p6> --logical-source-port p1 fc1

•             Create port chain

    neutron port-chain-create --port-pair-group ppg1 --port-pair-group ppg2 --port-pair-group ppg3 --flow-classifier fc1 pc1

I am testing this architecture by sending a ping request from VM1 to VM3. Therefore, the destination port is P6. If SFC is working correctly, I should be able to see the packets go through the VM2 to VM3 when I do a tcpdump in VM2. As I am new to OpenStack and SFC, I am not certain if this is logically correct.

I would like to pose two questions.

1)            All the VMs are on the same network,  is it logically correct to expect the ping packets to be routed from VM1 > VM2 > VM3 in the SFC scenario? Because all the ports are on the same network, I get a ping response but it is not via VM2 even though the port chain is created through VM2.

2)            If not, how do I make sure that the packets are routed through VM2 which is the second port pair in the port pair chain. Could it be something to do with the OpenVSwitch configuration?

 

Any help would be highly appreciated.

 

Regards,

Kalyani Rajkumar

High Performance Networks Group, University of Bristol