Hello,
When using native ovs in neutron, we endup with a lot of openflow rules on ovs side.
Debugging it with regular ovs-ofctl --color dump-flows is kind of painful.
Is there any tool that the community is using to manage that?
Thanks in advance!
Arnaud.
Also interested in this. Reading rules in dump-flows is an absolute pain. In an ideal world, I would have never have to.
We some stuff on our side that I'll see if I can share.
On Mon, Oct 11, 2021 at 9:41 AM Arnaud Morin arnaud.morin@gmail.com wrote:
Hello,
When using native ovs in neutron, we endup with a lot of openflow rules on ovs side.
Debugging it with regular ovs-ofctl --color dump-flows is kind of painful.
Is there any tool that the community is using to manage that?
Thanks in advance!
Arnaud.
That would be awesome!
We also built a tool which is looking for openflow rules related to a tap interface, but since we upgraded and enabled security rules in ovs, the tool isn't working anymore.
So before rewriting everything from scratch, I was wondering if the community was also dealing with the same issue.
So I am glad to here from you! Let me know :) Cheers
Le 11 octobre 2021 17:52:52 GMT+02:00, Laurent Dumont laurentfdumont@gmail.com a écrit :
Also interested in this. Reading rules in dump-flows is an absolute pain. In an ideal world, I would have never have to.
We some stuff on our side that I'll see if I can share.
On Mon, Oct 11, 2021 at 9:41 AM Arnaud Morin arnaud.morin@gmail.com wrote:
Hello,
When using native ovs in neutron, we endup with a lot of openflow rules on ovs side.
Debugging it with regular ovs-ofctl --color dump-flows is kind of painful.
Is there any tool that the community is using to manage that?
Thanks in advance!
Arnaud.
Hi,
For OVN with have small tool ml2ovn-trace: https://docs.openstack.org/neutron/ latest/ovn/ml2ovn_trace.html in the neutron repo https://docs.openstack.org/ neutron/latest/ovn/ml2ovn_trace.html but that will not be helpful for ML2/OVS at all.
On poniedziałek, 11 października 2021 20:05:40 CEST Arnaud wrote:
That would be awesome!
We also built a tool which is looking for openflow rules related to a tap interface, but since we upgraded and enabled security rules in ovs, the tool isn't working anymore.
Yes, for ML2/OVS with ovs firewall driver it is really painful to debug all those OF rules.
So before rewriting everything from scratch, I was wondering if the
community
was also dealing with the same issue.
If You will have anything like that, please share with community :)
So I am glad to here from you! Let me know :) Cheers
Le 11 octobre 2021 17:52:52 GMT+02:00, Laurent Dumont
laurentfdumont@gmail.com a écrit :
Also interested in this. Reading rules in dump-flows is an absolute pain. In an ideal world, I would have never have to.
We some stuff on our side that I'll see if I can share.
On Mon, Oct 11, 2021 at 9:41 AM Arnaud Morin arnaud.morin@gmail.com
wrote:
Hello,
When using native ovs in neutron, we endup with a lot of openflow rules on ovs side.
Debugging it with regular ovs-ofctl --color dump-flows is kind of painful.
Is there any tool that the community is using to manage that?
Thanks in advance!
Arnaud.
Hey all, we have been working on this subject recently and we pushed this:
https://review.opendev.org/c/openstack/osops/+/817715
Feel free to comment
+tag [ops][large-scale]
On 11.10.21 - 22:40, Slawek Kaplonski wrote:
Hi,
For OVN with have small tool ml2ovn-trace: https://docs.openstack.org/neutron/ latest/ovn/ml2ovn_trace.html in the neutron repo https://docs.openstack.org/ neutron/latest/ovn/ml2ovn_trace.html but that will not be helpful for ML2/OVS at all.
On poniedziałek, 11 października 2021 20:05:40 CEST Arnaud wrote:
That would be awesome!
We also built a tool which is looking for openflow rules related to a tap interface, but since we upgraded and enabled security rules in ovs, the tool isn't working anymore.
Yes, for ML2/OVS with ovs firewall driver it is really painful to debug all those OF rules.
So before rewriting everything from scratch, I was wondering if the
community
was also dealing with the same issue.
If You will have anything like that, please share with community :)
So I am glad to here from you! Let me know :) Cheers
Le 11 octobre 2021 17:52:52 GMT+02:00, Laurent Dumont
laurentfdumont@gmail.com a écrit :
Also interested in this. Reading rules in dump-flows is an absolute pain. In an ideal world, I would have never have to.
We some stuff on our side that I'll see if I can share.
On Mon, Oct 11, 2021 at 9:41 AM Arnaud Morin arnaud.morin@gmail.com
wrote:
Hello,
When using native ovs in neutron, we endup with a lot of openflow rules on ovs side.
Debugging it with regular ovs-ofctl --color dump-flows is kind of painful.
Is there any tool that the community is using to manage that?
Thanks in advance!
Arnaud.
-- Slawek Kaplonski Principal Software Engineer Red Hat
On 10/11/21 9:39 AM, Arnaud Morin wrote:
Hello,
When using native ovs in neutron, we endup with a lot of openflow rules on ovs side.
Debugging it with regular ovs-ofctl --color dump-flows is kind of painful.
Is there any tool that the community is using to manage that?
You can check SB Logical_Flow table with ovn-sbctl lflow-list. You can also use ovn-trace(8) to inspect OVN pipeline behavior.
Ihar
participants (5)
-
Arnaud
-
Arnaud Morin
-
Ihar Hrachyshka
-
Laurent Dumont
-
Slawek Kaplonski