[networking-sfc] Unable to get Service Function Chain Mechanism working in Neutron
Hi,
I have been trying to enable the networking SFC mechanism in OpenStack. I have successfully created port pairs, port pair groups, port chain and a flow classifier. However, I am unable to get the service chain working. The architecture of the set up I have deployed is attached. I have used the queens version of OpenStack.
The steps that I followed are as below. * Create port neutron port-create --name <p1-p6> sfc-Network * Create VMs and attach the interfaces with them accordingly VM1 - P1 & P2; VM2 - P3 & P4; VM3 - P5 & P6 * Create port pairs neutron port-pair-create pp1 -- ingress p1 -- egress p2 neutron port-pair-create pp2 -- ingress p3 -- egress p4 neutron port-pair-create pp3 -- ingress p5 -- egress p6 * Create port pair groups neutron port-pair-group-create -- port-pair pp1 ppg1 neutron port-pair-group-create -- port-pair pp2 ppg2 neutron port-pair-group-create -- port-pair pp3 ppg3 * Create flow classifier neutron flow-classifier-create --source-ip-prefix <ip of p1> --destination-ip-prefix <ip of p6> --logical-source-port p1 fc1 * Create port chain neutron port-chain-create --port-pair-group ppg1 --port-pair-group ppg2 --port-pair-group ppg3 --flow-classifier fc1 pc1 I am testing this architecture by sending a ping request from VM1 to VM3. Therefore, the destination port is P6. If SFC is working correctly, I should be able to see the packets go through the VM2 to VM3 when I do a tcpdump in VM2. As I am new to OpenStack and SFC, I am not certain if this is logically correct. I would like to pose two questions. 1) All the VMs are on the same network, is it logically correct to expect the ping packets to be routed from VM1 > VM2 > VM3 in the SFC scenario? Because all the ports are on the same network, I get a ping response but it is not via VM2 even though the port chain is created through VM2. 2) If not, how do I make sure that the packets are routed through VM2 which is the second port pair in the port pair chain. Could it be something to do with the OpenVSwitch configuration?
Any help would be highly appreciated.
Regards, Kalyani Rajkumar High Performance Networks Group, University of Bristol
Hi,
I would like some help regarding the networking-SFC in openstack. I have been trying to set it up but I am not able to see any packets in the VMs in the service chain when I do a ping command from the source VM to the destination VM even though I am getting a ping response.
The following is what I see for the IP addresses of the VMs when I do ovs-ofctl dump-flows br-int.
cookie=0x51e24153cd662cb7, duration=76955.198s, table=24, n_packets=13, n_bytes=546, priority=2,arp,in_port="qvoc5a16c34-53",arp_spa=50.50.50.29 actions=resubmit(,25) cookie=0x51e24153cd662cb7, duration=76955.179s, table=24, n_packets=5, n_bytes=210, priority=2,arp,in_port="qvo0edc6dab-9c",arp_spa=50.50.50.19 actions=resubmit(,25) cookie=0x51e24153cd662cb7, duration=76955.169s, table=24, n_packets=5, n_bytes=210, priority=2,arp,in_port="qvo3f5fdc8e-56",arp_spa=50.50.50.13 actions=resubmit(,25) cookie=0x51e24153cd662cb7, duration=76955.154s, table=24, n_packets=10, n_bytes=420, priority=2,arp,in_port="qvo36c64023-a8",arp_spa=50.50.50.11 actions=resubmit(,25) cookie=0x51e24153cd662cb7, duration=76810.903s, table=24, n_packets=5, n_bytes=210, priority=2,arp,in_port="qvo55b6db77-73",arp_spa=50.50.50.14 actions=resubmit(,25) cookie=0x51e24153cd662cb7, duration=76810.894s, table=24, n_packets=23, n_bytes=966, priority=2,arp,in_port="qvoaebad029-52",arp_spa=50.50.50.3 actions=resubmit(,25)
I am following the steps from the following tutorial https://www.openstack.org/assets/presentation-media/SFC-for-OpenStack-Austin.... I installed networking-sfc version 6.0.0 for Openstack Queens as per https://docs.openstack.org/networking-sfc/latest/install/install.html. Kindly let me know if there is an alternate way of achieving the SFC mechanism or if I am missing something.
Regards, Kalyani
From: Kalyani Rajkumar Sent: 15 May 2019 13:24 To: openstack-discuss@lists.openstack.org Subject: [networking-sfc] Unable to get Service Function Chain Mechanism working in Neutron
Hi,
I have been trying to enable the networking SFC mechanism in OpenStack. I have successfully created port pairs, port pair groups, port chain and a flow classifier. However, I am unable to get the service chain working. The architecture of the set up I have deployed is attached. I have used the queens version of OpenStack.
The steps that I followed are as below. * Create port neutron port-create --name <p1-p6> sfc-Network * Create VMs and attach the interfaces with them accordingly VM1 - P1 & P2; VM2 - P3 & P4; VM3 - P5 & P6 * Create port pairs neutron port-pair-create pp1 -- ingress p1 -- egress p2 neutron port-pair-create pp2 -- ingress p3 -- egress p4 neutron port-pair-create pp3 -- ingress p5 -- egress p6 * Create port pair groups neutron port-pair-group-create -- port-pair pp1 ppg1 neutron port-pair-group-create -- port-pair pp2 ppg2 neutron port-pair-group-create -- port-pair pp3 ppg3 * Create flow classifier neutron flow-classifier-create --source-ip-prefix <ip of p1> --destination-ip-prefix <ip of p6> --logical-source-port p1 fc1 * Create port chain neutron port-chain-create --port-pair-group ppg1 --port-pair-group ppg2 --port-pair-group ppg3 --flow-classifier fc1 pc1 I am testing this architecture by sending a ping request from VM1 to VM3. Therefore, the destination port is P6. If SFC is working correctly, I should be able to see the packets go through the VM2 to VM3 when I do a tcpdump in VM2. As I am new to OpenStack and SFC, I am not certain if this is logically correct. I would like to pose two questions. 1) All the VMs are on the same network, is it logically correct to expect the ping packets to be routed from VM1 > VM2 > VM3 in the SFC scenario? Because all the ports are on the same network, I get a ping response but it is not via VM2 even though the port chain is created through VM2. 2) If not, how do I make sure that the packets are routed through VM2 which is the second port pair in the port pair chain. Could it be something to do with the OpenVSwitch configuration?
Any help would be highly appreciated.
Regards, Kalyani Rajkumar High Performance Networks Group, University of Bristol
participants (1)
-
Kalyani Rajkumar