[openstack-dev] [neutron][networking-sfc] Unable to create openstack SFC
Mohan Kumar
nmohankumar1011 at gmail.com
Wed Aug 17 13:30:43 UTC 2016
Alioune,
tcpdump in SF ingress / egress tap interfaces will show packets flows . I
guess the packet not going through SFs .
You may check flow_rules packet counter and actions
field (actions=drop) on br_int to find where the packet actually get
dropping .
Please make sure you disabled security groups on SF attached ports :
neutron port-update <port-name/id> --no-security-groups
neutron port-update <port-name/id> --port-security-enabled=False
Thanks.,
Mohankumar.N
On Wed, Aug 17, 2016 at 6:01 PM, Alioune <balioune3 at gmail.com> wrote:
> Hi all,
> I've solved the error.
> In fact I did not create a router attached to the tenant subnet and
> according to neutron logs that was the first exception raised while
> creating port-chain.
> Now the port-chain has been created and some flows entries have been
> pushed in br-int. I think I could be interesting to update the wiki.
>
> When running a ping from the source to the dst, I can see ICMP (request
> and reply) packets from the Tap interface of the source but I can not see
> them in the Taps of SFs.
> Is there a way to display packets (with wireshark or tcpdump ) going
> inbout and outbount of the SFs ?
>
> Regards,
>
> On 16 August 2016 at 16:06, Mohan Kumar <nmohankumar1011 at gmail.com> wrote:
>
>> Hi Alioune,
>>
>> Could you share neutron log as well ? also let us know your sfc code
>> base., If possible shall we have quick chat on this in neutron IRC channel ?
>>
>> Thanks.,
>> Mohankumar.N
>>
>> On Mon, Aug 15, 2016 at 5:09 PM, Alioune <balioune3 at gmail.com> wrote:
>>
>>> Hi all,
>>> I'm trying to launch Openstack SFC as explained in[1] by creating 2 SFs,
>>> 1 Web Server (DST) and the DHCP namespace as the SRC.
>>> I've installed OVS (Open vSwitch) 2.3.90 with Linux kernel 3.13.0-62 and
>>> the neutron L2-agent runs correctly.
>>> I followed the process by creating classifier, port pairs and port_group
>>> but I got a wrong message "delete_port_chain failed." when creating
>>> port_chain [2]
>>> I tried to create the neutron ports with and without the option
>>> "--no-security-groups" then tcpdpump on SFs tap interfaces but the ICMP
>>> packets don't go through the SFs.
>>>
>>> Can anyone advice to fix? that ?
>>> What's your channel on IRC ?
>>>
>>> Regards,
>>>
>>>
>>> [1] https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining
>>> [2]
>>> vagrant at ubuntu:~/openstack_sfc$ ./08-os_create_port_chain.sh
>>> delete_port_chain failed.
>>> vagrant at ubuntu:~/openstack_sfc$ cat 08-os_create_port_chain.sh
>>> #!/bin/bash
>>>
>>> neutron port-chain-create --port-pair-group PG1 --port-pair-group PG2
>>> --flow-classifier FC1 PC1
>>>
>>> [3] Output OVS Flows
>>>
>>> vagrant at ubuntu:~$ sudo ovs-ofctl dump-flows br-tun -O OpenFlow13
>>> OFPST_FLOW reply (OF1.3) (xid=0x2):
>>> cookie=0xbc2e9105125301dc, duration=9615.385s, table=0, n_packets=146,
>>> n_bytes=11534, priority=1,in_port=1 actions=resubmit(,2)
>>> cookie=0xbc2e9105125301dc, duration=9615.382s, table=0, n_packets=0,
>>> n_bytes=0, priority=0 actions=drop
>>> cookie=0xbc2e9105125301dc, duration=9615.382s, table=2, n_packets=5,
>>> n_bytes=490, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00
>>> actions=resubmit(,20)
>>> cookie=0xbc2e9105125301dc, duration=9615.381s, table=2, n_packets=141,
>>> n_bytes=11044, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
>>> actions=resubmit(,22)
>>> cookie=0xbc2e9105125301dc, duration=9615.380s, table=3, n_packets=0,
>>> n_bytes=0, priority=0 actions=drop
>>> cookie=0xbc2e9105125301dc, duration=9615.380s, table=4, n_packets=0,
>>> n_bytes=0, priority=0 actions=drop
>>> cookie=0xbc2e9105125301dc, duration=8617.106s, table=4, n_packets=0,
>>> n_bytes=0, priority=1,tun_id=0x40e actions=push_vlan:0x8100,set_f
>>> ield:4097->vlan_vid,resubmit(,10)
>>> cookie=0xbc2e9105125301dc, duration=9615.379s, table=6, n_packets=0,
>>> n_bytes=0, priority=0 actions=drop
>>> cookie=0xbc2e9105125301dc, duration=9615.379s, table=10, n_packets=0,
>>> n_bytes=0, priority=1 actions=learn(table=20,hard_ti
>>> meout=300,priority=1,cookie=0xbc2e9105125301dc,NXM_OF_VLAN_T
>>> CI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_
>>> VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_
>>> OF_IN_PORT[]),output:1
>>> cookie=0xbc2e9105125301dc, duration=9615.378s, table=20, n_packets=5,
>>> n_bytes=490, priority=0 actions=resubmit(,22)
>>> cookie=0xbc2e9105125301dc, duration=9615.342s, table=22, n_packets=146,
>>> n_bytes=11534, priority=0 actions=drop
>>> vagrant at ubuntu:~$ sudo ovs-ofctl dump-flows br-int -O OpenFlow13
>>> OFPST_FLOW reply (OF1.3) (xid=0x2):
>>> cookie=0xbc2e9105125301dc, duration=6712.090s, table=0, n_packets=0,
>>> n_bytes=0, priority=10,icmp6,in_port=7,icmp_type=136
>>> actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=6709.623s, table=0, n_packets=0,
>>> n_bytes=0, priority=10,icmp6,in_port=8,icmp_type=136
>>> actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=6555.755s, table=0, n_packets=0,
>>> n_bytes=0, priority=10,icmp6,in_port=10,icmp_type=136
>>> actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=6559.596s, table=0, n_packets=0,
>>> n_bytes=0, priority=10,icmp6,in_port=9,icmp_type=136
>>> actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=6461.028s, table=0, n_packets=0,
>>> n_bytes=0, priority=10,icmp6,in_port=11,icmp_type=136
>>> actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=6712.071s, table=0, n_packets=13,
>>> n_bytes=546, priority=10,arp,in_port=7 actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=6709.602s, table=0, n_packets=0,
>>> n_bytes=0, priority=10,arp,in_port=8 actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=6555.727s, table=0, n_packets=0,
>>> n_bytes=0, priority=10,arp,in_port=10 actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=6559.574s, table=0, n_packets=12,
>>> n_bytes=504, priority=10,arp,in_port=9 actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=6461.005s, table=0, n_packets=15,
>>> n_bytes=630, priority=10,arp,in_port=11 actions=resubmit(,24)
>>> cookie=0xbc2e9105125301dc, duration=9620.388s, table=0, n_packets=514,
>>> n_bytes=49656, priority=0 actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=9619.277s, table=0, n_packets=0,
>>> n_bytes=0, priority=20,mpls actions=resubmit(,10)
>>> cookie=0xbc2e9105125301dc, duration=6712.111s, table=0, n_packets=25,
>>> n_bytes=2674, priority=9,in_port=7 actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=6559.621s, table=0, n_packets=24,
>>> n_bytes=2576, priority=9,in_port=9 actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=6555.777s, table=0, n_packets=2,
>>> n_bytes=140, priority=9,in_port=10 actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=6461.082s, table=0, n_packets=47,
>>> n_bytes=4830, priority=9,in_port=11 actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=6709.646s, table=0, n_packets=3,
>>> n_bytes=230, priority=9,in_port=8 actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=9619.265s, table=10, n_packets=0,
>>> n_bytes=0, priority=0 actions=drop
>>> cookie=0xbc2e9105125301dc, duration=9620.378s, table=23, n_packets=0,
>>> n_bytes=0, priority=0 actions=drop
>>> cookie=0xbc2e9105125301dc, duration=9620.368s, table=24, n_packets=0,
>>> n_bytes=0, priority=0 actions=drop
>>> cookie=0xbc2e9105125301dc, duration=6709.633s, table=24, n_packets=0,
>>> n_bytes=0, priority=2,icmp6,in_port=8,icmp_type=136,nd_target=fe80::f816:3eff:fe2a:fe
>>> actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=6712.101s, table=24, n_packets=0,
>>> n_bytes=0, priority=2,icmp6,in_port=7,icmp_type=136,nd_target=fe80::f816:3eff:fee7:1362
>>> actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=6559.607s, table=24, n_packets=0,
>>> n_bytes=0, priority=2,icmp6,in_port=9,icmp_type=136,nd_target=fe80::f816:3eff:fe91:95ee
>>> actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=6555.766s, table=24, n_packets=0,
>>> n_bytes=0, priority=2,icmp6,in_port=10,icmp_type=136,nd_target=fe80::f816:3eff:fe76:d998
>>> actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=6461.055s, table=24, n_packets=0,
>>> n_bytes=0, priority=2,icmp6,in_port=11,icmp_type=136,nd_target=fe80::f816:3eff:fe5e:ed96
>>> actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=6709.611s, table=24, n_packets=0,
>>> n_bytes=0, priority=2,arp,in_port=8,arp_spa=55.55.55.12
>>> actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=6555.741s, table=24, n_packets=0,
>>> n_bytes=0, priority=2,arp,in_port=10,arp_spa=55.55.55.14
>>> actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=6712.080s, table=24, n_packets=13,
>>> n_bytes=546, priority=2,arp,in_port=7,arp_spa=55.55.55.11
>>> actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=6559.584s, table=24, n_packets=12,
>>> n_bytes=504, priority=2,arp,in_port=9,arp_spa=55.55.55.13
>>> actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=6461.015s, table=24, n_packets=15,
>>> n_bytes=630, priority=2,arp,in_port=11,arp_spa=55.55.55.15
>>> actions=resubmit(,25)
>>> cookie=0xbc2e9105125301dc, duration=6709.714s, table=25, n_packets=0,
>>> n_bytes=0, priority=2,in_port=8,dl_src=fa:16:3e:2a:00:fe actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=6559.641s, table=25, n_packets=34,
>>> n_bytes=2940, priority=2,in_port=9,dl_src=fa:16:3e:91:95:ee
>>> actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=6461.117s, table=25, n_packets=60,
>>> n_bytes=5320, priority=2,in_port=11,dl_src=fa:16:3e:5e:ed:96
>>> actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=6712.130s, table=25, n_packets=36,
>>> n_bytes=3080, priority=2,in_port=7,dl_src=fa:16:3e:e7:13:62
>>> actions=NORMAL
>>> cookie=0xbc2e9105125301dc, duration=6555.801s, table=25, n_packets=0,
>>> n_bytes=0, priority=2,in_port=10,dl_src=fa:16:3e:76:d9:98 actions=NORMAL
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160817/974f5050/attachment.html>
More information about the OpenStack-dev
mailing list