[openstack-dev] [networking-sfc][devstack][mitaka] Chain doesn't work

Alioune balioune3 at gmail.com
Wed Nov 2 12:40:21 UTC 2016


Any suggestion ?

On Monday, 24 October 2016, Alioune <balioune3 at gmail.com> wrote:

> Hi all,
>
> I'm trying to implement service chain in OpenStack using networking-sfc
> (stable/mitaka) and OVS 2.5.90
>
>
> The following is the architecture I used :
>
> SRC                                             DST
>   |                                                    |
>   ========== br-int ============
>                          |
>                        SF1
> SF1: 55.55.55.3
> SRC: 55.55.55.4
> DST: 55.55.55.5
>
> I can create port-pairs, port-pair-group, classifier and chain with these
> commands:
>
> neutron flow-classifier-create  --ethertype IPv4  --source-ip-prefix
> 55.55.55.4/32  --logical-source-port 0009034f-4c39-4cbf-be7d-fcf82dad024c
> --protocol icmp  FC1
> neutron port-pair-create --ingress=p1 --egress=p1 PP1
> neutron port-pair-group-create --port-pair PP1 PG1
> neutron port-chain-create --port-pair-group PG1 --flow-classifier FC1 PC1
>
> I could ping from SRC to DST before setting the chain, but after the chain
> creating ping doesn't work.
>
> ICMP echo request packets arrive to SF1 port but it doesn't send back the
> packets in order to allow them to get their destination DST (see output
> below).
>
> The Opendaylight/SFC project uses NSH aware service function (SF) that
> send back packets to the chains after analyzing them, I would like to know :
>
> - How networking-sfc configures SF to send back packets to the chain as
> seem in some of your presentation ?
> - What's wrong in my configurations (see commands and ovs-ofctl output
> below) ? I've followed the main steps described in your wiki page.
>
> Best Regards,
>
>
> vagrant at vagrant-ubuntu-trusty-64:~$ neutron port-list
> +--------------------------------------+------+-------------
> ------+-----------------------------------------------------
> ---------------------------------+
> | id                                   | name | mac_address       |
> fixed_ips
> |
> +--------------------------------------+------+-------------
> ------+-----------------------------------------------------
> ---------------------------------+
> | 0009034f-4c39-4cbf-be7d-fcf82dad024c |      | fa:16:3e:dd:16:f7 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.4"}    |
> | 082e896d-5982-458c-96e7-0dd372d3d7d9 | p1   | fa:16:3e:90:b4:67 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.3"}    |
> | 2ad109e4-42a8-4554-b884-a32344e91036 |      | fa:16:3e:74:9a:fa |
> {"subnet_id": "3cf6eb27-7258-4252-8f3d-b6f9d27c948b", "ip_address":
> "192.168.105.2"} |
> | 51f055c0-ff4d-47f4-9328-9a0d7ca204f3 |      | fa:16:3e:da:f9:93 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.1"}    |
> | 656ad901-2bc0-407a-a581-da955ecf3b59 |      | fa:16:3e:7f:44:01 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.2"}    |
> | b1d14a4f-cde6-4c44-b42e-0f0466dba32a |      | fa:16:3e:a6:c6:35 |
> {"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
> "55.55.55.5"}    |
> +--------------------------------------+------+-------------
> ------+-----------------------------------------------------
> ---------------------------------+
>
> vagrant at vagrant-ubuntu-trusty-64:~$ ifconfig |grep 082e896d
> qbr082e896d-59 Link encap:Ethernet  HWaddr b6:96:27:fa:ab:af
> qvb082e896d-59 Link encap:Ethernet  HWaddr b6:96:27:fa:ab:af
> qvo082e896d-59 Link encap:Ethernet  HWaddr 7e:1a:7b:7d:09:df
> tap082e896d-59 Link encap:Ethernet  HWaddr fe:16:3e:90:b4:67
>
> vagrant at vagrant-ubuntu-trusty-64:~$ sudo tcpdump -i tap082e896d-59 icmp
> tcpdump: WARNING: tap082e896d-59: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on tap082e896d-59, link-type EN10MB (Ethernet), capture size
> 65535 bytes
> 10:51:10.229674 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 61, length 64
> 10:51:11.230318 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 62, length 64
> 10:51:12.233451 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 63, length 64
> 10:51:13.234496 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 64, length 64
> 10:51:14.235583 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 65, length 64
> 10:51:15.236585 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 66, length 64
> 10:51:16.237568 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 67, length 64
> 10:51:17.238974 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 68, length 64
> 10:51:18.244244 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 69, length 64
> 10:51:19.245758 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 70, length 64
> 10:51:20.246521 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
> seq 71, length 64
>
>
>
> vagrant at vagrant-ubuntu-trusty-64:~/openstack_networking/simple-sf$ sudo
> ovs-ofctl dump-flows br-int -O OpenFlow13
>
> 2016-10-24T11:28:43Z|00001|ofp_actions|INFO|OFPAT_SET_MPLS_TTL is
> deprecated in OpenFlow13 (use Set-Field)
> OFPST_FLOW reply (OF1.3) (xid=0x2):
>  cookie=0xbbf3cb977f3738c7, duration=2418.957s, table=0, n_packets=2297,
> n_bytes=225106, priority=30,icmp,in_port=5,nw_src=55.55.55.4
> actions=group:1
>  cookie=0xbbf3cb977f3738c7, duration=2418.955s, table=0, n_packets=0,
> n_bytes=0, priority=30,icmp,in_port=4,nw_src=55.55.55.4 actions=NORMAL
>  cookie=0xbbf3cb977f3738c7, duration=8868.309s, table=0, n_packets=0,
> n_bytes=0, priority=20,mpls actions=resubmit(,10)
>  cookie=0xbbf3cb977f3738c7, duration=2882.723s, table=0, n_packets=0,
> n_bytes=0, priority=10,icmp6,in_port=5,icmp_type=136 actions=resubmit(,24)
>  cookie=0xbbf3cb977f3738c7, duration=2866.752s, table=0, n_packets=0,
> n_bytes=0, priority=10,icmp6,in_port=6,icmp_type=136 actions=resubmit(,24)
>  cookie=0xbbf3cb977f3738c7, duration=2650.698s, table=0, n_packets=0,
> n_bytes=0, priority=10,icmp6,in_port=4,icmp_type=136 actions=resubmit(,24)
>  cookie=0xbbf3cb977f3738c7, duration=2882.708s, table=0, n_packets=71,
> n_bytes=2982, priority=10,arp,in_port=5 actions=resubmit(,24)
>  cookie=0xbbf3cb977f3738c7, duration=2866.738s, table=0, n_packets=70,
> n_bytes=2940, priority=10,arp,in_port=6 actions=resubmit(,24)
>  cookie=0xbbf3cb977f3738c7, duration=2650.684s, table=0, n_packets=4,
> n_bytes=168, priority=10,arp,in_port=4 actions=resubmit(,24)
>  cookie=0xbbf3cb977f3738c7, duration=2882.737s, table=0, n_packets=70,
> n_bytes=8378, priority=9,in_port=5 actions=resubmit(,25)
>  cookie=0xbbf3cb977f3738c7, duration=2866.767s, table=0, n_packets=22,
> n_bytes=2332, priority=9,in_port=6 actions=resubmit(,25)
>  cookie=0xbbf3cb977f3738c7, duration=2650.715s, table=0, n_packets=15,
> n_bytes=1724, priority=9,in_port=4 actions=resubmit(,25)
>  cookie=0xbbf3cb977f3738c7, duration=8868.755s, table=0, n_packets=163,
> n_bytes=18908, priority=0 actions=NORMAL
>  cookie=0xbbf3cb977f3738c7, duration=2419.054s, table=5, n_packets=2297,
> n_bytes=225106, priority=0,ip,dl_dst=fa:16:3e:90:b4:67
> actions=push_mpls:0x8847,set_field:511->mpls_label,set_
> mpls_ttl(255),push_vlan:0x8100,set_field:4097->vlan_vid,resubmit(,10)
>  cookie=0xbbf3cb977f3738c7, duration=2418.916s, table=10, n_packets=2297,
> n_bytes=225106, priority=1,mpls,dl_vlan=1,dl_dst=fa:16:3e:90:b4:67,mpls_label=511
> actions=pop_vlan,pop_mpls:0x0800,output:4
>  cookie=0xbbf3cb977f3738c7, duration=8868.303s, table=10, n_packets=0,
> n_bytes=0, priority=0 actions=drop
>  cookie=0xbbf3cb977f3738c7, duration=8868.749s, table=23, n_packets=0,
> n_bytes=0, priority=0 actions=drop
>  cookie=0xbbf3cb977f3738c7, duration=2882.730s, table=24, n_packets=0,
> n_bytes=0, priority=2,icmp6,in_port=5,icmp_type=136,nd_target=fe80::f816:3eff:fedd:16f7
> actions=NORMAL
>  cookie=0xbbf3cb977f3738c7, duration=2866.760s, table=24, n_packets=0,
> n_bytes=0, priority=2,icmp6,in_port=6,icmp_type=136,nd_target=fe80::f816:3eff:fea6:c635
> actions=NORMAL
>  cookie=0xbbf3cb977f3738c7, duration=2650.708s, table=24, n_packets=0,
> n_bytes=0, priority=2,icmp6,in_port=4,icmp_type=136,nd_target=fe80::f816:3eff:fe90:b467
> actions=NORMAL
>  cookie=0xbbf3cb977f3738c7, duration=2882.715s, table=24, n_packets=68,
> n_bytes=2856, priority=2,arp,in_port=5,arp_spa=55.55.55.4
> actions=resubmit(,25)
>  cookie=0xbbf3cb977f3738c7, duration=2866.743s, table=24, n_packets=67,
> n_bytes=2814, priority=2,arp,in_port=6,arp_spa=55.55.55.5
> actions=resubmit(,25)
>  cookie=0xbbf3cb977f3738c7, duration=2650.690s, table=24, n_packets=1,
> n_bytes=42, priority=2,arp,in_port=4,arp_spa=55.55.55.3
> actions=resubmit(,25)
>  cookie=0xbbf3cb977f3738c7, duration=8868.743s, table=24, n_packets=0,
> n_bytes=0, priority=0 actions=drop
>  cookie=0xbbf3cb977f3738c7, duration=2882.753s, table=25, n_packets=138,
> n_bytes=11130, priority=2,in_port=5,dl_src=fa:16:3e:dd:16:f7
> actions=NORMAL
>  cookie=0xbbf3cb977f3738c7, duration=2866.783s, table=25, n_packets=87,
> n_bytes=4882, priority=2,in_port=6,dl_src=fa:16:3e:a6:c6:35 actions=NORMAL
>  cookie=0xbbf3cb977f3738c7, duration=2650.730s, table=25, n_packets=14,
> n_bytes=1502, priority=2,in_port=4,dl_src=fa:16:3e:90:b4:67 actions=NORMAL
>


-- 
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161102/e01ed3a8/attachment.html>


More information about the OpenStack-dev mailing list