[openstack-dev] [networking-sfc][devstack][mitaka]
Navdeep Uniyal
Navdeep.Uniyal at neclab.eu
Wed Oct 12 10:06:08 UTC 2016
Hi Cathy,
Thanks for your reply. I have the setup done without any errors with only one vm in the chain. I want to move all the icmp traffic from vm1 to vm3 via vm2. My Flow classifier looks like:
"neutron flow-classifier-create --ethertype IPv4 --source-ip-prefix 10.0.0.18/32 --destination-ip-prefix 10.0.0.6/32 --protocol icmp FC1"
But using tcpdump on vm2 ingress port, I could not see any traffic. Please let me know how can I debug this and what could be the possible issue.
Best Regards,
Navdeep Uniyal
From: Cathy Zhang [mailto:Cathy.H.Zhang at huawei.com]
Sent: Dienstag, 11. Oktober 2016 19:50
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [networking-sfc][devstack][mitaka]
Hi Navdeep,
Please see inline.
Cathy
From: Navdeep Uniyal [mailto:Navdeep.Uniyal at neclab.eu]
Sent: Tuesday, October 11, 2016 5:42 AM
To: openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>
Subject: [openstack-dev] [networking-sfc][devstack][mitaka]
Hi all,
I have been trying out networking-sfc to create service function chain in Openstack. I could create all the port pairs, port-pair-groups, flow classifier and the chain but I could not see the packets on the desired hops.
I am trying to create a simple sfc with 3 VMs(vm1 to vm3) in the setup. I just want to check how it works. In my setup, vm1 is the Traffic generator(iperf) and vm3 is the traffic receiver(iperf server). Now, the 2 vms (vm2 and 3) are in the same network with vm1 and I want to move the iperf traffic from vm1->vm2->vm3. In order to achieve this, I have created 2 port pairs of vm2 and vm3 and both pairs are in separate port pair groups (PG1 and PG2), also created a Flow classifier FC1 and finally chain with PG1, PG2 and FC1. Now my question is, is my setup correct in order to achieve the sfc result as I stated above? Do I need to include the vm1 in the port pair group?
Cathy> You only need to include VM2 in a port pair group. Traffic source and traffic destination do not need to be included in the chain's port pair group, instead their IP addresses should be included in the flow classifier so that the system knows which flow needs to go through the chain. Here is a link to thw wiki.
https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining
Cathy
Below is the flow classifier:
+----------------------------+--------------------------------------+
| Field | Value |
+----------------------------+--------------------------------------+
| description | |
| destination_ip_prefix | |
| destination_port_range_max | |
| destination_port_range_min | |
| ethertype | IPv4 |
| id | e5000ade-50ad-41ed-a159-b89c4blp97ec |
| l7_parameters | {} |
| logical_destination_port | |
| logical_source_port | 63cdf664-dd67-455c-8345-f01ef58c23e5 |
| name | FC1 |
| project_id | 6b90cd3356144681b44274d4881c5fc7 |
| protocol | tcp |
| source_ip_prefix | 10.0.0.18/32 |
| source_port_range_max | |
| source_port_range_min | |
| tenant_id | 6b90cd3310104681b44274d4881c5fc7 |
+----------------------------+--------------------------------------+
Is there any wiki with some example case explained with testing scenario?
Best Regards,
Navdeep Uniyal
Email: navdeep.uniyal at neclab.eu<mailto:navdeep.uniyal at neclab.eu>
---------------------------------------------
Software Engineer
NEC Europe Ltd.
NEC Laboratories Europe
Kurfürstenanlage 36, D-69115 Heidelberg,
NEC Europe Ltd | Registered Office: Athene, Odyssey Business Park, West End Road, London, HA4 6QE, GB | Registered in England 2832014
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161012/729fc7fc/attachment.html>
More information about the OpenStack-dev
mailing list