[openstack-dev] [networking-sfc][devstack][mitaka] Chain doesn't work

Alioune balioune3 at gmail.com
Mon Oct 24 11:31:31 UTC 2016 

Hi all,

I'm trying to implement service chain in OpenStack using networking-sfc
(stable/mitaka) and OVS 2.5.90


The following is the architecture I used :

SRC                                             DST
  |                                                    |
  ========== br-int ============
                         |
                       SF1
SF1: 55.55.55.3
SRC: 55.55.55.4
DST: 55.55.55.5

I can create port-pairs, port-pair-group, classifier and chain with these
commands:

neutron flow-classifier-create  --ethertype IPv4  --source-ip-prefix
55.55.55.4/32  --logical-source-port 0009034f-4c39-4cbf-be7d-fcf82dad024c
--protocol icmp  FC1
neutron port-pair-create --ingress=p1 --egress=p1 PP1
neutron port-pair-group-create --port-pair PP1 PG1
neutron port-chain-create --port-pair-group PG1 --flow-classifier FC1 PC1

I could ping from SRC to DST before setting the chain, but after the chain
creating ping doesn't work.

ICMP echo request packets arrive to SF1 port but it doesn't send back the
packets in order to allow them to get their destination DST (see output
below).

The Opendaylight/SFC project uses NSH aware service function (SF) that send
back packets to the chains after analyzing them, I would like to know :

- How networking-sfc configures SF to send back packets to the chain as
seem in some of your presentation ?
- What's wrong in my configurations (see commands and ovs-ofctl output
below) ? I've followed the main steps described in your wiki page.

Best Regards,


vagrant at vagrant-ubuntu-trusty-64:~$ neutron port-list
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name | mac_address       |
fixed_ips
|
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 0009034f-4c39-4cbf-be7d-fcf82dad024c |      | fa:16:3e:dd:16:f7 |
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
"55.55.55.4"}    |
| 082e896d-5982-458c-96e7-0dd372d3d7d9 | p1   | fa:16:3e:90:b4:67 |
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
"55.55.55.3"}    |
| 2ad109e4-42a8-4554-b884-a32344e91036 |      | fa:16:3e:74:9a:fa |
{"subnet_id": "3cf6eb27-7258-4252-8f3d-b6f9d27c948b", "ip_address":
"192.168.105.2"} |
| 51f055c0-ff4d-47f4-9328-9a0d7ca204f3 |      | fa:16:3e:da:f9:93 |
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
"55.55.55.1"}    |
| 656ad901-2bc0-407a-a581-da955ecf3b59 |      | fa:16:3e:7f:44:01 |
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
"55.55.55.2"}    |
| b1d14a4f-cde6-4c44-b42e-0f0466dba32a |      | fa:16:3e:a6:c6:35 |
{"subnet_id": "8bf8a2e1-ecad-4b4b-beb1-d760a16667bc", "ip_address":
"55.55.55.5"}    |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+

vagrant at vagrant-ubuntu-trusty-64:~$ ifconfig |grep 082e896d
qbr082e896d-59 Link encap:Ethernet  HWaddr b6:96:27:fa:ab:af
qvb082e896d-59 Link encap:Ethernet  HWaddr b6:96:27:fa:ab:af
qvo082e896d-59 Link encap:Ethernet  HWaddr 7e:1a:7b:7d:09:df
tap082e896d-59 Link encap:Ethernet  HWaddr fe:16:3e:90:b4:67

vagrant at vagrant-ubuntu-trusty-64:~$ sudo tcpdump -i tap082e896d-59 icmp
tcpdump: WARNING: tap082e896d-59: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap082e896d-59, link-type EN10MB (Ethernet), capture size
65535 bytes
10:51:10.229674 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 61, length 64
10:51:11.230318 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 62, length 64
10:51:12.233451 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 63, length 64
10:51:13.234496 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 64, length 64
10:51:14.235583 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 65, length 64
10:51:15.236585 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 66, length 64
10:51:16.237568 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 67, length 64
10:51:17.238974 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 68, length 64
10:51:18.244244 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 69, length 64
10:51:19.245758 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 70, length 64
10:51:20.246521 IP 55.55.55.4 > 55.55.55.5: ICMP echo request, id 15617,
seq 71, length 64



vagrant at vagrant-ubuntu-trusty-64:~/openstack_networking/simple-sf$ sudo
ovs-ofctl dump-flows br-int -O OpenFlow13

2016-10-24T11:28:43Z|00001|ofp_actions|INFO|OFPAT_SET_MPLS_TTL is
deprecated in OpenFlow13 (use Set-Field)
OFPST_FLOW reply (OF1.3) (xid=0x2):
 cookie=0xbbf3cb977f3738c7, duration=2418.957s, table=0, n_packets=2297,
n_bytes=225106, priority=30,icmp,in_port=5,nw_src=55.55.55.4 actions=group:1
 cookie=0xbbf3cb977f3738c7, duration=2418.955s, table=0, n_packets=0,
n_bytes=0, priority=30,icmp,in_port=4,nw_src=55.55.55.4 actions=NORMAL
 cookie=0xbbf3cb977f3738c7, duration=8868.309s, table=0, n_packets=0,
n_bytes=0, priority=20,mpls actions=resubmit(,10)
 cookie=0xbbf3cb977f3738c7, duration=2882.723s, table=0, n_packets=0,
n_bytes=0, priority=10,icmp6,in_port=5,icmp_type=136 actions=resubmit(,24)
 cookie=0xbbf3cb977f3738c7, duration=2866.752s, table=0, n_packets=0,
n_bytes=0, priority=10,icmp6,in_port=6,icmp_type=136 actions=resubmit(,24)
 cookie=0xbbf3cb977f3738c7, duration=2650.698s, table=0, n_packets=0,
n_bytes=0, priority=10,icmp6,in_port=4,icmp_type=136 actions=resubmit(,24)
 cookie=0xbbf3cb977f3738c7, duration=2882.708s, table=0, n_packets=71,
n_bytes=2982, priority=10,arp,in_port=5 actions=resubmit(,24)
 cookie=0xbbf3cb977f3738c7, duration=2866.738s, table=0, n_packets=70,
n_bytes=2940, priority=10,arp,in_port=6 actions=resubmit(,24)
 cookie=0xbbf3cb977f3738c7, duration=2650.684s, table=0, n_packets=4,
n_bytes=168, priority=10,arp,in_port=4 actions=resubmit(,24)
 cookie=0xbbf3cb977f3738c7, duration=2882.737s, table=0, n_packets=70,
n_bytes=8378, priority=9,in_port=5 actions=resubmit(,25)
 cookie=0xbbf3cb977f3738c7, duration=2866.767s, table=0, n_packets=22,
n_bytes=2332, priority=9,in_port=6 actions=resubmit(,25)
 cookie=0xbbf3cb977f3738c7, duration=2650.715s, table=0, n_packets=15,
n_bytes=1724, priority=9,in_port=4 actions=resubmit(,25)
 cookie=0xbbf3cb977f3738c7, duration=8868.755s, table=0, n_packets=163,
n_bytes=18908, priority=0 actions=NORMAL
 cookie=0xbbf3cb977f3738c7, duration=2419.054s, table=5, n_packets=2297,
n_bytes=225106, priority=0,ip,dl_dst=fa:16:3e:90:b4:67
actions=push_mpls:0x8847,set_field:511->mpls_label,set_mpls_ttl(255),push_vlan:0x8100,set_field:4097->vlan_vid,resubmit(,10)
 cookie=0xbbf3cb977f3738c7, duration=2418.916s, table=10, n_packets=2297,
n_bytes=225106,
priority=1,mpls,dl_vlan=1,dl_dst=fa:16:3e:90:b4:67,mpls_label=511
actions=pop_vlan,pop_mpls:0x0800,output:4
 cookie=0xbbf3cb977f3738c7, duration=8868.303s, table=10, n_packets=0,
n_bytes=0, priority=0 actions=drop
 cookie=0xbbf3cb977f3738c7, duration=8868.749s, table=23, n_packets=0,
n_bytes=0, priority=0 actions=drop
 cookie=0xbbf3cb977f3738c7, duration=2882.730s, table=24, n_packets=0,
n_bytes=0,
priority=2,icmp6,in_port=5,icmp_type=136,nd_target=fe80::f816:3eff:fedd:16f7
actions=NORMAL
 cookie=0xbbf3cb977f3738c7, duration=2866.760s, table=24, n_packets=0,
n_bytes=0,
priority=2,icmp6,in_port=6,icmp_type=136,nd_target=fe80::f816:3eff:fea6:c635
actions=NORMAL
 cookie=0xbbf3cb977f3738c7, duration=2650.708s, table=24, n_packets=0,
n_bytes=0,
priority=2,icmp6,in_port=4,icmp_type=136,nd_target=fe80::f816:3eff:fe90:b467
actions=NORMAL
 cookie=0xbbf3cb977f3738c7, duration=2882.715s, table=24, n_packets=68,
n_bytes=2856, priority=2,arp,in_port=5,arp_spa=55.55.55.4
actions=resubmit(,25)
 cookie=0xbbf3cb977f3738c7, duration=2866.743s, table=24, n_packets=67,
n_bytes=2814, priority=2,arp,in_port=6,arp_spa=55.55.55.5
actions=resubmit(,25)
 cookie=0xbbf3cb977f3738c7, duration=2650.690s, table=24, n_packets=1,
n_bytes=42, priority=2,arp,in_port=4,arp_spa=55.55.55.3
actions=resubmit(,25)
 cookie=0xbbf3cb977f3738c7, duration=8868.743s, table=24, n_packets=0,
n_bytes=0, priority=0 actions=drop
 cookie=0xbbf3cb977f3738c7, duration=2882.753s, table=25, n_packets=138,
n_bytes=11130, priority=2,in_port=5,dl_src=fa:16:3e:dd:16:f7 actions=NORMAL
 cookie=0xbbf3cb977f3738c7, duration=2866.783s, table=25, n_packets=87,
n_bytes=4882, priority=2,in_port=6,dl_src=fa:16:3e:a6:c6:35 actions=NORMAL
 cookie=0xbbf3cb977f3738c7, duration=2650.730s, table=25, n_packets=14,
n_bytes=1502, priority=2,in_port=4,dl_src=fa:16:3e:90:b4:67 actions=NORMAL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161024/3d61538b/attachment.html>

More information about the OpenStack-dev mailing list