[networking-sfc] Unable to get Service Function Chain Mechanism working in Neutron

Kalyani Rajkumar kalyani.rajkumar at bristol.ac.uk
Fri May 24 10:13:05 UTC 2019 

Hi,

I would like some help regarding the networking-SFC in openstack. I have been trying to set it up but I am  not able to see any packets in the VMs in the service chain when I do a ping command from the source VM to the destination VM even though I am getting a ping response.

The following is what I see for the IP addresses of the VMs when I do ovs-ofctl dump-flows br-int.

cookie=0x51e24153cd662cb7, duration=76955.198s, table=24, n_packets=13, n_bytes=546, priority=2,arp,in_port="qvoc5a16c34-53",arp_spa=50.50.50.29 actions=resubmit(,25)
cookie=0x51e24153cd662cb7, duration=76955.179s, table=24, n_packets=5, n_bytes=210, priority=2,arp,in_port="qvo0edc6dab-9c",arp_spa=50.50.50.19 actions=resubmit(,25)
cookie=0x51e24153cd662cb7, duration=76955.169s, table=24, n_packets=5, n_bytes=210, priority=2,arp,in_port="qvo3f5fdc8e-56",arp_spa=50.50.50.13 actions=resubmit(,25)
cookie=0x51e24153cd662cb7, duration=76955.154s, table=24, n_packets=10, n_bytes=420, priority=2,arp,in_port="qvo36c64023-a8",arp_spa=50.50.50.11 actions=resubmit(,25)
cookie=0x51e24153cd662cb7, duration=76810.903s, table=24, n_packets=5, n_bytes=210, priority=2,arp,in_port="qvo55b6db77-73",arp_spa=50.50.50.14 actions=resubmit(,25)
cookie=0x51e24153cd662cb7, duration=76810.894s, table=24, n_packets=23, n_bytes=966, priority=2,arp,in_port="qvoaebad029-52",arp_spa=50.50.50.3 actions=resubmit(,25)

I am following the steps from the following tutorial https://www.openstack.org/assets/presentation-media/SFC-for-OpenStack-Austin-Aummit-publich.pdf. I installed networking-sfc version 6.0.0 for Openstack Queens as per https://docs.openstack.org/networking-sfc/latest/install/install.html.
Kindly let me know if there is an alternate way of achieving the SFC mechanism or if I am missing something.

Regards,
Kalyani


From: Kalyani Rajkumar
Sent: 15 May 2019 13:24
To: openstack-discuss at lists.openstack.org
Subject: [networking-sfc] Unable to get Service Function Chain Mechanism working in Neutron

Hi,

I have been trying to enable the networking SFC mechanism in OpenStack. I have successfully created port pairs, port pair groups, port chain and a flow classifier. However, I am unable to get the service chain working. The architecture of the set up I have deployed is attached. I have used the queens version of OpenStack.

The steps that I followed are as below.
*             Create port
    neutron port-create --name <p1-p6> sfc-Network
*             Create VMs and attach the interfaces with them accordingly
       VM1 - P1 & P2; VM2 - P3 & P4; VM3 - P5 & P6
*             Create port pairs
    neutron port-pair-create pp1 -- ingress p1 -- egress p2
    neutron port-pair-create pp2 -- ingress p3 -- egress p4
    neutron port-pair-create pp3 -- ingress p5 -- egress p6
*             Create port pair groups
    neutron port-pair-group-create -- port-pair pp1 ppg1
    neutron port-pair-group-create -- port-pair pp2 ppg2
    neutron port-pair-group-create -- port-pair pp3 ppg3
*             Create flow classifier
    neutron flow-classifier-create --source-ip-prefix <ip of p1> --destination-ip-prefix <ip of p6> --logical-source-port p1 fc1
*             Create port chain
    neutron port-chain-create --port-pair-group ppg1 --port-pair-group ppg2 --port-pair-group ppg3 --flow-classifier fc1 pc1
I am testing this architecture by sending a ping request from VM1 to VM3. Therefore, the destination port is P6. If SFC is working correctly, I should be able to see the packets go through the VM2 to VM3 when I do a tcpdump in VM2. As I am new to OpenStack and SFC, I am not certain if this is logically correct.
I would like to pose two questions.
1)            All the VMs are on the same network,  is it logically correct to expect the ping packets to be routed from VM1 > VM2 > VM3 in the SFC scenario? Because all the ports are on the same network, I get a ping response but it is not via VM2 even though the port chain is created through VM2.
2)            If not, how do I make sure that the packets are routed through VM2 which is the second port pair in the port pair chain. Could it be something to do with the OpenVSwitch configuration?

Any help would be highly appreciated.

Regards,
Kalyani Rajkumar
High Performance Networks Group, University of Bristol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190524/e869a9e7/attachment-0001.html>

More information about the openstack-discuss mailing list