Open Stack

Hi Ramon,

We need to add flows to br-tun bridge on compute node. Kindly note that
since in our design, we have used eth2 attached to br-int of ESX, added
br-int in promiscuous mode, so there is no segregation of vm's based on
tenant for ESX host.

When we add eth2 to br-int of OVS, we assign a tag to that port.

root at nova-compute:~# ovs-vsctl add-port br-int eth2 tag=1

You can now check what is the port-id associated to eth2 in OVS's br-int by
using the command:-
root at nova-compute:~# ovs-dpctl show br-int

Note down the port-number associated to eth2 since it would be used while
adding flow-rules to br-tun.

On br-tun, we need to add rules for outgoing packet as well as for incoming
packet. For outgoing packet, we will add rule to encapsulate the packet in
GRE tunnel header. Similarly, for incoming packet, we will add rule to
remove the GRE header. Listed below are the rules which we added:-
root at nova-compute:~# ovs-ofctl add-flow br-tun
priority=4,in_port=1,dl_vlan=1,actions=set_tunnel:0x1,NORMAL

root at nova-compute:~# ovs-ofctl add-flow br-tun
priority=3,tun_id=0x1,actions=mod_vlan_vid:1,NORMAL

Here, in_port is the port-number of eth2 on br-int. Actions represents what
is to be done if the packet matches with that flow.

If you face any issues, you can do tcpdump on each interface/switch
starting from eth2 -> br-int -> br-tun -> eth1 and similarly on network
node.

You can dump the flows of OVS using commands "ovs-ofctl dump-flows
<bridg-name>" and can then check the packet_counters associatef with those
flows to see which flow is getting hit. If you are entering any wrong
rules, you can debug them using this.

Hope it will help you.

Thanks and Regards
Rahul Sharma
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130919/8985faaf/attachment.html>