[Openstack] [Neutron] Flaw in flow rules

Dmitry Guryanov dguryanov at parallels.com
Thu Mar 27 16:27:05 UTC 2014 

On Thursday 27 March 2014 21:36:43 Damon Wang wrote:
> Hi,
> 
> I just know that ovs-dpctl config datapaths and ovs-ofctl are openvswicth's
> OpenFlow implement.
> "ovs-dpctl show" maybe compatible with "ovs-dpctl dump-flows"?

I far as I know, ovs-dpctl should be used mainly for debugging purposes. From 
OVS's FAQ:

Q: I hear OVS has a couple of kinds of flows.  Can you tell me about them?

A: Open vSwitch uses different kinds of flows for different purposes:

      - OpenFlow flows are the most important kind of flow.  OpenFlow
        controllers use these flows to define a switch's policy.
        OpenFlow flows support wildcards, priorities, and multiple
        tables.

        When in-band control is in use, Open vSwitch sets up a few
        "hidden" flows, with priority higher than a controller or the
        user can configure, that are not visible via OpenFlow.  (See
        the "Controller" section of the FAQ for more information
        about hidden flows.)

      - The Open vSwitch software switch implementation uses a second
        kind of flow internally.  These flows, called "datapath" or
        "kernel" flows, do not support priorities and comprise only a
        single table, which makes them suitable for caching.  (Like
        OpenFlow flows, datapath flows do support wildcarding, in Open
        vSwitch 1.11 and later.)  OpenFlow flows and datapath flows
        also support different actions and number ports differently.

        Datapath flows are an implementation detail that is subject to
        change in future versions of Open vSwitch.  Even with the
        current version of Open vSwitch, hardware switch
        implementations do not necessarily use this architecture.

> 
> Regards,
> Damon
> 
> 
> 2014-03-27 21:02 GMT+08:00 Ageeleshwar Kandavelu <
> 
> Ageeleshwar.Kandavelu at csscorp.com>:
> >  Sure that helps. Any Idea whats the difference between this one and the
> > 
> > one in dpctl show.
> > 
> > Thank you,
> > Ageeleshwar K
> > 
> >  ------------------------------
> > 
> > *From:* Damon Wang [damon.devops at gmail.com]
> > *Sent:* Thursday, March 27, 2014 4:55 PM
> > *To:* Ageeleshwar Kandavelu
> > *Cc:* openstack at lists.openstack.org
> > *Subject:* Re: [Openstack] [Neutron] Flaw in flow rules
> > 
> >    Hi,
> >  
> >  Use "ovs-ofctl show br-int" instead of "ovs-dpctl show" :-)
> >  
> >  Hope it helps
> >  
> >  Damon
> > 
> > 2014-03-27 17:19 GMT+08:00 Ageeleshwar Kandavelu <
> > 
> > Ageeleshwar.Kandavelu at csscorp.com>:
> >>  Hi,
> >> 
> >> I am using vlan mode networking. There appears to be a flaw in my flow
> >> rules.
> >> 
> >> To the best of my knowledge the in_port in the below output should have
> >> been 3(according to ovs-dpctl show). But it is 33. To my surprise
> >> however,
> >> my setup is working. Can any one explain to me how this can happen.
> >> 
> >> root at mars:~# ovs-ofctl dump-flows br-int
> >> 
> >> NXST_FLOW reply (xid=0x4):
> >>  cookie=0x0, duration=522.826s, table=0, n_packets=263, n_bytes=39666,
> >> 
> >> idle_age=429, priority=3*,in_port=33*,dl_vlan=100
> >> actions=mod_vlan_vid:2,NORMAL
> >> 
> >>  cookie=0x0, duration=2567.744s, table=0, n_packets=920, n_bytes=197692,
> >> 
> >> idle_age=0, priority=2*,in_port=33 *actions=drop
> >> 
> >>  cookie=0x0, duration=2568.669s, table=0, n_packets=384, n_bytes=37365,
> >> 
> >> idle_age=429, priority=1 actions=NORMAL
> >> root at mars:~# ovs-ofctl dump-flows br-eth1
> >> 
> >> NXST_FLOW reply (xid=0x4):
> >>  cookie=0x0, duration=525.124s, table=0, n_packets=384, n_bytes=37693,
> >> 
> >> idle_age=431, priority=4,in_port=5,dl_vlan=2
> >> actions=mod_vlan_vid:100,NORMAL>> 
> >>  cookie=0x0, duration=2569.882s, table=0, n_packets=6, n_bytes=468,
> >> 
> >> idle_age=2559, priority=2,in_port=5 actions=drop
> >> 
> >>  cookie=0x0, duration=2570.721s, table=0, n_packets=12748,
> >> 
> >> n_bytes=978934, idle_age=1, priority=1 actions=NORMAL
> >> root at mars:~# ovs-dpctl show
> >> 
> >> system at ovs-system:
> >>     lookups: hit:39891511 missed:7260493 lost:0
> >>     flows: 11
> >>     port 0: ovs-system (internal)
> >>     port 1: br-int (internal)
> >>     port 2: br-eth1 (internal)
> >>     port 3: int-br-eth1
> >>     port 4: phy-br-eth1
> >>     port 5: eth1
> >>     port 6: tap4385c710-be
> >> 
> >> root at mars:~#
> >> 
> >>  http://www.csscorp.com/common/email-disclaimer.php
> >> 
> >> _______________________________________________
> >> Mailing list:
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> Post to     : openstack at lists.openstack.org
> >> Unsubscribe :
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> 
> >   http://www.csscorp.com/common/email-disclaimer.php

-- 
Dmitry Guryanov

More information about the Openstack mailing list