You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Sanjeev N (JIRA)" <ji...@apache.org> on 2014/05/26 12:31:02 UTC
[jira] [Created] (CLOUDSTACK-6762) [OVS]Flow rules to drop
Broadcast/Multicast traffic on tunnel ports are not added in bridge flow
table
Sanjeev N created CLOUDSTACK-6762:
-------------------------------------
Summary: [OVS]Flow rules to drop Broadcast/Multicast traffic on tunnel ports are not added in bridge flow table
Key: CLOUDSTACK-6762
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6762
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server, Network Controller
Affects Versions: 4.4.0
Environment: Latest build from 4.4 with commit d130530bd3e1cd6d8249d5045e00e4e4e2201521
Reporter: Sanjeev N
Assignee: Murali Reddy
Priority: Critical
Fix For: 4.4.0
[OVS]Flow rules to drop Broadcast/Multicast traffic on tunnel ports are not added in bridge flow table
Steps to reproduce:
================
1.Bring up CS in advanced zone with two hosts in xen cluster
2.Add physical network with isolation type GRE
3.Create an isolated network offering with connectivity service and OVS asc the provider
4.Create a user account and deploy one vm with above network offering and make sure that vm comes on host1 and VR comes on host2
5.Verify the flow table on the ovs bridge created for this network
Result:
======
flow table rules to drop multicast and broacast traffic on tunnel ports are not added on the host where VR is running but the same rules are added on the host where vm is running
VR is running on the following host:
[root@Rack1Pod1Host14 ~]# ovs-ofctl dump-flows xapi3
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=988.459s, table=0, n_packets=5, n_bytes=810, priority=1100,dl_dst=ff:ff:ff:ff:ff:ff actions=output:2
cookie=0x0, duration=988.469s, table=0, n_packets=0, n_bytes=0, priority=1200,ip,in_port=2,nw_dst=224.0.0.0/24 actions=NORMAL
cookie=0x0, duration=1011.44s, table=0, n_packets=20, n_bytes=2354, priority=0 actions=NORMAL
cookie=0x0, duration=988.45s, table=0, n_packets=0, n_bytes=0, priority=1100,ip,nw_dst=224.0.0.0/24 actions=output:2
cookie=0x0, duration=988.479s, table=0, n_packets=0, n_bytes=0, priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff actions=NORMAL
[root@Rack1Pod1Host14 ~]#
VM is running on the following host:
============================
[root@Rack1Pod1Host13 ~]# ovs-ofctl dump-flows xapi3
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=456.937s, table=0, n_packets=0, n_bytes=0, priority=1100,dl_dst=ff:ff:ff:ff:ff:ff actions=output:2
cookie=0x0, duration=456.951s, table=0, n_packets=0, n_bytes=0, priority=1200,ip,in_port=2,nw_dst=224.0.0.0/24 actions=NORMAL
cookie=0x0, duration=551.614s, table=0, n_packets=0, n_bytes=0, priority=1000,ip,in_port=1,nw_dst=224.0.0.0/24 actions=drop
cookie=0x0, duration=551.932s, table=0, n_packets=15, n_bytes=1836, priority=0 actions=NORMAL
cookie=0x0, duration=456.926s, table=0, n_packets=0, n_bytes=0, priority=1100,ip,nw_dst=224.0.0.0/24 actions=output:2
cookie=0x0, duration=551.624s, table=0, n_packets=0, n_bytes=0, priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff actions=drop
cookie=0x0, duration=456.962s, table=0, n_packets=9, n_bytes=2178, priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff actions=NORMAL
On both the hosts port 1 is tunnel port and port 2 is vif.
Following is the log snippet for xapi3 from host where VR is running:
2014-05-26 08:06:14 DEBUG [root] About to manually create the bridge:xapi3
2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--', '--may-exist', 'add-br', 'xapi3', '--', 'set', 'bridge', 'xapi3', 'other_config:gre_key=OVSTunnel983']
2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 'Bridge', 'xapi3', 'external_ids:xs-network-uuid=9d7ff1a3-342a-b206-ca09-7fbe8bcabfd0']
2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 'Bridge', 'xapi3', 'stp_enable=true']
2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'get', 'bridge', 'xapi3', 'other_config:gre_key']
2014-05-26 08:06:14 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
2014-05-26 08:06:14 DEBUG [root] Setup_ovs_bridge completed with result:SUCCESS:xapi3
2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--timeout=30', 'wait-until', 'bridge', 'xapi3', '--', 'get', 'bridge', 'xapi3', 'name']
2014-05-26 08:06:14 DEBUG [root] bridge xapi3 for creating tunnel - VERIFIED
2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'add-port', 'xapi3', 't983-4-1', '--', 'set', 'interface', 't983-4-1', 'type=gre', 'options:key=983', 'options:remote_ip=10.147.40.13']
2014-05-26 08:06:14 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,actions=drop']
2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,ip,nw_dst=224.0.0.0/24,actions=drop']
2014-05-26 08:06:23 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'br-to-vlan', 'xapi3']
2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'list-ports', 'xapi3']
2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff,actions=NORMAL']
2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,ip,nw_dst=224.0.0.0/24,actions=NORMAL']
2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:2']
2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=output:2']
2014-05-26 08:06:44 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'br-to-vlan', 'xapi3']
2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'list-ports', 'xapi3']
2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'del-flows', 'xapi3', ',in_port=2']
2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=']
2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=']
2014-05-26 08:07:09 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'br-to-vlan', 'xapi3']
2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'list-ports', 'xapi3']
2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff,actions=NORMAL']
2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,ip,nw_dst=224.0.0.0/24,actions=NORMAL']
2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:2']
2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=output:2']
[root@Rack1Pod1Host14 ~]#
log snippet for xapi3 from the host where vm is running:
============================================
[root@Rack1Pod1Host13 ~]# grep xapi3 /var/log/cloud/ovstunnel.log
2014-05-26 08:06:20 DEBUG [root] About to manually create the bridge:xapi3
2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--', '--may-exist', 'add-br', 'xapi3', '--', 'set', 'bridge', 'xapi3', 'other_config:gre_key=OVSTunnel983']
2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 'Bridge', 'xapi3', 'external_ids:xs-network-uuid=9d7ff1a3-342a-b206-ca09-7fbe8bcabfd0']
2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 'Bridge', 'xapi3', 'stp_enable=true']
2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'get', 'bridge', 'xapi3', 'other_config:gre_key']
2014-05-26 08:06:20 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
2014-05-26 08:06:20 DEBUG [root] Setup_ovs_bridge completed with result:SUCCESS:xapi3
2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--timeout=30', 'wait-until', 'bridge', 'xapi3', '--', 'get', 'bridge', 'xapi3', 'name']
2014-05-26 08:06:20 DEBUG [root] bridge xapi3 for creating tunnel - VERIFIED
2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'add-port', 'xapi3', 't983-1-4', '--', 'set', 'interface', 't983-1-4', 'type=gre', 'options:key=983', 'options:remote_ip=10.147.40.14']
2014-05-26 08:06:20 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,actions=drop']
2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,ip,nw_dst=224.0.0.0/24,actions=drop']
2014-05-26 08:07:55 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'br-to-vlan', 'xapi3']
2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'list-ports', 'xapi3']
2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff,actions=NORMAL']
2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,ip,nw_dst=224.0.0.0/24,actions=NORMAL']
2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:2']
2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=output:2']
--
This message was sent by Atlassian JIRA
(v6.2#6252)