You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Murali Reddy (JIRA)" <ji...@apache.org> on 2014/09/29 22:08:34 UTC
[jira] [Updated] (CLOUDSTACK-6762) [OVS]Flow rules to drop
Broadcast/Multicast traffic on tunnel ports are not added in bridge flow
table
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Murali Reddy updated CLOUDSTACK-6762:
-------------------------------------
Fix Version/s: (was: 4.4.0)
Future
> [OVS]Flow rules to drop Broadcast/Multicast traffic on tunnel ports are not added in bridge flow table
> -------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-6762
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6762
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Management Server, Network Controller
> Affects Versions: 4.4.0
> Environment: Latest build from 4.4 with commit d130530bd3e1cd6d8249d5045e00e4e4e2201521
> Reporter: Sanjeev N
> Assignee: Murali Reddy
> Priority: Critical
> Labels: ovs
> Fix For: Future
>
> Attachments: management-server.rar
>
>
> [OVS]Flow rules to drop Broadcast/Multicast traffic on tunnel ports are not added in bridge flow table
> Steps to reproduce:
> ================
> 1.Bring up CS in advanced zone with two hosts in xen cluster
> 2.Add physical network with isolation type GRE
> 3.Create an isolated network offering with connectivity service and OVS asc the provider
> 4.Create a user account and deploy one vm with above network offering and make sure that vm comes on host1 and VR comes on host2
> 5.Verify the flow table on the ovs bridge created for this network
> Result:
> ======
> flow table rules to drop multicast and broacast traffic on tunnel ports are not added on the host where VR is running but the same rules are added on the host where vm is running
> VR is running on the following host:
> [root@Rack1Pod1Host14 ~]# ovs-ofctl dump-flows xapi3
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=988.459s, table=0, n_packets=5, n_bytes=810, priority=1100,dl_dst=ff:ff:ff:ff:ff:ff actions=output:2
> cookie=0x0, duration=988.469s, table=0, n_packets=0, n_bytes=0, priority=1200,ip,in_port=2,nw_dst=224.0.0.0/24 actions=NORMAL
> cookie=0x0, duration=1011.44s, table=0, n_packets=20, n_bytes=2354, priority=0 actions=NORMAL
> cookie=0x0, duration=988.45s, table=0, n_packets=0, n_bytes=0, priority=1100,ip,nw_dst=224.0.0.0/24 actions=output:2
> cookie=0x0, duration=988.479s, table=0, n_packets=0, n_bytes=0, priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff actions=NORMAL
> [root@Rack1Pod1Host14 ~]#
> VM is running on the following host:
> ============================
> [root@Rack1Pod1Host13 ~]# ovs-ofctl dump-flows xapi3
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=456.937s, table=0, n_packets=0, n_bytes=0, priority=1100,dl_dst=ff:ff:ff:ff:ff:ff actions=output:2
> cookie=0x0, duration=456.951s, table=0, n_packets=0, n_bytes=0, priority=1200,ip,in_port=2,nw_dst=224.0.0.0/24 actions=NORMAL
> cookie=0x0, duration=551.614s, table=0, n_packets=0, n_bytes=0, priority=1000,ip,in_port=1,nw_dst=224.0.0.0/24 actions=drop
> cookie=0x0, duration=551.932s, table=0, n_packets=15, n_bytes=1836, priority=0 actions=NORMAL
> cookie=0x0, duration=456.926s, table=0, n_packets=0, n_bytes=0, priority=1100,ip,nw_dst=224.0.0.0/24 actions=output:2
> cookie=0x0, duration=551.624s, table=0, n_packets=0, n_bytes=0, priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff actions=drop
> cookie=0x0, duration=456.962s, table=0, n_packets=9, n_bytes=2178, priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff actions=NORMAL
> On both the hosts port 1 is tunnel port and port 2 is vif.
> Following is the log snippet for xapi3 from host where VR is running:
> 2014-05-26 08:06:14 DEBUG [root] About to manually create the bridge:xapi3
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--', '--may-exist', 'add-br', 'xapi3', '--', 'set', 'bridge', 'xapi3', 'other_config:gre_key=OVSTunnel983']
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 'Bridge', 'xapi3', 'external_ids:xs-network-uuid=9d7ff1a3-342a-b206-ca09-7fbe8bcabfd0']
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 'Bridge', 'xapi3', 'stp_enable=true']
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'get', 'bridge', 'xapi3', 'other_config:gre_key']
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:14 DEBUG [root] Setup_ovs_bridge completed with result:SUCCESS:xapi3
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--timeout=30', 'wait-until', 'bridge', 'xapi3', '--', 'get', 'bridge', 'xapi3', 'name']
> 2014-05-26 08:06:14 DEBUG [root] bridge xapi3 for creating tunnel - VERIFIED
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'add-port', 'xapi3', 't983-4-1', '--', 'set', 'interface', 't983-4-1', 'type=gre', 'options:key=983', 'options:remote_ip=10.147.40.13']
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,actions=drop']
> 2014-05-26 08:06:14 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,ip,nw_dst=224.0.0.0/24,actions=drop']
> 2014-05-26 08:06:23 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'br-to-vlan', 'xapi3']
> 2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'list-ports', 'xapi3']
> 2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff,actions=NORMAL']
> 2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,ip,nw_dst=224.0.0.0/24,actions=NORMAL']
> 2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:2']
> 2014-05-26 08:06:24 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=output:2']
> 2014-05-26 08:06:44 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'br-to-vlan', 'xapi3']
> 2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'list-ports', 'xapi3']
> 2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'del-flows', 'xapi3', ',in_port=2']
> 2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=']
> 2014-05-26 08:06:44 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=']
> 2014-05-26 08:07:09 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'br-to-vlan', 'xapi3']
> 2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'list-ports', 'xapi3']
> 2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff,actions=NORMAL']
> 2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,ip,nw_dst=224.0.0.0/24,actions=NORMAL']
> 2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:2']
> 2014-05-26 08:07:09 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=output:2']
> [root@Rack1Pod1Host14 ~]#
> log snippet for xapi3 from the host where vm is running:
> ============================================
> [root@Rack1Pod1Host13 ~]# grep xapi3 /var/log/cloud/ovstunnel.log
> 2014-05-26 08:06:20 DEBUG [root] About to manually create the bridge:xapi3
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--', '--may-exist', 'add-br', 'xapi3', '--', 'set', 'bridge', 'xapi3', 'other_config:gre_key=OVSTunnel983']
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 'Bridge', 'xapi3', 'external_ids:xs-network-uuid=9d7ff1a3-342a-b206-ca09-7fbe8bcabfd0']
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'set', 'Bridge', 'xapi3', 'stp_enable=true']
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'get', 'bridge', 'xapi3', 'other_config:gre_key']
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:20 DEBUG [root] Setup_ovs_bridge completed with result:SUCCESS:xapi3
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--timeout=30', 'wait-until', 'bridge', 'xapi3', '--', 'get', 'bridge', 'xapi3', 'name']
> 2014-05-26 08:06:20 DEBUG [root] bridge xapi3 for creating tunnel - VERIFIED
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'add-port', 'xapi3', 't983-1-4', '--', 'set', 'interface', 't983-1-4', 'type=gre', 'options:key=983', 'options:remote_ip=10.147.40.14']
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,actions=drop']
> 2014-05-26 08:06:20 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1000,in_port=1,ip,nw_dst=224.0.0.0/24,actions=drop']
> 2014-05-26 08:07:55 DEBUG [root] Executing:['/opt/xensource/bin/xe', 'network-list', 'bridge=xapi3', '--minimal']
> 2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'br-to-vlan', 'xapi3']
> 2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'list-ports', 'xapi3']
> 2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,dl_dst=ff:ff:ff:ff:ff:ff,actions=NORMAL']
> 2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1200,in_port=2,ip,nw_dst=224.0.0.0/24,actions=NORMAL']
> 2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,dl_dst=ff:ff:ff:ff:ff:ff,actions=output:2']
> 2014-05-26 08:07:55 DEBUG [root] Executing:['/usr/bin/ovs-ofctl', 'add-flow', 'xapi3', 'hard_timeout=0,idle_timeout=0,priority=1100,ip,nw_dst=224.0.0.0/24,actions=output:2']
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)