免费注册	查看新帖 \|


平台论坛博客文库

› 论坛 › IT运维 › 虚拟化与云服务 › neutron-openvswitch-agent下发流表导致转发不通问题

最近访问板块

发新帖

查看: 2475 | 回复: 0

上一主题

下一主题

[OpenStack] neutron-openvswitch-agent下发流表导致转发不通问题 [复制链接]

yuexiaduzhuo_cu

论坛徽章:: 0

电梯直达

跳转到指定楼层

1楼 [收藏(0)] [报告]

发表于 2016-02-24 16:47 |只看该作者 |倒序浏览

配置：nova+neutron+openvswitch+dpdk，两台虚拟机vm1，vm2，in_port54对应vm1，in_port59对应vm2，两台虚拟机上配置静态arp

问题描述：
1、手动搭建dpdk环境，启动两台虚拟机，把端口以vhostuser模式加入到openvswitch上，两台虚拟机可以ping通
2、利用openstack环境启动两台虚拟机，不能互相ping通。
3、用ovs-ofctl查看ovs的流表发现安全组给ovs下发了很多流表
4、在两台虚拟机上抓包发现vm1发出的icmp报文vm2可以收到，并且vm2可以回应，但是在vm1上收不到vm2的回应报文

截图：

流表：
cookie=0x0, duration=2396.146s, table=0, n_packets=1906, n_bytes=186548, idle_age=2, priority=50,dl_src=fa:16:3e:f8:d4:b3 actions=mod_vlan_vid:1,load:0->NXM_NX_REG0[0..11],resubmit(,1)
cookie=0x0, duration=2395.994s, table=0, n_packets=1906, n_bytes=186548, idle_age=2, priority=50,dl_src=fa:16:3e:11:4d:b0 actions=mod_vlan_vid:1,load:0->NXM_NX_REG0[0..11],resubmit(,1)
cookie=0x0, duration=2396.144s, table=1, n_packets=1894, n_bytes=185612, idle_age=2, priority=100,ip,in_port=54,dl_vlan=1,dl_src=fa:16:3e:f8:d4:b3,nw_src=192.168.0.113 actions=resubmit(,11)
cookie=0x0, duration=2395.992s, table=1, n_packets=1894, n_bytes=185612, idle_age=2, priority=100,ip,in_port=59,dl_vlan=1,dl_src=fa:16:3e:11:4d:b0,nw_src=192.168.0.114 actions=resubmit(,11)
cookie=0x0, duration=2395.972s, table=11, n_packets=1841, n_bytes=180418, idle_age=2, priority=30,ip,dl_src=fa:16:3e:f8:d4:b3,nw_src=192.168.0.113 actions=learn(table=21,idle_timeout=30,hard_timeout=1800,priority=90,eth_type=0x800,NXM_OF_ETH_SRC[]=NXM_OF_ETH_DST[],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],NXM_OF_IP_SRC[]=NXM_OF_IP_DST[],NXM_OF_IP_DST[]=NXM_OF_IP_SRC[],NXM_OF_VLAN_TCI[0..11],load:NXM_NX_REG0[0..11]->NXM_OF_VLAN_TCI[0..11],output:NXM_OF_IN_PORT[]),resubmit(,21)
cookie=0x0, duration=2395.975s, table=11, n_packets=53, n_bytes=5194, idle_age=2286, priority=30,ip,dl_src=fa:16:3e:11:4d:b0,nw_src=192.168.0.114 actions=learn(table=21,idle_timeout=30,hard_timeout=1800,priority=90,eth_type=0x800,NXM_OF_ETH_SRC[]=NXM_OF_ETH_DST[],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],NXM_OF_IP_SRC[]=NXM_OF_IP_DST[],NXM_OF_IP_DST[]=NXM_OF_IP_SRC[],NXM_OF_VLAN_TCI[0..11],load:NXM_NX_REG0[0..11]->NXM_OF_VLAN_TCI[0..11],output:NXM_OF_IN_PORT[]),resubmit(,21)
cookie=0x0, duration=2395.977s, table=21, n_packets=1841, n_bytes=180418, idle_age=2, priority=30,icmp,dl_dst=fa:16:3e:11:4d:b0,nw_dst=192.168.0.114 actions=learn(table=11,idle_timeout=30,hard_timeout=1800,priority=90,eth_type=0x800,nw_proto=1,NXM_OF_ETH_SRC[]=NXM_OF_ETH_DST[],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],NXM_OF_IP_SRC[]=NXM_OF_IP_DST[],NXM_OF_IP_DST[]=NXM_OF_IP_SRC[],NXM_OF_VLAN_TCI[0..11],load:NXM_NX_REG0[0..11]->NXM_OF_VLAN_TCI[0..11],output:NXM_OF_IN_PORT[]),strip_vlan,output:59
cookie=0x0, duration=2395.974s, table=21, n_packets=53, n_bytes=5194, idle_age=2286, priority=30,icmp,dl_dst=fa:16:3e:f8:d4:b3,nw_dst=192.168.0.113 actions=learn(table=11,idle_timeout=30,hard_timeout=1800,priority=90,eth_type=0x800,nw_proto=1,NXM_OF_ETH_SRC[]=NXM_OF_ETH_DST[],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],NXM_OF_IP_SRC[]=NXM_OF_IP_DST[],NXM_OF_IP_DST[]=NXM_OF_IP_SRC[],NXM_OF_VLAN_TCI[0..11],load:NXM_NX_REG0[0..11]->NXM_OF_VLAN_TCI[0..11],output:NXM_OF_IN_PORT[]),strip_vlan,output:54

问题：
table0和table1还算正常，packets数量比较接近，为什么到了table11上114这台机器，也就是vm2的packets只有53个，那些包是怎么丢掉的呢，我对openflow了解的不多，这里流表在resubmit的过程中丢了哪些包，是不是这个导致的ping不通呢，请各位指教

文库|博客

发新帖

Chinaunix › 论坛 › IT运维 › 虚拟化与云服务 › neutron-openvswitch-agent下发流表导致转发不通问题

北京盛拓优讯信息技术有限公司. 版权所有京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号：11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员联系我们：huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP