On Tue, Feb 9, 2010 at 11:12 AM, Todd Deshane <desha...@gmail.com> wrote:
> > ovs-dpctl dump-flows internalbr (seems to reveal the problem -- > actions drop is specified) > in_port0003:vlan65535 mac52:54:00:12:34:56->52:54:00:12:34:56 type0800 > proto1 ip10.0.0.2->10.0.0.3 port8->0, packets:45, bytes:4410, > used:0.896s, actions:drop > > Right, this is the problem. Both VMs have the same MAC address, which causes the traffic to be sent out the input port and as a result dropped. By default KVM assigns the same address to all network devices. You can change it by adding macaddr=XXX to the command line when you specify the network card. > sudo ovs-ofctl dump-flows internalbr > Feb 09 10:59:00|00001|ofctl|INFO|connecting to > unix:/usr/local/var/run/internalbr.mgmt > stats_reply (xid=0x2f7fe731): flags=none type=1(flow) > duration=604s, table_id=1, priority=0, n_packets=1766, > n_bytes=105868, actions=NORMAL > > > It was my understanding that there was a default flow that was simply > an accept all, so I didn't add any flows explicitly for testing basic > functionality. Is there something that I need to explicitly configure > to allow traffic to flow? > No, your understanding is correct. I just wanted to make sure that nothing funny was going on. > > I do hope to have a setup that does explicitly only allow traffic > (whitelist-based) as my next step, so understanding the intricacies of > if it is possible to have a default deny all flows and only allow, > based on whitelist, is of top priority for me. I would like to try to > use a tool like ovs-dpctl or ovs-ofctl to add the flows specifically > and remove the default, but would like to make sure that I have basic > working functionality first and that I don't have something > mis-configured. > ovs-ofctl is the tool that you want to use. In general ovs-dpctl isn't needed too much except for debugging since ovs-vswitchd will do all of the configuration of datapath. > Further, does it make more sense for me to setup an open flow > controller (such as the basic one that comes with vswitch or a more > advanced one like nox), to accomplish this basic functionality or will > simply using the ovs-dpctl and ovs-ofctl commands suffice for basic > demonstration purposes? > For static things like a basic demonstration, ovs-ofctl is the easiest thing to do. Obviously if you need to be able to change things dynamically a controller would greatly help.
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
