Thank you for reply.
Unfortunately that staff happens be in product environment with >
200Mb/s outgoing trafic from virtual machines (XCP 1.1 with upgrade to
ovs1.4.3), so tcpdump is kinda impossible.
Some data on configuration:
no flow controller, some rules (antispoofing) are applied during vm
start (small patch to /etc/xenxsource/scripts/vif)
I've checked it on few hosts, here staticstics:
* That message appears on every host we've upgrade to ovs1.4.3
* It shows only for in_port=1 (physical eth, attached to bridge, ixgb 1G
network with vlans)
* It shows only gateway address
* source ip is has no designation (VM is on other host)
I think this somehow related to mac learning on uplink switch...
Here our rules to restrict ip/mac spoofing (ipv6 do not protected - was
not supported in ovs1, patch is still not upgaded):
restrict_ipv4 ()
{
p_bridge=`ovs-vsctl br-to-parent $bridge`
#applying acl for specified port and ipv4 address
logger -t scripts-vif "VIF uuid=$vif device=$dev ovs_port=$port
bridge=$p_bridge/$bridge restricted to use IPv4 $IP only with mac $mac
address."
$ofctl add-flow $p_bridge "in_port=$port priority=39000
dl_type=0x0800 nw_src=$IP dl_src=$mac idle_timeout=0 action=normal"
$ofctl add-flow $p_bridge "in_port=$port priority=38500
dl_type=0x0806 dl_src=$mac nw_src=$IP idle_timeout=0 action=normal"
$ofctl add-flow $p_bridge "in_port=$port priority=38250
dl_type=0x86DD dl_src=$mac idle_timeout=0 action=normal"
$ofctl add-flow $p_bridge "in_port=$port priority=38000
idle_timeout=0 action=drop"
}
On 24.10.2012 20:08, Ben Pfaff wrote:
Hmm. Yesterday I looked over all of the datapath commits since version
1.4.3 and didn't see any bugfixes, not applied to branch-1.4, that would
account for this particular message. That means that this may be a
problem that we aren't yet aware of.
Unfortunately, this particular class of issue is difficult to debug.
One approach that is likely to succeed, if you are willing to try it, is
to do a "tcpdump" of traffic on your physical interface to a file in the
background. Then, the first time afterward that you notice such a
message in your log, stop the tcpdump and use "tcpdump -r<file> -n
-vvve" with an appropriate filter to print only the traffic that is part
of the same TCP connection as the one mentioned in the log message, and
post that output (along with the log message).
If you're willing to do that work (and I realize it's a bit of trouble)
there's a much better chance that we can figure out the problem.
On Tue, Oct 23, 2012 at 06:31:42AM +0400, George Shuklin wrote:
That happens in freshly installed ovs 1.4.3 :
ovs-ofctl --version
ovs-ofctl (Open vSwitch) 1.4.3
Compiled Oct 11 2012 11:08:37
OpenFlow versions 0x1:0x1
On 22.10.2012 23:28, Ben Pfaff wrote:
On Sat, Oct 20, 2012 at 04:03:18AM +0400, George Shuklin wrote:
After upgrading from ovs 1.0 to 1.4 on XCP 1.1 I found following
message in log appears every 10-20min:
Oct 20 03:37:42|00245|ofproto_dpif|WARN|unexpected flow from
datapath
in_port(1),eth(src=88:e0:f3:23:42:c0,dst=92:cf:e9:66:a1:46),eth_type(0x0800),ipv4(src=122.226.56.20,dst=188.16.98.12,proto=6,tos=0,ttl=101,frag=no),tcp(src=6000,dst=1433)
What that message means, can this cause any problems and if, how to fix?
It indicates a bug, but the only implication for use is a potential
performance problem in some corner case. If it only occurs that
often, it should not be a serious performance problem in any case.
What particular OVS version is this? e.g. 1.4.0, 1.4.1, ...? Perhaps
it is a bug that has been fixed in a later version.
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
