Having a difficult time connecting an OVS gre tunnel to other network
devices, in this case the standard Ubuntu OVS packages on 12.04 to a 12.04
machine running the default ip_gre modules.
Creating a gre tunnel between two openVswitch machines works just fine and
without trouble.
For the sake of this question let's Assume we are connecting an OVS
machine to a standard linux ip route machine. Ideally that tunnel is
encrypted by ipsec, but let's skip the IPSEC part and just get a tunnel
working first.
Why: I need to run OSPF on the two sides of the tunnel, GRE handles
broadcast packets.
Before OPENVSwITCH was brought into the mix, the tunnels were created like
so:
Tango and Cash are both linux boxes, in this case Ubuntu perform firewall
duties for their respective lans. Default routes for the lan point to
their respective internal IPs
--How I have setup the tunnels historically/Before OVS:
Host: Tango
IP external: 1.1.1.1 (eth0)
IP internal: 10.1.1.1 (eth1)
LAN 10.1.1.0/24
TUN ID: 10.10.10.1/24
Host: Cash
IP external: 2.2.2.2 (eth0)
IP internal: 10.2.2.2 (eth1)
LAN 10.2.2.0/24
TUN ID: 10.10.10.2/24
Linux-Linux GRE Tunnel Creation:
Host Tango:
ip tunnel add gre_cash mode gre remote 2.2.2.2 local 1.1.1.1 ttl 255
ip link set gre_cash up multicast on mtu 1420
ip addr add 10.10.10.1 peer 10.10.10.2 dev gre_cash
Host Cash:
ip tunnel add gre_tango mode gre remote 1.1.1.1 local 2.2.2.2 ttl 255
ip link set gre_tango up multicast on mtu 1420
ip addr add 10.10.10.2 peer 10.10.10.1 dev gre_tango
This has worked well for years, the described tunnel is wrapped in ipsec
and everyone is happy routing with Quagga/OSPF
--My failed attempt with OVS:
Host: Tango (OVS)
IP external: 1.1.1.1 (ext0)
IP internal: 10.1.1.1 (int0)
LAN 10.1.1.0/24
TUN ID: 10.10.10.1/24
Host: Cash
IP external: 2.2.2.2 (eth0)
IP internal: 10.2.2.2 (eth1)
LAN 10.2.2.0/24
TUN ID: 10.10.10.2/24
Tango:
ovs-vsctl add-br ext0
ovs-vsctl add-br int0
ovs-vsctl add-port ext0 eth0
ovs-vsctl add-port int0 eth1
-/etc/network/interfaces assigns the internal and external ips
-iptables setups the firewall
-Able to ping just fine, NAT working everything is happy except the tunnel
-Next I try to build a tunnel in OVS
ovs-vsctl add-br gre_cash
ip link set gre_cash up multicast on mtu 1420
ip addr add 10.10.10.1/24 peer 10.10.10.2/24 dev gre_cash
ovs-vsctl add-port gre_cash gre0 -- set interface gre0 type=gre
options:remote_ip=2.2.2.2,local_ip=1.1.1.1
Host Cash: (same as previous/non ovs machine)
ip tunnel add gre_tango mode gre remote 1.1.1.1 local 2.2.2.2 ttl 255
ip link set gre_tango up multicast on mtu 1420
ip addr add 10.10.10.2 peer 10.10.10.1 dev gre_tango
This, doesn't seem to work. From Tango's lan they can ping the local
side of the gre tunnel 10.10.10.1 the remote side 10.10.10.2 returns
"destination unreachable"
ip addr (GRETUNNEL) shows different settings for each host
Tango: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1420 qdisc noqueue state
UNKNOWN
Cash: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue
state UNKNOWN
In particular I'm curious about the BROADCAST/POINTOPOINT and NOARP
statements.
Thoughts?
Is iproute2 tunneling and ovs simply incompatible?
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
