Re: [ovs-discuss] LISP tunnel between ovs and an openLISP router

Wed, 21 May 2014 10:45:17 -0700 

Hi Diego,

On 5/21/14, 8:04 PM, Diego Montero wrote:


Hi everyone,


I am working with ovs tunneling using lisp. I am able to configure a 
tunnel between two ovs (each in a different host) and it works 
perfectly. I followed the README-lisp document. Now, I am trying to 
configure the tunnel between an ovs and an openLISP router. The 
topology is depicted below.


vm1: 192.168.1.1 /24
host1: 192.168.2.1 /24
ovs1 ip: 172.16.76.1
openLISP ip: 172.16.76.2
                 +---+                               +----+
                 |VM1|                               |host1|
                 +---+                               +----+
                   |                                   |
              +--[vnet0]--+                      +--[eth1]---+
              |          |                       |           |
          [lisp0] OVS1 [eth0]-----------------[eth0] OpenLISP|
              |          |                       |           |
              +----------+                       +-----------+


OpenLISP is configured as an xTR with static map-cache: 192.168.1.1 -> 
172.16.76.1 and the encapsulation in dataplane works. From the other 
side, I setup the lisp0 port with "type=lisp options:remote_ip=flow 
options:key=flow", and the ovs of (openflow) rules are as follows:



ovs-ofctl add-flow br0 
"priority=1,in_port=7,dl_type=0x0800,vlan_tci=0,nw_src=192.168.1.1,action=set_field:172.16.76.2>tun_dst,output:8"


ovs-ofctl add-flow br0 "priority=0,action=NORMAL"

ovs-ofctl add-flow br0 "priority=2,in_port=7,dl_type=0x0806,action=NORMAL"


ovs-ofctl add-flow br0 
"priority=3,dl_type=0x0800,nw_proto=17,nw_dst=172.16.76.1,tp_dst=4341,action=output:7"





This last flow rule is incorect.  For tunneling protocols, OVS does the 
decapsulation, and you need to match on the inner packet, not on the 
LISP protocol port.  Try with the following:



ovs-ofctl add-flow br0 
"priority=3,in_port=8,action=mod_dl_dst:<mac_of_the_VM>,output:7"



If you need to differentiate between tunnels, you could use Instance ID 
and add "tun_id=0x000001" after in_port.  You should even be able to 
match on the inner IPv4 addres, nw_dst=192.168.1.1



The of ports are as follows:

8 lisp0

7 vnet0


I took care of the arp resolution within vm1 by configuring static MAC 
addresses. Now, the problem is that I am not able to see the 
encapsulation of the packets when vm1 tries to contact to host1 (with 
ping). On the other hand, the packets coming from host1 to vm1 reach 
the ovs1, but they are not decapsulated and forwarded to vm1. I am 
wondering if first, is this scenario feasible? and which openflow 
rules should be configured?





It should be feasible, I tested LISP traffic between OVS and LISPmob 
(but not OpenLISP).


HTH,
-Lori


Many thanks.

Regards,

Diego Montero.



_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss


_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss






















					Reply via email to