Yes, I think so:
1> ovs-dpctl show:
-------------------------
root@ashok-vb:/home/achippa/dispatcher# ovs-dpctl show
system@ovs-system:
lookups: hit:266 missed:102 lost:0
flows: 0
masks: hit:368 total:0 hit/pkt:1.00
port 0: ovs-system (internal)
port 1: br-int (internal)
port 2: br-infra (internal)
port 3: e919404747fd4_l
port 4: dc2911ce73d24_l
2> ovs-vsctl show
------------------------
root@ashok-vb:/home/achippa/dispatcher# ovs-vsctl show
c9b867af-0ad5-4fd3-9fb1-23d7ba502d45
Bridge br-int
Controller "tcp:127.0.0.1:6789"
Port "e919404747fd4_l" <<<<=========
Interface "e919404747fd4_l"
Port "a7c9a04d2ba94_l"
Interface "a7c9a04d2ba94_l"
Port br-int
Interface br-int
type: internal
Port "dc2911ce73d24_l" <<<<=========
Interface "dc2911ce73d24_l"
Port "a009c241a81a4_l"
Interface "a009c241a81a4_l"
Port "3e9561b5aa544_l"
Interface "3e9561b5aa544_l"
Port "182ea9813d2c4_l"
Interface "182ea9813d2c4_l"
Port "ce56c08d18284_l"
Interface "ce56c08d18284_l"
Port "faabb5c229ba4_l"
Interface "faabb5c229ba4_l"
Port "c0042f784cce4_l"
Interface "c0042f784cce4_l"
Port "373aebf54bc54_l"
Interface "373aebf54bc54_l"
Port "b30f5aec2e6b4_l"
Interface "b30f5aec2e6b4_l"
Port "cb1dcd2663064_l"
Interface "cb1dcd2663064_l"
Port "c4d07647bc584_l"
Interface "c4d07647bc584_l"
Port "8c73d3f53c944_l"
Interface "8c73d3f53c944_l"
Port "892d9bbb06604_l"
Interface "892d9bbb06604_l"
Port "a8038586da2e4_l"
Interface "a8038586da2e4_l"
Bridge br-infra
Port br-infra
Interface br-infra
type: internal
3> ovs-ofctl dump-flows
---------------------------------
root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=1539.357s, table=0, n_packets=0, n_bytes=0,
idle_age=1539, priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2 actions=drop
4> ifconfig
root@ashok-vb:/home/achippa/dispatcher# ifconfig
dc2911ce73d24_l Link encap:Ethernet HWaddr 5a:b2:8d:45:4a:98
<<<<===== connected to container 1
inet6 addr: fe80::58b2:8dff:fe45:4a98/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:186 errors:0 dropped:0 overruns:0 frame:0
TX packets:6553 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17248 (17.2 KB) TX bytes:1194740 (1.1 MB)
docker0 Link encap:Ethernet HWaddr 56:84:7a:fe:97:99
inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
e919404747fd4_l Link encap:Ethernet HWaddr 02:5e:07:ed:8f:7b
<<<<===== connected to container 2
inet6 addr: fe80::5e:7ff:feed:8f7b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:187 errors:0 dropped:0 overruns:0 frame:0
TX packets:6523 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17326 (17.3 KB) TX bytes:1186709 (1.1 MB)
eth0 Link encap:Ethernet HWaddr 08:00:27:4c:76:66
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe4c:7666/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7213 errors:0 dropped:0 overruns:0 frame:0
TX packets:7842 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3694882 (3.6 MB) TX bytes:1077004 (1.0 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:11700 errors:0 dropped:0 overruns:0 frame:0
TX packets:11700 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:883683 (883.6 KB) TX bytes:883683 (883.6 KB)
virbr0 Link encap:Ethernet HWaddr ee:b4:2d:cc:7b:b9
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
5> docker container 1 ifconfig
----------------------------------------
root@c643cbf36aee:/# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
veth0 Link encap:Ethernet HWaddr ba:f9:6e:e6:67:82
inet addr:1.1.1.1 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::b8f9:6eff:fee6:6782/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6616 errors:0 dropped:0 overruns:0 frame:0
TX packets:187 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1204150 (1.2 MB) TX bytes:17326 (17.3 KB)
6> docker container 2 ifconfig
----------------------------------------
root@f3035fbd1a05:/# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:504 (504.0 B) TX bytes:504 (504.0 B)
veth0 Link encap:Ethernet HWaddr da:2d:83:97:03:e0
inet addr:1.1.1.2 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::d82d:83ff:fe97:3e0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6688 errors:0 dropped:2 overruns:0 frame:0
TX packets:186 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1219650 (1.2 MB) TX bytes:17248 (17.2 KB)
BTW, a few weeks ago, this was working... In all fairness to openvswitch, I
do need to confess that I did patch in a third-party DPI changes to OVS...
not sure if that broke it...
On Tue, Feb 3, 2015 at 6:04 PM, Ben Pfaff <b...@nicira.com> wrote:
> Are the packets going through your bridge at all? What do "ovs-dpctl
> show" and "ovs-vsctl show" print? How about "ifconfig"?
>
> On Tue, Feb 03, 2015 at 06:00:35PM -0800, Ashok Chippa wrote:
> > Okay, here it is: I added a flow as shown below, and I expect the ping
> from
> > 1.1.1.1 to 1.1.1.2 to not work... But the ping goes through... it is not
> > hitting the flow I added, and I cannot tell which flow it is hitting...
> as
> > dump-flows shows only one flow... BTW, dump-tables shows -ve count (there
> > is a bug there, even though it is not critical)... I'm sure you have
> bigger
> > fish to fry... :) Please see steps 1 through 4 below:
> >
> > 1> ADD FLOW
> > --------------------
> >
> > root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl add-flow br-int
> > table=0,priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2,actions=drop
> > root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int
> > NXST_FLOW reply (xid=0x4):
> > cookie=0x0, duration=8.242s, table=0, n_packets=0, n_bytes=0,
> idle_age=8,
> > priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2 actions=drop
> >
> > 2> PING from 1.1.1.1 to 1.1.1.2
> > ------------------------------------------
> >
> > root@c643cbf36aee:/# !ping
> > ping -c 7 1.1.1.2
> > PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
> > 64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.380 ms
> > 64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.060 ms
> > 64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.110 ms
> > 64 bytes from 1.1.1.2: icmp_seq=4 ttl=64 time=0.156 ms
> > 64 bytes from 1.1.1.2: icmp_seq=5 ttl=64 time=0.094 ms
> > 64 bytes from 1.1.1.2: icmp_seq=6 ttl=64 time=0.063 ms
> > 64 bytes from 1.1.1.2: icmp_seq=7 ttl=64 time=0.078 ms
> >
> > --- 1.1.1.2 ping statistics ---
> > 7 packets transmitted, 7 received, 0% packet loss, time 5999ms
> > rtt min/avg/max/mdev = 0.060/0.134/0.380/0.105 ms
> >
> > 3> TCPDUMP on the interface(s) connected to 1.1.1.1 or 1.1.1.2
> >
> --------------------------------------------------------------------------------------
> >
> > root@ashok-vb:/home/achippa/dispatcher# tcpdump -i dc2911ce73d24_l
> > tcpdump: WARNING: dc2911ce73d24_l: no IPv4 address assigned
> > tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> > listening on dc2911ce73d24_l, link-type EN10MB (Ethernet), capture size
> > 65535 bytes
> > 17:52:32.682083 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 1,
> > length 64
> > 17:52:32.682111 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 1,
> length
> > 64
> > 17:52:33.681082 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 2,
> > length 64
> > 17:52:33.681105 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 2,
> length
> > 64
> > 17:52:34.679962 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 3,
> > length 64
> > 17:52:34.679990 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 3,
> length
> > 64
> > 17:52:35.679419 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 4,
> > length 64
> > 17:52:35.679449 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 4,
> length
> > 64
> > 17:52:36.678597 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 5,
> > length 64
> > 17:52:36.678624 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 5,
> length
> > 64
> > 17:52:37.679530 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 6,
> > length 64
> > 17:52:37.679561 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 6,
> length
> > 64
> > 17:52:37.682449 ARP, Request who-has 1.1.1.1 tell 1.1.1.2, length 28
> > 17:52:37.682796 ARP, Reply 1.1.1.1 is-at ba:f9:6e:e6:67:82 (oui Unknown),
> > length 28
> > 17:52:38.678662 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 7,
> > length 64
> > 17:52:38.678703 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 7,
> length
> > 64
> >
> > 4> n_packets is 0 on the flow I added
> > -------------------------------------------------
> >
> > root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int
> > NXST_FLOW reply (xid=0x4):
> > cookie=0x0, duration=387.380s, table=0, n_packets=0, n_bytes=0,
> > idle_age=387, priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2
> actions=drop
> >
> > You can see, the rule was not hit... which rule is allowing it to go
> > through? I can't see with any cli command...
> >
> >
> > On Tue, Feb 3, 2015 at 5:44 PM, Ben Pfaff <b...@nicira.com> wrote:
> >
> > > So what does all the SHOUTING CAPITAL LETTERS and "THIS IS A BLOCKER
> FOR
> > > ME" come from? It sounds like it's not a blocker for you at all,
> you're
> > > just fixated on it.
> > >
> > > On Tue, Feb 03, 2015 at 05:30:41PM -0800, Ashok Chippa wrote:
> > > > It's not actually this I seem to be fixated on... I just want to
> start
> > > over
> > > > (with 0 flows) and add some flows and see them take effect... which
> this
> > > > bug seems to be preventing me...or so I think, I could be wrong... My
> > > > packets seem to be hitting a flow that I am not able to see... Keep
> in
> > > > mind, I'm still learning... Even after deleting the flows, this
> count is
> > > > persistent... so I think the bookkeeping is wrong somewhere... not a
> > > > critical bug for sure, as long as it does not prevent normal
> functions
> > > from
> > > > working...
> > > >
> > > > On Tue, Feb 3, 2015 at 8:38 AM, Ben Pfaff <b...@nicira.com> wrote:
> > > >
> > > > > On Tue, Feb 03, 2015 at 12:06:43AM -0800, Ashok Chippa wrote:
> > > > > > Compiled the patch in and re-installed the .ko:
> > > > > >
> > > > > > STILL SEE THIS:
> > > > > >
> > > > > > root@ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl
> del-flows
> > > > > br-int
> > > > > > root@ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl
> dump-flows
> > > > > br-int
> > > > > > NXST_FLOW reply (xid=0x4):
> > > > > > root@ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl
> dump-tables
> > > > > br-int
> > > > > > OFPST_TABLE reply (xid=0x2): 254 tables
> > > > > > 0: classifier: wild=0x3fffff, max=1000000, active=10
> > > <<<<============
> > > > > > STILL!!!
> > > > > > lookup=0, matched=0
> > > > > > 1: table1 : wild=0x3fffff, max=1000000, active=0
> > > > > > lookup=0, matched=0
> > > > > > ...
> > > > > >
> > > > > > I JUST CAN'T GET RID OF the ACTIVE_COUNT of 10!!! in dump-tables
> > > output:
> > > > >
> > > > > Why are you so fixated on this?
> > > > >
> > >
>
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
