Hello, I am trying to have a seperate flow table per vm that is connected to br-int. So far to do that I insert a resubmit flow to the base table (table 0) and then a basic drop all flow to the table of the vm (table 25 in this example). The two flows are: ovs-ofctl add-flow br-int "table=0,priority=19,in_port=2, actions=resubmit(,25)" for resubmission ovs-ofctl add-flow br-int "table=25,priority=0,in_port=2,actions=drop" for drop all traffic.
The problem is that when i try to insert a new rule in table 25 ( to allow ssh connection from a specific host for example) the rule does not work. The flow that i am trying to insert is: ovs-ofctl add-flow br-int "table=25,priority=2,tcp,in_port=2,tp_dst=22,nw_src=10.1.0.2, actions=normal" Can you please tell me if there is a problem with this particular flow or the way i am defining it? The complete flow table is as follows: NXST_FLOW reply (xid=0x4): cookie=0x0, duration=83007.359s, table=0, n_packets=1296, n_bytes=66540, idle_age=11, hard_age=65534, priority=19,in_port=2 actions=resubmit(,25) cookie=0x0, duration=83403.026s, table=0, n_packets=4, n_bytes=168, idle_age=65534, hard_age=65534, priority=10,arp,in_port=2 actions=resubmit(,24) cookie=0x0, duration=83402.994s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=10,arp,in_port=11 actions=resubmit(,24) cookie=0x0, duration=83403.058s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=10,arp,in_port=3 actions=resubmit(,24) cookie=0x0, duration=83403.759s, table=0, n_packets=71669, n_bytes=5966012, idle_age=1, hard_age=65534, priority=0 actions=NORMAL cookie=0x0, duration=83403.754s, table=23, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop cookie=0x0, duration=83403.031s, table=24, n_packets=4, n_bytes=168, idle_age=65534, hard_age=65534, priority=2,arp,in_port=2,arp_spa=10.1.0.4 actions=NORMAL cookie=0x0, duration=83403s, table=24, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=2,arp,in_port=11,arp_spa=10.1.0.46 actions=NORMAL cookie=0x0, duration=83403.063s, table=24, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=2,arp,in_port=3,arp_spa=10.1.0.8 actions=NORMAL cookie=0x0, duration=83403.749s, table=24, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop cookie=0x0, duration=101.509s, table=25, n_packets=0, n_bytes=0, idle_age=101, priority=2,tcp,in_port=2,nw_src=10.1.0.2,tp_dst=22 actions=NORMAL cookie=0x0, duration=82135.593s, table=25, n_packets=1176, n_bytes=49776, idle_age=11, hard_age=65534, priority=0,in_port=2 actions=drop As you can see from the flow table, although the first flow is applied and the packets are redirected, no packets match the ssh flow (they all match the drop one with the latest priority) Thanks Anna
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
