> On Nov 19, 2015, at 6:23 AM, Anna Giannakou <anna.gianna...@inria.fr> wrote: > > Hello, > I am trying to have a seperate flow table per vm that is connected to br-int. > So far to do that I insert a resubmit flow to the base table (table 0) and > then a basic drop all flow to the table of the vm (table 25 in this example). > The two flows are: > ovs-ofctl add-flow br-int "table=0,priority=19,in_port=2, > actions=resubmit(,25)" for resubmission > ovs-ofctl add-flow br-int "table=25,priority=0,in_port=2,actions=drop" for > drop all traffic. > > The problem is that when i try to insert a new rule in table 25 ( to allow > ssh connection from a specific host for example) the rule does not work. The > flow that i am trying to insert is: > ovs-ofctl add-flow br-int > "table=25,priority=2,tcp,in_port=2,tp_dst=22,nw_src=10.1.0.2, actions=normal" > > Can you please tell me if there is a problem with this particular flow or the > way i am defining it? > The complete flow table is as follows: > NXST_FLOW reply (xid=0x4): > cookie=0x0, duration=83007.359s, table=0, n_packets=1296, n_bytes=66540, > idle_age=11, hard_age=65534, priority=19,in_port=2 actions=resubmit(,25) > cookie=0x0, duration=83403.026s, table=0, n_packets=4, n_bytes=168, > idle_age=65534, hard_age=65534, priority=10,arp,in_port=2 > actions=resubmit(,24) > cookie=0x0, duration=83402.994s, table=0, n_packets=0, n_bytes=0, > idle_age=65534, hard_age=65534, priority=10,arp,in_port=11 > actions=resubmit(,24) > cookie=0x0, duration=83403.058s, table=0, n_packets=0, n_bytes=0, > idle_age=65534, hard_age=65534, priority=10,arp,in_port=3 > actions=resubmit(,24) > cookie=0x0, duration=83403.759s, table=0, n_packets=71669, n_bytes=5966012, > idle_age=1, hard_age=65534, priority=0 actions=NORMAL > cookie=0x0, duration=83403.754s, table=23, n_packets=0, n_bytes=0, > idle_age=65534, hard_age=65534, priority=0 actions=drop > cookie=0x0, duration=83403.031s, table=24, n_packets=4, n_bytes=168, > idle_age=65534, hard_age=65534, priority=2,arp,in_port=2,arp_spa=10.1.0.4 > actions=NORMAL > cookie=0x0, duration=83403s, table=24, n_packets=0, n_bytes=0, > idle_age=65534, hard_age=65534, priority=2,arp,in_port=11,arp_spa=10.1.0.46 > actions=NORMAL > cookie=0x0, duration=83403.063s, table=24, n_packets=0, n_bytes=0, > idle_age=65534, hard_age=65534, priority=2,arp,in_port=3,arp_spa=10.1.0.8 > actions=NORMAL > cookie=0x0, duration=83403.749s, table=24, n_packets=0, n_bytes=0, > idle_age=65534, hard_age=65534, priority=0 actions=drop > cookie=0x0, duration=101.509s, table=25, n_packets=0, n_bytes=0, > idle_age=101, priority=2,tcp,in_port=2,nw_src=10.1.0.2,tp_dst=22 > actions=NORMAL > cookie=0x0, duration=82135.593s, table=25, n_packets=1176, n_bytes=49776, > idle_age=11, hard_age=65534, priority=0,in_port=2 actions=drop > > As you can see from the flow table, although the first flow is applied and > the packets are redirected, no packets match the ssh flow (they all match the > drop one with the latest priority)
I think this is just an old message that . The problem was related to the missing ARP entries. --Justin _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
