Hi Ben,
No, I didn't had the evidence of IPFIX packets being monitored.
OK, since we're doing some experiments with Daniel in the other thread
and I'm not experiencing IPFIX packet loops, I think we can close this
thread and continue the test experiments with Daniel in the other thread.
Best,
Lluis
On 04/07/16 16:59, Ben Pfaff wrote:
100% sampling isn't a problem in itself, but if the IPFIX packets
themselves get sampled it could cause a loop. Do you have evidence of
that?
Please don't start multiple identical threads.
On Mon, Jul 04, 2016 at 09:49:33AM +0200, Lluís Gifre wrote:
Dear Ben,
I agree with you that sampling 100% of packets could be risky in scenarios
with several hosts. However, I was monitoring a ping between 2 VMs, i.e., 2
ICMP + 2 ARP packet per second plus VXLAN overhead.
I think it should work even when sampling 100% of traffic.
BTW, I started a parallel thread with subject "Bug OpenVSwitch 2.5.0 -
Enabling IPFIX in OpenVSwitch breaks VXLAN tunneling". They are both the
same, except that I added "Bug OpenVSwitch 2.5.0" just to emphasize that the
problem is in the newest LTS version of OVS. We could continue this
discussion on that thread.
Best,
Lluis
On 02/07/16 02:47, Ben Pfaff wrote:
On Tue, Jun 28, 2016 at 05:03:20PM +0200, Lluís Gifre wrote:
I'm experiencing a problem when enabling IPFIX on an OpenVSwitch where VXLAN
tunnels are configured to interconnect 2 VMs (Virtual Box).
I'm running the setup on Ubuntu v16.04 using the repo OpenVSwitch v2.5.0 and
VirtualBox v5.0.22.
My setup is as follows:
2 bridges, each with a TAP interface connected to a VBox VM
The commands I used for setting up this environment are:
# Create bridges
sudo ovs-vsctl add-br br1
sudo ovs-vsctl add-br br2
# Create tap interfaces
sudo ip tuntap add mode tap tap1
sudo ip tuntap add mode tap tap2
# Bring up tap interfaces
sudo ip link set tap1 up
sudo ip link set tap2 up
# Add interfaces to bridge br0
sudo ovs-vsctl add-port br1 tap1
sudo ovs-vsctl add-port br2 tap2
# Bring up bridges
sudo ifconfig br1 up
sudo ifconfig br2 up
# Set IP address on bridges
sudo ifconfig br1 10.254.254.1/24
sudo ifconfig br2 10.254.254.2/24
# Configure VXLAN tunnels
sudo ovs-vsctl add-port br1 vxlan12 -- set interface vxlan12 type=vxlan
options:local_ip=10.254.254.1 options:remote_ip=10.254.254.2
options:in_key=flow options:out_key=flow
sudo ovs-vsctl add-port br2 vxlan21 -- set interface vxlan21 type=vxlan
options:local_ip=10.254.254.2 options:remote_ip=10.254.254.1
options:in_key=flow options:out_key=flow
Until that point, VMs can ping one to the other.
Then, without disabling the "pings" I enabled IPFIX in both bridges:
# Enable IPFIX on bridges
# Data Collector IP = 172.26.37.124
# Data Collector Port = 4739 (UDP)
# Packets per sample = 1
sudo ovs-vsctl -- set bridge br1 ipfix=@ipfix -- --id=@ipfix create IPFIX \
targets=\"172.26.37.124:4739\" \
obs_domain_id=1 obs_point_id=1 \
sampling=1 cache_active_timeout=60\
other_config:enable-tunnel-sampling=true
sudo ovs-vsctl -- set bridge br2 ipfix=@ipfix -- --id=@ipfix create IPFIX \
targets=\"172.26.37.124:4739\" \
obs_domain_id=1 obs_point_id=2 \
sampling=1 cache_active_timeout=60\
other_config:enable-tunnel-sampling=true
Just after enabling IPFIX the connectivity between VMs is interrupted.
A sampling rate of 1 (meaning sample 100% of packets) could be risky if
the target is on an OVS bridge, because it could essentially cause a
loop by causing every IPFIX packet to be sampled. Try a lower sample
rate?
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
