Hi, Andreas Wundsam schrieb: > Well, the funny thing is that sometimes, my pings from the VM on vif10.2 > *do* get through, even though they should not (see attachment, for > better readability of those long lines).
Forgot the attachment obviously, sorry for that. Best, Andi -- Andreas Wundsam Technische Universität Berlin, Deutsche Telekom Laboratories FG INET, Research Group Anja Feldmann address: Sekr. TEL 16, FG INET, Ernst-Reuter-Platz 7, 10587 Berlin e-mail: [email protected] web: http://www.net.t-labs.tu-berlin.de/people/andi.shtml
-------- No ping coming from allowed port vif4.2: r...@loadgen134:~# tcpdump -i vif4.2 tcpdump: WARNING: vif4.2: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vif4.2, link-type EN10MB (Ethernet), capture size 96 bytes 01:00:16.319051 STP 802.1d, Config, Flags [none], bridge-id 8065.00:11:20:9c:71:80.8010, length 43 01:00:18.322093 STP 802.1d, Config, Flags [none], bridge-id 8065.00:11:20:9c:71:80.8010, length 43 2 packets captured 2 packets received by filter 0 packets dropped by kernel --- Ping running on 'forbidden' port vif10.2 r...@loadgen134:~# tcpdump -i vif10.2 tcpdump: WARNING: vif10.2: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vif10.2, link-type EN10MB (Ethernet), capture size 96 bytes 01:00:21.552676 IP 192.168.10.2 > 192.168.10.1: ICMP echo request, id 31757, seq 167, length 64 01:00:21.552816 IP 192.168.10.1 > 192.168.10.2: ICMP echo reply, id 31757, seq 167, length 64 01:00:22.552657 IP 192.168.10.2 > 192.168.10.1: ICMP echo request, id 31757, seq 168, length 64 01:00:22.552731 IP 192.168.10.1 > 192.168.10.2: ICMP echo reply, id 31757, seq 168, length 64 --- entries in the high level openflow table forbid traffic on port 3 (vif10.2): r...@loadgen134:~# ovs-ofctl dump-flows tcp:127.0.0.1 stats_reply (xid=0xf8e17211): flags=none type=1(flow) duration=253451s, table_id=1, priority=32768, n_packets=0, n_bytes=0, dl_type=0x002e,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,tp_src=0,tp_dst=0,actions=drop duration=253451s, table_id=1, priority=32768, n_packets=0, n_bytes=0, dl_type=0x88cc,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,tp_src=0,tp_dst=0,actions=drop duration=7373s, table_id=1, priority=32768, n_packets=3, n_bytes=210, in_port=4,actions=drop duration=253440s, table_id=1, priority=32768, n_packets=1119, n_bytes=108358, in_port=3,actions=drop duration=7289s, table_id=1, priority=32768, n_packets=3, n_bytes=230, in_port=5,actions=drop duration=253441s, table_id=1, priority=32768, n_packets=251443, n_bytes=24445142, in_port=2,actions=output:1,output:4 duration=253441s, table_id=1, priority=32768, n_packets=380617, n_bytes=32879750, in_port=1,actions=output:2,output:4 --- but dpctl has entries that allow traffic on port3: r...@loadgen134:~# ovs-dpctl dump-flows br_out port0001:vlan65535 mac00:1b:21:10:8c:7e->00:16:3e:76:4f:93 type0800 proto1 ip192.168.10.1->192.168.10.2 port0->0, packets:611, bytes:59878, used:0.818s, actions:3 port0003:vlan65535 mac00:16:3e:76:4f:93->00:1b:21:10:8c:7e type0800 proto1 ip192.168.10.2->192.168.10.1 port8->0, packets:811, bytes:79478, used:0.818s, actions:1 port0001:vlan65535 mac00:24:97:f3:a8:4a->01:80:c2:00:00:00 type05ff proto0 ip0.0.0.0->0.0.0.0 port0->0, packets:21644, bytes:1298640, used:0.026s, actions:2,4
_______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
