Hi Justin, Thanks for the response. I am trying to create GRE tunnel between two host machines (OVS is running on both the machines, and I am able to ping each other). My issue is how to have traffic flow between two hosts with GRE encapsulation header using GRE tunnel. Please find the OVS configuration below. Please let me know if I need to do any more configuration to have traffic flow with GRE encapsulation header using GRE tunnel, or if anything else is missing.
GRE tunnel configuration: ------------------------ * Created bridge br1 * Add port eth0 to br1 * Cleared eth0 IP address (ifconfig eth0 0.0.0.0 up), Kill DHCP client on eth0, start dhclient on br0/ or/ assigned the static IP to br0, Adjust eth0 routes to go through br0. @Host1 ovs-vsctl add-br br0 ovs-vsctl add-br br1 ovs-vsctl add-port br0 eth0 ifconfig eth0 0 && ifconfig br0 192.168.1.10 netmask 255.255.255.0 route add default gw 192.168.1.1 br0 ifconfig br1 10.1.2.10 netmask 255.255.255.0 ovs-vsctl add-port br1 gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.11 @ Host 2 ovs-vsctl add-br br0 ovs-vsctl add-br br1 ovs-vsctl add-port br0 eth0 ifconfig eth0 0 && ifconfig br0 192.168.1.11 netmask 255.255.255.0 route add default gw 192.168.1.1 br0 ifconfig br1 10.1.2.11 netmask 255.255.255.0 ovs-vsctl add-port br1 gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.10 CAPWAP tunnel configuration: ---------------------------- Linux machine 1: 1. ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema 2. ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \ --remote=db:Open_vSwitch,Open_vSwitch,manager_options \ --private-key=db:Open_vSwitch,SSL,private_key \ --certificate=db:Open_vSwitch,SSL,certificate \ --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \ --pidfile --detach 3. ovs-vsctl --no-wait init 4. ovs-vswitchd --pidfile -detach (Kill all instances of DHCP Client.) 5. ifconfig eth0 0.0.0.0 6. ovs-vsctl add-br br0 7. ovs-vsctl add-port br0 eth0 8. ifconfig br0 192.168.1.5 9. ovs-vsctl add-port br0 p0 10. ovs-vsctl set interface p0 type=internal 11. ip link set p0 up 12. ifconfig p0 10.0.0.1 13. ovs-vsctl add-port br0 cw0 14. ovs-vsctl set interface cw0 type=capwap options:local_ip=10.0.0.1 options:remote_ip=10.0.0.2 options:key=1234 Linux machine 2: 1. ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema 2. ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \ --remote=db:Open_vSwitch,Open_vSwitch,manager_options \ --private-key=db:Open_vSwitch,SSL,private_key \ --certificate=db:Open_vSwitch,SSL,certificate \ --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \ --pidfile --detach 3. ovs-vsctl --no-wait init 4. ovs-vswitchd --pidfile -detach (Kill all instances of DHCP Client.) 5. ifconfig eth0 0.0.0.0 6. ovs-vsctl add-br br0 7. ovs-vsctl add-port br0 eth0 8. ifconfig br0 192.168.1.6 9. ovs-vsctl add-port br0 p0 10. ovs-vsctl set interface p0 type=internal 11. ip link set p0 up 12. ifconfig p0 10.0.0.2 13. ovs-vsctl add-port br0 cw0 14. ovs-vsctl set interface cw0 type=capwap options:local_ip=10.0.0.2 options:remote_ip=10.0.0.1 options:key=1234 ================= -Vivek -----Original Message----- From: Justin Pettit [mailto:[email protected]] Sent: Saturday, December 14, 2013 10:34 PM To: Vivek Kumar (EPG) Cc: [email protected] Subject: Re: [ovs-discuss] how to get encrypted packet with GRE header in GRE tunnel The tunnel ports should have an OpenFlow port number, which can be used to write flows. The default flow table should allow you to have the ports attached to the same bridge as the tunnel be able to communicate with the other side. You haven't provided enough information about what you've done or what you're seeing to say what's happening, though. --Justin > On Dec 13, 2013, at 10:22 AM, "Vivek Kumar (EPG)" <[email protected]> wrote: > > Hi Justin, > Thanks for the response. > Sorry, my bad. I meant 'encapsulation' and not 'encryption'. > My issue is how to have traffic flow between two hosts with GRE encapsulation > header or CAPWAP encapsulation header, when OVS is running on these two > hosts. After creating tunnel, I am able to ping each host from the other > host. Could you please help. > > Thanks, > Vivek > > -----Original Message----- > From: Justin Pettit [mailto:[email protected]] > Sent: Friday, December 13, 2013 10:33 PM > To: Vivek Kumar (EPG) > Cc: [email protected] > Subject: Re: [ovs-discuss] how to get encrypted packet with GRE header in GRE > tunnel > > How are you doing the encryption? For the Debian packages, there's a daemon > called "ovs-monitor-ipsec" that will take care of setting up IPsec GRE > tunnels. If you get that installed, look for "ipsec_gre" in the > ovs-vswitchd.conf.db man page, which describe the configuration parameters > you'd need to set with ovs-vsctl. > > --Justin > > >> On Dec 13, 2013, at 4:08 AM, Vivek Kumar (EPG) <[email protected]> wrote: >> >> >> Hi >> >> I am trying to create GRE tunnel between two host machines (OVS is running >> on both the machines, and I am able to ping each other). >> But my data is not getting received/transferred with encrypted packet with >> GRE header. Same issue is seen when I am trying to create CAPWAP tunnel >> between two host machines (OVS is running on both the machines, and I am >> able to ping each other). >> Could anyone please help me with this issue. Could anyone please tell me >> about how to receive/transfer encrypted packet with GRE/CAPWAP header. Also, >> please let me know if we need to configure something extra in OVS for this. >> >> Thanks, >> Vivek >> >> >> _______________________________________________ >> discuss mailing list >> [email protected] >> http://openvswitch.org/mailman/listinfo/discuss > > > > _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
