Help needed :)
Currently I added APIs to northd for custom flows in this format
lflow-add LSWITCH DIRECTION PRIORITY MATCH ACTION FLOWID [FLOWTYPE]
add a logical flow identified by FLOWID
lflow-del LSWITCH FLOWID delete a logical flow identified by FLOWID
This way I have all options available outside to modify the flows.
When I define a flow for say sfc kind of application where the packets need
to traverse through a VNF prior to its destination, I would add a custom
flow for certain match and change the dst mac (for now) and the packet is
supposed to pass through the VNF.
So for testing using icmp traffic from 10.0.0.3 ping to 10.0.0.4 but the
traffic needs to pass through 10.0.0.5. Typical SFC use case but would be
for other type of traffic. For my test case I define the flow like this:
ovn-nbctl lflow-add ee339fdc-cf00-40cc-986d-709df36bd141 from-lport 115 '
inport == "a1d2ed52-4fa1-440c-9f05-2b8d250fdcf0" && eth.src ==
fa:16:3e:16:7e:7d && ip4 && ip4.src == 10.0.0.3 ' ' eth.dst =
fa:16:3e:cb:66:04; next;' 1234567
which generates these logical flows:
table=6( ls_in_cust_fwd), priority= 115, match=( inport ==
"a1d2ed52-4fa1-440c-9f05-2b8d250fdcf0" && eth.src == fa:16:3e:16:7e:7d &&
ip4 && ip4.src == 10.0.0.3 ), action=( eth.dst = fa:16:3e:cb:66:04; next;)
Rest are standard. Because the dst mac if already changed, the l2 lookup
just outputs to the port.
table=7( ls_in_l2_lkup), priority= 50, match=(eth.dst ==
fa:16:3e:cb:66:04), action=(outport =
"75ac973e-e4c2-4986-82cd-c1be28b4d9bf"; output;)
The physical flows corresponding:
cookie=0x0, duration=142442.685s, table=22, n_packets=7010,
n_bytes=687776, idle_age=0, hard_age=65534,
priority=115,ip,reg6=0x4,metadata=0x1,dl_src=fa:16:3e:16:7e:7d,nw_src=10.0.0.3
actions=mod_dl_dst:fa:16:3e:cb:66:04,resubmit(,23)
cookie=0x0, duration=147357.852s, table=23, n_packets=7154,
n_bytes=701048, idle_age=0, hard_age=65534, priority=50,
metadata=0x1,dl_dst=fa:16:3e:cb:66:04
actions=load:0x6->NXM_NX_REG7[],resubmit(,32)
cookie=0x0, duration=156737.689s, table=32, n_packets=10412,
n_bytes=1070349, idle_age=0, hard_age=65534, priority=0
actions=resubmit(,33)
cookie=0x0, duration=147349.068s, table=33, n_packets=7258,
n_bytes=711128, idle_age=0, hard_age=65534,
priority=100,reg7=0x6,metadata=0x1 actions=load:0x6->NXM_NXresubmit(,34)
cookie=0x0, duration=156789.615s, table=34, n_packets=19853,
n_bytes=2185927, idle_age=0, hard_age=65534, priority=0
actions=load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],resubmit(,48)
This is where it gets to take different path due to CT / ACL, not sure:
cookie=0x0, duration=150381.357s, table=48, n_packets=11598,
n_bytes=1365636, idle_age=44, hard_age=65534,
priority=100,ipv6,metadata=0x1 actions=ct(table=49,zone=NXM_NX_REG5[0..15])
cookie=0x0, duration=150381.357s, table=48, n_packets=7754,
n_bytes=784453, idle_age=1, hard_age=65534, priority=100,ip,metadata=0x1
actions=ct(table=49,zone=NXM_NX_REG5[0..15])
cookie=0x0, duration=156753.514s, table=48, n_packets=530, n_bytes=38624,
idle_age=8, hard_age=65534, priority=0,metadata=0x1 actions=resubmit(,49)
cookie=0x0, duration=147694.516s, table=49, n_packets=7327,
n_bytes=718046, idle_age=0, hard_age=65534,
priority=2002,ct_state=+new+trk,icmp,reg7=0x6,metadata=0x1
actions=ct(commit,zone=NXM_NX_REG5[0..15]),resubmit(,50)
cookie=0x0, duration=156937.525s, table=49, n_packets=536, n_bytes=38876,
idle_age=4, hard_age=65534, priority=0,metadata=0x1 actions=resubmit(,50)
cookie=0x0, duration=147834.360s, table=50, n_packets=7486,
n_bytes=736309, idle_age=0, hard_age=65534,
priority=80,ip,reg7=0x6,metadata=0x1,dl_dst=fa:16:3e:cb:66:04 actions=drop
cookie=0x0, duration=157077.368s, table=50, n_packets=5401,
n_bytes=617710, idle_age=12, hard_age=65534, priority=0,metadata=0x1
actions=resubmit(,51)
The packets get dropped.
I am not able to comprehend what ACL I need to add/modify in addition to
the flow. Any suggestions / help?
(PS: I noticed russelb is traveling so opened to the question to the group)
Thanks
Murali
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
