Is the router bound to a chassis by specifying a "redirect-chassis" ?
Dumping the northbound db might make it easier for me to understand and reproduce the issue ... On Mon, Jun 5, 2017 at 8:58 PM, <wang.qia...@zte.com.cn> wrote: > router is not external to OVN > > > *Russell Bryant <russ...@ovn.org <russ...@ovn.org>>* > > 2017/06/05 20:12 > > 收件人: wang.qia...@zte.com.cn, > 抄送: Ben Pfaff <b...@ovn.org>, ovs dev <d...@openvswitch.org>, > zhou.huij...@zte.com.cn, xurong00037997 <xu.r...@zte.com.cn> > 主题: Re: [ovs-dev] [PATCH 2/2] ovn-northd: Fix ping failure > of vlan networks. > > > > On Thu, Jun 1, 2017 at 10:09 PM, <wang.qia...@zte.com.cn> wrote: > > There are two computer node, each have one vm. And the two vms in > > indifferent vlan networks. The ping between the vms is not success. > > > > The reason is that, acl of to-localnet port or from-localnet port is > > signed to contrack. So the pair of icmp request and reply have different > > zone id in one ovs node. This makes the ct state not correct. > > > > This patch do the modification that localnet port do not use ct. > > > > Change-Id: Iac42ceaa3ef1d4e9b34768f802502d8326b7f507 > > Signed-off-by: wangqianyu <wang.qia...@zte.com.cn> > > --- > > ovn/northd/ovn-northd.8.xml | 4 +++- > > ovn/northd/ovn-northd.c | 24 +++++++++++++++++++++++- > > 2 files changed, 26 insertions(+), 2 deletions(-) > > > > Can you help clarify the scenario here used to reproduce the problem? > > Is it just: > > Logical Switch A > VM 1 > localnet port - VLAN 100 > > Logical Switch B > VM 2 > localnet port - VLAN 200 > > and pinging between VM 1 and VM 2 through a router that is external to OVN? > > > > diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml > > index c0b4c5e..05f0470 100644 > > --- a/ovn/northd/ovn-northd.8.xml > > +++ b/ovn/northd/ovn-northd.8.xml > > @@ -220,7 +220,9 @@ > > logical datapath, a priority-100 flow is added that sets a hint > > (with <code>reg0[0] = 1; next;</code>) for table > > <code>Pre-stateful</code> to send IP packets to the connection > > tracker > > - before eventually advancing to ingress table <code>ACLs</code>. > > + before eventually advancing to ingress table <code>ACLs</code>. If > > some > > + special ports such as route ports or localnet ports can't use > ct(), > > a > > + priority-110 flow is added to skip over stateful ACLs. > > </p> > > > > <h3>Ingress Table 4: Pre-LB</h3> > > diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c > > index 83db753..eea12e8 100644 > > --- a/ovn/northd/ovn-northd.c > > +++ b/ovn/northd/ovn-northd.c > > @@ -1,4 +1,4 @@ > > -/* > > +/* > > * Licensed under the Apache License, Version 2.0 (the "License"); > > * you may not use this file except in compliance with the License. > > * You may obtain a copy of the License at: > > @@ -416,6 +416,7 @@ struct ovn_datapath { > > /* The "derived" OVN port representing the instance of l3dgw_port on > > * the "redirect-chassis". */ > > struct ovn_port *l3redirect_port; > > + struct ovn_port *localnet_port; > > }; > > > > struct macam_node { > > @@ -1351,6 +1352,10 @@ join_logical_ports(struct northd_context *ctx, > > ovs_list_push_back(nb_only, &op->list); > > } > > > > + if (!strcmp(nbsp->type, "localnet")) { > > + od->localnet_port = op; > > + } > > + > > op->lsp_addrs > > = xmalloc(sizeof *op->lsp_addrs * > nbsp->n_addresses); > > for (size_t j = 0; j < nbsp->n_addresses; j++) { > > @@ -2629,6 +2634,23 @@ build_pre_acls(struct ovn_datapath *od, struct > hmap > > *lflows) > > ds_destroy(&match_in); > > ds_destroy(&match_out); > > } > > + if (od->localnet_port) { > > + struct ds match_in = DS_EMPTY_INITIALIZER; > > + struct ds match_out = DS_EMPTY_INITIALIZER; > > + > > + ds_put_format(&match_in, "ip && inport == %s", > > + od->localnet_port->json_key); > > + ds_put_format(&match_out, "ip && outport == %s", > > + od->localnet_port->json_key); > > + ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110, > > + ds_cstr(&match_in), "next;"); > > + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110, > > + ds_cstr(&match_out), "next;"); > > + > > + ds_destroy(&match_in); > > + ds_destroy(&match_out); > > + } > > + > > /* Ingress and Egress Pre-ACL Table (Priority 110). > > * > > * Not to do conntrack on ND packets. */ > > -- > > 2.7.2.windows.1 > > _______________________________________________ > > dev mailing list > > d...@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > > -- > Russell Bryant > > > -- Russell Bryant _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev