Re: [ovs-discuss] ovn-trace not showing full logical flow

[Ben Pfaff]

On Sun, Sep 17, 2017 at 05:03:19PM +0530, Vikrant Aggarwal wrote:
>  0. ls_in_port_sec_l2 (ovn-northd.c:2979): inport ==
> "4c72cee2-35b7-4bcd-8c77-135a22d16df1" && eth.src == {fa:16:3e:55:3f:be},
> priority 50, uuid b6b8d57a
> next;
>  1. ls_in_port_sec_ip (ovn-northd.c:2113): inport ==
> "4c72cee2-35b7-4bcd-8c77-135a22d16df1" && eth.src == fa:16:3e:55:3f:be &&
> ip4.src == {10.10.10.4}, priority 90, uuid ba02f466
> next;
>  3. ls_in_pre_acl (ovn-northd.c:2397): ip, priority 100, uuid 25d55e7b
> reg0[0] = 1;
> next;
>  5. ls_in_pre_stateful (ovn-northd.c:2515): reg0[0] == 1, priority 100,
> uuid b84a160f
> ct_next;
> *** ct_* actions not implemented

ovn-trace in Open vSwitch 2.7 doesn't support the ct_* actions, which
means that tracing through a distributed firewall tends to end up this
way.

ovn-trace in Open vSwitch 2.8 does support these actions, so you'll see
more success there.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] ovn-trace not showing full logical flow

[Vikrant Aggarwal]

Hi Folks,

In my packstack setup, I am trying to see the usage of ovn-trace following
[1] but I am not able to see the full logical flow  for packet.

Two logical switches are connected to same router, instances are able to
reach other without any issue but ovn-trace is not showing full logical
flow of traffic.

Can anyone please help me to understand what I am doing wrong?

==> output of ovn-nbctl from controller node.

[root@controller ~(keystone_admin)]# ovn-nbctl show
switch 94c220f0-128e-4eef-ae4f-116a69458f11
(neutron-8d16abbf-835d-4ec7-97a1-eef02d84563a)
port 3b58fa41-35b7-4374-8e41-fa0858f9f9dc
addresses: ["fa:16:3e:eb:3d:0a 10.10.11.5"]
port d83ce6c6-1289-4e8b-9e12-62a9b08b95da
addresses: ["router"]
switch 0d413d9c-7f23-4ace-9a8a-29817b3b33b5
(neutron-89113f8b-bc01-46b1-84fb-edd5d606879c)
port 6fe3cab5-5f84-44c8-90f2-64c21b489c62
addresses: ["fa:16:3e:fa:d6:d3 10.10.10.9"]
port 397c019e-9bc3-49d3-ac4c-4aeeb1b3ba3e
addresses: ["router"]
port 4c72cee2-35b7-4bcd-8c77-135a22d16df1
addresses: ["fa:16:3e:55:3f:be 10.10.10.4"]
port a6ee79a7-a6bc-4971-9fe0-d8424a31d2db
addresses: ["fa:16:3e:96:0a:6a 10.10.10.2"]
switch 1ec08997-0899-40d1-9b74-0a25ef476c00
(neutron-e411bbe8-e169-4268-b2bf-d5959d9d7260)
port provnet-e411bbe8-e169-4268-b2bf-d5959d9d7260
addresses: ["unknown"]
port b95e9ae7-5c91-4037-8d2c-660d4af00974
addresses: ["router"]
router 7418a4e7-abff-4af7-85f5-6eea2ede9bea
(neutron-67dc2e78-e109-4dac-acce-b71b2c944dc1)
port lrp-b95e9ae7-5c91-4037-8d2c-660d4af00974
mac: "fa:16:3e:52:20:7c"
networks: ["192.168.122.50/24"]
port lrp-d83ce6c6-1289-4e8b-9e12-62a9b08b95da
mac: "fa:16:3e:21:ff:7d"
networks: ["10.10.11.1/24"]
port lrp-397c019e-9bc3-49d3-ac4c-4aeeb1b3ba3e
mac: "fa:16:3e:87:28:40"
networks: ["10.10.10.1/24"]

==> Tracing the logical flow from 10.10.10.4 to 10.10.11.5

[root@controller ~(keystone_admin)]# ovn-trace
neutron-89113f8b-bc01-46b1-84fb-edd5d606879c
'inport=="4c72cee2-35b7-4bcd-8c77-135a22d16df1" && eth.src ==
fa:16:3e:55:3f:be && ip4.src == 10.10.10.4
&& eth.dst == fa:16:3e:eb:3d:0a && ip4.dst == 10.10.11.5 && ip.ttl == 32'
#
ip,reg14=0x3,vlan_tci=0x,dl_src=fa:16:3e:55:3f:be,dl_dst=fa:16:3e:eb:3d:0a,nw_src=10.10.10.4,nw_dst=10.10.11.5,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=32

ingress(dp="neutron-89113f8b-bc01-46b1-84fb-edd5d606879c",
inport="4c72cee2-35b7-4bcd-8c77-135a22d16df1")
-
 0. ls_in_port_sec_l2 (ovn-northd.c:2979): inport ==
"4c72cee2-35b7-4bcd-8c77-135a22d16df1" && eth.src == {fa:16:3e:55:3f:be},
priority 50, uuid b6b8d57a
next;
 1. ls_in_port_sec_ip (ovn-northd.c:2113): inport ==
"4c72cee2-35b7-4bcd-8c77-135a22d16df1" && eth.src == fa:16:3e:55:3f:be &&
ip4.src == {10.10.10.4}, priority 90, uuid ba02f466
next;
 3. ls_in_pre_acl (ovn-northd.c:2397): ip, priority 100, uuid 25d55e7b
reg0[0] = 1;
next;
 5. ls_in_pre_stateful (ovn-northd.c:2515): reg0[0] == 1, priority 100,
uuid b84a160f
ct_next;
*** ct_* actions not implemented

==> Tracing the logical flow from 10.10.11.5 to 10.10.10.4.

[root@controller ~(keystone_admin)]# ovn-trace
neutron-8d16abbf-835d-4ec7-97a1-eef02d84563a
'inport=="3b58fa41-35b7-4374-8e41-fa0858f9f9dc" && eth.src ==
fa:16:3e:eb:3d:0a && ip4.src == 10.10.11.5
&& eth.dst == fa:16:3e:55:3f:be && ip4.dst == 10.10.10.4 && ip.ttl == 32'
#
ip,reg14=0x1,vlan_tci=0x,dl_src=fa:16:3e:eb:3d:0a,dl_dst=fa:16:3e:55:3f:be,nw_src=10.10.11.5,nw_dst=10.10.10.4,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=32

ingress(dp="neutron-8d16abbf-835d-4ec7-97a1-eef02d84563a",
inport="3b58fa41-35b7-4374-8e41-fa0858f9f9dc")
-
 0. ls_in_port_sec_l2 (ovn-northd.c:2979): inport ==
"3b58fa41-35b7-4374-8e41-fa0858f9f9dc" && eth.src == {fa:16:3e:eb:3d:0a},
priority 50, uuid ca3ab484
next;
 1. ls_in_port_sec_ip (ovn-northd.c:2113): inport ==
"3b58fa41-35b7-4374-8e41-fa0858f9f9dc" && eth.src == fa:16:3e:eb:3d:0a &&
ip4.src == {10.10.11.5}, priority 90, uuid 67889771
next;
 3. ls_in_pre_acl (ovn-northd.c:2397): ip, priority 100, uuid a9a53917
reg0[0] = 1;
next;
 5. ls_in_pre_stateful (ovn-northd.c:2515): reg0[0] == 1, priority 100,
uuid 4355f077
ct_next;
*** ct_* actions not implemented



[1]
https://blog.russellbryant.net/2016/11/11/ovn-logical-flows-and-ovn-trace/

Thanks & Regards,
Vikrant Aggarwal
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss