[ovs-discuss] kvm and open vSwitch, basic connectivity not working
jesse at nicira.com
Tue Feb 9 08:36:41 PST 2010
On Tue, Feb 9, 2010 at 11:12 AM, Todd Deshane <deshantm at gmail.com> wrote:
> ovs-dpctl dump-flows internalbr (seems to reveal the problem --
> actions drop is specified)
> in_port0003:vlan65535 mac52:54:00:12:34:56->52:54:00:12:34:56 type0800
> proto1 ip10.0.0.2->10.0.0.3 port8->0, packets:45, bytes:4410,
> used:0.896s, actions:drop
Right, this is the problem. Both VMs have the same MAC address, which
causes the traffic to be sent out the input port and as a result dropped.
By default KVM assigns the same address to all network devices. You can
change it by adding macaddr=XXX to the command line when you specify the
> sudo ovs-ofctl dump-flows internalbr
> Feb 09 10:59:00|00001|ofctl|INFO|connecting to
> stats_reply (xid=0x2f7fe731): flags=none type=1(flow)
> duration=604s, table_id=1, priority=0, n_packets=1766,
> n_bytes=105868, actions=NORMAL
> It was my understanding that there was a default flow that was simply
> an accept all, so I didn't add any flows explicitly for testing basic
> functionality. Is there something that I need to explicitly configure
> to allow traffic to flow?
No, your understanding is correct. I just wanted to make sure that nothing
funny was going on.
> I do hope to have a setup that does explicitly only allow traffic
> (whitelist-based) as my next step, so understanding the intricacies of
> if it is possible to have a default deny all flows and only allow,
> based on whitelist, is of top priority for me. I would like to try to
> use a tool like ovs-dpctl or ovs-ofctl to add the flows specifically
> and remove the default, but would like to make sure that I have basic
> working functionality first and that I don't have something
ovs-ofctl is the tool that you want to use. In general ovs-dpctl isn't
needed too much except for debugging since ovs-vswitchd will do all of the
configuration of datapath.
> Further, does it make more sense for me to setup an open flow
> controller (such as the basic one that comes with vswitch or a more
> advanced one like nox), to accomplish this basic functionality or will
> simply using the ovs-dpctl and ovs-ofctl commands suffice for basic
> demonstration purposes?
For static things like a basic demonstration, ovs-ofctl is the easiest thing
to do. Obviously if you need to be able to change things dynamically a
controller would greatly help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the discuss