[ovs-discuss] Problem with a desired flow getting deleted

Todd Deshane deshantm at gmail.com
Fri Feb 12 11:51:03 PST 2010

On Fri, Feb 12, 2010 at 12:27 AM, Justin Pettit <jpettit at nicira.com> wrote:
> Those flow entries all look reasonable to me.  I don't see anything that would allow SSH or ICMP.  Are you sure that you have the correct datapath configured?  I notice all those packet and byte counters are zero.  Can you try running some of your traffic and then seeing which counters increment?
> You also may want to look at the "ovs-dpctl dump-flows" command.  This will show you what traffic the kernel is actually seeing.  If you're running your SSH traffic and don't see an entry from ovs-dpctl, then you're definitely looking at the wrong datapath.  (Keep in mind that the datapath is just a flow cache, so if a flow is idle for five seconds, it will be evicted from the kernel.)

A closer look at the tables revealed the problem. The default flow, to
allow all, was being left in the flow table. I think what was
happening is that, after the HUP, I was trying to remove it too soon
(before the switch daemon was awake) and this may not have been

So I think the next problem that I would like to solve is getting the
host network to work correctly. When I do the obvious of simply
copying the flows for the VM and changing the mac address to that of
eth0, the host is not able to work as I would have expected. It can
dhcp, but that seems like all it can do. It can't lookup any over dns,
or anything else. The strange thing is that its flows don't seem to be
showing up anywhere (I check the switch logs), I only seem ARP traffic
for the eth0 mac and nothing else.

I am wondering if the host is a special case, since it doesn't have
its own interface. More specifically, it would normally communicate
over eth0, but eth0 is a port on externalbr, which traffic must be
flowing through fine, since with the VM I can browse the web (as
allowed specifically).

I tried some debugging with dpctl on both the internalbr and
externalbr, but I am pretty sure I still only see the arp traffic.

I could probably live without some networking on the host (until I can
figure it out), but I still do need the host to be able to manage and
connect to the VMs. Is there a way for me to create some sort of
bridge or other networking device that the host could use for this
sort of thing? A dummy to the internal network maybe? I'm just not
sure the details of the limitation that I am running up against.

Any suggestions or tips?


