[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvswitch-discuss
Subject:    [ovs-discuss] VXLAN tunnel incoming packets are not captured on mirror port
From:       vasanth.rajasekaran () veryxtech ! com (Vasanth R)
Date:       2014-06-29 18:40:17
Message-ID: 53B05AC1.9010908 () veryxtech ! com
[Download RAW message or body]

Hi,

I observed that the packets incoming coming out of the VXLAN tunnel are
not captured on mirror port.
I have attached the Issue report, topology & packet captures.

Please help me to resolve this.

Regards,
Vasanth.R



-------------- next part --------------
A non-text attachment was scrubbed...
Name: captured_pkts_on_MirrorPort.pcap
Type: application/octet-stream
Size: 434728 bytes
Desc: not available
URL: <http://openvswitch.org/pipermail/discuss/attachments/20140629/63e28118/attachment-0001.obj>
                
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Mirror_OpenStack_Issue.bmp
Type: image/bmp
Size: 2568774 bytes
Desc: not available
URL: <http://openvswitch.org/pipermail/discuss/attachments/20140629/63e28118/attachment-0001.bin>
                
-------------- next part --------------

I have connected 2 compute hosts as per the attached topology diagram \
"Mirror_OpenStack_Issue.JPG" and formed the vxlan tunnel between the 2 compute hosts \
using the Openstack.

Compute1 Host OVS configuration:
==============================[root at compute1 stap_mirroring]# ovs-vsctl show
b8dfb1af-9d51-4786-9b59-ca1feb1fc620
    Bridge br-tun
        Port "vxlan-3"
            Interface "vxlan-3"
                type: vxlan
                options: {in_key=flow, local_ip="10.1.1.2", out_key=flow, \
remote_ip="10.1.1.3"}  Port "vxlan-1"
            Interface "vxlan-1"
                type: vxlan
                options: {in_key=flow, local_ip="10.1.1.2", out_key=flow, \
remote_ip="10.1.1.1"}  Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "tap203fc187-30"
            tag: 1
            Interface "tap203fc187-30"
        Port "eth2"
            Interface "eth2"
    ovs_version: "1.11.0"


Compute2 Host OVS configuration:
==============================[root at compute2 StapCentos_Compute]# ovs-vsctl show
1b8f19f2-1cea-4a36-a3f1-6656cb1ce5e3
    Bridge br-int
        Port "tap5c6f3319-0a"
            tag: 25
            Interface "tap5c6f3319-0a"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "eth2"
            Interface "eth2"
        Port br-int
            Interface br-int
                type: internal
    Bridge br-tun
        Port "vxlan-1"
            Interface "vxlan-1"
                type: vxlan
                options: {in_key=flow, local_ip="10.1.1.3", out_key=flow, \
remote_ip="10.1.1.1"}  Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-2"
            Interface "vxlan-2"
                type: vxlan
                options: {in_key=flow, local_ip="10.1.1.3", out_key=flow, \
remote_ip="10.1.1.2"}  Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "1.11.0"


[root at compute2 StapCentos_Compute]# ovs-vsctl get port tap5c6f3319-0a _uuid
5dcfef99-7c07-4f8c-b1f8-8c333a4a4fd7

[root at compute2 StapCentos_Compute]# ovs-vsctl get port eth2 _uuid
821ebc3f-73d5-4e1e-8cd6-50c1e1d97de8

I have created the following OVS mirror to monitor the VM2 traffic to be captured in \
mirror port "eth2".

[root at compute2 StapCentos_Compute]# ovs-vsctl list mirror
_uuid               : 209b8b1a-3540-43c6-b1d0-649bfa981457
external_ids        : {}
name                : tapBrInt
output_port         : 821ebc3f-73d5-4e1e-8cd6-50c1e1d97de8
output_vlan         : []
select_all          : false
select_dst_port     : [5dcfef99-7c07-4f8c-b1f8-8c333a4a4fd7]
select_src_port     : [5dcfef99-7c07-4f8c-b1f8-8c333a4a4fd7]
select_vlan         : []
statistics          : {tx_bytesD394, tx_packetsE3}

Then I send ICMP request from the VM2 (IP-50.1.1.4) to VM1 (IP-50.1.1.2).

Expectation : ICMP request/reply messages are captured in mirrored port "eth2 "

Observation : ICMP resuest is mirrored on eth2.
              ICMP reply comes out of the vxlan tunnel is not mirrored in eth2.
              (Refer the attached packet capture: "captured_pkts_on_MirrorPort.pcap")


OVS-OFCTL output
===============
[root at compute2 StapCentos_Compute]# ovs-ofctl dump-ports br-tun
OFPST_PORT reply (xid=0x2): 4 ports
  port  3: rx pkts6234, bytes195520, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts 7295, bytes668342, drop=0, errs=0, coll=0
  port  1: rx pkts 7350, bytes674472, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts 7255, bytes672766, drop=0, errs=0, coll=0
  port  2: rx pkts8, bytes@92, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts58, bytes&368, drop=0, errs=0, coll=0
  port LOCAL: rx pkts=6, bytesF8, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts=0, bytes=0, drop=0, errs=0, coll=0

[root at compute2 StapCentos_Compute]# ovs-ofctl dump-flows br-tun    (NXST_FLOW \
reply (xid=0x4):)  cookie=0x0, duration2140.562s, table=0, n_packets 7110, \
n_bytes656284, idle_age=0, hard_agee534, priority=1,in_port=3 actions=resubmit(,3)  \
cookie=0x0, duration2144s, table=0, n_packets 7259, n_bytes665834, idle_age=0, \
hard_agee534, priority=1,in_port=1 actions=resubmit(,1)  cookie=0x0, \
duration2141.626s, table=0, n_packetsv, n_bytes™00, idle_age050, hard_agee534, \
priority=1,in_port=2 actions=resubmit(,3)  cookie=0x0, duration2143.868s, table=0, \
n_packets=3, n_bytes#0, idle_agee534, hard_agee534, priority=0 actions=drop  \
cookie=0x0, duration2143.736s, table=1, n_packets 6961, n_bytes646030, idle_age=0, \
hard_agee534,  priority=0,dl_dst:00:00:00:00:00/01:00:00:00:00:00 \
actions=resubmit(,20)

 cookie=0x0, duration2143.604s, table=1, n_packets)8, n_bytes804, idle_agey2, \
hard_agee534, priority=0,dl_dst
:00:00:00:00:00/01:00:00:00:00:00  \
actions=resubmit(,21)

 cookie=0x0, duration2143.472s, table=2, n_packets=0, n_bytes=0, idle_agee534, \
hard_agee534, priority=0 actions=drop  cookie=0x0, durationt429.314s, table=3, \
n_packetsx753, n_bytest72310, idle_age=0, hard_agee534, priority=1,tun_id=0x1 \
actions=mod_vlan_vid:26,resubmit(,10)  cookie=0x0, durationt430.097s, table=3, \
n_packets905, n_bytes24624, idle_age=0, hard_agee534, priority=1,tun_id=0x2 \
actions=mod_vlan_vid:25,resubmit(,10)  cookie=0x0, duration2143.34s, table=3, \
n_packets", n_bytes 56, idle_agee534, hard_agee534, priority=0 actions=drop

 cookie=0x0, duration2143.208s, table, n_packets 7164, n_bytes664128, idle_age=0, \
hard_agee534,priority=1 actions=learn(table ,hard_timeout00,  \
priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1


 cookie=0x0, durationy2.732s, table , n_packetsT9, n_bytesR122, hard_timeout00, \
idle_age=0, hard_age=0, priority=1,vlan_tci=0x0019/0x0fff,  dl_dstú:16:3e:7a:43:ad \
actions=load:0->NXM_OF_VLAN_TCI[],load:0x2->NXM_NX_TUN_ID[],output:3

 cookie=0x0, durationt428.51s, table , n_packetsx741, n_bytest71058, hard_timeout00, \
idle_age=0, hard_age=0, priority=1,vlan_tci=0x001a/0x0fff,  dl_dstú:16:3e:99:38:d1 \
actions=load:0->NXM_OF_VLAN_TCI[],load:0x1->NXM_NX_TUN_ID[],output:3

 cookie=0x0, duration2143.076s, table , n_packets=5, n_bytesC4, idle_agee534, \
hard_agee534, priority=0 actions=resubmit(,21)  cookie=0x0, durationt429.45s, table!, \
n_packets=4, n_bytes(0, idle_age055, hard_agee534, priority=1,dl_vlan& \
actions=strip_vlan,set_tunnel:0x1,output:2,  output:3

 cookie=0x0, durationt430.23s, table!, n_packets=4, n_bytes8, idle_agey2, \
hard_agee534, priority=1,dl_vlan% actions=strip_vlan,set_tunnel:0x2,output:2,  \
output:3

 cookie=0x0, duration2142.945s, table!, n_packets=0, n_bytes=0, idle_agee534, \
hard_agee534, priority=0 actions=drop


OVS-DPCTL oUTPUT
===============[root at compute2 StapCentos_Compute]# ovs-dpctl show
system at ovs-system:
        lookups: hit:480854 missed:26177 lost:0
        flows: 5
        port 0: ovs-system (internal)
        port 1: br-int (internal)
        port 2: br-tun (internal)
        port 3: vxlan_sys_4789 (vxlan: df_defaultúlse, ttl=0)
        port 4: tap5c6f3319-0a
        port 5: tap9ef5ed3c-e1
        port 6: eth2

[root at compute2 StapCentos_Compute]# ovs-dpctl dump-flows ovs-system
tunnel(tun_id=0x2,src.1.1.2,dst.1.1.3,tos=0x0,ttld,flags(key)),in_port(3),eth(srcú:16:3e:7a:43:ad,dstú:16:3e:04:1b:3e),eth_type(0x0800),
 ipv4(srcP.1.1.2,dstP.1.1.4,proto=1,tos=0,ttld,frag=no),icmp(type=0,code=0), \
packets:133, bytes:13034, used:0.131s, actions:4

in_port(5),eth(srcú:16:3e:6c:eb:80,dstú:16:3e:99:38:d1),eth_type(0x0806),arp(sipP.10.1.1,tipP.10.1.3,op=1,shaú:16:3e:6c:eb:80,tha:00:00:00:00:00),
 packets:0, bytes:0, used:never, \
actions:set(tunnel(tun_id=0x1,src.1.1.3,dst.1.1.2,tos=0x0,ttld,flags(df,key))),3

in_port(4),eth(srcú:16:3e:04:1b:3e,dstú:16:3e:7a:43:ad),eth_type(0x0806),arp(sipP.1.1.4,tipP.1.1.2,op=1,shaú:16:3e:04:1b:3e,tha:00:00:00:00:00),
 packets:0, bytes:0, used:never, \
actions:set(tunnel(tun_id=0x2,src.1.1.3,dst.1.1.2,tos=0x0,ttld,flags(df,key))),3,push_vlan(vid%,pcp=0),6


tunnel(tun_id=0x1,src.1.1.2,dst.1.1.3,tos=0x0,ttld,flags(key)),in_port(3),eth(srcú:16:3e:99:38:d1,dstú:16:3e:6c:eb:80),eth_type(0x0806),
 arp(sipP.10.1.3,tipP.10.1.1,op=2,shaú:16:3e:99:38:d1,thaú:16:3e:6c:eb:80), \
packets:0, bytes:0, used:never, actions:5

in_port(4),eth(srcú:16:3e:04:1b:3e,dstú:16:3e:7a:43:ad),eth_type(0x0800),ipv4(srcP.1.1.4,dstP.1.1.2,proto=1,tos=0,ttld,frag=no),icmp(type=8,code=0),
 packets:133, bytes:13034, used:0.131s, \
actions:set(tunnel(tun_id=0x2,src.1.1.3,dst.1.1.2,tos=0x0,ttld,flags(df,key))),3,push_vlan(vid%,pcp=0),6


tunnel(tun_id=0x1,src.1.1.2,dst.1.1.3,tos=0x0,ttld,flags(key)),in_port(3),eth(srcú:16:3e:99:38:d1,dstú:16:3e:6c:eb:80),eth_type(0x0800),
 ipv4(srcP.10.1.3,dstP.10.1.1,proto=1,tos=0,ttld,frag=no),icmp(type=0,code=0), \
packets:73794, bytes:7231812, used:0.676s, actions:5

tunnel(tun_id=0x2,src.1.1.2,dst.1.1.3,tos=0x0,ttld,flags(key)),in_port(3),eth(srcú:16:3e:7a:43:ad,dstú:16:3e:04:1b:3e),eth_type(0x0806),
 arp(sipP.1.1.2,tipP.1.1.4,op=2,shaú:16:3e:7a:43:ad,thaú:16:3e:04:1b:3e), packets:0, \
bytes:0, used:never, actions:4

in_port(6),eth(src:fd:0c:90:00:02,dst
:80:c2:00:00:0e),eth_type(0x88cc), packets:0, \
bytes:0, used:never, actions:drop

in_port(5),eth(srcú:16:3e:6c:eb:80,dstú:16:3e:99:38:d1),eth_type(0x0800),ipv4(srcP.10.1.1,dstP.10.1.3,proto=1,tos=0,ttld,frag=no),icmp(type=8,code=0),
 packets:73793, bytes:7231714, used:0.677s, \
actions:set(tunnel(tun_id=0x1,src.1.1.3,dst.1.1.2,tos=0x0,ttld,flags(df,key))),3

in_port(6),eth(src:fd:0c:90:00:02,dst
:80:c2:00:00:00), packets:43011, \
bytes:2580660, used:0.075s, actions:drop


[prev in list] [next in list] [prev in thread] [next in thread]