Re: idea for work in ovsdb netvirt L3: icmp responder


Flavio Fernandes <ffernand@...>
 

On Sep 2, 2015, at 6:51 AM, Andre Fredette <afredett@...> wrote:

I think someone said on the call yesterday that OVS doesn't support modifying the type or code in ICMP.

That's confirmed here for OVS 2.3.90:
http://openvswitch.org/pipermail/discuss/2015-March/017076.html

It's possible that the support has been added, but if the flow below doesn't work, that could be why.
Hi Andre,

Yes. In order to make icmp type writeable, We have to modify and compile a version of ovs. The change is minimal, but I’m not
sure if the OVS folks would merge that upstream. Marcelo and I may be missing some ramification that comes with making that change [1].

— flavio

[1]: https://gist.github.com/8f6e4a8120a8aa0413cb



Thanks,
Andre

On 9/1/15 11:49 PM, Vishal Thapar wrote:
ICMP Echo request is Type8-Code0 and Echo Reply is Type0-Code0. I think you need to match on icmp_type=8 and set icmp_type as 0 in actions. Also, the IP address in hex seems to be wrong. 10.1.0.1 will be 0x0a10001. Something like this:

sudo ovs-ofctl add-flow -OOpenFlow13 br-int "table=20, dl_type=0x0800, nw_proto=1, icmp_type=8, ip_dst=10.1.0.1, actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],
mod_dl_src:fa:16:3e:13:b5:f0,
load:0x00->NXM_OF_ICMP_TYPE[], load:0x00->NXM_OF_ICMP_TYPE[], move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[], load:0x0a10001->NXM_OF_IP_SRC[], in_port"


- Vishal.

-----Original Message-----
From: ovsdb-dev-bounces@... [mailto:ovsdb-dev-bounces@...] On Behalf Of Marcelo Amaral
Sent: 02 September 2015 08:54
To: Flavio Fernandes
Cc: Vasudevan, Swaminathan (PNB Roseville); Andre Fredette; ovsdb-dev; Tim Rozet
Subject: Re: [ovsdb-dev] idea for work in ovsdb netvirt L3: icmp responder

Hi Flavio,

I managed to extend ovs to accept icmp packets configuration.

I am trying to create the OF rule to replay ping from the gateway, for
instance:
sudo ovs-ofctl add-flow -OOpenFlow13 br-int "table=20, dl_type=0x0800, nw_proto=1, icmp_code=0, ip_dst=10.1.0.1, actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],
mod_dl_src:fa:16:3e:13:b5:f0,
load:0x00->NXM_OF_ICMP_TYPE[], load:0x00->NXM_OF_ICMP_CODE[], move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[], load:0x10101->NXM_OF_IP_SRC[], in_port"

But It is not working yet. Do you have any clue about what is missing?

Best,
Marcelo Amaral

On 12/08/15 05:26, Flavio Fernandes wrote:
[cc: ovsdb-dev]

Hi Marcelo,

It was really nice meting at the Summit! Sorry for not having a lot of extra time to mingle.

You mentioned you were looking for some work on ovsdb L3 and I thought
of a very specific task that would have a great impact in the L3 work; which may be within the time you have left to work on your internship.

While doing the demo [demo], Tim Rozet pointed out how tenant vms
cannot get a response when pinging their default gateway. As explained
in the "Final thoughts” of my blog [1], this is the case because there is no ip stack to handle any packets destined to the neutron router.

A solution to this would be to extend the arp responder table (20) to
have rules that match on a specific icmp query packets, move things
around to turn it into a ping response and send the packet out of the
in_port. the arp handling code [2] can be a guide in how that gets
accomplished. A way of prototyping this would be to create the rule ‘manually’ [3] after doing the demo [demo] and coming up with what it would look like; similar to how Dave Tucker and I started off when doing L3 [4].

@Tim: did you ever open the bug on this? If not, please do.
@Marcelo: would this be something you would be interested to work on?

Thanks,

— flavio

[demo]: https://youtu.be/2axNKHvt5MY?t=29m46s
[1]:
http://www.flaviof.com/blog/work/how-to-odl-with-openstack-part2.html
[2]:
https://github.com/opendaylight/ovsdb/blob/master/openstack/net-virt/s
rc/main/java/org/opendaylight/ovsdb/openstack/netvirt/api/ArpProvider.
java#L18
[3]: sh ovs-ofctl add-flow -OOpenFlow13 br-int “table=20, dl_type=0x800,nw_proto=1,icmp_code=..."
[4]: http://dtucker.co.uk/hack/building-a-router-with-openvswitch.html
--
Marcelo Amaral, PhD Candidate
BSC Associate Researcher
Dept. d'Arquitectura de Computadors, Univ. Politecnica de Catalunya UPC Campus Nord - Modul D6-112, Jordi Girona 1-3, Barcelona 08034, SPAIN http://people.ac.upc.edu/mamaral http://www.bsc.es/autonomic


WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.

http://www.bsc.es/disclaimer


WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.

http://www.bsc.es/disclaimer
_______________________________________________
ovsdb-dev mailing list
ovsdb-dev@...
https://lists.opendaylight.org/mailman/listinfo/ovsdb-dev
_______________________________________________
ovsdb-dev mailing list
ovsdb-dev@...
https://lists.opendaylight.org/mailman/listinfo/ovsdb-dev

Join z.archive.ovsdb-dev@lists.opendaylight.org to automatically receive all group messages.