This group is locked. No changes can be made to the group while it is locked.
Date
1 - 9 of 9
idea for work in ovsdb netvirt L3: icmp responder
|
Flavio Fernandes <ffernand@...>
[cc: ovsdb-dev]
Hi Marcelo, It was really nice meting at the Summit! Sorry for not having a lot of extra time to mingle. You mentioned you were looking for some work on ovsdb L3 and I thought of a very specific task that would have a great impact in the L3 work; which may be within the time you have left to work on your internship. While doing the demo [demo], Tim Rozet pointed out how tenant vms cannot get a response when pinging their default gateway. As explained in the "Final thoughts” of my blog [1], this is the case because there is no ip stack to handle any packets destined to the neutron router. A solution to this would be to extend the arp responder table (20) to have rules that match on a specific icmp query packets, move things around to turn it into a ping response and send the packet out of the in_port. the arp handling code [2] can be a guide in how that gets accomplished. A way of prototyping this would be to create the rule ‘manually’ [3] after doing the demo [demo] and coming up with what it would look like; similar to how Dave Tucker and I started off when doing L3 [4]. @Tim: did you ever open the bug on this? If not, please do. @Marcelo: would this be something you would be interested to work on? Thanks, — flavio [demo]: https://youtu.be/2axNKHvt5MY?t=29m46s [1]: http://www.flaviof.com/blog/work/how-to-odl-with-openstack-part2.html [2]: https://github.com/opendaylight/ovsdb/blob/master/openstack/net-virt/src/main/java/org/opendaylight/ovsdb/openstack/netvirt/api/ArpProvider.java#L18 [3]: sh ovs-ofctl add-flow -OOpenFlow13 br-int “table=20, dl_type=0x800,nw_proto=1,icmp_code=..." [4]: http://dtucker.co.uk/hack/building-a-router-with-openvswitch.html |
|
|
|
Tim Rozet <trozet@...>
Filed https://bugs.opendaylight.org/show_bug.cgi?id=4132
toggle quoted message
Show quoted text
Let me know if I'm missing some required info. Thanks, Tim Rozet Red Hat SDN Team ----- Original Message -----
From: "Flavio Fernandes" <ffernand@...> To: "Marcelo Amaral" <marcelo.amaral@...> Cc: "Swaminathan Vasudevan (PNB Roseville)" <swaminathan.vasudevan@...>, "Tim Rozet" <trozet@...>, "Sam Hague" <shague@...>, "Andre Fredette" <afredett@...>, "ovsdb-dev" <ovsdb-dev@...> Sent: Wednesday, August 12, 2015 4:26:20 AM Subject: idea for work in ovsdb netvirt L3: icmp responder [cc: ovsdb-dev] Hi Marcelo, It was really nice meting at the Summit! Sorry for not having a lot of extra time to mingle. You mentioned you were looking for some work on ovsdb L3 and I thought of a very specific task that would have a great impact in the L3 work; which may be within the time you have left to work on your internship. While doing the demo [demo], Tim Rozet pointed out how tenant vms cannot get a response when pinging their default gateway. As explained in the "Final thoughts” of my blog [1], this is the case because there is no ip stack to handle any packets destined to the neutron router. A solution to this would be to extend the arp responder table (20) to have rules that match on a specific icmp query packets, move things around to turn it into a ping response and send the packet out of the in_port. the arp handling code [2] can be a guide in how that gets accomplished. A way of prototyping this would be to create the rule ‘manually’ [3] after doing the demo [demo] and coming up with what it would look like; similar to how Dave Tucker and I started off when doing L3 [4]. @Tim: did you ever open the bug on this? If not, please do. @Marcelo: would this be something you would be interested to work on? Thanks, — flavio [demo]: https://youtu.be/2axNKHvt5MY?t=29m46s [1]: http://www.flaviof.com/blog/work/how-to-odl-with-openstack-part2.html [2]: https://github.com/opendaylight/ovsdb/blob/master/openstack/net-virt/src/main/java/org/opendaylight/ovsdb/openstack/netvirt/api/ArpProvider.java#L18 [3]: sh ovs-ofctl add-flow -OOpenFlow13 br-int “table=20, dl_type=0x800,nw_proto=1,icmp_code=..." [4]: http://dtucker.co.uk/hack/building-a-router-with-openvswitch.html |
|
|
|
Marcelo Amaral <marcelo.amaral@...>
Hi Flavio,
toggle quoted message
Show quoted text
It was a pleasure to meet you in the Submit, I really enjoyed there. Sure, It looks very interesting and I will start with the demo. Best, Marcelo On 12/08/15 05:26, Flavio Fernandes wrote:
[cc: ovsdb-dev] --
Marcelo Amaral, PhD Candidate BSC Associate Researcher Dept. d'Arquitectura de Computadors, Univ. Politecnica de Catalunya UPC Campus Nord - Modul D6-112, Jordi Girona 1-3, Barcelona 08034, SPAIN http://people.ac.upc.edu/mamaral http://www.bsc.es/autonomic WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer |
|
|
|
Marcelo Amaral <marcelo.amaral@...>
Hi Flavio,
toggle quoted message
Show quoted text
I managed to extend ovs to accept icmp packets configuration. I am trying to create the OF rule to replay ping from the gateway, for instance: sudo ovs-ofctl add-flow -OOpenFlow13 br-int "table=20, dl_type=0x0800, nw_proto=1, icmp_code=0, ip_dst=10.1.0.1, actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[], mod_dl_src:fa:16:3e:13:b5:f0, load:0x00->NXM_OF_ICMP_TYPE[], load:0x00->NXM_OF_ICMP_CODE[], move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[], load:0x10101->NXM_OF_IP_SRC[], in_port" But It is not working yet. Do you have any clue about what is missing? Best, Marcelo Amaral On 12/08/15 05:26, Flavio Fernandes wrote:
[cc: ovsdb-dev] --
Marcelo Amaral, PhD Candidate BSC Associate Researcher Dept. d'Arquitectura de Computadors, Univ. Politecnica de Catalunya UPC Campus Nord - Modul D6-112, Jordi Girona 1-3, Barcelona 08034, SPAIN http://people.ac.upc.edu/mamaral http://www.bsc.es/autonomic WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer |
|
|
|
Vishal Thapar <vishal.thapar@...>
ICMP Echo request is Type8-Code0 and Echo Reply is Type0-Code0. I think you need to match on icmp_type=8 and set icmp_type as 0 in actions. Also, the IP address in hex seems to be wrong. 10.1.0.1 will be 0x0a10001. Something like this:
toggle quoted message
Show quoted text
sudo ovs-ofctl add-flow -OOpenFlow13 br-int "table=20, dl_type=0x0800, nw_proto=1, icmp_type=8, ip_dst=10.1.0.1, actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[], mod_dl_src:fa:16:3e:13:b5:f0, load:0x00->NXM_OF_ICMP_TYPE[], load:0x00->NXM_OF_ICMP_TYPE[], move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[], load:0x0a10001->NXM_OF_IP_SRC[], in_port" - Vishal. -----Original Message-----
From: ovsdb-dev-bounces@... [mailto:ovsdb-dev-bounces@...] On Behalf Of Marcelo Amaral Sent: 02 September 2015 08:54 To: Flavio Fernandes Cc: Vasudevan, Swaminathan (PNB Roseville); Andre Fredette; ovsdb-dev; Tim Rozet Subject: Re: [ovsdb-dev] idea for work in ovsdb netvirt L3: icmp responder Hi Flavio, I managed to extend ovs to accept icmp packets configuration. I am trying to create the OF rule to replay ping from the gateway, for instance: sudo ovs-ofctl add-flow -OOpenFlow13 br-int "table=20, dl_type=0x0800, nw_proto=1, icmp_code=0, ip_dst=10.1.0.1, actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[], mod_dl_src:fa:16:3e:13:b5:f0, load:0x00->NXM_OF_ICMP_TYPE[], load:0x00->NXM_OF_ICMP_CODE[], move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[], load:0x10101->NXM_OF_IP_SRC[], in_port" But It is not working yet. Do you have any clue about what is missing? Best, Marcelo Amaral On 12/08/15 05:26, Flavio Fernandes wrote: [cc: ovsdb-dev]-- Marcelo Amaral, PhD Candidate BSC Associate Researcher Dept. d'Arquitectura de Computadors, Univ. Politecnica de Catalunya UPC Campus Nord - Modul D6-112, Jordi Girona 1-3, Barcelona 08034, SPAIN http://people.ac.upc.edu/mamaral http://www.bsc.es/autonomic WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer _______________________________________________ ovsdb-dev mailing list ovsdb-dev@... https://lists.opendaylight.org/mailman/listinfo/ovsdb-dev |
|
|
|
Andre Fredette <afredett@...>
I think someone said on the call yesterday that OVS doesn't support modifying the type or code in ICMP.
toggle quoted message
Show quoted text
That's confirmed here for OVS 2.3.90: http://openvswitch.org/pipermail/discuss/2015-March/017076.html It's possible that the support has been added, but if the flow below doesn't work, that could be why. Thanks, Andre On 9/1/15 11:49 PM, Vishal Thapar wrote:
ICMP Echo request is Type8-Code0 and Echo Reply is Type0-Code0. I think you need to match on icmp_type=8 and set icmp_type as 0 in actions. Also, the IP address in hex seems to be wrong. 10.1.0.1 will be 0x0a10001. Something like this: |
|
|
|
Flavio Fernandes <ffernand@...>
On Sep 2, 2015, at 6:51 AM, Andre Fredette <afredett@...> wrote:Hi Andre, Yes. In order to make icmp type writeable, We have to modify and compile a version of ovs. The change is minimal, but I’m not sure if the OVS folks would merge that upstream. Marcelo and I may be missing some ramification that comes with making that change [1]. — flavio [1]: https://gist.github.com/8f6e4a8120a8aa0413cb Thanks, |
|
|
|
Andre Fredette <afredette@...>
On 9/2/15 7:33 AM, Flavio Fernandes wrote:
Sounds good.On Sep 2, 2015, at 6:51 AM, Andre Fredette <afredett@...> wrote:Hi Andre, Andre Thanks, |
|
|
|
Marcelo Amaral <marcelo.amaral@...>
Hi Vishal, Thank you very much! I will try it. Best Marcelo Sent from Samsung Mobile -------- Original message -------- From: Vishal Thapar Date:02/09/2015 00:49 (GMT-03:00) To: Marcelo Amaral ,Flavio Fernandes Cc: "Vasudevan, Swaminathan (PNB Roseville)" ,Andre Fredette ,ovsdb-dev ,Tim Rozet Subject: RE: [ovsdb-dev] idea for work in ovsdb netvirt L3: icmp responder ICMP Echo request is Type8-Code0 and Echo Reply is Type0-Code0. I think you need to match on icmp_type=8 and set icmp_type as 0 in actions. Also, the IP address in hex seems to be wrong. 10.1.0.1 will be 0x0a10001. Something like this: sudo ovs-ofctl add-flow -OOpenFlow13 br-int "table=20, dl_type=0x0800, nw_proto=1, icmp_type=8, ip_dst=10.1.0.1, actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[], mod_dl_src:fa:16:3e:13:b5:f0, load:0x00->NXM_OF_ICMP_TYPE[], load:0x00->NXM_OF_ICMP_TYPE[], move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[], load:0x0a10001->NXM_OF_IP_SRC[], in_port" - Vishal. -----Original Message----- From: ovsdb-dev-bounces@... [mailto:ovsdb-dev-bounces@...] On Behalf Of Marcelo Amaral Sent: 02 September 2015 08:54 To: Flavio Fernandes Cc: Vasudevan, Swaminathan (PNB Roseville); Andre Fredette; ovsdb-dev; Tim Rozet Subject: Re: [ovsdb-dev] idea for work in ovsdb netvirt L3: icmp responder Hi Flavio, I managed to extend ovs to accept icmp packets configuration. I am trying to create the OF rule to replay ping from the gateway, for instance: sudo ovs-ofctl add-flow -OOpenFlow13 br-int "table=20, dl_type=0x0800, nw_proto=1, icmp_code=0, ip_dst=10.1.0.1, actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[], mod_dl_src:fa:16:3e:13:b5:f0, load:0x00->NXM_OF_ICMP_TYPE[], load:0x00->NXM_OF_ICMP_CODE[], move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[], load:0x10101->NXM_OF_IP_SRC[], in_port" But It is not working yet. Do you have any clue about what is missing? Best, Marcelo Amaral On 12/08/15 05:26, Flavio Fernandes wrote: > [cc: ovsdb-dev] > > Hi Marcelo, > > It was really nice meting at the Summit! Sorry for not having a lot of extra time to mingle. > > You mentioned you were looking for some work on ovsdb L3 and I thought > of a very specific task that would have a great impact in the L3 work; which may be within the time you have left to work on your internship. > > While doing the demo [demo], Tim Rozet pointed out how tenant vms > cannot get a response when pinging their default gateway. As explained > in the "Final thoughts” of my blog [1], this is the case because there is no ip stack to handle any packets destined to the neutron router. > > A solution to this would be to extend the arp responder table (20) to > have rules that match on a specific icmp query packets, move things > around to turn it into a ping response and send the packet out of the > in_port. the arp handling code [2] can be a guide in how that gets > accomplished. A way of prototyping this would be to create the rule ‘manually’ [3] after doing the demo [demo] and coming up with what it would look like; similar to how Dave Tucker and I started off when doing L3 [4]. > > @Tim: did you ever open the bug on this? If not, please do. > @Marcelo: would this be something you would be interested to work on? > > Thanks, > > — flavio > > [demo]: https://youtu.be/2axNKHvt5MY?t=29m46s > [1]: > http://www.flaviof.com/blog/work/how-to-odl-with-openstack-part2.html > [2]: > https://github.com/opendaylight/ovsdb/blob/master/openstack/net-virt/s > rc/main/java/org/opendaylight/ovsdb/openstack/netvirt/api/ArpProvider. > java#L18 > [3]: sh ovs-ofctl add-flow -OOpenFlow13 br-int “table=20, dl_type=0x800,nw_proto=1,icmp_code=..." > [4]: http://dtucker.co.uk/hack/building-a-router-with-openvswitch.html > -- Marcelo Amaral, PhD Candidate BSC Associate Researcher Dept. d'Arquitectura de Computadors, Univ. Politecnica de Catalunya UPC Campus Nord - Modul D6-112, Jordi Girona 1-3, Barcelona 08034, SPAIN http://people.ac.upc.edu/mamaral http://www.bsc.es/autonomic WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer _______________________________________________ ovsdb-dev mailing list ovsdb-dev@... https://lists.opendaylight.org/mailman/listinfo/ovsdb-dev |
|
|