[sfc-dev] SFF dropping packets

Ricardo Noriega De Soto ricardo.noriega.de.soto at ericsson.com
Tue Aug 25 14:11:58 UTC 2015


Hello guys,

Do you see in this packet

16:04:12.568744 IP (tos 0x0, ttl 64, id 24514, offset 0, flags [DF], 
proto UDP (17), length 107)
     192.168.1.50.40705 > 192.168.1.200.6633: UDP, length 79
     0x0000:  4500 006b 5fc2 4000 4011 5675 c0a8 0132
     0x0010:  c0a8 01c8 9f01 19e9 0057 84b3 0800 0000
     0x0020:  ffff ff00 0006 0103 0000 01ff 0000 0000
     0x0030:  0000 0000 0000 0000 0000 0000 3c15 c2c9
     0x0040:  4fbc 0800 27b6 b058 0800 4500 0021 552c
     0x0050:  4000 4011 61eb c0a8 0101 c0a8 0163 3e80
     0x0060:  1388 000d 592c 6375 6375 0a

  any reason why the first rule in the following table should not match?

OFPST_FLOW reply (OF1.3) (xid=0x2):
* cookie=0x14, duration=112.735s, table=0, n_packets=0, n_bytes=0, 
priority=250,ip actions=goto_table:3*
  cookie=0x14, duration=113.357s, table=0, n_packets=2, n_bytes=142, 
priority=5 actions=drop


Thanks in advance!!

BR
Ricky

On 08/24/2015 05:49 PM, Ricardo Noriega De Soto wrote:
>
> Hello guys,
>
> I have set up a classifier and it is capturing the packets as you can 
> see below. There are some tracebacks which I don't know if they are 
> important or not...
>
> SFC agent is running. SFC Agent will retry later...
>
> INFO:sfc.common.classifier:Binding to NFQ queue number "2"
> INFO:sfc.common.classifier:Starting NFQ - waiting for packets ...
> INFO:sfc.common.classifier:******************Classifier started 
> "***************
> INFO:werkzeug: * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
> INFO:sfc/sfc_agent.py:Received request from ODL to create SFF ...
> DEBUG:sfc.common.classifier:Forward socket created in classifier with 
> IP 192.168.1.50
> INFO:sfc.common.classifier:Apparently, the socket option is not 
> available in this machine's TCP stack
> INFO:sfc.common.launcher:Starting Service Function Forwarder: SFF-CL
> INFO:sfc.common.launcher:Starting SFF serving as SFF-CL at 
> 192.168.1.50:30001, service type:sff
> INFO:sfc.common.launcher:Starting control UDP server for SFF-CL at 
> 192.168.1.50:6000
> INFO:werkzeug:192.168.1.200 - - [24/Aug/2015 17:38:21] "POST 
> /config/service-function-forwarder:service-function-forwarders/service-function-forwarder/SFF-CL 
> HTTP/1.1" 201 -
> INFO:sfc/sfc_agent.py:Received request from ODL to create ACL ...
> INFO:sfc.common.classifier:Fetching firts hop from ODL ....
> INFO:sfc.common.classifier:Requesting SFF for RSP "SC1-P1-Path-1" from ODL
> INFO:sfc.common.classifier:Parsing ACE...
> INFO:sfc.common.classifier:Creating RSP
> DEBUG:sfc.common.classifier:Creating iptables rule for ACL "ACL1", ACE 
> "ACE1", RSP "1"
> DEBUG:sfc.common.classifier:Executing command: sudo iptables -t raw -N 
> ACL1-ACE1-RSP-1
> --- Logging error ---
> Traceback (most recent call last):
>   File "/usr/lib/python3.4/logging/__init__.py", line 964, in emit
>     msg = self.format(record)
>   File "/usr/lib/python3.4/logging/__init__.py", line 814, in format
>     return fmt.format(record)
>   File "/usr/lib/python3.4/logging/__init__.py", line 559, in format
>     record.exc_text = self.formatException(record.exc_info)
>   File "/usr/lib/python3.4/logging/__init__.py", line 509, in 
> formatException
>     traceback.print_exception(ei[0], ei[1], tb, None, sio)
>   File "/usr/lib/python3.4/traceback.py", line 169, in print_exception
>     for line in _format_exception_iter(etype, value, tb, limit, chain):
>   File "/usr/lib/python3.4/traceback.py", line 146, in 
> _format_exception_iter
>     for value, tb in values:
>   File "/usr/lib/python3.4/traceback.py", line 125, in _iter_chain
>     context = exc.__context__
> AttributeError: 'NoneType' object has no attribute '__context__'
> Call stack:
>   File "sfc/sfc_agent.py", line 1097, in <module>
>     main()
>   File "sfc/sfc_agent.py", line 1085, in main
>     use_reloader=False)
>   File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 
> 772, in run
>     run_simple(host, port, self, **options)
>   File "/usr/local/lib/python3.4/dist-packages/werkzeug/serving.py", 
> line 625, in run_simple
>     inner()
>   File "/usr/local/lib/python3.4/dist-packages/werkzeug/serving.py", 
> line 603, in inner
>     passthrough_errors, ssl_context).serve_forever()
>   File "/usr/local/lib/python3.4/dist-packages/werkzeug/serving.py", 
> line 462, in serve_forever
>     HTTPServer.serve_forever(self)
>   File "/usr/lib/python3.4/socketserver.py", line 238, in serve_forever
>     self._handle_request_noblock()
>   File "/usr/lib/python3.4/socketserver.py", line 305, in 
> _handle_request_noblock
>     self.process_request(request, client_address)
>   File "/usr/lib/python3.4/socketserver.py", line 331, in process_request
>     self.finish_request(request, client_address)
>   File "/usr/lib/python3.4/socketserver.py", line 344, in finish_request
>     self.RequestHandlerClass(request, client_address, self)
>   File "/usr/lib/python3.4/socketserver.py", line 665, in __init__
>     self.handle()
>   File "/usr/local/lib/python3.4/dist-packages/werkzeug/serving.py", 
> line 203, in handle
>     rv = BaseHTTPRequestHandler.handle(self)
>   File "/usr/lib/python3.4/http/server.py", line 398, in handle
>     self.handle_one_request()
>   File "/usr/local/lib/python3.4/dist-packages/werkzeug/serving.py", 
> line 238, in handle_one_request
>     return self.run_wsgi()
>   File "/usr/local/lib/python3.4/dist-packages/werkzeug/serving.py", 
> line 180, in run_wsgi
>     execute(self.server.app)
>   File "/usr/local/lib/python3.4/dist-packages/werkzeug/serving.py", 
> line 168, in execute
>     application_iter = app(environ, start_response)
>   File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 
> 1836, in __call__
>     return self.wsgi_app(environ, start_response)
>   File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 
> 1817, in wsgi_app
>     response = self.full_dispatch_request()
>   File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 
> 1475, in full_dispatch_request
>     rv = self.dispatch_request()
>   File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 
> 1461, in dispatch_request
>     return self.view_functions[rule.endpoint](**req.view_args)
>   File "sfc/sfc_agent.py", line 319, in apply_acl
>     nfq_classifier.process_acl(r_json)
>   File "/home/ubuntu/sfc-py/sfc/common/classifier.py", line 703, in 
> process_acl
>     self.create_rsp(rsp_name, sff_data)
>   File "/home/ubuntu/sfc-py/sfc/common/classifier.py", line 752, in 
> create_rsp
>     self.register_rsp()
>   File "/home/ubuntu/sfc-py/sfc/common/classifier.py", line 728, in 
> register_rsp
>     self.rsp_ipv)
>   File "/home/ubuntu/sfc-py/sfc/common/classifier.py", line 165, in 
> run_iptables_cmd
>     run_cmd_as_root(base_iptables_cmd)
>   File "/home/ubuntu/sfc-py/sfc/common/classifier.py", line 136, in 
> run_cmd_as_root
>     run_cmd(cmd)
>   File "/home/ubuntu/sfc-py/sfc/common/classifier.py", line 121, in 
> run_cmd
>     logger.exception(err.decode())
> Message: 'iptables: Chain already exists.'
> Arguments: ()
> DEBUG:sfc.common.classifier:Executing command: sudo iptables -t raw -I 
> PREROUTING -j ACL1-ACE1-RSP-1
> DEBUG:sfc.common.classifier:Executing command: sudo iptables -t raw -A 
> ACL1-ACE1-RSP-1 -m mark --mark 104 -j NFQUEUE --queue-num 2
> DEBUG:sfc.common.classifier:Executing command: sudo iptables -t raw -I 
> ACL1-ACE1-RSP-1 -p udp -s 192.168.1.1/32 -j MARK --set-mark 104
> INFO:werkzeug:192.168.1.200 - - [24/Aug/2015 17:39:44] "POST 
> /config/ietf-acl:access-lists/access-list/ACL1 HTTP/1.1" 201 -
> INFO:sfc.common.classifier:getting from queue ok
> DEBUG:sfc.common.classifier:NFQ received a UDP packet, 33 bytes, 
> marked "104"
> INFO:sfc.common.classifier:transport: VXLAN
> DEBUG:sfc.common.classifier:NSH type 3 created
> INFO:sfc.common.classifier:addr: "192.168.1.200"  port:"6633"
> *DEBUG:sfc.common.classifier:* Sending packet to IP: "192.168.1.200", 
> port: "6633", nsp: "1", nsi: "255", next_protocol(base_header): "1", 
> next_protocol(encap_header): "4"**
> **DEBUG:sfc.common.classifier:* Queued:"1" sent:"1 sfq:"0" sffq:"0" 
> sf_proc:"0" sff_proc "0"*
> INFO:sfc.common.classifier:getting from queue ok
> DEBUG:sfc.common.classifier:NFQ received a UDP packet, 33 bytes, 
> marked "104"
> INFO:sfc.common.classifier:transport: VXLAN
> DEBUG:sfc.common.classifier:NSH type 3 created
> INFO:sfc.common.classifier:addr: "192.168.1.200"  port:"6633"
> *DEBUG:sfc.common.classifier:* Sending packet to IP: "192.168.1.200", 
> port: "6633", nsp: "1", nsi: "255", next_protocol(base_header): "1", 
> next_protocol(encap_header): "4"**
> **DEBUG:sfc.common.classifier:* Queued:"2" sent:"2 sfq:"0" sffq:"0" 
> sf_proc:"0" sff_proc "0"*
>
> As you can see, I have send UDP traffic (2 packets) and the classifier 
> did its job. However, checking the flows of the SFF which should 
> forward the traffic towards the SFs... I'm getting just hits on the 
> first drop rule. Do you think there is anything wrong with that 
> tracebacks? or what do you think?
>
> OFPST_FLOW reply (OF1.3) (xid=0x2):
>  cookie=0x14, duration=112.735s, table=0, n_packets=0, n_bytes=0, 
> priority=250,ip actions=goto_table:3
> * cookie=0x14, duration=113.357s, table=0, n_packets=2, n_bytes=142, 
> priority=5 actions=drop*
>  cookie=0x14, duration=113.357s, table=1, n_packets=0, n_bytes=0, 
> priority=5 actions=goto_table:2
>  cookie=0x14, duration=113.357s, table=2, n_packets=0, n_bytes=0, 
> priority=5 actions=goto_table:3
>  cookie=0x14, duration=113.357s, table=3, n_packets=0, n_bytes=0, 
> priority=5 actions=goto_table:10
>  cookie=0x14, duration=112.968s, table=3, n_packets=0, n_bytes=0, 
> priority=540,nsp=1,nsi=255 
> actions=load:0xc0a8010c->NXM_NX_TUN_IPV4_DST[],goto_table:10
>  cookie=0x14, duration=112.821s, table=3, n_packets=0, n_bytes=0, 
> priority=540,nsp=1,nsi=254 
> actions=load:0xc0a8010b->NXM_NX_TUN_IPV4_DST[],goto_table:10
>  cookie=0x14, duration=112.746s, table=3, n_packets=0, n_bytes=0, 
> priority=540,nsp=2,nsi=255 
> actions=load:0xc0a8010b->NXM_NX_TUN_IPV4_DST[],goto_table:10
>  cookie=0x14, duration=112.715s, table=3, n_packets=0, n_bytes=0, 
> priority=540,nsp=2,nsi=254 
> actions=load:0xc0a8010c->NXM_NX_TUN_IPV4_DST[],goto_table:10
>  cookie=0x14, duration=113.357s, table=10, n_packets=0, n_bytes=0, 
> priority=5 actions=drop
>  cookie=0xba5eba11ba5eba11, duration=112.826s, table=10, n_packets=0, 
> n_bytes=0, priority=640,nsp=1,nsi=254 
> actions=move:NXM_NX_NSH_C1[]->NXM_NX_NSH_C1[],move:NXM_NX_NSH_C2[]->NXM_NX_NSH_C2[],move:NXM_NX_TUN_ID[0..31]->NXM_NX_TUN_ID[0..31],IN_PORT
>  cookie=0xba5eba11ba5eba11, duration=112.834s, table=10, n_packets=0, 
> n_bytes=0, priority=640,nsp=1,nsi=255 
> actions=move:NXM_NX_NSH_C1[]->NXM_NX_NSH_C1[],move:NXM_NX_NSH_C2[]->NXM_NX_NSH_C2[],move:NXM_NX_TUN_ID[0..31]->NXM_NX_TUN_ID[0..31],IN_PORT
>  cookie=0xba5eba11ba5eba11, duration=112.773s, table=10, n_packets=0, 
> n_bytes=0, priority=640,nsp=1,nsi=253 
> actions=move:NXM_NX_NSI[]->NXM_NX_NSI[],move:NXM_NX_NSP[]->NXM_NX_NSP[],move:NXM_NX_NSH_C1[]->NXM_NX_TUN_IPV4_DST[],move:NXM_NX_NSH_C2[]->NXM_NX_TUN_ID[0..31],move:NXM_NX_TUN_ID[0..31]->NXM_NX_TUN_ID[0..31],IN_PORT
>  cookie=0xba5eba11ba5eba11, duration=112.738s, table=10, n_packets=0, 
> n_bytes=0, priority=640,nsp=2,nsi=255 
> actions=move:NXM_NX_NSH_C1[]->NXM_NX_NSH_C1[],move:NXM_NX_NSH_C2[]->NXM_NX_NSH_C2[],move:NXM_NX_TUN_ID[0..31]->NXM_NX_TUN_ID[0..31],IN_PORT
>  cookie=0xba5eba11ba5eba11, duration=112.720s, table=10, n_packets=0, 
> n_bytes=0, priority=640,nsp=2,nsi=254 
> actions=move:NXM_NX_NSH_C1[]->NXM_NX_NSH_C1[],move:NXM_NX_NSH_C2[]->NXM_NX_NSH_C2[],move:NXM_NX_TUN_ID[0..31]->NXM_NX_TUN_ID[0..31],IN_PORT
>  cookie=0xba5eba11ba5eba11, duration=112.705s, table=10, n_packets=0, 
> n_bytes=0, priority=640,nsp=2,nsi=253 
> actions=move:NXM_NX_NSI[]->NXM_NX_NSI[],move:NXM_NX_NSP[]->NXM_NX_NSP[],move:NXM_NX_NSH_C1[]->NXM_NX_TUN_IPV4_DST[],move:NXM_NX_NSH_C2[]->NXM_NX_TUN_ID[0..31],move:NXM_NX_TUN_ID[0..31]->NXM_NX_TUN_ID[0..31],IN_PORT
>  cookie=0x14, duration=112.752s, table=10, n_packets=0, n_bytes=0, 
> priority=660,nsp=1,nsi=253,nshc1=0 actions=IN_PORT
>  cookie=0x14, duration=112.699s, table=10, n_packets=0, n_bytes=0, 
> priority=660,nsp=2,nsi=253,nshc1=0 actions=IN_PORT
>
>
> I'd appreciate your help very much.
>
> Thanks!
>
> Ricky
>
>
> _______________________________________________
> sfc-dev mailing list
> sfc-dev at lists.opendaylight.org
> https://lists.opendaylight.org/mailman/listinfo/sfc-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendaylight.org/pipermail/sfc-dev/attachments/20150825/000b3ef8/attachment-0001.html>


More information about the sfc-dev mailing list