[openstack-community] qvb level filter
Syed Armani
dce3062 at gmail.com
Wed Feb 11 16:58:38 UTC 2015
Hello Yaron,
This is not the correct list for this question.
Please send your query to operators-list or you can choose from the wiki
below.
https://wiki.openstack.org/wiki/Mailing_Lists#Operators
Cheers,
Syed Armani
On Wed, Feb 11, 2015 at 10:01 PM, Yaron Illouz <yaroni at radcom.com> wrote:
> Hi
>
>
>
> I am trying to do port mirroring between vms.
>
> I did it with the openvswitch.
>
> Packet are copied to the mirrored qvo, but then stop at the qvb Rx. I
> don’t see where it is stuck.
>
> From iptable output it dosen’t seem to be drop in one of the chain or many
> packet in fallback.
>
> Iptables are at qvb level? If not so what block my packets
>
>
>
>
>
> You can see only 201 packet reach qbr but more than 72 Million packet
> arrived to qvb
>
> ifconfig | grep -A 5 3ede5b3
>
> qbr3ede5b3e-39: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>
> inet6 fe80::e4ae:56ff:fe5f:137d prefixlen 64 scopeid 0x20<link>
>
> ether aa:8c:e8:75:72:d2 txqueuelen 0 (Ethernet)
>
> RX packets 201 bytes 16528 (16.1 KiB)
>
> RX errors 0 dropped 0 overruns 0 frame 0
>
> TX packets 8 bytes 648 (648.0 B)
>
> --
>
> qvb3ede5b3e-39: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu
> 1500
>
> inet6 fe80::a88c:e8ff:fe75:72d2 prefixlen 64 scopeid 0x20<link>
>
> ether aa:8c:e8:75:72:d2 txqueuelen 1000 (Ethernet)
>
> RX packets 72789130 bytes 20271610754 (18.8 GiB)
>
> RX errors 0 dropped 0 overruns 0 frame 0
>
> TX packets 30 bytes 3394 (3.3 KiB)
>
> --
>
> qvo3ede5b3e-39: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu
> 1500
>
> inet6 fe80::c70:cff:fef0:d432 prefixlen 64 scopeid 0x20<link>
>
> ether 0e:70:0c:f0:d4:32 txqueuelen 1000 (Ethernet)
>
> RX packets 30 bytes 3394 (3.3 KiB)
>
> RX errors 0 dropped 0 overruns 0 frame 0
>
> TX packets 72789140 bytes 20271612780 (18.8 GiB)
>
> --
>
> tap3ede5b3e-39: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>
> inet6 fe80::fc16:3eff:fe3b:34de prefixlen 64 scopeid 0x20<link>
>
> ether fe:16:3e:3b:34:de txqueuelen 500 (Ethernet)
>
> RX packets 15 bytes 2188 (2.1 KiB)
>
> RX errors 0 dropped 0 overruns 0 frame 0
>
> TX packets 3526 bytes 966661 (944.0 KiB)
>
>
>
>
>
> Neutron port list
>
> | 3ede5b3e-396e-48a9-b24a-6cb2dc7509fe | | fa:16:3e:3b:34:de |
> {"subnet_id": "f960ee77-77a8-45c1-8eef-e3878f0bea9f", "ip_address":
> "10.67.82.2"} |
>
> | 435f35c6-80be-47ee-b30f-8376e1ea78d9 | | fa:16:3e:41:fd:59 |
> {"subnet_id": "f960ee77-77a8-45c1-8eef-e3878f0bea9f", "ip_address":
> "10.67.82.5"} |
>
> | 89193daa-bf67-4237-8045-30a6e3c107a2 | | fa:16:3e:a5:56:38 |
> {"subnet_id": "f960ee77-77a8-45c1-8eef-e3878f0bea9f", "ip_address":
> "10.67.82.4"} |
>
> | bd80bab5-424d-4e5c-8993-b8bb8c6f3e49 | | fa:16:3e:f7:4f:ea |
> {"subnet_id": "f960ee77-77a8-45c1-8eef-e3878f0bea9f", "ip_address":
> "10.67.82.3"} |
>
>
>
>
>
> Command that I ran
>
> ovs-vsctl -- set Bridge br-int mirrors=@m -- --id=@qvobd80bab5-42 get
> Port qvobd80bab5-42 -- --id=@qvo3ede5b3e-39 get Port qvo3ede5b3e-39 --
> --id=@m create Mirror name=mymirror select-dst-port=@qvobd80bab5-42
> select-src-port=@qvobd80bab5-42 output-port=@qvo3ede5b3e-39
>
>
>
>
>
> This is iptables output filtered, you can see I added a allowed address
> pair.
>
> 3 3518 919K neutron-openvswi-sg-chain all -- * *
> 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out
> tap3ede5b3e-39 --physdev-is-bridged
>
> 4 4 1358 neutron-openvswi-sg-chain all -- * *
> 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
> tap3ede5b3e-39 --physdev-is-bridged
>
>
>
> Chain neutron-openvswi-INPUT (1 references)
>
> --
>
> 2 0 0 neutron-openvswi-o3ede5b3e-3 all -- * *
> 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
> tap3ede5b3e-39 --physdev-is-bridged
>
> 3 0 0 neutron-openvswi-o7e200e92-4 all -- * *
> 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
> tap7e200e92-44 --physdev-is-bridged
>
> 4 0 0 neutron-openvswi-o435f35c6-8 all -- * *
> 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
> tap435f35c6-80 --physdev-is-bridged
>
> 5 0 0 neutron-openvswi-o6a1bb345-9 all -- * *
> 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
> tap6a1bb345-93 --physdev-is-bridged
>
> 6 0 0 neutron-openvswi-ofc0a7800-a all -- * *
> 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
> tapfc0a7800-a0 --physdev-is-bridged
>
>
>
> Chain neutron-openvswi-OUTPUT (1 references)
>
> num pkts bytes target prot opt in out source
> destination
>
>
>
> Chain neutron-openvswi-i3ede5b3e-3 (1 references)
>
> num pkts bytes target prot opt in out source
> destination
>
> 1 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0 state INVALID
>
> 2 91 8550 RETURN all -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED,ESTABLISHED
>
> 3 0 0 RETURN udp -- * * 10.67.82.4
> 0.0.0.0/0 udp spt:67 dpt:68
>
> 4 0 0 RETURN icmp -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> 5 0 0 RETURN tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp multiport dports 1:65535
>
> 6 3416 907K RETURN all -- * * 0.0.0.0/0
> 0.0.0.0/0 match-set IPv4ecb94f49-0fdd-4f6f-b src
>
> 7 9 3054 neutron-openvswi-sg-fallback all -- * *
> 0.0.0.0/0 0.0.0.0/0
>
>
>
> --
>
> Chain neutron-openvswi-o3ede5b3e-3 (2 references)
>
> num pkts bytes target prot opt in out source
> destination
>
> 1 4 1358 RETURN udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:68 dpt:67
>
> 2 0 0 neutron-openvswi-s3ede5b3e-3 all -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> 3 0 0 DROP udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:67 dpt:68
>
> 4 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0 state INVALID
>
> 5 0 0 RETURN all -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED,ESTABLISHED
>
> 6 0 0 RETURN all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> 7 0 0 neutron-openvswi-sg-fallback all -- * *
> 0.0.0.0/0 0.0.0.0/0
>
>
>
> --
>
> Chain neutron-openvswi-s3ede5b3e-3 (1 references)
>
> num pkts bytes target prot opt in out source
> destination
>
> 1 0 0 RETURN all -- * * 10.67.82.0/24
> 0.0.0.0/0 MAC FA:16:3E:41:FD:59
>
> 2 0 0 RETURN all -- * * 10.67.82.2
> 0.0.0.0/0 MAC FA:16:3E:3B:34:DE
>
> 3 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
>
>
>
>
> --
>
> 3 3518 919K neutron-openvswi-i3ede5b3e-3 all -- * *
> 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out
> tap3ede5b3e-39 --physdev-is-bridged
>
> 4 4 1358 neutron-openvswi-o3ede5b3e-3 all -- * *
> 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
> tap3ede5b3e-39 --physdev-is-bridged
>
> …
>
> 13 397M 1617G ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
>
>
> --
>
> error=`neutron-openvswi-i3ede5b3e-3'
>
>
>
> Entry 63 (19664):
>
> SRC IP: 0.0.0.0/0.0.0.0
>
> DST IP: 0.0.0.0/0.0.0.0
>
> Interface: `'/................to `'/................
>
> Protocol: 0
>
> Flags: 00
>
> Invflags: 00
>
> Counters: 0 packets, 0 bytes
>
> Cache: 00000000
>
> --
>
> error=`neutron-openvswi-o3ede5b3e-3'
>
>
>
> Entry 119 (32280):
>
> SRC IP: 0.0.0.0/0.0.0.0
>
> DST IP: 0.0.0.0/0.0.0.0
>
> Interface: `'/................to `'/................
>
> Protocol: 17
>
> Flags: 00
>
> Invflags: 00
>
> Counters: 4 packets, 1358 bytes
>
> Cache: 00000000
>
> --
>
> error=`neutron-openvswi-s3ede5b3e-3'
>
>
>
> Entry 173 (43608):
>
> SRC IP: 10.67.82.0/255.255.255.0
>
> DST IP: 0.0.0.0/0.0.0.0
>
> Interface: `'/................to `'/................
>
> Protocol: 0
>
> Flags: 00
>
> Invflags: 00
>
> Counters: 0 packets, 0 bytes
>
> Cache: 00000000
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Community mailing list
> Community at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/community
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/community/attachments/20150211/dd81db3e/attachment-0001.html>
More information about the Community
mailing list