networking-sfc

Flows are not inserted in OVS 2.6.2 with networking-sfc in Newton Openstack

Asked by chaman bharti

Hi,

I am facing an issue described as below:

Setup: Newton Devstack, OVS 2.6.2, Networking-sfc(master branch).

-> I created Flows by following official networking guide:
http://docs.openstack.org/newton/networking-guide/config-sfc.html

$ neutron port-create --name p1 net1
$ neutron port-create --name p2 net1
$ neutron port-create --name p3 net1
$ neutron port-create --name p4 net1
$ neutron port-create --name p5 net1
$ neutron port-create --name p6 net1

neutron port-pair-create \
  --description "Firewall SF instance 1" \
  --ingress p1 \
  --egress p2 PP1

neutron port-pair-create \
  --description "Firewall SF instance 2" \
  --ingress p3 \
  --egress p4 PP2

neutron port-pair-create \
  --description "IDS SF instance" \
  --ingress p5 \
  --egress p6 PP3

neutron port-pair-group-create \
  --port-pair PP1 --port-pair PP2 PPG1
neutron port-pair-group-create \
  --port-pair PP3 PPG2

neutron port-chain-create \
  --port-pair-group PPG1 --port-pair-group PPG2 \
  --flow-classifier FC1 PC1

neutron flow-classifier-create \
  --tenant-id 56884178ef35483f9758a56c4cea183e \
  --description "HTTP traffic from 10.0.0.12 to 10.0.0.3" \
  --ethertype IPv4 \
  --source-ip-prefix 172.19.53.114/32 \
  --destination-ip-prefix 172.19.53.116/32 \
  --protocol tcp \
  --source-port 0:65400 \
  --destination-port 3300:3301 \
  --logical-source-port 90e00c15-570c-44b3-b820-92afb1e3d4e6 \
    FC1

I have following queries:
1. What should be "--logical-source-port" in this case? I presumed it should be "P1"
2. I checked with "#ovs-ofctl dump-flows br-int", No new flows are seen in the output, Also traffic satisfyting flow classifier is not reaching to P1 as defined in SFC. It
3. Is there any dependecies on OVS version, Networking-sfc branch to get sfc working?

Thanks. Any help would be highly appreciable.

Regards
Chaman Bharti

Question information

Language:
English Edit question
Status:
Expired
For:
networking-sfc Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Louis Fourie (lfourie) said : 		#1

1. The logical source port is not "p1". It is the Neutron port of the VM that is the actual traffic source. It would be the Neutron port having the address 192.168.1.11.
2. try sudo ovs-ofctl -O openflow13 dump-flows br-int
3. see https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining - installation step #7

Revision history for this message
chaman bharti (chaman.bharti) said : 		#2

Hi Louis,

Thank you for the response. I tried solution as you mentioned in the above link.

> Used Neutron port of the VM that is the actual traffic source as logical source port.
> sudo ovs-ofctl -O openflow13 dump-flows br-int
     I don't see any relevant flows created. Neither dump-groups are created.
> My Linux kernel version is 3.19.0 and OVS version is 2.4.0, I think this is fine.
> I have followed multihost installation steps (specially for local.conf) for single node devstack installation, I hope this should be fine.

I check q-svc, q-agt, ovsdb logs, I don't see any error whenever Port Chains are created.

Could you please help us to know that where we might have gone wrong. If needed We can share desired logs, configuration.

Regards
Chaman Bharti

Revision history for this message
chaman bharti (chaman.bharti) said : 		#3

We have created a Newton Devstack Setup and trying to Create a SFC ,but facing a communication issue between Driver and the Agent.

• Openstack Newton
• Kernel version - 3.19.0-25-generic
• ovs version – 2.4.0

We have configured local.conf , ml2_conf.ini, l3_agent.ini, dhcp_agent.ini using the below links :-

https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining

In order to create SFC, we have followed the below link :-

http://docs.openstack.org/newton/networking-guide/config-sfc.html

After creating the Port chain, it was found that no relevant flows were added in br-int

On Analysing, it was found in q-svc logs, that the driver is asking agent to update the flows.

2016-12-06 22:52:02.314 23336 DEBUG networking_sfc.db.flowclassifier_db [req-a727b5b0-3829-49e2-a29c-70501dee8376 admin -] networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin method get_flow_classifier called with arguments (<neutron.context.Context object at 0x7f554df0ff50>, u'042fe013-2e5a-44e6-a74f-98fddd2b1a29') {} wrapper /usr/local/lib/python2.7/dist-packages/oslo_log/helpers.py:47
2016-12-06 22:52:02.568 23336 DEBUG networking_sfc.services.sfc.drivers.ovs.rpc [req-a727b5b0-3829-49e2-a29c-70501dee8376 admin -] Ask agent on the specific host to update flows ask_agent_to_update_flow_rules /opt/stack/networking-sfc/networking_sfc/services/sfc/drivers/ovs/rpc.py:60

But in q-agt, there are no flows added to update.

It seems the driver request is not reaching the agent.

Can you share some pointers in order to resolve the issue.

Revision history for this message
Launchpad Janitor (janitor) said : 		#4

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
murtazasolangi (amurtaza14) said : 		#5

"Unable to create flow-classifier for service function chaining: The resource could not be found"

details as per this link: https://ask.openstack.org/en/question/101532/unable-to-create-flow-classifier-for-service-function-chaining-the-resource-could-not-be-found/#

Help will be highly appreciable.

Regards,
Ali