networking-sfc

No Traffic in the VNF nodes

Asked by Silvia

Hi all,
I have Openstack installed with devstack, branch ROCKY.
I followed the guide for the sfc. I have created a src and a dst and 2 intermediate VNF. 6 ports.
I did these steps:

openstack sfc flow classifier create --ethertype IPv4 --source-ip-prefix 10.10.10.6/32 --destination-ip-prefix 10.10.10.16/32 --protocol tcp --source-port 23:23 --destination-port 100:100 --logical-source-port p1 FC1

openstack sfc port pair create --ingress=p2 --egress=p3 PP1

openstack sfc port pair create --ingress=p4 --egress=p5 PP2

openstack sfc port pair group create --port-pair PP1 PG1

 openstack sfc port chain create --port-pair-group PG1 --port-pair-group PG2 --flow-classifier FC1 PC1

Than, I open 6 terminals, one for each port, to check if the traffic flows correctly BUT i don't have traffic on the tap interfaces related to ports 2-3-4-5

There is a way to find the problem?
Moreover, I don't know why, the VMs are instantiated only in the Controller+Compute node. Maybe I have a problem with Rocky. There is some different details in Rocky local.conf with respect the oldest release?

Thanks

Silvia

Question information

Language:
English Edit question
Status:
Answered
For:
networking-sfc Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
vks1 (vikash-kumar) said : 		#1

Hello Silivia,

   Lets say, you have topology like this:

src -> VNF -> dst

  And you want to snoop traffic of following segment : src -> VNF , then you should logically insert a TAP device between src and VNF. So that, traffic going out from src port to ingress port of VNF and traffic coming out from return path which is, ingress port of VNF to src , should be forwarded to your TAP device.

  So , u need to build a logical chain like this:

   src -> TAP -> VNF -> dst

  Here, TAP will get a copy of packet from src port and ingress port of VNF.

   You need to create PPG with --tap-enabled attribute for TAP.

   Once you do that, tracing the flow from src port would be easy.

Can you help with this problem?

Provide an answer of your own, or ask Silvia for more information if necessary.

To post a message you must log in.