Networking-SFC chain routing not working

asked 2019-10-17 15:05:10 -0600

Wajahat gravatar image

updated 2019-11-13 02:54:13 -0600

I am trying to use Networking SFC extension to deploy a test service chain. I have been following the steps from this demo.

I am running Openstack (tried this with both Pike and Rocky release, same behavior) in CloudLab, and I have enabled the VXLAN data network. I am trying to create a simple routing topology like this figure:

image description

I create the six ports on the VXLAN network.

neutron port-list | grep p[0-9]
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
| 06526b62-5ef7-4e47-9d1f-b8e24b949c6c | p2   | c99a228f51ff400da0eb33f74e0d0369 | fa:16:3e:32:8a:28 | {"subnet_id": "20297148-820a-4014-aedc-e1dc341fb8d8", "ip_address": "10.253.0.7"}      |
| 526a7e2c-5954-4d69-b1e2-2e8a46b9a472 | p3   | c99a228f51ff400da0eb33f74e0d0369 | fa:16:3e:ef:2a:dd | {"subnet_id": "20297148-820a-4014-aedc-e1dc341fb8d8", "ip_address": "10.253.0.4"}      |
| c5fe9123-716a-4d37-ac14-2be3aba27bd6 | p6   | c99a228f51ff400da0eb33f74e0d0369 | fa:16:3e:fa:53:7b | {"subnet_id": "20297148-820a-4014-aedc-e1dc341fb8d8", "ip_address": "10.253.0.34"}     |
| d4e71ec4-2e40-45f0-953a-12cedbf12a6b | p1   | c99a228f51ff400da0eb33f74e0d0369 | fa:16:3e:a8:0d:bd | {"subnet_id": "20297148-820a-4014-aedc-e1dc341fb8d8", "ip_address": "10.253.0.3"}      |
| ed248660-de3c-4cb6-b59b-2bbfa9063a70 | p4   | c99a228f51ff400da0eb33f74e0d0369 | fa:16:3e:33:ca:cf | {"subnet_id": "20297148-820a-4014-aedc-e1dc341fb8d8", "ip_address": "10.253.0.6"}      |
| fc98926d-59aa-42d5-9b62-33a8bae3ce1f | p5   | c99a228f51ff400da0eb33f74e0d0369 | fa:16:3e:a9:af:4f | {"subnet_id": "20297148-820a-4014-aedc-e1dc341fb8d8", "ip_address": "10.253.0.12"}

Then I create port-pairs:

neutron port-pair-create --ingress 06526b62-5ef7-4e47-9d1f-b8e24b949c6c --egress 526a7e2c-5954-4d69-b1e2-2e8a46b9a472 pp1
neutron port-pair-create --ingress ed248660-de3c-4cb6-b59b-2bbfa9063a70 --egress fc98926d-59aa-42d5-9b62-33a8bae3ce1f pp2

and port-pair-groups:

neutron port-pair-group-create --port-pairs pp1 pg1

neutron port-pair-group-create --port-pairs pp2 pg2

finally I create a flow-classifier and the port-chain to use that classifier:

neutron flow-classifier-create --protocol icmp --ethertype IPv4 --logical-source-port p1 --logical-destination-port p6 icmp_class
neutron port-chain-create --port-pair-group pg1 --port-pair-group pg2 --flow-classifier icmp_class --chain-parameters symmetric=true pc1

After this, I ping and traceroute from VM1 to VM4 (both running Ubuntu 14.04), and start tcpdump on VM2 and VM3 (eth1 interfaces associated with P2 and P4 respectively). But I don't see any changes to the packet path from VM1 to VM4 i.e. it still goes directly from VM1 to VM4 bypassing VM2 and VM3.

Does anyone know what step I may have missed or help me debug this?

I have not modified anything in the VMs i.e. (no static routes and no ip_forwarding - but if this was problem wouldn't the packets simply get dropped?).

edit retag flag offensive close merge delete
add a comment