How to write ovs rules into neutron bridges?

asked 2013-09-25 15:56:08 -0600

asadxflow gravatar image

Hey guys, I have successfully installed openstack + openvswitch plugin (using devstack) in a single node (compute+network) setup. I am able to ping my VMs from outside world and vice versa.

Now I want to write flows (rules using ovs-ofctl) on the openvswitch bridges i.e., br-ex (or br-int). So that I can drop ping destined for VM1 and allow packets destined for VM2 but the problem is that I don't see these ping on my br-ex bridge (using wireshark although ping is successful).

I have added my physical interface into the br-ex bridge (as a port) and I can see the ping packets on the physical interface but I don't see the same packets on my br-ex interface (which is weird!).

PS: The br-ex interface does show other traffic such as rip,ARP,SSH etc packets but just not the ping I send.

I'll appreciate any kind of help

Cheers :)

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2013-09-26 08:11:11 -0600

asadxflow gravatar image

Problem Solved (br-ex is the bridge to write rules on using simple ovs-ofctl):

Even though br-ex does not show the ping traffic, I can still write rules on it and they will be effective. For example:

In my scenario I was sending a ping from source=192.168.1.1 to VM (floating IP)=192.168.1.99. br-ex does not show this traffic but if I write a rule:

ovs-ofctl add-flow br-ex "dl_type=0x0800,nw_src=192.168.1.1,nw_dst=192.168.1.99,actions=drop"

Then the packets are dropped and the flow's packet count also increases.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-09-25 15:56:08 -0600

Seen: 68 times

Last updated: Sep 26 '13