How to write ovs rules into neutron bridges?

Hey guys, I have successfully installed openstack + openvswitch plugin (using devstack) in a single node (compute+network) setup. I am able to ping my VMs from outside world and vice versa.

Now I want to write flows (rules using ovs-ofctl) on the openvswitch bridges i.e., br-ex (or br-int). So that I can drop ping destined for VM1 and allow packets destined for VM2 but the problem is that I don't see these ping on my br-ex bridge (using wireshark although ping is successful).

I have added my physical interface into the br-ex bridge (as a port) and I can see the ping packets on the physical interface but I don't see the same packets on my br-ex interface (which is weird!).

PS: The br-ex interface does show other traffic such as rip,ARP,SSH etc packets but just not the ping I send.

I'll appreciate any kind of help

Cheers :)

1 answer

Problem Solved (br-ex is the bridge to write rules on using simple ovs-ofctl):

Even though br-ex does not show the ping traffic, I can still write rules on it and they will be effective. For example:

In my scenario I was sending a ping from source= to VM (floating IP)= br-ex does not show this traffic but if I write a rule:

ovs-ofctl add-flow br-ex "dl_type=0x0800,nw_src=,nw_dst=,actions=drop"

Then the packets are dropped and the flow's packet count also increases.

1 follower


