Ask Your Question
0

How does OVS GRE tunnel port get network package?

asked 2015-11-05 00:47:18 -0500

Steven Su gravatar image

I'm debugging a network issue and like to know the magic behind OVS GRE tunnel.

Let's say a GRE tunnel between host A and B, on host A I have:

Bridge br-tun
        Port "gre-0a0a0114"
            Interface "gre-0a0a0114"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="10.10.1.21", out_key=flow, remote_ip="10.10.1.20"}

Host A has NIC eth1 using IP 10.10.1.21.

and on Host B I have:

Bridge br-tun
Port "gre-0a0a0115"
    Interface "gre-0a0a0115"
        type: gre
        options: {df_default="true", in_key=flow, local_ip="10.10.1.20", out_key=flow, remote_ip="10.10.1.21"}

Host B has NIC eth1 using IP 10.10.1.20.

When a package sent out from host A to B, will it first reach eth1 on Host B? Or will it reach Port "gre-0a0a0115" on br-tun directly? If the package reaches eth1 first then how does port "gre-0a0a0115" get the traffic?

I'm asking this because I found somehow the traffic reaches eth1 on host B but nothing on GRE tunnel port "gre-0a0a0115" in my environment.

Thanks in advance!

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-11-05 03:34:31 -0500

dbaxps gravatar image

Try to troubleshoot following https://www.hastexo.com/system/files/...

edit flag offensive delete link more

Comments

Thanks, that's one of doc in my bookmark:) But it didn't explain how package transfer from NIC to GRE tunnel port and who's control it. In my env I saw packages on eth1 but nothing on GRE tunnel port. Use "watch ovs-ofctl dump-flows br-tun" the incoming package number is zero.

Steven Su gravatar imageSteven Su ( 2015-11-05 06:12:33 -0500 )edit
0

answered 2015-11-18 21:29:58 -0500

Steven Su gravatar image

Ok I get it, it's the iptables blocked the ICMP which cause the package not reaches to GRE tunnel port. In my iptables there are rules:

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Remove those rules then it works fine.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2015-11-05 00:47:18 -0500

Seen: 237 times

Last updated: Nov 18 '15