Ask Your Question
0

How does OVS GRE tunnel port get network package?

asked 2015-11-05 00:47:18 -0500

Steven Su gravatar image

I'm debugging a network issue and like to know the magic behind OVS GRE tunnel.

Let's say a GRE tunnel between host A and B, on host A I have:

Bridge br-tun
        Port "gre-0a0a0114"
            Interface "gre-0a0a0114"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="10.10.1.21", out_key=flow, remote_ip="10.10.1.20"}

Host A has NIC eth1 using IP 10.10.1.21.

and on Host B I have:

Bridge br-tun
Port "gre-0a0a0115"
    Interface "gre-0a0a0115"
        type: gre
        options: {df_default="true", in_key=flow, local_ip="10.10.1.20", out_key=flow, remote_ip="10.10.1.21"}

Host B has NIC eth1 using IP 10.10.1.20.

When a package sent out from host A to B, will it first reach eth1 on Host B? Or will it reach Port "gre-0a0a0115" on br-tun directly? If the package reaches eth1 first then how does port "gre-0a0a0115" get the traffic?

I'm asking this because I found somehow the traffic reaches eth1 on host B but nothing on GRE tunnel port "gre-0a0a0115" in my environment.

Thanks in advance!

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-11-05 03:34:31 -0500

dbaxps gravatar image

Try to troubleshoot following https://www.hastexo.com/system/files/...

edit flag offensive delete link more

Comments

Thanks, that's one of doc in my bookmark:) But it didn't explain how package transfer from NIC to GRE tunnel port and who's control it. In my env I saw packages on eth1 but nothing on GRE tunnel port. Use "watch ovs-ofctl dump-flows br-tun" the incoming package number is zero.

Steven Su gravatar imageSteven Su ( 2015-11-05 06:12:33 -0500 )edit
add a comment
0

answered 2015-11-18 21:29:58 -0500

Steven Su gravatar image

Ok I get it, it's the iptables blocked the ICMP which cause the package not reaches to GRE tunnel port. In my iptables there are rules:

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Remove those rules then it works fine.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

subscribe to rss feed

Stats

Asked: 2015-11-05 00:47:18 -0500

Seen: 305 times

Last updated: Nov 18 '15

Related questions

GRE Tunnel between compute and network node

Network Issue in Essex Environment

Source qrouter is skipped in east/west traffic

Instance eth1 down while OpenStack dashboard says it's up

external Net reachable but not the internet!

openstack rocky configure private network

provider network vlan external dhcp

launch intances under tenant admin

No network on Centos Cloud converted from QCOW to VMDK

Openstack Grizzly Network Node