Ask Your Question
0

How does OVS GRE tunnel port get network package?

asked 2015-11-05 00:47:18 -0500

Steven Su gravatar image

I'm debugging a network issue and like to know the magic behind OVS GRE tunnel.

Let's say a GRE tunnel between host A and B, on host A I have:

Bridge br-tun
        Port "gre-0a0a0114"
            Interface "gre-0a0a0114"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="10.10.1.21", out_key=flow, remote_ip="10.10.1.20"}

Host A has NIC eth1 using IP 10.10.1.21.

and on Host B I have:

Bridge br-tun
Port "gre-0a0a0115"
    Interface "gre-0a0a0115"
        type: gre
        options: {df_default="true", in_key=flow, local_ip="10.10.1.20", out_key=flow, remote_ip="10.10.1.21"}

Host B has NIC eth1 using IP 10.10.1.20.

When a package sent out from host A to B, will it first reach eth1 on Host B? Or will it reach Port "gre-0a0a0115" on br-tun directly? If the package reaches eth1 first then how does port "gre-0a0a0115" get the traffic?

I'm asking this because I found somehow the traffic reaches eth1 on host B but nothing on GRE tunnel port "gre-0a0a0115" in my environment.

Thanks in advance!

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-11-05 03:34:31 -0500

dbaxps gravatar image

Try to troubleshoot following https://www.hastexo.com/system/files/...

edit flag offensive delete link more

Comments

Thanks, that's one of doc in my bookmark:) But it didn't explain how package transfer from NIC to GRE tunnel port and who's control it. In my env I saw packages on eth1 but nothing on GRE tunnel port. Use "watch ovs-ofctl dump-flows br-tun" the incoming package number is zero.

Steven Su gravatar imageSteven Su ( 2015-11-05 06:12:33 -0500 )edit
add a comment
0

answered 2015-11-18 21:29:58 -0500

Steven Su gravatar image

Ok I get it, it's the iptables blocked the ICMP which cause the package not reaches to GRE tunnel port. In my iptables there are rules:

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Remove those rules then it works fine.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

subscribe to rss feed

Stats

Asked: 2015-11-05 00:47:18 -0500

Seen: 338 times

Last updated: Nov 18 '15

Related questions

RDO MultiNode GRE tunnels & External network [closed]

Instance cannot ping outside

vm win7 can not ping vm routeros from testnet to internet

network design

How to bring up multiple interfaces up with cloud-init

LXC instance booted and active but can not be pinged

working with external dhcp and enable metadata server

neutron network cannot be seen by nova

Adding new allocation pool to existing network

[Errno 101] Network is unreachable