Ask Your Question

For the love of Pete, why does br-ex have a drop flow?!!

asked 2016-06-09 14:46:02 -0500

eyeofthebeholder gravatar image

Nothing seems to be able to get through br-ex... When I try and ping something external from the instance, traffic gets through the DVR router, which sends traffic to the SNAT namespace, to be able to forward traffic externally, needs to populate it's next-hop arp entry, so it sends out an arp request... That arp request makes it to the br-ex bridge, where, according to the flows on that bridge, simply drops the arp request (see flows below...)

ovs-ofctl dump-flows br-ex NXST_FLOW reply (xid=0x4): cookie=0x9aed292defb23897, duration=4247.101s, table=0, n_packets=2719, n_bytes=141881, idle_age=0, priority=2,in_port=1 actions=resubmit(,1) cookie=0x9aed292defb23897, duration=4248.055s, table=0, n_packets=0, n_bytes=0, idle_age=4248, priority=0 actions=NORMAL cookie=0x9aed292defb23897, duration=4247.066s, table=0, n_packets=297239, n_bytes=12534954, idle_age=0, priority=1 actions=resubmit(,3) cookie=0x9aed292defb23897, duration=4247.033s, table=1, n_packets=2719, n_bytes=141881, idle_age=0, priority=0 actions=resubmit(,2) cookie=0x9aed292defb23897, duration=4247.004s, table=2, n_packets=2719, n_bytes=141881, idle_age=0, priority=2,in_port=1 actions=drop

I can (and have) manually added flows with higher priorities, to allow the arp traffic out, but manual isn't the right solution...

WHY!!!!! Why are these flows here? Any help would be greatly appreciated!

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2016-06-09 17:50:10 -0500

eyeofthebeholder gravatar image

Ok, found my issue... I didn't realize bridge_mappings needed to map to the actual name of a external network!

edit flag offensive delete link more

answered 2016-07-05 22:16:35 -0500

james-denton gravatar image

Nice work. With OVS, bridge_mappings must contain mappings of network labels (i.e. physnet1) to actual bridge names. In your case, br-ex. With that information, any time you have a provider network whose provider:physical_network attribute is 'physnet1', the OVS agent will create the appropriate flows on the br-int and br-ex bridges. The nice thing about the mapping is the bridge itself can change if needed. The Neutron networks only refer to the label, so if you change the mapping and restart Neutron services/agents, the flows should land on the respective bridge.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-06-09 14:46:02 -0500

Seen: 385 times

Last updated: Jul 05 '16