[Bug 1639273] Re: openvswitch port mirroring only mirrors egress traffic
Xiang Hui
hui.xiang at canonical.com
Wed Nov 9 08:54:45 UTC 2016
[ovs version]
trusty-liberty: 2.4.1-0ubuntu0.15.10.1~cloud0
xenial-mitaka: 2.5.0
[differ]
# dp flow (trusty-liberty) system at ovs-system: lookups: hit:21292 missed:2806 lost:0
flows: 0
masks: hit:38067 total:0 hit/pkt:1.58
port 0: ovs-system (internal)
port 1: br-int (internal)
port 2: br-ex (internal)
port 3: br-tun (internal)
port 4: gre_sys (gre)
port 5: br-data (internal)
port 6: qvo07e7496c-a1
port 7: qvo91feef0f-f9
port 8: qvo06e27c00-43
port 9: qvo57a80236-fc
tunnel(tun_id=0x5,src=10.5.1.254,dst=10.5.2.1,ttl=64,flags(-df-
csum+key)),in_port(4),skb_mark(0),eth(src=fa:16:3e:fd:1f:98,dst=fa:16:3e:26:2b:d0),eth_type(0x0806),
packets:0, bytes:0, used:never, actions:6
# dp flow (xenial-mitaka)
system at ovs-system:
lookups: hit:409100 missed:25958 lost:0
flows: 4
masks: hit:1427427 total:4 hit/pkt:3.28
port 0: ovs-system (internal)
port 1: br-int (internal)
port 2: br-ex (internal)
port 3: br-data (internal)
port 4: br-tun (internal)
port 5: qvo48082a53-ee
port 6: gre_sys (gre)
port 7: qvo330b5535-cf
recirc_id(0),tunnel(tun_id=0x5,src=10.5.6.194,dst=10.5.6.197,ttl=64,flags
(-df-
csum+key)),in_port(6),skb_mark(0),eth(src=fa:16:3e:41:4c:6d,dst=fa:16:3e:cc:aa:4d),eth_type(0x0800),ipv4(frag=no),
packets:12, bytes:1359, used:2.637s, actions:5,7
There was at least one mirror rewriting between this two version.
https://github.com/openvswitch/ovs/commit/7efbc3b7c4006caed79cc9afa799cd0f9b8f5d38
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1639273
Title:
openvswitch port mirroring only mirrors egress traffic
Status in Ubuntu Cloud Archive:
New
Status in openvswitch:
New
Bug description:
with a liberty openstack installation (openvswitch
2.4.1-0ubuntu0.15.10.1~cloud0) with two VMs, when vm1's interface is
mirrored to vm2's interface, only vm1's egress traffic is mirrored;
ingress traffic does not appear on vm2's interface.
ubuntu at machine-15:~$ sudo ovs-vsctl list mirror
ubuntu at machine-15:~$ sudo ovs-vsctl -- set Bridge br-int mirrors=@m -- --id=@qvo07e7496c-a1 get Port qvo07e7496c-a1 -- --id=@qvo91feef0f-f9 get Port qvo91feef0f-f9 -- --id=@m create Mirror name=mirror3 select-src-port=@qvo07e7496c-a1 select-dst-port=@qvo07e7496c-a1 output-port=@qvo91feef0f-f9
7e9e725f-1d23-4b30-8e46-82f7f7e71353
ubuntu at machine-15:~$ sudo ovs-vsctl list mirror
_uuid : 7e9e725f-1d23-4b30-8e46-82f7f7e71353
external_ids : {}
name : "mirror3"
output_port : a0e92620-37dd-4fd6-b514-45d47526306a
output_vlan : []
select_all : false
select_dst_port : [cafc190f-e89a-4f2c-ab56-2072351bbe41]
select_src_port : [cafc190f-e89a-4f2c-ab56-2072351bbe41]
select_vlan : []
statistics : {}
ubuntu at machine-15:~$ ping -c 1 10.5.150.3
PING 10.5.150.3 (10.5.150.3) 56(84) bytes of data.
64 bytes from 10.5.150.3: icmp_seq=1 ttl=63 time=4.26 ms
--- 10.5.150.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 4.268/4.268/4.268/0.000 ms
on vm 1 both directions appear, as expected:
17:16:13.093469 IP 10.5.2.1 > 192.168.21.7: ICMP echo request, id 9031, seq 1, length 64
17:16:13.094792 IP 192.168.21.7 > 10.5.2.1: ICMP echo reply, id 9031, seq 1, length 64
on vm 2 only outgoing traffic is mirrored:
17:16:13.095066 IP 192.168.21.7 > 10.5.2.1: ICMP echo reply, id 9031,
seq 1, length 64
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1639273/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list