[NETVIRT-480] non-NAPT bridge is also sending package out to external GW Created: 16/Feb/17  Updated: 05/Apr/18  Resolved: 05/Apr/18

Status: Resolved
Project: netvirt
Component/s: General
Affects Version/s: Carbon
Fix Version/s: None

Type: Bug Priority: Medium
Reporter: yong sheng gong Assignee: Unassigned
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: Linux
Platform: Other

External issue ID: 7810

 Description   

distribution-karaf-0.6.0-20170208.220244-3708.zip

I set up a two-nodes env via devstack:

node1:
odl@odl31:/opt/stack/opendaylight$ sudo ovs-vsctl show
1849da19-afae-48db-b5d4-2a63e7b86d0b
Manager "ptcp:6641:127.0.0.1"
is_connected: true
Manager "tcp:192.168.254.31:6640"
is_connected: true
Bridge br-int
Controller "tcp:192.168.254.31:6653"
is_connected: true
fail_mode: secure
Port "enp0s9"
Interface "enp0s9"
Port "tun70d00fe1b8c"
Interface "tun70d00fe1b8c"
type: vxlan
options:

{key=flow, local_ip="192.168.254.31", remote_ip="192.168.254.32"}

Port br-int
Interface br-int
type: internal
Port "tap70897536-9b"
Interface "tap70897536-9b"
type: internal
Port "tap81e28235-bd"
Interface "tap81e28235-bd"
ovs_version: "2.6.0"

node1's datapath ID:
odl@odl31:/opt/stack/opendaylight$ sudo ovs-ofctl -Oopenflow13 show br-int | grep dpid | awk -F":" -e '

{print "ibase=16; "toupper($3)}' | bc
185439651770720

node2:
odl@odl32:~$ sudo ovs-vsctl show
cbf6ad51-36d8-4d8d-abdf-869e7e2310c2
Manager "tcp:192.168.254.31:6640"
is_connected: true
Bridge br-int
Controller "tcp:192.168.254.31:6653"
is_connected: true
fail_mode: secure
Port "enp0s9"
Interface "enp0s9"
Port "tun50d944cb5fe"
Interface "tun50d944cb5fe"
type: vxlan
options: {key=flow, local_ip="192.168.254.32", remote_ip="192.168.254.31"}
Port "tapa13d9ce7-68"
Interface "tapa13d9ce7-68"
Port br-int
Interface br-int
type: internal
ovs_version: "2.6.0"

node2's datapathid:
odl@odl32:~$ sudo ovs-ofctl -Oopenflow13 show br-int | grep dpid | awk -F":" -e '{print "ibase=16; "toupper($3)}

' | bc
255404308847466

and get my NPAT bridge is on node2:
odl@odl31:~$ curl -s -u admin:admin -X GET http://localhost:8181/restconf/config/odl-nat:napt-switches/ | python -mjson.tool
{
"napt-switches": {
"router-to-napt-switch": [

{ "primary-switch-id": 255404308847466, "router-name": "f6c84bd6-9f25-4992-b72d-e194f77e6857" }

]
}
}

I login my nova VM on node1 (without FIP bound), and try to using SNAT feature:

I found the VM's traffic is going through node1's enp0s9 nic, not through node2 which
is NAPT bridge node. If I disable the node1's enp0s9 by "ifconfig enp0s9 down", the traffic is blocked.

 Comments   
Comment by Vinh Nguyen [ 13/Jul/17 ]

Hi Yong,

Could you please attach flow dumps for odl31 and odl32. I would like to check if the SNAP flows installed properly for each switch

Thanks, Vinh

Generated at Wed Feb 07 20:21:40 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.