OpenvSwitch Port Mirror in OpenStack Neutron
I recently built an OpenStack Environment Based on VXLAN and found that the package to dump ovs interfaces is still quite troublesome. After many efforts, find some trouble shooting methods in the network environment of openstack.
In addition to common tools such as ping, host, traceroute, tcpdump, ip neighbor, arp, and arping, you can also use port mirror to dump ovs packets.
There are two nodes in my environment. node1 enables Nova and Neutron, and node2 only enables Nova-related services.
Ovs environment of Node1:
sudo ovs-vsctl show47a7cda2-1263-485a-8ae4-1be7cf53ed44 Bridge br-tun fail_mode: secure Port "veth0" Interface "veth0" Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Port "vxlan-0a674d0e" Interface "vxlan-0a674d0e" type: vxlan options: {df_default="true", in_key=flow, local_ip="10.103.77.13", out_key=flow, remote_ip="10.103.77.14"} Bridge br-int fail_mode: secure Port "tapb5e83be9-f9" tag: 2 Interface "tapb5e83be9-f9" type: internal Port "qvo42d126bc-e1" tag: 2 Interface "qvo42d126bc-e1" Port int-br-ex Interface int-br-ex type: patch options: {peer=phy-br-ex} Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port br-int Interface br-int type: internal Bridge br-ex Port "eth1" Interface "eth1" Port br-ex Interface br-ex type: internal Port phy-br-ex Interface phy-br-ex type: patch options: {peer=int-br-ex} ovs_version: "2.0.2"
What I want to do is dump all the packages of the patch-int interface on the br-tun so that we can see what the package looks like after the br-tun conversion.
ip link add type vethip link set veth0 upip link set veth1 up
ovs-vsctl add-port br-tun "veth0"
ovs-vsctl -- set Bridge br-tun mirrors=@m \-- --id=@veth0 get Port veth0 \-- --id=@patch-int get Port patch-int \-- --id=@br-tun get Port br-tun \-- --id=@m create Mirror name=veth select-src-port=@br-tun,@patch-int \select-dst-port=@br-tun,@patch-int output-port=@veth0
After successful execution, a mirror id is output. You can use
ovs-vsctl list bridge
Check whether mirror is in outout.
_uuid : 18303d75-8715-408d-b9d7-5ef0424734f2controller : []datapath_id : "0000763d30188d40"datapath_type : systemexternal_ids : {}fail_mode : secureflood_vlans : []flow_tables : {}ipfix : []mirrors : [d2bcbe65-ae4c-4b88-9172-cf84dae39d0e]name : br-tunnetflow : []other_config : {}ports : [3eb258b0-f9db-4dfa-bbd5-697162f26142, 6755f9ce-a8fa-4b52-ba3a-06c798e12b9b, c45bbbd7-6baf-4774-b0e4-493d74ae0589, ffcf5619-baaf-469a-bb2d-9016ede95c92]protocols : ["OpenFlow10"]sflow : []status : {}stp_enable : false
sudo tcpdump -i veth0 -vv -ne -w veth0.cap
When you use wireshark to view the packages, you will find that these packages have been translated into normal packages instead of VXLAN packages, so you cannot see the tunnel id of vxlan.
References:
VXLAN: https://tools.ietf.org/pdf/rfc7348.pdf
Neutron Troubleshooting: http://docs.openstack.org/openstack-ops/content/network_troubleshooting.html
The following is a collection of Openstack related knowledge for you to see if you like it:
Install and deploy Openstack on Ubuntu 12.10
Ubuntu 12.04 OpenStack Swift single-node deployment Manual
OpenStack cloud computing quick start tutorial
Deploying OpenStack for enterprises: what should be done and what should not be done
CentOS 6.5 x64bit quick OpenStack Installation
This article permanently updates the link address:
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
