How to trace OVN logical Flow trace with associated OVS OpenFlow rules in the OVN integrated environment?
Environment
- Red Hat OpenStack 13
- OpenvSwitch 2.9
- python-networking-ovn-4.0.3-3
Issue
- In OpenStack and ML2-OVN integrated environment, how to trace OVN logical Flow trace with associated OVS OpenFlow rules?
Resolution
- This
ovn-traceutility simulates packet forwarding within an OVN logical network. ovn-traceworks by reading the Logical_Flow and other tables from the OVN southbound database. It simulates a packet’s path through logical networks by repeatedly looking it up in the logical flow table, following the entire tree of possibilities.-
In a typical scenario,
ovn-traceis to provide datapath and microflow arguments on the command line.SYNOPSIS
ovn-trace [options] datapath microflow- The
datapathargument specifies the name of a logical datapath. Acceptable names are the name from thenorthbound Logical_SwitchorLogical_Routertable, the UUID of a record from one of those tables, or the UUID of a record from the southbound Datapath_Binding table. - The
microflowargument describes the packet whose forwarding is to be simulated, in the syntax of an OVN logical expression, as described inman ovn-sb, to express constraints.
- The
-
Refer the following command to get more
ovn-traceoption:# man ovn-trace. - In OpenStack cloud management systems, human-unfriendly names for ports and datapaths, for example, ones that include entire UUIDs. OVN does usually include friendlier names, but the long, hard-to-read names are the ones that appear in matches and actions. By default, or with
--friendly-names,ovn-tracesubstitutes these friendlier names for the long names in its output. Use--no-friendly-namesto disable this behavior; this option might be useful, for example, if a program is going to parseovn-traceoutput. - Makes ovn-trace attempt to obtain and display the OpenFlow flows that correspond to each OVN logical flow. To do so,
ovn-traceconnects to remote with--ovs[=remote]overOpenFlowand retrieves the flows. If remote is specified, it must be an activeOpenFlowconnection method described inman ovs-ofctl. - To make it easier ovn-trace command locally can execute in compute node to review the logical flow trace and associated
OpenFlowflows with--ovsoption since default integration socket fileunix:/var/run/openvswitch/br-int.mgmtresides in the same system.
Example: Details from the Lab
-
Packet trace scenario from VM internal port to the external gateway where the instance associated with Floating IP with ACL policies.
$ openstack server list --long --fit-width +-----------------------+-----------+--------+------------+-------------+-----------------------+------------+-----------------------+-------------+-----------------------+-------------------+---------------------------+------------+ | ID | Name | Status | Task State | Power State | Networks | Image Name | Image ID | Flavor Name | Flavor ID | Availability Zone | Host | Properties | +-----------------------+-----------+--------+------------+-------------+-----------------------+------------+-----------------------+-------------+-----------------------+-------------------+---------------------------+------------+ | 7482575f-6cf5-41de-b7 | instance1 | ACTIVE | None | Running | internal1=2001::f816: | cirros | 5d1f2e8d-1d3d-429a- | m1.medium | fae9f759-f651-4512-b3 | nova | ovn-compute-1.localdomain | | | 13-c50a939664f4 | | | | | 3eff:febb:7e52, | | 9d73-7edb7f575952 | | b7-3e03603bae51 | | | | | | | | | | 192.168.1.6, | | | | | | | | | | | | | | 10.74.167.210 | | | | | | | | +-----------------------+-----------+--------+------------+-------------+-----------------------+------------+-----------------------+-------------+-----------------------+-------------------+---------------------------+------------+$ nova interface-list instance1 +------------+--------------------------------------+--------------------------------------+---------------------------------------+-------------------+ | Port State | Port ID | Net ID | IP addresses | MAC Addr | +------------+--------------------------------------+--------------------------------------+---------------------------------------+-------------------+ | ACTIVE | 45b37972-88ad-4f9f-884d-50120fcebc39 | 250d6622-eec8-4471-ae89-3eb0302be2e2 | 192.168.1.6,2001::f816:3eff:febb:7e52 | fa:16:3e:bb:7e:52 | +------------+--------------------------------------+--------------------------------------+---------------------------------------+-------------------+$ neutron router-port-list router1 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. +--------------------------------------+------+----------------------------------+-------------------+--------------------------------------------------------------------------------------+ | id | name | tenant_id | mac_address | fixed_ips | +--------------------------------------+------+----------------------------------+-------------------+--------------------------------------------------------------------------------------+ | 26aa8fb5-1259-4350-ad41-688434f4734a | | 9bfb1590ceb94d5ca78b99f7c79994b2 | fa:16:3e:30:ed:9b | {"subnet_id": "fb81d894-5dc8-418e-80fb-bc3e5face00a", "ip_address": "192.168.1.1"} | | b7db6753-1d91-4a9e-ac37-b62b60f1efcf | | 9bfb1590ceb94d5ca78b99f7c79994b2 | fa:16:3e:55:9d:5e | {"subnet_id": "42c9fb04-515e-4070-9ee8-ad885ba1388d", "ip_address": "2001::1"} | | ef37243a-ac26-4c00-8c84-ebd90d6bb373 | | | fa:16:3e:71:74:11 | {"subnet_id": "691ca54f-12c7-4cbf-977d-13f2e7e3f489", "ip_address": "10.74.167.213"} | +--------------------------------------+------+----------------------------------+-------------------+--------------------------------------------------------------------------------------+ -
Login to Compute nodes where the associated instance is running and set the South Bound socket in the environment variable.
export SB=$(sudo ovs-vsctl get open . external_ids:ovn-remote | sed -e 's/\"//g') export NB=$(sudo ovs-vsctl get open . external_ids:ovn-remote | sed -e 's/\"//g' | sed -e 's/6642/6641/g') alias ovn-sbctl='sudo docker exec ovn_controller ovn-sbctl --db=$SB' alias ovn-nbctl='sudo docker exec ovn_controller ovn-nbctl --db=$NB' alias ovn-trace='sudo docker exec ovn_controller ovn-trace --db=$SB' -
With the above reference details, the
ovn-tracecan trace the logical and associated OF rules from VM internal port to the external gateway.Sample output from lab
# ovn-trace --no-friendly-names --ovs neutron-250d6622-eec8-4471-ae89-3eb0302be2e2 'inport == "45b37972-88ad-4f9f-884d-50120fcebc39" && eth.src == fa:16:3e:bb:7e:52 && eth.dst == fa:16:3e:30:ed:9b && ip4.src == 192.168.1.6 && ip4.dst == 10.74.167.222 && ip.ttl == 64 && icmp4.type == 8' # icmp,reg14=0x4,vlan_tci=0x0000,dl_src=fa:16:3e:bb:7e:52,dl_dst=fa:16:3e:30:ed:9b,nw_src=192.168.1.6,nw_dst=10.74.167.222,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 ingress(dp="019353ef-1517-4bfe-b244-d85d5c449721", inport="45b37972-88ad-4f9f-884d-50120fcebc39") ------------------------------------------------------------------------------------------------- 0. ls_in_port_sec_l2 (ovn-northd.c:3867): inport == "45b37972-88ad-4f9f-884d-50120fcebc39" && eth.src == {fa:16:3e:bb:7e:52}, priority 50, uuid d1dce7a9 cookie=0xd1dce7a9, duration=251129.966s, table=8, n_packets=542, n_bytes=66717, priority=50,reg14=0x4,metadata=0xa,dl_src=fa:16:3e:bb:7e:52 actions=resubmit(,9) next; 1. ls_in_port_sec_ip (ovn-northd.c:2849): inport == "45b37972-88ad-4f9f-884d-50120fcebc39" && eth.src == fa:16:3e:bb:7e:52 && ip4.src == {192.168.1.6}, priority 90, uuid 4af885b6 cookie=0x4af885b6, duration=251129.966s, table=9, n_packets=500, n_bytes=64165, priority=90,ip,reg14=0x4,metadata=0xa,dl_src=fa:16:3e:bb:7e:52,nw_src=192.168.1.6 actions=resubmit(,10) next; 3. ls_in_pre_acl (ovn-northd.c:3150): ip, priority 100, uuid a71014c0 cookie=0xa71014c0, duration=251135.800s, table=11, n_packets=4, n_bytes=360, priority=100,ipv6,metadata=0xa actions=load:0x1->NXM_NX_XXREG0[96],resubmit(,12) cookie=0xa71014c0, duration=251135.800s, table=11, n_packets=548, n_bytes=70155, priority=100,ip,metadata=0xa actions=load:0x1->NXM_NX_XXREG0[96],resubmit(,12) reg0[0] = 1; next; 5. ls_in_pre_stateful (ovn-northd.c:3287): reg0[0] == 1, priority 100, uuid 8f3c5a49 cookie=0x8f3c5a49, duration=251183.065s, table=13, n_packets=548, n_bytes=70155, priority=100,ip,reg0=0x1/0x1,metadata=0xa actions=ct(table=14,zone=NXM_NX_REG13[0..15]) cookie=0x8f3c5a49, duration=251183.064s, table=13, n_packets=4, n_bytes=360, priority=100,ipv6,reg0=0x1/0x1,metadata=0xa actions=ct(table=14,zone=NXM_NX_REG13[0..15]) ct_next; ct_next(ct_state=est|trk /* default (use --ct to customize) */) --------------------------------------------------------------- 6. ls_in_acl (ovn-northd.c:3495): !ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (inport == "45b37972-88ad-4f9f-884d-50120fcebc39" && ip4), priority 2002, uuid d525e066 cookie=0xd525e066, duration=251129.967s, table=14, n_packets=75, n_bytes=7610, priority=2002,ct_state=-new+est-rpl+trk,ct_label=0/0x1,ip,reg14=0x4,metadata=0xa actions=resubmit(,15) next; 16. ls_in_l2_lkup (ovn-northd.c:4261): eth.dst == fa:16:3e:30:ed:9b, priority 50, uuid 35cc93a3 cookie=0x35cc93a3, duration=251183.065s, table=24, n_packets=399, n_bytes=51793, priority=50,metadata=0xa,dl_dst=fa:16:3e:30:ed:9b actions=set_field:0x2->reg15,resubmit(,32) outport = "26aa8fb5-1259-4350-ad41-688434f4734a"; output; egress(dp="019353ef-1517-4bfe-b244-d85d5c449721", inport="45b37972-88ad-4f9f-884d-50120fcebc39", outport="26aa8fb5-1259-4350-ad41-688434f4734a") ------------------------------------------------------------------------------------------------------------------------------------------------ 1. ls_out_pre_acl (ovn-northd.c:3109): ip && outport == "26aa8fb5-1259-4350-ad41-688434f4734a", priority 110, uuid af93b9cd cookie=0xaf93b9cd, duration=251135.800s, table=41, n_packets=399, n_bytes=51793, priority=110,ip,reg15=0x2,metadata=0xa actions=resubmit(,42) cookie=0xaf93b9cd, duration=251135.800s, table=41, n_packets=0, n_bytes=0, priority=110,ipv6,reg15=0x2,metadata=0xa actions=resubmit(,42) next; 9. ls_out_port_sec_l2 (ovn-northd.c:4344): outport == "26aa8fb5-1259-4350-ad41-688434f4734a", priority 50, uuid d52c56d2 cookie=0xd52c56d2, duration=251183.065s, table=49, n_packets=399, n_bytes=51793, priority=50,reg15=0x2,metadata=0xa actions=resubmit(,64) output; /* output to "26aa8fb5-1259-4350-ad41-688434f4734a", type "patch" */ ingress(dp="99c15106-ee1e-4683-ad0d-2c0bdd52afcf", inport="lrp-26aa8fb5-1259-4350-ad41-688434f4734a") ----------------------------------------------------------------------------------------------------- 0. lr_in_admission (ovn-northd.c:4890): eth.dst == fa:16:3e:30:ed:9b && inport == "lrp-26aa8fb5-1259-4350-ad41-688434f4734a", priority 50, uuid fdcdfbae cookie=0xfdcdfbae, duration=251183.064s, table=8, n_packets=399, n_bytes=51793, priority=50,reg14=0x1,metadata=0xc,dl_dst=fa:16:3e:30:ed:9b actions=resubmit(,9) next; 7. lr_in_ip_routing (ovn-northd.c:4472): ip4.dst == 10.74.167.208/28, priority 57, uuid fca6ccef cookie=0xfca6ccef, duration=251183.073s, table=15, n_packets=0, n_bytes=0, priority=57,ip,metadata=0xc,nw_dst=10.74.167.208/28 actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:0xa4aa7d5->NXM_NX_XXREG0[64..95],set_field:fa:16:3e:71:74:11->eth_src,set_field:0x5->reg15,load:0x1->NXM_NX_REG10[0],resubmit(,16) ip.ttl--; reg0 = ip4.dst; reg1 = 10.74.167.213; eth.src = fa:16:3e:71:74:11; outport = "lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373"; flags.loopback = 1; next; 8. lr_in_arp_resolve (ovn-northd.c:6199): ip4, priority 0, uuid f6832489 cookie=0xf6832489, duration=251183.065s, table=16, n_packets=398, n_bytes=51695, priority=0,ip,metadata=0xc actions=push:NXM_NX_REG0[],push:NXM_NX_XXREG0[96..127],pop:NXM_NX_REG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,66),pop:NXM_NX_REG0[],resubmit(,17) get_arp(outport, reg0); /* MAC binding to f4:b5:2f:40:a6:81. */ next; 9. lr_in_gw_redirect (ovn-northd.c:6228): outport == "lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373", priority 50, uuid e6dc2d72 cookie=0xe6dc2d72, duration=251183.065s, table=17, n_packets=397, n_bytes=51610, priority=50,reg15=0x5,metadata=0xc actions=set_field:0x6->reg15,resubmit(,18) outport = "cr-lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373"; next; 10. lr_in_arp_request (ovn-northd.c:6306): 1, priority 0, uuid 7ad01353 cookie=0x7ad01353, duration=251183.067s, table=18, n_packets=4186, n_bytes=451250, priority=0,metadata=0xc actions=resubmit(,32) output; /* Replacing type "chassisredirect" outport "cr-lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373" with distributed port "lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373". */ egress(dp="99c15106-ee1e-4683-ad0d-2c0bdd52afcf", inport="lrp-26aa8fb5-1259-4350-ad41-688434f4734a", outport="lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373") -------------------------------------------------------------------------------------------------------------------------------------------------------- 0. lr_out_undnat (ovn-northd.c:5575): ip && ip4.src == 192.168.1.6 && outport == "lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373" && is_chassis_resident("cr-lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373"), priority 100, uuid b2c757eb cookie=0xb2c757eb, duration=251038.879s, table=40, n_packets=397, n_bytes=51610, priority=100,ip,reg15=0x5,metadata=0xc,nw_src=192.168.1.6 actions=ct(table=41,zone=NXM_NX_REG11[0..15],nat) ct_dnat; ct_dnat /* assuming no un-dnat entry, so no change */ ----------------------------------------------------- 1. lr_out_snat (ovn-northd.c:5622): ip && ip4.src == 192.168.1.6 && outport == "lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373" && is_chassis_resident("cr-lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373"), priority 33, uuid 907892ee cookie=0x907892ee, duration=251038.879s, table=41, n_packets=44, n_bytes=4200, priority=33,ip,reg15=0x5,metadata=0xc,nw_src=192.168.1.6 actions=ct(commit,table=42,zone=NXM_NX_REG12[0..15],nat(src=10.74.167.210)) ct_snat(10.74.167.210); ct_snat(ip4.src=10.74.167.210) ------------------------------ 3. lr_out_delivery (ovn-northd.c:6334): outport == "lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373", priority 100, uuid 5b4bf15f cookie=0x5b4bf15f, duration=251183.066s, table=43, n_packets=4416, n_bytes=425000, priority=100,reg15=0x5,metadata=0xc actions=resubmit(,64) output; /* output to "lrp-ef37243a-ac26-4c00-8c84-ebd90d6bb373", type "patch" */ ingress(dp="a28109b8-9d27-4551-a983-8c3bc98cda0c", inport="ef37243a-ac26-4c00-8c84-ebd90d6bb373") ------------------------------------------------------------------------------------------------- 0. ls_in_port_sec_l2 (ovn-northd.c:3867): inport == "ef37243a-ac26-4c00-8c84-ebd90d6bb373", priority 50, uuid 3a67f28b cookie=0x3a67f28b, duration=251183.065s, table=8, n_packets=4431, n_bytes=425630, priority=50,reg14=0x3,metadata=0x1 actions=resubmit(,9) next; 16. ls_in_l2_lkup (ovn-northd.c:4307): 1, priority 0, uuid 96f935c1 cookie=0x96f935c1, duration=251183.067s, table=24, n_packets=4415, n_bytes=424958, priority=0,metadata=0x1 actions=set_field:0xfffe->reg15,resubmit(,32) outport = "_MC_unknown"; output; multicast(dp="a28109b8-9d27-4551-a983-8c3bc98cda0c", mcgroup="_MC_unknown") --------------------------------------------------------------------------- egress(dp="a28109b8-9d27-4551-a983-8c3bc98cda0c", inport="ef37243a-ac26-4c00-8c84-ebd90d6bb373", outport="provnet-53457a6f-fccd-480e-be35-18f4edd71923") -------------------------------------------------------------------------------------------------------------------------------------------------------- 9. ls_out_port_sec_l2 (ovn-northd.c:4344): outport == "provnet-53457a6f-fccd-480e-be35-18f4edd71923", priority 50, uuid da903ade cookie=0xda903ade, duration=251183.070s, table=49, n_packets=4415, n_bytes=424958, priority=50,reg15=0x1,metadata=0x1 actions=resubmit(,64) output; /* output to "provnet-53457a6f-fccd-480e-be35-18f4edd71923", type "localnet" */ -
Sample output with
--friendly-namesoption.# ovn-trace --friendly-names --ovs neutron-250d6622-eec8-4471-ae89-3eb0302be2e2 --db=$SB 'inport == "45b37972-88ad-4f9f-884d-50120fcebc39" && eth.src == fa:16:3e:bb:7e:52 && eth.dst == fa:16:3e:30:ed:9b && ip4.src == 192.168.1.6 && ip4.dst == 10.74.167.222 && ip.ttl == 64 && icmp4.type == 8' # icmp,reg14=0x4,vlan_tci=0x0000,dl_src=fa:16:3e:bb:7e:52,dl_dst=fa:16:3e:30:ed:9b,nw_src=192.168.1.6,nw_dst=10.74.167.222,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 ingress(dp="internal1", inport="45b379") ---------------------------------------- 0. ls_in_port_sec_l2 (ovn-northd.c:3867): inport == "45b379" && eth.src == {fa:16:3e:bb:7e:52}, priority 50, uuid d1dce7a9 cookie=0xd1dce7a9, duration=254083.947s, table=8, n_packets=542, n_bytes=66717, priority=50,reg14=0x4,metadata=0xa,dl_src=fa:16:3e:bb:7e:52 actions=resubmit(,9) next; 1. ls_in_port_sec_ip (ovn-northd.c:2849): inport == "45b379" && eth.src == fa:16:3e:bb:7e:52 && ip4.src == {192.168.1.6}, priority 90, uuid 4af885b6 cookie=0x4af885b6, duration=254083.946s, table=9, n_packets=500, n_bytes=64165, priority=90,ip,reg14=0x4,metadata=0xa,dl_src=fa:16:3e:bb:7e:52,nw_src=192.168.1.6 actions=resubmit(,10) next; 3. ls_in_pre_acl (ovn-northd.c:3150): ip, priority 100, uuid a71014c0 cookie=0xa71014c0, duration=254089.780s, table=11, n_packets=4, n_bytes=360, priority=100,ipv6,metadata=0xa actions=load:0x1->NXM_NX_XXREG0[96],resubmit(,12) cookie=0xa71014c0, duration=254089.780s, table=11, n_packets=548, n_bytes=70155, priority=100,ip,metadata=0xa actions=load:0x1->NXM_NX_XXREG0[96],resubmit(,12) reg0[0] = 1; next; 5. ls_in_pre_stateful (ovn-northd.c:3287): reg0[0] == 1, priority 100, uuid 8f3c5a49 cookie=0x8f3c5a49, duration=254137.045s, table=13, n_packets=548, n_bytes=70155, priority=100,ip,reg0=0x1/0x1,metadata=0xa actions=ct(table=14,zone=NXM_NX_REG13[0..15]) cookie=0x8f3c5a49, duration=254137.044s, table=13, n_packets=4, n_bytes=360, priority=100,ipv6,reg0=0x1/0x1,metadata=0xa actions=ct(table=14,zone=NXM_NX_REG13[0..15]) ct_next; ct_next(ct_state=est|trk /* default (use --ct to customize) */) --------------------------------------------------------------- 6. ls_in_acl (ovn-northd.c:3495): !ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (inport == "45b379" && ip4), priority 2002, uuid d525e066 cookie=0xd525e066, duration=254083.947s, table=14, n_packets=75, n_bytes=7610, priority=2002,ct_state=-new+est-rpl+trk,ct_label=0/0x1,ip,reg14=0x4,metadata=0xa actions=resubmit(,15) next; 16. ls_in_l2_lkup (ovn-northd.c:4261): eth.dst == fa:16:3e:30:ed:9b, priority 50, uuid 35cc93a3 cookie=0x35cc93a3, duration=254137.046s, table=24, n_packets=399, n_bytes=51793, priority=50,metadata=0xa,dl_dst=fa:16:3e:30:ed:9b actions=set_field:0x2->reg15,resubmit(,32) outport = "26aa8f"; output; egress(dp="internal1", inport="45b379", outport="26aa8f") --------------------------------------------------------- 1. ls_out_pre_acl (ovn-northd.c:3109): ip && outport == "26aa8f", priority 110, uuid af93b9cd cookie=0xaf93b9cd, duration=254089.781s, table=41, n_packets=399, n_bytes=51793, priority=110,ip,reg15=0x2,metadata=0xa actions=resubmit(,42) cookie=0xaf93b9cd, duration=254089.781s, table=41, n_packets=0, n_bytes=0, priority=110,ipv6,reg15=0x2,metadata=0xa actions=resubmit(,42) next; 9. ls_out_port_sec_l2 (ovn-northd.c:4344): outport == "26aa8f", priority 50, uuid d52c56d2 cookie=0xd52c56d2, duration=254137.046s, table=49, n_packets=399, n_bytes=51793, priority=50,reg15=0x2,metadata=0xa actions=resubmit(,64) output; /* output to "26aa8f", type "patch" */ ingress(dp="router1", inport="lrp-26aa8f") ------------------------------------------ 0. lr_in_admission (ovn-northd.c:4890): eth.dst == fa:16:3e:30:ed:9b && inport == "lrp-26aa8f", priority 50, uuid fdcdfbae cookie=0xfdcdfbae, duration=254137.045s, table=8, n_packets=399, n_bytes=51793, priority=50,reg14=0x1,metadata=0xc,dl_dst=fa:16:3e:30:ed:9b actions=resubmit(,9) next; 7. lr_in_ip_routing (ovn-northd.c:4472): ip4.dst == 10.74.167.208/28, priority 57, uuid fca6ccef cookie=0xfca6ccef, duration=254137.054s, table=15, n_packets=0, n_bytes=0, priority=57,ip,metadata=0xc,nw_dst=10.74.167.208/28 actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:0xa4aa7d5->NXM_NX_XXREG0[64..95],set_field:fa:16:3e:71:74:11->eth_src,set_field:0x5->reg15,load:0x1->NXM_NX_REG10[0],resubmit(,16) ip.ttl--; reg0 = ip4.dst; reg1 = 10.74.167.213; eth.src = fa:16:3e:71:74:11; outport = "lrp-ef3724"; flags.loopback = 1; next; 8. lr_in_arp_resolve (ovn-northd.c:6199): ip4, priority 0, uuid f6832489 cookie=0xf6832489, duration=254137.046s, table=16, n_packets=398, n_bytes=51695, priority=0,ip,metadata=0xc actions=push:NXM_NX_REG0[],push:NXM_NX_XXREG0[96..127],pop:NXM_NX_REG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,66),pop:NXM_NX_REG0[],resubmit(,17) get_arp(outport, reg0); /* MAC binding to f4:b5:2f:40:a6:81. */ next; 9. lr_in_gw_redirect (ovn-northd.c:6228): outport == "lrp-ef3724", priority 50, uuid e6dc2d72 cookie=0xe6dc2d72, duration=254137.046s, table=17, n_packets=397, n_bytes=51610, priority=50,reg15=0x5,metadata=0xc actions=set_field:0x6->reg15,resubmit(,18) outport = "cr-lrp-ef3724"; next; 10. lr_in_arp_request (ovn-northd.c:6306): 1, priority 0, uuid 7ad01353 cookie=0x7ad01353, duration=254137.047s, table=18, n_packets=4208, n_bytes=453806, priority=0,metadata=0xc actions=resubmit(,32) output; /* Replacing type "chassisredirect" outport "cr-lrp-ef3724" with distributed port "lrp-ef3724". */ egress(dp="router1", inport="lrp-26aa8f", outport="lrp-ef3724") --------------------------------------------------------------- 0. lr_out_undnat (ovn-northd.c:5575): ip && ip4.src == 192.168.1.6 && outport == "lrp-ef3724" && is_chassis_resident("cr-lrp-ef3724"), priority 100, uuid b2c757eb cookie=0xb2c757eb, duration=253992.859s, table=40, n_packets=397, n_bytes=51610, priority=100,ip,reg15=0x5,metadata=0xc,nw_src=192.168.1.6 actions=ct(table=41,zone=NXM_NX_REG11[0..15],nat) ct_dnat; ct_dnat /* assuming no un-dnat entry, so no change */ ----------------------------------------------------- 1. lr_out_snat (ovn-northd.c:5622): ip && ip4.src == 192.168.1.6 && outport == "lrp-ef3724" && is_chassis_resident("cr-lrp-ef3724"), priority 33, uuid 907892ee cookie=0x907892ee, duration=253992.859s, table=41, n_packets=44, n_bytes=4200, priority=33,ip,reg15=0x5,metadata=0xc,nw_src=192.168.1.6 actions=ct(commit,table=42,zone=NXM_NX_REG12[0..15],nat(src=10.74.167.210)) ct_snat(10.74.167.210); ct_snat(ip4.src=10.74.167.210) ------------------------------ 3. lr_out_delivery (ovn-northd.c:6334): outport == "lrp-ef3724", priority 100, uuid 5b4bf15f cookie=0x5b4bf15f, duration=254137.046s, table=43, n_packets=4443, n_bytes=427252, priority=100,reg15=0x5,metadata=0xc actions=resubmit(,64) output; /* output to "lrp-ef3724", type "patch" */ ingress(dp="External", inport="ef3724") --------------------------------------- 0. ls_in_port_sec_l2 (ovn-northd.c:3867): inport == "ef3724", priority 50, uuid 3a67f28b cookie=0x3a67f28b, duration=254137.046s, table=8, n_packets=4458, n_bytes=427882, priority=50,reg14=0x3,metadata=0x1 actions=resubmit(,9) next; 16. ls_in_l2_lkup (ovn-northd.c:4307): 1, priority 0, uuid 96f935c1 cookie=0x96f935c1, duration=254137.048s, table=24, n_packets=4442, n_bytes=427210, priority=0,metadata=0x1 actions=set_field:0xfffe->reg15,resubmit(,32) outport = "_MC_unknown"; output; multicast(dp="External", mcgroup="_MC_unknown") ----------------------------------------------- egress(dp="External", inport="ef3724", outport="provnet-53457a") ---------------------------------------------------------------- 9. ls_out_port_sec_l2 (ovn-northd.c:4344): outport == "provnet-53457a", priority 50, uuid da903ade cookie=0xda903ade, duration=254137.051s, table=49, n_packets=4442, n_bytes=427210, priority=50,reg15=0x1,metadata=0x1 actions=resubmit(,64) output; /* output to "provnet-53457a", type "localnet" */ -
Sample
ovn-tracewith--minimaloutput.# ovn-trace --minimal --ovs neutron-250d6622-eec8-4471-ae89-3eb0302be2e2 --db=$SB 'inport == "45b37972-88ad-4f9f-884d-50120fcebc39" && eth.src == fa:16:3e:bb:7e:52 && eth.dst == fa:16:3e:30:ed:9b && ip4.src == 192.168.1.6 && ip4.dst == 10.74.167.222 && ip.ttl == 64 && icmp4.type == 8' # icmp,reg14=0x4,vlan_tci=0x0000,dl_src=fa:16:3e:bb:7e:52,dl_dst=fa:16:3e:30:ed:9b,nw_src=192.168.1.6,nw_dst=10.74.167.222,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 ct_next(ct_state=est|trk /* default (use --ct to customize) */) { ip.ttl--; eth.src = fa:16:3e:71:74:11; eth.dst = f4:b5:2f:40:a6:81; ct_dnat /* assuming no un-dnat entry, so no change */ { ct_snat(ip4.src=10.74.167.210) { output("provnet-53457a"); }; }; }; -
Sample
ovn-tracewith--summaryoutput.# ovn-trace --summary --ovs neutron-250d6622-eec8-4471-ae89-3eb0302be2e2 --db=$SB 'inport == "45b37972-88ad-4f9f-884d-50120fcebc39" && eth.src == fa:16:3e:bb:7e:52 && eth.dst == fa:16:3e:30:ed:9b && ip4.src == 192.168.1.6 && ip4.dst == 10.74.167.222 && ip.ttl == 64 && icmp4.type == 8' # icmp,reg14=0x4,vlan_tci=0x0000,dl_src=fa:16:3e:bb:7e:52,dl_dst=fa:16:3e:30:ed:9b,nw_src=192.168.1.6,nw_dst=10.74.167.222,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 ingress(dp="internal1", inport="45b379") { cookie=0xd1dce7a9, duration=254255.326s, table=8, n_packets=542, n_bytes=66717, priority=50,reg14=0x4,metadata=0xa,dl_src=fa:16:3e:bb:7e:52 actions=resubmit(,9) next; cookie=0x4af885b6, duration=254255.325s, table=9, n_packets=500, n_bytes=64165, priority=90,ip,reg14=0x4,metadata=0xa,dl_src=fa:16:3e:bb:7e:52,nw_src=192.168.1.6 actions=resubmit(,10) next; cookie=0xa71014c0, duration=254261.160s, table=11, n_packets=4, n_bytes=360, priority=100,ipv6,metadata=0xa actions=load:0x1->NXM_NX_XXREG0[96],resubmit(,12) cookie=0xa71014c0, duration=254261.160s, table=11, n_packets=548, n_bytes=70155, priority=100,ip,metadata=0xa actions=load:0x1->NXM_NX_XXREG0[96],resubmit(,12) reg0[0] = 1; next; cookie=0x8f3c5a49, duration=254308.425s, table=13, n_packets=548, n_bytes=70155, priority=100,ip,reg0=0x1/0x1,metadata=0xa actions=ct(table=14,zone=NXM_NX_REG13[0..15]) cookie=0x8f3c5a49, duration=254308.424s, table=13, n_packets=4, n_bytes=360, priority=100,ipv6,reg0=0x1/0x1,metadata=0xa actions=ct(table=14,zone=NXM_NX_REG13[0..15]) ct_next; ct_next(ct_state=est|trk /* default (use --ct to customize) */) { cookie=0xd525e066, duration=254255.327s, table=14, n_packets=75, n_bytes=7610, priority=2002,ct_state=-new+est-rpl+trk,ct_label=0/0x1,ip,reg14=0x4,metadata=0xa actions=resubmit(,15) next; cookie=0x35cc93a3, duration=254308.425s, table=24, n_packets=399, n_bytes=51793, priority=50,metadata=0xa,dl_dst=fa:16:3e:30:ed:9b actions=set_field:0x2->reg15,resubmit(,32) outport = "26aa8f"; output; egress(dp="internal1", inport="45b379", outport="26aa8f") { cookie=0xaf93b9cd, duration=254261.160s, table=41, n_packets=399, n_bytes=51793, priority=110,ip,reg15=0x2,metadata=0xa actions=resubmit(,42) cookie=0xaf93b9cd, duration=254261.160s, table=41, n_packets=0, n_bytes=0, priority=110,ipv6,reg15=0x2,metadata=0xa actions=resubmit(,42) next; cookie=0xd52c56d2, duration=254308.425s, table=49, n_packets=399, n_bytes=51793, priority=50,reg15=0x2,metadata=0xa actions=resubmit(,64) output; /* output to "26aa8f", type "patch" */; ingress(dp="router1", inport="lrp-26aa8f") { cookie=0xfdcdfbae, duration=254308.424s, table=8, n_packets=399, n_bytes=51793, priority=50,reg14=0x1,metadata=0xc,dl_dst=fa:16:3e:30:ed:9b actions=resubmit(,9) next; cookie=0xfca6ccef, duration=254308.433s, table=15, n_packets=0, n_bytes=0, priority=57,ip,metadata=0xc,nw_dst=10.74.167.208/28 actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:0xa4aa7d5->NXM_NX_XXREG0[64..95],set_field:fa:16:3e:71:74:11->eth_src,set_field:0x5->reg15,load:0x1->NXM_NX_REG10[0],resubmit(,16) ip.ttl--; reg0 = ip4.dst; reg1 = 10.74.167.213; eth.src = fa:16:3e:71:74:11; outport = "lrp-ef3724"; flags.loopback = 1; next; cookie=0xf6832489, duration=254308.425s, table=16, n_packets=398, n_bytes=51695, priority=0,ip,metadata=0xc actions=push:NXM_NX_REG0[],push:NXM_NX_XXREG0[96..127],pop:NXM_NX_REG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,66),pop:NXM_NX_REG0[],resubmit(,17) get_arp(outport, reg0); /* MAC binding to f4:b5:2f:40:a6:81. */ next; cookie=0xe6dc2d72, duration=254308.425s, table=17, n_packets=397, n_bytes=51610, priority=50,reg15=0x5,metadata=0xc actions=set_field:0x6->reg15,resubmit(,18) outport = "cr-lrp-ef3724"; next; cookie=0x7ad01353, duration=254308.427s, table=18, n_packets=4211, n_bytes=454148, priority=0,metadata=0xc actions=resubmit(,32) output; /* Replacing type "chassisredirect" outport "cr-lrp-ef3724" with distributed port "lrp-ef3724". */; egress(dp="router1", inport="lrp-26aa8f", outport="lrp-ef3724") { cookie=0xb2c757eb, duration=254164.239s, table=40, n_packets=397, n_bytes=51610, priority=100,ip,reg15=0x5,metadata=0xc,nw_src=192.168.1.6 actions=ct(table=41,zone=NXM_NX_REG11[0..15],nat) ct_dnat; ct_dnat /* assuming no un-dnat entry, so no change */ { cookie=0x907892ee, duration=254164.239s, table=41, n_packets=44, n_bytes=4200, priority=33,ip,reg15=0x5,metadata=0xc,nw_src=192.168.1.6 actions=ct(commit,table=42,zone=NXM_NX_REG12[0..15],nat(src=10.74.167.210)) ct_snat(10.74.167.210); ct_snat(ip4.src=10.74.167.210) { cookie=0x5b4bf15f, duration=254308.426s, table=43, n_packets=4446, n_bytes=427516, priority=100,reg15=0x5,metadata=0xc actions=resubmit(,64) output; /* output to "lrp-ef3724", type "patch" */; ingress(dp="External", inport="ef3724") { cookie=0x3a67f28b, duration=254308.425s, table=8, n_packets=4461, n_bytes=428146, priority=50,reg14=0x3,metadata=0x1 actions=resubmit(,9) next; cookie=0x96f935c1, duration=254308.427s, table=24, n_packets=4445, n_bytes=427474, priority=0,metadata=0x1 actions=set_field:0xfffe->reg15,resubmit(,32) outport = "_MC_unknown"; output; multicast(dp="External", mcgroup="_MC_unknown") { egress(dp="External", inport="ef3724", outport="provnet-53457a") { cookie=0xda903ade, duration=254308.430s, table=49, n_packets=4445, n_bytes=427474, priority=50,reg15=0x1,metadata=0x1 actions=resubmit(,64) output; /* output to "provnet-53457a", type "localnet" */; }; }; }; }; }; }; }; }; }; };
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments