Table of Contents
Troubleshooting Netvirt Datapath¶
Opendaylight Netvirt programs specific flows to OVS, for the various VM connectivity usecases to work. The purpose of this document is to give a detailed picture of the various flows that happen on OVS when a packet arrives.
Openflow Table Ownership¶
TABLE NUMBER |
TABLE NAME |
OWNERSHIP |
|---|---|---|
0 |
INTERFACE INGRESS TABLE |
GENIUS - INTERFACEMANAGER |
17 |
INGRESS DISPATCHER TABLE |
GENIUS - INTERFACEMANAGER |
18 |
EXTERNAL TUNNEL DHCP TABLE |
NETVIRT - L2GW SERVICE |
19 |
GATEWAY MAC TABLE |
NETVIRT - L3VPN |
20 |
L3 LFIB TABLE |
NETVIRT - L3VPN |
21 |
L3 FIB TABLE |
NETVIRT - L3VPN |
22 |
L3 SUBNET ROUTE TABLE |
NETVIRT - L3VPN |
25 |
Floating IP to Internal IP Translation Table |
NETVIRT - NAT |
26 |
Internal IP to FIP/ External IP Translation Table |
NETVIRT - NAT |
27 |
Intermediate Pre-FIB Table after Reverse Translation |
NETVIRT - NAT |
28 |
Intermediate Pre-FIB Table after Forward Translation |
NETVIRT - NAT |
36 |
Internal Terminating Service Table |
ALL SERVICES(which require communication over vxlan) |
38 |
External Terminating Service Table |
NETVIRT - L2GW SERVICE |
43 |
ARP Check Table |
NETVIRT - ELAN |
44 |
Inbound Translation in NAPT vSwitch |
NETVIRT - NAT |
45 |
IPv6 Table |
NETVIRT - IPV6 |
46 |
Outbound Translation in NAPT vSwitch |
NETVIRT - NAT |
47 |
NAPT vSwitch Pre-FIB Table |
NETVIRT - NAT |
48 |
ELAN DestIpToDMac Table |
NETVIRT - ELAN |
49 |
Temporary Source MAC Learned Table |
NETVIRT - ELAN |
50 |
ELAN SMAC Table |
NETVIRT - ELAN |
51 |
ELAN DMAC Table |
NETVIRT - ELAN |
52 |
ELAN Unknown DMAC Table |
NETVIRT - ELAN |
55 |
ELAN Filter Equals Table |
NETVIRT - ELAN |
60 |
DHCP Table |
NETVIRT - DHCP |
80 |
L3 Interface Table |
NETVIRT - L3VPN |
81 |
ARP Responder Table |
NETVIRT - L3VPN |
210 |
Ingress ACL Anti-spoofing table |
NETVIRT - ACL |
211 |
Ingress ACL Conntrack classifier table |
NETVIRT - ACL |
212 |
Ingress ACL Conntrack sender table |
NETVIRT - ACL |
213 |
Applying ACL for existing Ingress traffic table |
NETVIRT - ACL |
214 |
Ingress ACL Filter cum dispatcher table |
NETVIRT - ACL |
215 |
Ingress ACL filter table |
NETVIRT - ACL |
216 |
Ingress Remote ACL filter table |
NETVIRT - ACL |
217 |
Ingress ACL committer table |
NETVIRT - ACL |
220 |
Interface Egress Dispatcher Table |
GENIUS - INTERFACEMANAGER |
239 |
Clear Egress conntrack state table |
NETVIRT - ACL |
240 |
Egress ACL Anti-spoofing table |
NETVIRT - ACL |
241 |
Egress ACL Conntrack classifier table |
NETVIRT - ACL |
242 |
Egress ACL Conntrack sender table |
NETVIRT - ACL |
243 |
Applying ACL for existing Egress traffic table |
NETVIRT - ACL |
244 |
Egress ACL Filter cum dispatcher table |
NETVIRT - ACL |
245 |
Egress ACL filter table |
NETVIRT - ACL |
246 |
Egress Remote ACL filter table |
NETVIRT - ACL |
247 |
Egress ACL committer table |
NETVIRT - ACL |
Genius InterfaceManager Pipeline¶
Netvirt uses Genius interface-manager to program ingress and egress flows for VMs as well as Tunnel ports. interface-manager is also used for binding multiple services on the same interface. A high level overview of the pipeline for ingress/egress is shown below in the diagram. This will be applicable for all service traffic flows explained in the subsequent sections.
ELAN Traffic Flow¶
Traffic Type |
FLOW |
|
|---|---|---|
Known unicast traffic flow(both direction) |
Table 0 => Table 17 => Table 43 => Table 48 => Table 49 => Table 50 => Table 51 => Table 220 => Output Port |
|
Unknown unicast/ multicast/broadcast traffic |
Table 0 => Table 17 => Table 43 => Table 50 => Table 51 => Table 52 => Remote BC Group => Local BC Group => Table 55 => Table 220 => Output Port |
|
L3VPN Traffic Flow¶
Traffic Type |
FLOW |
|
|---|---|---|
L3VPN Traffic Flow within same DPN |
Table 0 => Table 17 => Table 19 => Table 21 => Local nexthop Group => Table 220 => output VM port |
|
L3VPN Traffic Flow across DPNs within Data Center(source DPN) |
Table 0 => Table 17 => Table 19 => Table 21 => Table 220 => Output tunnel port |
|
L3VPN Traffic Flow across DPNs within DC(destination) |
Table 0 => Table 36 => Table 220 => Output VM port |
|
L3VPN Traffic Flow across DC(towards DC) |
Table 0 => Table 17 => Table 19 => Table 21 => push MPLS, => Table 220 => output tunnel port |
|
L3VPN Traffic Flow across DC(from DC) |
Table 0 => Table 20 => Local nexthop group => Table 220 => output tunnel port |
|
NAT Traffic Flow¶
DNAT Traffic Flow¶
Traffic Type |
FLOW |
|
|---|---|---|
DNAT Traffic Flow on source DPN |
Table 0 => Table 20 => Table 25 => Table 27 => Table 21 => Local nexthop Group => Table 220 =>Output port |
|
DNAT Traffic Flow on destination DPN |
Table 0 => Table 17 => Table 21 => Table 26 => Table 28 => Table 21 => External Tunnel Groups |
|
SNAT Traffic Flow¶
SNAT VM Residing on the NAPT vSwitch
Traffic Type |
FLOW |
|
|---|---|---|
DPN (source traffic) |
Table 0 => Table 17 => Table 21 => Table 26 => Table 46 => Table 47 => Table 21 => External Tunnel Groups |
|
DPN (reverse traffic) |
Table 0 => Table 20 => Table 44 => Table 47 => Table 21 => Local nexthop Group => Table 220 => output port |
|
SNAT VM Residing on non-NAPT vSwitch (Source Traffic)
Traffic Type |
FLOW |
|
|---|---|---|
DPN (source traffic) |
Table 0 => Table 17 => Table 21 => Table 26 => Internal Tunnel Group => Table 220 => output tunnel port |
|
NAPT DPN (reverse traffic) |
Table 0 => Table 36 => Table 46 => Table 47 => Table 21 => External Tunnel Group => Table 220 => Output port |
|
SNAT VM Residing on non-NAPT vSwitch (Reverse Traffic)
Traffic Type |
FLOW |
|
|---|---|---|
NAPT DPN (source traffic) |
Table 0 => Table 20 => Table 44 => Table 47 => Table 21 => Internal Tunnel Group => Table 220 => output port |
|
DPN (reverse traffic) |
Table 0 => Table 36 => Local nexthop Group => Table 220 => output port |
|
Conntrack Based SNAT Traffic Flow
<TBD>
Inputs given by¶
Akash Sahu
Chetan Arakere Gowdru
Faseela K
Kiran N Upadhyaya
Manu B
N Vivekanandan
Shashidhar Raja