rsevilla87/gist:12730f8283c96ae9cb0c33d7281d1497

## gistfile1.txt
root@ip-172-31-72-85: ~/workloads-shorcuts # oc describe svc -n openshift-ingress router-default
Name:                     router-default
Namespace:                openshift-ingress
Labels:                   app=router
                          ingresscontroller.operator.openshift.io/owning-ingresscontroller=default
                          router=router-default
Annotations:              service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: 2
                          service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: 5
                          service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: 4
                          service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: 2
                          service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: *
Selector:                 ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default
Type:                     LoadBalancer
IP:                       172.30.26.25
LoadBalancer Ingress:     a3d92e997e47c4e67a7a55f1d9ea60d6-277053312.us-west-2.elb.amazonaws.com
Port:                     http  80/TCP
TargetPort:               http/TCP
NodePort:                 http  30386/TCP
Endpoints:                10.131.2.11:80
Port:                     https  443/TCP
TargetPort:               https/TCP
NodePort:                 https  31172/TCP
Endpoints:                10.131.2.11:443
Session Affinity:         None
External Traffic Policy:  Local
HealthCheck NodePort:     30789
Events:                   <none>


# Tun0 is the host virtual interface

sh-4.4# ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    inet 10.0.134.83/20 brd 10.0.143.255 scope global dynamic noprefixroute ens5
       valid_lft 2457sec preferred_lft 2457sec
6: tun0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8951 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 10.131.2.1/23 brd 10.131.3.255 scope global tun0
       valid_lft forever preferred_lft forever
sh-4.4# ovs-vsctl list Interface tun0
_uuid               : 391ef763-b973-4abc-b04c-4fb14bebaa95
admin_state         : up
bfd                 : {}
bfd_status          : {}
cfm_fault           : []
cfm_fault_status    : []
cfm_flap_count      : []
cfm_health          : []
cfm_mpid            : []
cfm_remote_mpids    : []
cfm_remote_opstate  : []
duplex              : []
error               : []
external_ids        : {}
ifindex             : 6
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current        : []
link_resets         : 1
link_speed          : []
link_state          : up
lldp                : {}
mac                 : []
mac_in_use          : "da:6c:3c:df:aa:28"
mtu                 : 8951
mtu_request         : 8951
name                : "tun0"
ofport              : 2
ofport_request      : 2
options             : {}
other_config        : {}
statistics          : {collisions=0, rx_bytes=382522103149, rx_crc_err=0, rx_dropped=134465, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=185504640, tx_bytes=54395228209, tx_dropped=0, tx_errors=0, tx_packets=203020021}
status              : {driver_name=openvswitch}
type                : internal


sh-4.4# ovs-appctl ofproto/trace br0 'in_port=2,tcp,nw_dst=10.131.2.11,tcp_dst=80'
Flow: tcp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=10.131.2.11,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0

bridge("br0")
-------------
 0. ct_state=-trk,ip, priority 300
    ct(table=0)
    drop
     -> A clone of the packet is forked to recirculate. The forked pipeline will be resumed at table 0.
     -> Sets the packet to an untracked state, and clears all the conntrack fields.

Final flow: unchanged
Megaflow: recirc_id=0,ct_state=-trk,eth,ip,in_port=2,nw_src=0.0.0.0/5,nw_frag=no
Datapath actions: ct,recirc(0x7d124)

===============================================================================
recirc(0x7d124) - resume conntrack with default ct_state=trk|new (use --ct-next to customize)
===============================================================================

Flow: recirc_id=0x7d124,ct_state=new|trk,eth,tcp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=10.131.2.11,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0

bridge("br0")
-------------
    thaw
        Resuming from table 0
 0. ip,in_port=2, priority 200
    goto_table:30
30. ip,nw_dst=10.131.2.0/23, priority 200
    goto_table:70
70. ip,nw_dst=10.131.2.11, priority 100
    load:0x7a8bb3->NXM_NX_REG1[]
    load:0xc->NXM_NX_REG2[]
    goto_table:80
80. reg1=0x7a8bb3, priority 50
    output:NXM_NX_REG2[]
     -> output port is 12

Final flow: recirc_id=0x7d124,ct_state=new|trk,eth,tcp,reg1=0x7a8bb3,reg2=0xc,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=10.131.2.11,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0
Megaflow: recirc_id=0x7d124,ct_state=-rpl+trk,eth,ip,in_port=2,nw_src=0.0.0.0/5,nw_dst=10.131.2.11,nw_frag=no
Datapath actions: 7
	root@ip-172-31-72-85: ~/workloads-shorcuts # oc describe svc -n openshift-ingress router-default
	Name: router-default
	Namespace: openshift-ingress
	Labels: app=router
	ingresscontroller.operator.openshift.io/owning-ingresscontroller=default
	router=router-default
	Annotations: service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: 2
	service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: 5
	service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: 4
	service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: 2
	service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: *
	Selector: ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default
	Type: LoadBalancer
	IP: 172.30.26.25
	LoadBalancer Ingress: a3d92e997e47c4e67a7a55f1d9ea60d6-277053312.us-west-2.elb.amazonaws.com
	Port: http 80/TCP
	TargetPort: http/TCP
	NodePort: http 30386/TCP
	Endpoints: 10.131.2.11:80
	Port: https 443/TCP
	TargetPort: https/TCP
	NodePort: https 31172/TCP
	Endpoints: 10.131.2.11:443
	Session Affinity: None
	External Traffic Policy: Local
	HealthCheck NodePort: 30789
	Events: <none>


	# Tun0 is the host virtual interface

	sh-4.4# ip -4 a
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
	inet 127.0.0.1/8 scope host lo
	valid_lft forever preferred_lft forever
	2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
	inet 10.0.134.83/20 brd 10.0.143.255 scope global dynamic noprefixroute ens5
	valid_lft 2457sec preferred_lft 2457sec
	6: tun0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8951 qdisc noqueue state UNKNOWN group default qlen 1000
	inet 10.131.2.1/23 brd 10.131.3.255 scope global tun0
	valid_lft forever preferred_lft forever
	sh-4.4# ovs-vsctl list Interface tun0
	_uuid : 391ef763-b973-4abc-b04c-4fb14bebaa95
	admin_state : up
	bfd : {}
	bfd_status : {}
	cfm_fault : []
	cfm_fault_status : []
	cfm_flap_count : []
	cfm_health : []
	cfm_mpid : []
	cfm_remote_mpids : []
	cfm_remote_opstate : []
	duplex : []
	error : []
	external_ids : {}
	ifindex : 6
	ingress_policing_burst: 0
	ingress_policing_rate: 0
	lacp_current : []
	link_resets : 1
	link_speed : []
	link_state : up
	lldp : {}
	mac : []
	mac_in_use : "da:6c:3c:df:aa:28"
	mtu : 8951
	mtu_request : 8951
	name : "tun0"
	ofport : 2
	ofport_request : 2
	options : {}
	other_config : {}
	statistics : {collisions=0, rx_bytes=382522103149, rx_crc_err=0, rx_dropped=134465, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=185504640, tx_bytes=54395228209, tx_dropped=0, tx_errors=0, tx_packets=203020021}
	status : {driver_name=openvswitch}
	type : internal



	sh-4.4# ovs-appctl ofproto/trace br0 'in_port=2,tcp,nw_dst=10.131.2.11,tcp_dst=80'
	Flow: tcp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=10.131.2.11,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0

	bridge("br0")
	-------------
	0. ct_state=-trk,ip, priority 300
	ct(table=0)
	drop
	-> A clone of the packet is forked to recirculate. The forked pipeline will be resumed at table 0.
	-> Sets the packet to an untracked state, and clears all the conntrack fields.

	Final flow: unchanged
	Megaflow: recirc_id=0,ct_state=-trk,eth,ip,in_port=2,nw_src=0.0.0.0/5,nw_frag=no
	Datapath actions: ct,recirc(0x7d124)

	===============================================================================
	recirc(0x7d124) - resume conntrack with default ct_state=trk\|new (use --ct-next to customize)
	===============================================================================

	Flow: recirc_id=0x7d124,ct_state=new\|trk,eth,tcp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=10.131.2.11,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0

	bridge("br0")
	-------------
	thaw
	Resuming from table 0
	0. ip,in_port=2, priority 200
	goto_table:30
	30. ip,nw_dst=10.131.2.0/23, priority 200
	goto_table:70
	70. ip,nw_dst=10.131.2.11, priority 100
	load:0x7a8bb3->NXM_NX_REG1[]
	load:0xc->NXM_NX_REG2[]
	goto_table:80
	80. reg1=0x7a8bb3, priority 50
	output:NXM_NX_REG2[]
	-> output port is 12

	Final flow: recirc_id=0x7d124,ct_state=new\|trk,eth,tcp,reg1=0x7a8bb3,reg2=0xc,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=10.131.2.11,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0
	Megaflow: recirc_id=0x7d124,ct_state=-rpl+trk,eth,ip,in_port=2,nw_src=0.0.0.0/5,nw_dst=10.131.2.11,nw_frag=no
	Datapath actions: 7