Skip to content

Instantly share code, notes, and snippets.

@rsevilla87

rsevilla87/OpenShift-OVN flows

Created April 29, 2020 17:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rsevilla87/ed7cd2d58bf43f3ea37898dbe8d474f1 to your computer and use it in GitHub Desktop.
Save rsevilla87/ed7cd2d58bf43f3ea37898dbe8d474f1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
OpenShift-OVN flows
root@ip-172-31-71-55: ~ # oc describe svc router-default
Name: router-default
Namespace: openshift-ingress
Labels: app=router
ingresscontroller.operator.openshift.io/owning-ingresscontroller=default
router=router-default
Annotations: service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: 2
service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: 5
service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: 4
service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: 2
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: *
Selector: ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default
Type: LoadBalancer
IP: 172.30.40.73
LoadBalancer Ingress: ababf5818a75743e78309e2e1ceeaab2-1766978214.us-west-2.elb.amazonaws.com
Port: http 80/TCP
TargetPort: http/TCP
NodePort: http 31275/TCP
Endpoints: ip l:80
Port: https 443/TCP
TargetPort: https/TCP
NodePort: https 32767/TCP
Endpoints: 10.130.2.6:443
Session Affinity: None
External Traffic Policy: Local
HealthCheck NodePort: 32178
Events: <none>
sh-4.4# ovs-vsctl list Interface k8s-ip-10-0-155
_uuid : c2279261-19aa-4e62-a161-08e84352caee
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : []
error : []
external_ids : {iface-id="k8s-ip-10-0-155-196.us-west-2.compute.internal"}
ifindex : 8
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current : []
link_resets : 0
link_speed : []
link_state : up
lldp : {}
mac : "42:31:95:da:ac:7c"
mac_in_use : "42:31:95:da:ac:7c"
mtu : 8901
mtu_request : 8901
name : "k8s-ip-10-0-155"
ofport : 9
ofport_request : []
options : {}
other_config : {}
statistics : {collisions=0, rx_bytes=50148443, rx_crc_err=0, rx_dropped=179, rx_errors=0, rx_frame_err=0, rx_missed_errors=0, rx_over_err=0, rx_packets=159735, tx_bytes=18278935, tx_dropped=0, tx_errors=0, tx_packets=178185}
status : {driver_name=openvswitch}
type : internal
sh-4.4# ovs-appctl ofproto/trace br-int 'in_port=9,tcp,dl_src=42:31:95:da:ac:7c,dl_dst=02:dd:10:82:02:07,nw_dst=10.130.2.6,tcp_dst=80,nw_ttl=64,tcp_flags=syn'
Flow: tcp,in_port=9,vlan_tci=0x0000,dl_src=42:31:95:da:ac:7c,dl_dst=02:dd:10:82:02:07,nw_src=0.0.0.0,nw_dst=10.130.2.6,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=80,tcp_flags=syn
bridge("br-int")
----------------
0. in_port=9, priority 100, cookie 0xdfd6e35a
set_field:0x1->reg13
set_field:0x14->reg11
set_field:0x32->reg12
set_field:0x1a->metadata
set_field:0x3->reg14
resubmit(,8)
8. reg14=0x3,metadata=0x1a, priority 50, cookie 0xaac01df3
resubmit(,9)
9. metadata=0x1a, priority 0, cookie 0xb09fdfd6
resubmit(,10)
10. metadata=0x1a, priority 0, cookie 0x770ed96a
resubmit(,11)
11. ip,metadata=0x1a, priority 100, cookie 0xa35e2d2f
load:0x1->NXM_NX_XXREG0[96]
resubmit(,12)
12. metadata=0x1a, priority 0, cookie 0xbafbb1b4
resubmit(,13)
13. ip,reg0=0x1/0x1,metadata=0x1a, priority 100, cookie 0x4bdb74ed
ct(table=14,zone=NXM_NX_REG13[0..15])
drop
-> A clone of the packet is forked to recirculate. The forked pipeline will be resumed at table 14.
-> Sets the packet to an untracked state, and clears all the conntrack fields.
Final flow: tcp,reg0=0x1,reg11=0x14,reg12=0x32,reg13=0x1,reg14=0x3,metadata=0x1a,in_port=9,vlan_tci=0x0000,dl_src=42:31:95:da:ac:7c,dl_dst=02:dd:10:82:02:07,nw_src=0.0.0.0,nw_dst=10.130.2.6,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=80,tcp_flags=syn
Megaflow: recirc_id=0,eth,tcp,in_port=9,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=02:dd:10:82:02:07,nw_dst=0.0.0.0/1,nw_frag=no
Datapath actions: ct(zone=1),recirc(0x29)
===============================================================================
recirc(0x29) - resume conntrack with default ct_state=trk|new (use --ct-next to customize)
===============================================================================
Flow: recirc_id=0x29,ct_state=new|trk,ct_zone=1,eth,tcp,reg0=0x1,reg11=0x14,reg12=0x32,reg13=0x1,reg14=0x3,metadata=0x1a,in_port=9,vlan_tci=0x0000,dl_src=42:31:95:da:ac:7c,dl_dst=02:dd:10:82:02:07,nw_src=0.0.0.0,nw_dst=10.130.2.6,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=80,tcp_flags=syn
bridge("br-int")
----------------
thaw
Resuming from table 14
14. ct_state=-est+trk,ip,metadata=0x1a, priority 1, cookie 0x13c8031
load:0x1->NXM_NX_XXREG0[97]
resubmit(,15)
15. metadata=0x1a, priority 0, cookie 0x728f7251
resubmit(,16)
16. metadata=0x1a, priority 0, cookie 0x81717b1f
resubmit(,17)
17. metadata=0x1a, priority 0, cookie 0xa6024afe
resubmit(,18)
18. ip,reg0=0x2/0x2,metadata=0x1a, priority 100, cookie 0x4f58aa8
ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0]))
load:0->NXM_NX_CT_LABEL[0]
-> Sets the packet to an untracked state, and clears all the conntrack fields.
resubmit(,19)
19. metadata=0x1a, priority 0, cookie 0x17017c8b
resubmit(,20)
20. metadata=0x1a, priority 0, cookie 0x86a5e276
resubmit(,21)
21. metadata=0x1a, priority 0, cookie 0xe73ec9ec
resubmit(,22)
22. metadata=0x1a, priority 0, cookie 0x5dbd2f74
resubmit(,23)
23. metadata=0x1a, priority 0, cookie 0x15d81771
resubmit(,24)
24. metadata=0x1a, priority 0, cookie 0xcdb054cd
resubmit(,25)
25. metadata=0x1a, priority 0, cookie 0x3f6c3644
resubmit(,26)
26. metadata=0x1a, priority 0, cookie 0x5450eab4
resubmit(,27)
27. metadata=0x1a,dl_dst=02:dd:10:82:02:07, priority 50, cookie 0x8dbfa6aa
set_field:0x9->reg15
resubmit(,32)
32. priority 0
resubmit(,33)
33. reg15=0x9,metadata=0x1a, priority 100
set_field:0x3a->reg13
set_field:0x14->reg11
set_field:0x32->reg12
resubmit(,34)
34. priority 0
set_field:0->reg0
set_field:0->reg1
set_field:0->reg2
set_field:0->reg3
set_field:0->reg4
set_field:0->reg5
set_field:0->reg6
set_field:0->reg7
set_field:0->reg8
set_field:0->reg9
resubmit(,40)
40. ip,metadata=0x1a, priority 100, cookie 0x1381de7a
load:0x1->NXM_NX_XXREG0[96]
resubmit(,41)
41. ip,metadata=0x1a, priority 100, cookie 0xe44d328f
load:0x1->NXM_NX_XXREG0[96]
resubmit(,42)
42. ip,reg0=0x1/0x1,metadata=0x1a, priority 100, cookie 0x7eb3ba8
ct(table=43,zone=NXM_NX_REG13[0..15])
drop
-> A clone of the packet is forked to recirculate. The forked pipeline will be resumed at table 43.
-> Sets the packet to an untracked state, and clears all the conntrack fields.
Final flow: recirc_id=0x29,eth,tcp,reg0=0x1,reg11=0x14,reg12=0x32,reg13=0x3a,reg14=0x3,reg15=0x9,metadata=0x1a,in_port=9,vlan_tci=0x0000,dl_src=42:31:95:da:ac:7c,dl_dst=02:dd:10:82:02:07,nw_src=0.0.0.0,nw_dst=10.130.2.6,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=80,tcp_flags=syn
Megaflow: recirc_id=0x29,ct_state=+new-est-rel-rpl-inv+trk,ct_label=0/0x1,eth,tcp,in_port=9,dl_src=42:31:95:da:ac:7c,dl_dst=02:dd:10:82:02:07,nw_src=0.0.0.0/5,nw_dst=0.0.0.0/1,nw_frag=no
Datapath actions: ct(commit,zone=1,label=0/0x1),ct(zone=58),recirc(0x2cfe5)
===============================================================================
recirc(0x2cfe5) - resume conntrack with default ct_state=trk|new (use --ct-next to customize)
===============================================================================
Flow: recirc_id=0x2cfe5,ct_state=new|trk,ct_zone=58,eth,tcp,reg0=0x1,reg11=0x14,reg12=0x32,reg13=0x3a,reg14=0x3,reg15=0x9,metadata=0x1a,in_port=9,vlan_tci=0x0000,dl_src=42:31:95:da:ac:7c,dl_dst=02:dd:10:82:02:07,nw_src=0.0.0.0,nw_dst=10.130.2.6,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=80,tcp_flags=syn
bridge("br-int")
----------------
thaw
Resuming from table 43
43. metadata=0x1a, priority 0, cookie 0x796738c5
resubmit(,44)
44. ct_state=-est+trk,ip,metadata=0x1a, priority 1, cookie 0xe49bd426
load:0x1->NXM_NX_XXREG0[97]
resubmit(,45)
45. metadata=0x1a, priority 0, cookie 0x97b7cdc6
resubmit(,46)
46. metadata=0x1a, priority 0, cookie 0x1f1a7818
resubmit(,47)
47. ip,reg0=0x2/0x2,metadata=0x1a, priority 100, cookie 0x4b196a5a
ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0]))
load:0->NXM_NX_CT_LABEL[0]
-> Sets the packet to an untracked state, and clears all the conntrack fields.
resubmit(,48)
48. ip,reg15=0x9,metadata=0x1a,dl_dst=02:dd:10:82:02:07,nw_dst=10.130.2.6, priority 90, cookie 0xe726513f
resubmit(,49)
49. reg15=0x9,metadata=0x1a,dl_dst=02:dd:10:82:02:07, priority 50, cookie 0x5170c713
resubmit(,64)
64. priority 0
resubmit(,65)
65. reg15=0x9,metadata=0x1a, priority 100, cookie 0x4ad72088
output:19
Final flow: recirc_id=0x2cfe5,eth,tcp,reg0=0x3,reg11=0x14,reg12=0x32,reg13=0x3a,reg14=0x3,reg15=0x9,metadata=0x1a,in_port=9,vlan_tci=0x0000,dl_src=42:31:95:da:ac:7c,dl_dst=02:dd:10:82:02:07,nw_src=0.0.0.0,nw_dst=10.130.2.6,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=80,tcp_flags=syn
Megaflow: recirc_id=0x2cfe5,ct_state=+new-est-rel-rpl-inv+trk,ct_label=0/0x1,eth,ip,in_port=9,dl_src=42:31:95:da:ac:7c,dl_dst=02:dd:10:82:02:07,nw_src=0.0.0.0/5,nw_dst=10.130.2.6,nw_frag=no
Datapath actions: ct(commit,zone=58,label=0/0x1),8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment