Software Defined Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

 
Highlighted
Occasional Advisor

Unable to send the packet according to the flow in HP2920[openflow1.3]

Hi all,

I am working on HP 2920 series switch with openflow 1.3. I am trying to ping between two machines after writing manual flows. The flows are getting written successfully but the traffic is not going as per the flow. I have tried using L2 Flows and L3 flows but not successful.

dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=3,eth_type=0x800,ip_dst=192.168.1.26, apply:output=5
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=5,eth_type=0x800,ip_dst=192.168.1.30, apply:output=3
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=7,eth_type=0x800,ip_dst=192.168.1.26, apply:output=5
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=5,eth_type=0x800,ip_dst=192.168.1.22, apply:output=7
Flow 3
 Match
  Incoming Port : 7                     Ethernet Type    : Any
  Source MAC    : Any                   Destination MAC  : Any
  VLAN ID       : Any                   VLAN priority    : Any
  Source Protocol Address : Any
  Target Protocol Address : Any
  IP Protocol   : Any
  IP ECN        : Any                   IP DSCP          : Any
  Source Port   : Any                   Destination Port : Any
 Attributes
  Priority      : 32768                 Duration         : 372 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 0 seconds
  Byte Count    : 0                     Packet Count     : 0
  Flow Table ID : 200                   Controller ID    : listen-port
  Activity Count: NA                    Cookie           : 0x0
  Hardware Index     : NA
 Instructions
   Apply Actions
     Output                      : 5

 Flow 4
 Match
  Incoming Port : 5                     Ethernet Type    : Any
  Source MAC    : Any                   Destination MAC  : Any
  VLAN ID       : Any                   VLAN priority    : Any
  Source Protocol Address : Any
  Target Protocol Address : Any
  IP Protocol   : Any
  IP ECN        : Any                   IP DSCP          : Any
  Source Port   : Any                   Destination Port : Any
 Attributes
  Priority      : 32768                 Duration         : 372 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 0 seconds
  Byte Count    : 0                     Packet Count     : 0
  Flow Table ID : 200                   Controller ID    : listen-port
  Activity Count: NA                    Cookie           : 0x0

Am i missing some configuration changes in the switch? Kindly guide me through this

10 REPLIES 10
Highlighted
Valued Contributor

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

Hello,

 

Can you please sent the complete output, listing all the flows?

Also can you share the openflow configuration on the switch?

You are using dpctl to add flows, are you using a SDN controller at all?

Regards,

Antonio

SDN Team

Highlighted
Occasional Advisor

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

Hi Antonio,

Thanks for the reply :

I am unable to ping with l2/l3 Flows. While simple flows with IN_PORT only value are able to ping the machines.I am using Opendaylight Lithium as a controller:

My switch details are as follows:

Openflow instance Info:

 

Configured OF Version    : 1.3       
 Negotiated OF Version    : 1.3  
 Instance Name            : testing                          
 Admin. Status            : Enabled 
 Member List              : VLAN 2              
 Listen Port              : 6633           
 Oper. Status             : Up      
 Oper. Status Reason      : NA                                      
 Datapath ID              : 0002d4c9efpd67c0        
 Mode                     : Active    
 Flow Location            : Hardware and Software         
 No. of Hw Flows          : 0     
 No. of Sw Flows          : 0     
 Hw. Rate Limit           : 0 kbps              
 Sw. Rate Limit           : 100 pps        
 Conn. Interrupt Mode     : Fail-Secure         
 Maximum Backoff Interval : 60 seconds     
 Probe Interval           : 10 seconds     
 Hw. Table Miss Count     : NA                  
 No. of Sw Flow Tables    : 1  
 Egress Only Ports        : None                                    
 Table Model              : Policy Engine and Software              

 Controller Id Connection Status Connection State Secure Role  
 ------------- ----------------- ---------------- ------ ------
 1             Connected         Active           No     Equal 

Flows Programmed: Trying to ping from 192.168.1.26.

dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=3,eth_type=0x800,ip_dst=192.168.1.26, apply:output=5
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=5,eth_type=0x800,ip_dst=192.168.1.30, apply:output=3
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=7,eth_type=0x800,ip_dst=192.168.1.26, apply:output=5
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=5,eth_type=0x800,ip_dst=192.168.1.22, apply:output=7

 

 

Flow in the switch:

 

OpenFlow Flow Table

 Flow 1
 Match
  Incoming Port : 7                     Ethernet Type    : IP
  Source MAC    : Any                   Destination MAC  : Any
  VLAN ID       : Any                   VLAN priority    : Any
  Source Protocol Address : Any
  Target Protocol Address : 192.168.1.26/32
  IP Protocol   : Any
  IP ECN        : Any                   IP DSCP          : Any
  Source Port   : Any                   Destination Port : Any
 Attributes
  Priority      : 32768                 Duration         : 3 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 0 seconds
  Byte Count    : NA                    Packet Count     : 0
  Flow Table ID : 100                   Controller ID    : listen-port
  Activity Count: NA                    Cookie           : 0x0
  Hardware Index     : 17
 Instructions
   Apply Actions
     Output                      : 5

 Flow 2
 Match
  Incoming Port : 5                     Ethernet Type    : IP
  Source MAC    : Any                   Destination MAC  : Any
  VLAN ID       : Any                   VLAN priority    : Any
  Source Protocol Address : Any
  Target Protocol Address : 192.168.1.30/32
  IP Protocol   : Any
  IP ECN        : Any                   IP DSCP          : Any
  Source Port   : Any                   Destination Port : Any
 Attributes
  Priority      : 32768                 Duration         : 3 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 0 seconds
  Byte Count    : NA                    Packet Count     : 0
  Flow Table ID : 100                   Controller ID    : listen-port
  Activity Count: NA                    Cookie           Hardware Index : 18
Instructions
Apply Actions
Output : 3

 Flow 3
 Match
  Incoming Port : 3                     Ethernet Type    : IP
  Source MAC    : Any                   Destination MAC  : Any
  VLAN ID       : Any                   VLAN priority    : Any
  Source Protocol Address : Any
  Target Protocol Address : 192.168.1.26/32
  IP Protocol   : Any
  IP ECN        : Any                   IP DSCP          : Any
  Source Port   : Any                   Destination Port : Any
 Attributes
  Priority      : 32768                 Duration         : 3 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 0 seconds
  Byte Count    : NA                    Packet Count     : 0
  Flow Table ID : 100                   Controller ID    : listen-port
  Activity Count: NA                    Cookie           : 0x0
  Hardware Index     : 17
 Instructions
   Apply Actions
     Output                      : 5

 Flow 4
 Match
  Incoming Port : 5                     Ethernet Type    : IP
  Source MAC    : Any                   Destination MAC  : Any
  VLAN ID       : Any                   VLAN priority    : Any
  Source Protocol Address : Any
  Target Protocol Address : 192.168.1.22/32
  IP Protocol   : Any
  IP ECN        : Any                   IP DSCP          : Any
  Source Port   : Any                   Destination Port : Any
 Attributes
  Priority      : 32768                 Duration         : 3 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 0 seconds
  Byte Count    : NA                    Packet Count     : 0
  Flow Table ID : 100                   Controller ID    : listen-port
  Activity Count: NA                    Cookie           : 0x0
  Hardware Index     : 19
 Instructions
   Apply Actions
     Output                      : 7


Running Config:

Running configuration:

; J9726A Configuration Editor; Created on release #WB.15.15.0014
; Ver #06:0c.18.f3.ff.35.1d:26

hostname "HP-2920-24G"
module 1 type j9726a
snmp-server community "public" unrestricted
openflow
   controller-id 1 ip 192.168.3.250 controller-interface vlan 1
   instance "testing"
      listen-port
      member vlan 2
      controller-id 1
      version 1.3
      enable
      exit
   enable
   exit
oobm
   ip address 192.168.1.136 255.255.255.0
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 3-23
   untagged 1-2,24,A1-A2,B1-B2
   ip address 192.168.3.130 255.255.255.0
   exit
vlan 2
   name "openflow-ports"
   untagged 3-23
   ip address 192.168.1.1 255.255.255.0
   exit

Kindly provide some inputs.

 

Highlighted
Valued Contributor

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

Hello,

Can you please be more specific when saying :

l2/l3 Flows?

and

While simple flows with IN_PORT only value are able to ping the machines

do you mean that without adding eth_type and destination IP, you are able to ping the machines?

where the flow added would look similar to the following:

dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=3 apply:output=5

I can see that you are running a dated firmware version on the switch, you may want to consider an upgrade regardless the above.

Regards,

Antoino

 

Highlighted
Occasional Advisor

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

Hi, By L2 I meant flow with a match on Mac address and by L3 a match on IP address field. Yes, I am able to ping via IN_PORT between 2 machines with the same dpctl command. But in future I want to add multiple machines and then program the traffic on the basis on source and destination IP addresses/Mac addresses. But currently I am unable to do so. Am I missing something as although the flows are programmed successfully into the switch, but I am unable to ping. Sure I will update the firmware and test again.
Highlighted
Valued Contributor

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

Hello,

does adding the ip_proto match field change the behavior?

Regards

Antonio

Highlighted
Valued Contributor

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

hello,

Looking closer to the flow output i noticed that in the first example you sent the "eth_type" was set to ANY in the flows.

in these conditions, being the eth_type a pre-requisite for matching on destination IP, I undestand why the packet is not matched.

On the second output I can see that the eth_type is set correctly (hence my request on the ip_proto=1 -for ICMP).

dpctl strings seems to be identical despite the different flow being added.

Did you use same commands to add flows?

Antonio

Highlighted
Occasional Advisor

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

Hi ,

Yes i am using the same flows with eth_type. Also i have modified the flows with ip_proto to match the TCP header but still unable to ping . I have also upgraded the firmware to the latest WB.15.18.0006 version. Am i missing some configuration steps.

dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=3,eth_type=0x800,ip_proto=6,ip_dst=192.168.1.26, apply:output=5
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=5,eth_type=0x800,ip_proto=6,ip_dst=192.168.1.30, apply:output=3
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=7,eth_type=0x800,ip_proto=6,ip_dst=192.168.1.26, apply:output=5
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=5,eth_type=0x800,ip_proto=6,ip_dst=192.168.1.22, apply:output=7

Sample flow written by the dpctl commands:

 

 Flow 1
 Match
  Incoming Port : 5                     Ethernet Type    : IP
  Source MAC    : Any                   Destination MAC  : Any
  Source MAC Mask      : 000000-000000
  Destination MAC Mask : 000000-000000
  VLAN ID       : Any                   VLAN Priority    : Any
  Source IP Address      : Any
  Destination IP Address : 192.168.1.22/32
  IP Protocol   : TCP
  IP ECN        : Any                   IP DSCP          : Any
  Source Port   : Any                   Destination Port : Any
  Source Port Range      : NA
  Destination Port Range : NA
  TCP Flags     : NA
  TCP Mask      : NA
 Attributes
  Priority      : 32768                 Duration         : 9 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 0 seconds
  Byte Count    : NA                    Packet Count     : 0
  Flow Table ID : 100                   Controller ID    : listen-port
  Cookie        : 0x0
  Hardware Index: 19
 Instructions
   Apply Actions
     Output                      : 7

 

 

Highlighted
Valued Contributor

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

Hello,

 

You should match ICMP and not TCP in this case.

Let me know wether using IP_PROTO=1 allows you to reach your goal.

Regards,

Antonio

 

 

 

Highlighted
Occasional Advisor

Re: Unable to send the packet according to the flow in HP2920[openflow1.3]

Thanks for the inputs

I was able to write flows with dpctl for ICMP ip_proto=1. But still no success on pinging the hosts

dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=3,eth_type=0x800,ip_proto=1,ip_dst=192.168.1.26, apply:output=5
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=5,eth_type=0x800,ip_proto=1,ip_dst=192.168.1.30, apply:output=3
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=7,eth_type=0x800,ip_proto=1,ip_dst=192.168.1.26, apply:output=5
dpctl tcp:192.168.3.130:6633 flow-mod cmd=add,table=100 in_port=5,eth_type=0x800,ip_proto=1,ip_dst=192.168.1.22, apply:output=7

Sample flow :

Flow 4
 Match
  Incoming Port : 5                     Ethernet Type    : IP
  Source MAC    : Any                   Destination MAC  : Any
  VLAN ID       : Any                   VLAN priority    : Any
  Source Protocol Address : Any
  Target Protocol Address : 192.168.1.30/32
  IP Protocol   : ICMP
  IP ECN        : Any                   IP DSCP          : Any
  ICMP Type     : Any                   ICMP Code        : Any
 Attributes
  Priority      : 32768                 Duration         : 84 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 0 seconds
  Byte Count    : NA                    Packet Count     : 0
  Flow Table ID : 100                   Controller ID    : listen-port
  Activity Count: NA                    Cookie           : 0x0
  Hardware Index     : 18
 Instructions
   Apply Actions
     Output                      : 3

However i was wondering that Match ANY on IP Protocol should also have matched the packets. But no success on that also. Can you provide DPCTL commands to match on L2 (source mac/destination MAC). Also Table 0 and Table 100 are empty in the switch.

 

Thank you