Shulou(Shulou.com)05/31 Report--

What is the reason why the ovs-vsctl emer-reset command needs to be used carefully? in view of this question, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

The following command is used when resetting OVS

1 、 ovs-vsctl emer-reset

2 、 ovs-vsctl init

3. Rm-rf / etc/openvswitch/*

However, this ovs-vsctl emer-reset command will trigger a BUG, resulting in the inability to recover the flow table information and even cause the network to loop back.

This BUG appears in the ocata version and is still available in the current queens version, but not in the previous mitaka version.

Let's look at the following example

In the ocata version

[root@test01 neutron] # ovs-ofctl dump-flows br-tun

NXST_FLOW reply (xid=0x4):

Cookie=0x9aec1bf161d6039e, duration=59133.523s, table=0, n_packets=3, n_bytes=416, idle_age=37761, priority=1,in_port=1 actions=resubmit (2)

Cookie=0x9aec1bf161d6039e, duration=59125.488s, table=0, n_packets=2, n_bytes=433, idle_age=37761, priority=1,in_port=2 actions=resubmit (, 4)

Cookie=0x9aec1bf161d6039e, duration=59125.463s, table=0, n_packets=0, n_bytes=0, idle_age=59125, priority=1,in_port=3 actions=resubmit (, 4)

Cookie=0x9aec1bf161d6039e, duration=59133.521s, table=0, n_packets=0, n_bytes=0, idle_age=59133, priority=0 actions=drop

Cookie=0x9aec1bf161d6039e, duration=59133.518s, table=2, n_packets=1, n_bytes=42, idle_age=37766, priority=1,arp,dl_dst=ff:ff:ff:ff:ff:ff actions=resubmit (21)

Cookie=0x9aec1bf161d6039e, duration=59133.515s, table=2, n_packets=2, n_bytes=374, idle_age=37761, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit (20)

Then execute the ovs-vsctl emer-reset command

Then look at the flow meter and find that it has been emptied.

[root@test01 neutron] # ovs-ofctl dump-flows br-tun

Cookie=0x0, duration=9.061s, table=0, n_packets=0, n_bytes=0, idle_age=9, priority=0 actions=NORMAL

If you look at openvswitch-agent.log, you will think that OVS is Dead, but OVS is still working properly.

This will cause network failure and even affect some of the production and testing VLAN-related services transmitted through the physical switch in a complex network environment, resulting in accidents.

Solution: after restarting neutron-openvswitch-agent, the flow table returns to normal. (but not necessarily)

Look at the M version again.

View the flow table of br-tun in the compute node

Root@test1:~# ovs-ofctl dump-flows br-tun

NXST_FLOW reply (xid=0x4):

Cookie=0x8452729fc5c996cb, duration=16.012s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=1,in_port=1 actions=resubmit (2)

Cookie=0x8452729fc5c996cb, duration=12.923s, table=0, n_packets=0, n_bytes=0, idle_age=12, priority=1,in_port=4 actions=resubmit (, 4)

Cookie=0x8452729fc5c996cb, duration=12.230s, table=0, n_packets=0, n_bytes=0, idle_age=12, priority=1,in_port=3 actions=resubmit (, 4)

Cookie=0x8452729fc5c996cb, duration=16.012s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=0 actions=drop

.

Execute ovs-vsctl emer-reset

Check the flow table again, and restore it.

Check that openvswitch-agent.log,openvswitch-agent thinks that OVS is restarted. OVSNeutronAgent will reset bridges

The same operation, in the M version can automatically recover the flow table, but in the O version reported an error, should be regarded as a bug of neutron-openvswitch-agent, this is a command that needs to be used with caution.

Add: how openvSwitch works

OpenvSwitch is a high-quality, multi-layer virtual switch, using open source Apache2.0 license agreement, developed by Nicira Networks, the main implementation code is portable C code. It aims to make large-scale network automation programmatically extensible while still supporting standard management interfaces and protocols (such as NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distributed environments across multiple physical servers, similar to VMware's vNetwork distributed vswitch or Cisco Nexus 1000 V. Open vSwitch supports a variety of linux virtualization technologies, including Xen/XenServer, KVM and VirtualBox.

Openvswitch is a virtual switching software, which is mainly used in virtual machine VM environment. As a virtual switch, it supports a variety of virtualization technologies such as Xen/XenServer,KVM and virtualBox. In this virtualized environment, a virtual switch has two main functions: to transfer traffic between virtual machines, and to realize the communication between virtual machines and external networks.

The kernel module implements multiple "data paths" (similar to bridges), each of which can have multiple "vports" (similar to ports within the bridge). Each data path also sets the operation by associating a flow table (flow table), and the flows in these flow tables are the key information mapped by the user space based on the header and metadata, and the general operation is to forward the packet to another vport. When a packet arrives at a vport, what the kernel module does is extract the key information of its flow and look up the key information in the flow table. When there is a matching stream, it performs the corresponding operation. If there is no match, it sends the packet to the processing queue in user space (as part of the processing, user space may set up a stream to perform operations in the kernel when it encounters packets of the same type later).

Note:

Create a new bridge (switch) and name it S1:

Ovs-vsctl add-br s1

Note: when setting up the OVS, it is easy to form a layer 2 loop between the virtual switch and the physical switch (for example, the virtual switch contains two network cards, both of which are connected to the physical switch, which is a loop). Once there is a broadcast message, such as an ARP request, it will cause a broadcast storm and paralyze the network. Therefore, you should turn on STP support for virtual switches to avoid broadcast storms:

Ovs − vsctl set bridge switch name stp_enable=true

With common OVS operation

1. Add Bridge: ovs-vsctl add-br switch name

two。 Delete Bridge: ovs-vsctl del-br switch name

3. Add port: ovs-vsctl add-port switch name port name (network card name)

4. Delete port: ovs-vsctl del-port switch name port name (network card name)

5. Connection controller: ovs-vsctl set-controller switch name tcp:IP address: Port number

6. Disconnect controller: ovs-vsctl del-controller switch name

7. List all bridges: ovs-vsctl list-br

8. List all ports in the bridge: ovs-vsctl list-ports switch name

9. List all bridges attached to the network card: ovs-vsctl port-to-br port name (network card name)

10. View the network status of open vswitch: ovs-vsctl show

11. View the port information in Open vSwitch (the dpid corresponding to the switch, and the OpenFlow port number, port name, current status, etc.) of each port: ovs-ofctl show switch name

twelve。 Modify dpid:ovs-vsctl set bridge switch name other_config:datapath-id= new DPID

13. Modify the port number: ovs-vsctl set Interface port name ofport_request= new port number

14. View all Table:ovs-ofctl dump-tables ovs-switch in the switch

15. View all flow table entries in the switch: ovs − ofctl dump − flows ovs-switch

16. Delete all flow table entries on port number 100: ovs-ofctl del-flows ovs-switch "in_port=100"

17. Add a flow table entry (for example, "add a new OpenFlow entry and modify the source address of packets received from port p0 to 9.181.137.1"):

Ovs-ofctl add-flow ovs-switch "priority=1 idle_timeout=0,in_port=100,actions=mod_nw_src:9.181.137.1,normal"

18. View OVS version information: ovs-appctl-version

19. Check the version of OpenFlow protocol supported by OVS: ovs-ofctl-version

The answer to the question about the reason why the ovs-vsctl emer-reset command needs to be used carefully is shared here. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.