OVS traffic capture

OVS traffic flow illustration(kolla example):

  1. traffic to go out of cloud via provider network
    VM –> tap+qbr(linuxbridge)+qvb –> qvo+br-int+int-br-ex –> phy-br-ex+br-ex+br_vlan –> external network
  2. traffic to go to vxlan tenant
    VM –> tap+qbr(linuxbridge)+qvb –> qvo+br-int+patch-tun –> patch-int+br-tun+port vxlan# –> remote host vxlan if ip

if no DVR used, then all traffic will go to neutron nodes from compute nodes then use neutron nodes’ port# to go out.

if DVR used, every host has a qrouter(same mac+IP), then when there’s no float IP for vm,  it can go out right from compute, don’t need to go to neutron; if there’s float IP, the float IP will reside on neutron node, so traffic need to go from vm to neutron first, then NATed and send to external, and when initiated from external, it will first hit neutron’s float IP, then filtered and NATed to vm.

Regular tcpdump can be done on Host’s port, but that only usable down to qvo. for patch-tun –> patch-int, you need to do following:

$ ip link add name snooper0 type dummy
$ ip link set dev snooper0 up

$ ovs-vsctl add-port br-int snooper0

$ ovs-vsctl -- set Bridge br-int mirrors=@m \
  -- --id=@snooper0 get Port snooper0 \
  -- --id=@patch-tun get Port patch-tun \
  -- --id=@m create Mirror name=mymirror select-dst-port=@patch-tun \
  select-src-port=@patch-tun output-port=@snooper0 select_all=1

You can then try to do the tcp dump:

$ tcpdump -i snooper0

To clear it:

$ ovs-vsctl clear Bridge br-int mirrors
$ ovs-vsctl del-port br-int snooper0
$ ip link delete dev snooper0

Example of OVS interface layout on kolla

 ovs-vsctl show
a47d37f3-d751-4099-9ce8-e8dd6bd6ad95
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port br-ex
            Interface br-ex
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br_vlan
            Interface br_vlan
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "qvo25abcc26-3b"
            tag: 138
            Interface "qvo25abcc26-3b"
        Port "qvo4a2cfe5e-2d"
            tag: 136
            Interface "qvo4a2cfe5e-2d"
        Port "qvo352c6436-0e"
            tag: 136
            Interface "qvo352c6436-0e"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qvoa3b4a6f5-7c"
            tag: 138
            Interface "qvoa3b4a6f5-7c"
        Port "qvo9a642877-88"
            tag: 119
            Interface "qvo9a642877-88"
        Port "qvoff3d27c2-9f"
            tag: 119
            Interface "qvoff3d27c2-9f"
        Port "qvodfdf4761-c4"
            tag: 140
            Interface "qvodfdf4761-c4"
        Port br-int
            Interface br-int
                type: internal
        Port "snooper0"
            Interface "snooper0"
        Port "qvoa07994e9-37"
            tag: 123
            Interface "qvoa07994e9-37"
        Port "qvo222f5d8d-71"
            tag: 119
            Interface "qvo222f5d8d-71"
        Port "qr-1c49d647-45"
            tag: 118
            Interface "qr-1c49d647-45"
                type: internal
        Port "qvo3647fcfb-4b"
            tag: 3
            Interface "qvo3647fcfb-4b"
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qvob9166dc8-6e"
            tag: 122
            Interface "qvob9166dc8-6e"
        Port "qvo8a1a110f-dd"
            tag: 126
            Interface "qvo8a1a110f-dd"
        Port "qvo4893299b-d1"
            tag: 121
            Interface "qvo4893299b-d1"
        Port "qr-0a5bced6-52"
            tag: 126
            Interface "qr-0a5bced6-52"
                type: internal
        Port "fg-a0413390-00"
            tag: 3
            Interface "fg-a0413390-00"
                type: internal
        Port "qvo074d82f3-40"
            tag: 120
            Interface "qvo074d82f3-40"
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-0af06613"
            Interface "vxlan-0af06613"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.19"}
        Port "vxlan-0af0660f"
            Interface "vxlan-0af0660f"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.15"}
        Port "vxlan-0af06615"
            Interface "vxlan-0af06615"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.21"}
        Port "vxlan-0af0660d"
            Interface "vxlan-0af0660d"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.13"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-0af0660b"
            Interface "vxlan-0af0660b"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.11"}
        Port "vxlan-0af06611"
            Interface "vxlan-0af06611"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.17"}
        Port "vxlan-0af0660e"
            Interface "vxlan-0af0660e"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.14"}
        Port "vxlan-0af06617"
            Interface "vxlan-0af06617"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.23"}
        Port "vxlan-0af06614"
            Interface "vxlan-0af06614"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.20"}
        Port "vxlan-0af06610"
            Interface "vxlan-0af06610"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.16"}
        Port "vxlan-0af0660c"
            Interface "vxlan-0af0660c"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.12"}
        Port "vxlan-0af06616"
            Interface "vxlan-0af06616"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.240.102.18", out_key=flow, remote_ip="10.240.102.22"}