Ask Your Question
0

TCP traffic and OpenvSwitch

asked 2022-02-06 16:59:00 +0000

devrandom gravatar image

updated 2022-02-06 18:02:29 +0000

I'm having an issue with OpenvSwitch whereby I have ping traffic passing but am unable to pass any tcp traffic (e.g. SSH).

I've attached two pcap files which show the following:

  • Host 1 (10.2.1.1): ping -c 3 10.2.2.1 && ssh 10.2.2.1
  • Brief Pause
  • Host 2 (10.2.2.1): ping -c 3 10.2.1.1 && ssh 10.2.1.1

As you can see, ping passes but ssh doesn't.

This seems to be in contradiction to my OVS flow config which is simple as as follows (these are the only flows configured on this OVS bridge) :

ovs-ofctl add-flow lon2local dl_type=0x800,nw_src=10.2.0.0/20,nw_dst=10.2.1.0/24,actions=output:73
ovs-ofctl add-flow lon2local dl_type=0x800,nw_src=10.2.0.0/20,nw_dst=10.2.2.0/24,actions=output:76
ovs-ofctl add-flow lon2local arp,nw_dst=10.2.1.0/24,actions=output:73
ovs-ofctl add-flow lon2local arp,nw_dst=10.2.2.0/24,actions=output:76

Hopefully somebody here is familiar with OVS, has seen these sort of flow issues before and can suggest how to fix it ?

PCAPS: https://send.tresorit.com/a#_vfy8aLsU...

edit retag flag offensive close merge delete

Comments

Put the capture files on a public share and then post a link to them by editing your question.

grahamb gravatar imagegrahamb ( 2022-02-06 17:34:24 +0000 )edit

thanks @grahamb !

devrandom gravatar imagedevrandom ( 2022-02-06 18:02:42 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-02-07 08:41:06 +0000

SYN-bit gravatar image

I took a quick look at your capture files. It seems your hosts are configured with an MTU of 9000, but the ethernet frames with a payload of >1500 don't seem to get forwarded. Are you sure your intermediate network also has jumbo frames enabled?

edit flag offensive delete link more

Comments

Thank you for your observation @SYN-bit. As far as I know jumbo frames are enabled, but I will check this today and come back to let you know.

devrandom gravatar imagedevrandom ( 2022-02-07 10:00:39 +0000 )edit

Were you able to check the jumboframe setting and pinpoint the issue @devrandom?

SYN-bit gravatar imageSYN-bit ( 2022-02-10 09:16:13 +0000 )edit

Hello @SYN-bit. At present I've switched all hosts back to using standard MTU (i.e. 1500) because it works. I did a bit of further investigation, and after a lot of internet searching, I eventually found a one-line comment on a random mailing list that explained that versions of OpenvSwitch older than X had a known bug where custom MTU settings were not actioned (i.e. no matter what the config said, it would always be 1500). So basically I need to find a maintenance window to get the switch software updated. Then (fingers crossed !!) custom MTU values should magically start working.

devrandom gravatar imagedevrandom ( 2022-02-10 11:18:20 +0000 )edit

I'll keep my fingers crossed for the upgrade too. For now, glad things are working on MTU=1500 for all systems!

SYN-bit gravatar imageSYN-bit ( 2022-02-10 11:53:13 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2022-02-06 16:57:57 +0000

Seen: 400 times

Last updated: Feb 07 '22

Related questions

Am I able to use wireshark to observe large (10G) traffic congestion?

How do I extract the individual flows from the total packets in a pcap file?

How to decode a protocol that wireshark doesn't recognize?

How to parse flows using python?

Network interface switches

do follow->udp stream work correctly?

How to install a full Wireshark package on a Cisco Switch?

how to find individual flows in wireshark

How can I get the flow count from a pcap file ?

Error while installing Wireshark

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2