Open vSwitch

Create instance one
- Assign Floating IP
Create instance two
- Assign Floating IP
1
2
3

stack@workstation:~$ sudo ovs-vsctl show
1716aa40-cfbf-40d1-84f4-b54f413c956f
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "tap5c877dda-8c"
            tag: 3
            Interface "tap5c877dda-8c"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qg-87472836-0e"
            tag: 2
            Interface "qg-87472836-0e"
                type: internal
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qr-1bad49fd-d9"
            tag: 1
            Interface "qr-1bad49fd-d9"
                type: internal
        Port "tapd0f0eaf4-be"
            tag: 1
            Interface "tapd0f0eaf4-be"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qr-846cb383-16"
            tag: 1
            Interface "qr-846cb383-16"
                type: internal
    ovs_version: "2.8.1"
stack@workstation:~$

stack@workstation:~$ sudo ifconfig
br-ex     Link encap:Ethernet  HWaddr aa:49:ab:01:f3:44  
          inet addr:172.24.4.1  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: 2001:db8::2/64 Scope:Global
          inet6 addr: fe80::a849:abff:fe01:f344/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7638 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7710 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:886789 (886.7 KB)  TX bytes:1097499 (1.0 MB)

enp0s25   Link encap:Ethernet  HWaddr b8:ae:ed:73:2a:ba  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:1192416 errors:0 dropped:0 overruns:0 frame:0
          TX packets:713888 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1705663012 (1.7 GB)  TX bytes:62408687 (62.4 MB)
          Interrupt:20 Memory:f7100000-f7120000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:7147267 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7147267 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:12200373662 (12.2 GB)  TX bytes:12200373662 (12.2 GB)

virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlp2s0    Link encap:Ethernet  HWaddr 34:13:e8:21:92:ec  
          inet addr:192.168.1.71  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::6a34:1fbd:ae5e:768c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5617 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5715 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4751757 (4.7 MB)  TX bytes:890182 (890.1 KB)

wlx803f5dc15809 Link encap:Ethernet  HWaddr 80:3f:5d:c1:58:09  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

stack@workstation:~$

stack@workstation:~/devstack$ /sbin/brctl show
bridge name    bridge id        STP enabled    interfaces
qbr0f0b2f1c-fe        8000.5e36ff130537    no        qvb0f0b2f1c-fe
                            tap0f0b2f1c-fe
qbr96ceaf3c-e8        8000.4e9697ab7e66    no        qvb96ceaf3c-e8
                            tap96ceaf3c-e8
virbr0        8000.000000000000    yes        
stack@workstation:~/devstack$ ip neigh
172.24.4.3 dev br-ex lladdr fa:16:3e:70:cc:40 REACHABLE
192.168.1.254 dev wlp4s0  FAILED
192.168.1.253 dev enp0s25 lladdr 9e:97:26:26:57:ea STALE
192.168.1.254 dev enp0s25 lladdr 9c:97:26:26:57:ea REACHABLE
172.24.4.11 dev br-ex lladdr fa:16:3e:70:cc:40 STALE
172.24.4.5 dev br-ex lladdr fa:16:3e:70:cc:40 STALE
fe80::b67c:9cff:fe2b:8782 dev wlp4s0 lladdr b4:7c:9c:2b:87:82 STALE
fe80::9e97:26ff:fe26:57ea dev enp0s25 lladdr 9c:97:26:26:57:ea router STALE
fe80::b67c:9cff:fe2b:8782 dev enp0s25 lladdr b4:7c:9c:2b:87:82 STALE
fe80::2921:efcb:40f9:2f84 dev wlp4s0 lladdr b8:27:eb:3d:8f:a1 STALE
fe80::f2d7:aaff:fec2:6875 dev wlp4s0 lladdr f0:d7:aa:c2:68:75 STALE
fe80::2921:efcb:40f9:2f84 dev enp0s25 lladdr b8:27:eb:3d:8f:a1 STALE
fe80::f2d7:aaff:fec2:6875 dev enp0s25 lladdr f0:d7:aa:c2:68:75 STALE
fe80::f816:3eff:fe70:cc40 dev br-ex lladdr fa:16:3e:70:cc:40 STALE
fe80::9e97:26ff:fe26:57ea dev wlp4s0 lladdr 9c:97:26:26:57:ea router STALE
stack@workstation:~/devstack$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 54:ee:75:2d:1d:f4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.83/24 brd 192.168.1.255 scope global dynamic enp0s25
       valid_lft 77061sec preferred_lft 77061sec
    inet6 fe80::5f2f:c360:6bb2:43c2/64 scope link 
       valid_lft forever preferred_lft forever
3: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether e8:b1:fc:08:6b:b4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.79/24 brd 192.168.1.255 scope global dynamic wlp4s0
       valid_lft 70414sec preferred_lft 70414sec
    inet6 fe80::405a:3e2f:ec17:f58f/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 52:54:00:f8:38:e0 brd ff:ff:ff:ff:ff:ff
6: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 5e:15:90:29:49:d5 brd ff:ff:ff:ff:ff:ff
7: br-int: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
    link/ether 0e:08:d2:ee:09:4c brd ff:ff:ff:ff:ff:ff
8: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 26:c3:f0:08:c0:4f brd ff:ff:ff:ff:ff:ff
    inet 172.24.4.1/24 scope global br-ex
       valid_lft forever preferred_lft forever
    inet6 2001:db8::2/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::24c3:f0ff:fe08:c04f/64 scope link 
       valid_lft forever preferred_lft forever
9: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 9a:86:fd:8d:75:4e brd ff:ff:ff:ff:ff:ff
22: qbr0f0b2f1c-fe: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether 5e:36:ff:13:05:37 brd ff:ff:ff:ff:ff:ff
23: qvo0f0b2f1c-fe@qvb0f0b2f1c-fe: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP group default qlen 1000
    link/ether 02:3a:18:bc:21:5b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3a:18ff:febc:215b/64 scope link 
       valid_lft forever preferred_lft forever
24: qvb0f0b2f1c-fe@qvo0f0b2f1c-fe: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbr0f0b2f1c-fe state UP group default qlen 1000
    link/ether 5e:36:ff:13:05:37 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5c36:ffff:fe13:537/64 scope link 
       valid_lft forever preferred_lft forever
26: tap0f0b2f1c-fe: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast master qbr0f0b2f1c-fe state UNKNOWN group default qlen 1000
    link/ether fe:16:3e:6e:a4:24 brd ff:ff:ff:ff:ff:ff
27: qbr96ceaf3c-e8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether 4e:96:97:ab:7e:66 brd ff:ff:ff:ff:ff:ff
28: qvo96ceaf3c-e8@qvb96ceaf3c-e8: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP group default qlen 1000
    link/ether 72:7f:52:25:bd:a4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::707f:52ff:fe25:bda4/64 scope link 
       valid_lft forever preferred_lft forever
29: qvb96ceaf3c-e8@qvo96ceaf3c-e8: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbr96ceaf3c-e8 state UP group default qlen 1000
    link/ether 4e:96:97:ab:7e:66 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4c96:97ff:feab:7e66/64 scope link 
       valid_lft forever preferred_lft forever
30: tap96ceaf3c-e8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast master qbr96ceaf3c-e8 state UNKNOWN group default qlen 1000
    link/ether fe:16:3e:c6:f1:ca brd ff:ff:ff:ff:ff:ff
stack@workstation:~/devstack$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 54:ee:75:2d:1d:f4 brd ff:ff:ff:ff:ff:ff
3: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
    link/ether e8:b1:fc:08:6b:b4 brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:f8:38:e0 brd ff:ff:ff:ff:ff:ff
6: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 5e:15:90:29:49:d5 brd ff:ff:ff:ff:ff:ff
7: br-int: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 0e:08:d2:ee:09:4c brd ff:ff:ff:ff:ff:ff
8: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 26:c3:f0:08:c0:4f brd ff:ff:ff:ff:ff:ff
9: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 9a:86:fd:8d:75:4e brd ff:ff:ff:ff:ff:ff
22: qbr0f0b2f1c-fe: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 5e:36:ff:13:05:37 brd ff:ff:ff:ff:ff:ff
23: qvo0f0b2f1c-fe@qvb0f0b2f1c-fe: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP mode DEFAULT group default qlen 1000
    link/ether 02:3a:18:bc:21:5b brd ff:ff:ff:ff:ff:ff
24: qvb0f0b2f1c-fe@qvo0f0b2f1c-fe: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbr0f0b2f1c-fe state UP mode DEFAULT group default qlen 1000
    link/ether 5e:36:ff:13:05:37 brd ff:ff:ff:ff:ff:ff
26: tap0f0b2f1c-fe: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast master qbr0f0b2f1c-fe state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether fe:16:3e:6e:a4:24 brd ff:ff:ff:ff:ff:ff
27: qbr96ceaf3c-e8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 4e:96:97:ab:7e:66 brd ff:ff:ff:ff:ff:ff
28: qvo96ceaf3c-e8@qvb96ceaf3c-e8: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP mode DEFAULT group default qlen 1000
    link/ether 72:7f:52:25:bd:a4 brd ff:ff:ff:ff:ff:ff
29: qvb96ceaf3c-e8@qvo96ceaf3c-e8: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbr96ceaf3c-e8 state UP mode DEFAULT group default qlen 1000
    link/ether 4e:96:97:ab:7e:66 brd ff:ff:ff:ff:ff:ff
30: tap96ceaf3c-e8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast master qbr96ceaf3c-e8 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether fe:16:3e:c6:f1:ca brd ff:ff:ff:ff:ff:ff
stack@workstation:~/devstack$ ip route
default via 192.168.1.254 dev enp0s25  proto static  metric 100 
default via 192.168.1.254 dev wlp4s0  proto static  metric 600 
169.254.0.0/16 dev wlp4s0  scope link  metric 1000 
172.24.4.0/24 dev br-ex  proto kernel  scope link  src 172.24.4.1 
192.168.1.0/24 dev enp0s25  proto kernel  scope link  src 192.168.1.83  metric 100 
192.168.1.0/24 dev wlp4s0  proto kernel  scope link  src 192.168.1.79  metric 600 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 linkdown 
stack@workstation:~/devstack$ ip netns
qrouter-d3ffe3ea-2be5-44c6-901c-9a4fd9dc40e9
qdhcp-d80926c2-8088-4921-887e-2b7bdaa9dc52
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 show br-ex
OFPT_FEATURES_REPLY (OF1.3) (xid=0x2): dpid:000026c3f008c04f
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATS
OFPST_PORT_DESC reply (OF1.3) (xid=0x3):
 1(phy-br-ex): addr:ba:c4:5a:db:fd:4e
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-ex): addr:26:c3:f0:08:c0:4f
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (OF1.3) (xid=0x7): frags=normal miss_send_len=0
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 show br-int
OFPT_FEATURES_REPLY (OF1.3) (xid=0x2): dpid:00000e08d2ee094c
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATS
OFPST_PORT_DESC reply (OF1.3) (xid=0x3):
 1(int-br-ex): addr:e6:b4:e1:2d:58:52
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
 2(patch-tun): addr:76:6b:e3:9a:91:e6
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
 3(tap0a773b78-86): addr:00:00:00:00:76:08
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 4(qr-bece279d-64): addr:00:00:00:00:76:08
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 5(qg-114a286b-54): addr:00:00:00:00:76:08
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 6(qr-a9dcc10f-32): addr:00:00:00:00:76:08
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 9(qvo0f0b2f1c-fe): addr:02:3a:18:bc:21:5b
     config:     0
     state:      LIVE
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 10(qvo96ceaf3c-e8): addr:72:7f:52:25:bd:a4
     config:     0
     state:      LIVE
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 LOCAL(br-int): addr:0e:08:d2:ee:09:4c
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (OF1.3) (xid=0x7): frags=normal miss_send_len=0
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 show br-tun
OFPT_FEATURES_REPLY (OF1.3) (xid=0x2): dpid:00009a86fd8d754e
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATS
OFPST_PORT_DESC reply (OF1.3) (xid=0x3):
 1(patch-int): addr:e2:bd:92:2e:d5:ef
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-tun): addr:9a:86:fd:8d:75:4e
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (OF1.3) (xid=0x7): frags=normal miss_send_len=0
stack@workstation:~/devstack$ 
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 show br-tun
OFPT_FEATURES_REPLY (OF1.3) (xid=0x2): dpid:00009a86fd8d754e
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATS
OFPST_PORT_DESC reply (OF1.3) (xid=0x3):
 1(patch-int): addr:e2:bd:92:2e:d5:ef
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-tun): addr:9a:86:fd:8d:75:4e
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (OF1.3) (xid=0x7): frags=normal miss_send_len=0
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 dump-ports-desc br-ex
OFPST_PORT_DESC reply (OF1.3) (xid=0x2):
 1(phy-br-ex): addr:ba:c4:5a:db:fd:4e
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-ex): addr:26:c3:f0:08:c0:4f
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 dump-ports-desc br-int
OFPST_PORT_DESC reply (OF1.3) (xid=0x2):
 1(int-br-ex): addr:e6:b4:e1:2d:58:52
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
 2(patch-tun): addr:76:6b:e3:9a:91:e6
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
 3(tap0a773b78-86): addr:00:00:00:00:76:08
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 4(qr-bece279d-64): addr:00:00:00:00:76:08
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 5(qg-114a286b-54): addr:00:00:00:00:76:08
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 6(qr-a9dcc10f-32): addr:00:00:00:00:76:08
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 9(qvo0f0b2f1c-fe): addr:02:3a:18:bc:21:5b
     config:     0
     state:      LIVE
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 10(qvo96ceaf3c-e8): addr:72:7f:52:25:bd:a4
     config:     0
     state:      LIVE
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 LOCAL(br-int): addr:0e:08:d2:ee:09:4c
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 dump-ports-desc br-tun
OFPST_PORT_DESC reply (OF1.3) (xid=0x2):
 1(patch-int): addr:e2:bd:92:2e:d5:ef
     config:     0
     state:      LIVE
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-tun): addr:9a:86:fd:8d:75:4e
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 dump-ports br-ex
OFPST_PORT reply (OF1.3) (xid=0x2): 2 ports
  port LOCAL: rx pkts=360154, bytes=20518364, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts=614446, bytes=950505419, drop=0, errs=0, coll=0
           duration=7665.808s
  port  "phy-br-ex": rx pkts=360407, bytes=25588511, drop=?, errs=?, frame=?, over=?, crc=?
           tx pkts=614445, bytes=950505246, drop=?, errs=?, coll=?
           duration=7495.298s
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 dump-ports br-int
OFPST_PORT reply (OF1.3) (xid=0x2): 9 ports
  port "qvo96ceaf3c-e8": rx pkts=777, bytes=80020, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts=747, bytes=88867, drop=0, errs=0, coll=0
           duration=1226.334s
  port LOCAL: rx pkts=0, bytes=0, drop=426, errs=0, frame=0, over=0, crc=0
           tx pkts=0, bytes=0, drop=0, errs=0, coll=0
           duration=7671.449s
  port  "qvo0f0b2f1c-fe": rx pkts=361094, bytes=25656279, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts=614659, bytes=950531638, drop=0, errs=0, coll=0
           duration=5487.561s
  port  "qg-114a286b-54": rx pkts=614435, bytes=941901743, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts=360174, bytes=25562248, drop=0, errs=0, coll=0
           duration=7477.492s
  port  "int-br-ex": rx pkts=614446, bytes=950505419, drop=?, errs=?, frame=?, over=?, crc=?
           tx pkts=360407, bytes=25588511, drop=?, errs=?, coll=?
           duration=7500.670s
  port  "qr-bece279d-64": rx pkts=360939, bytes=20587839, drop=4, errs=0, frame=0, over=0, crc=0
           tx pkts=614751, bytes=950540450, drop=0, errs=0, coll=0
           duration=7480.963s
  port  "qr-a9dcc10f-32": rx pkts=90, bytes=7582, drop=5, errs=0, frame=0, over=0, crc=0
           tx pkts=130, bytes=15300, drop=0, errs=0, coll=0
           duration=7473.695s
  port  "patch-tun": rx pkts=0, bytes=0, drop=?, errs=?, frame=?, over=?, crc=?
           tx pkts=422, bytes=45920, drop=?, errs=?, coll=?
           duration=7500.562s
  port  "tap0a773b78-86": rx pkts=1445, bytes=99559, drop=4, errs=0, frame=0, over=0, crc=0
           tx pkts=104, bytes=7478, drop=0, errs=0, coll=0
           duration=7490.506s
stack@workstation:~/devstack$ 
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 dump-ports br-tun
OFPST_PORT reply (OF1.3) (xid=0x2): 2 ports
  port LOCAL: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts=0, bytes=0, drop=0, errs=0, coll=0
           duration=7633.527s
  port  "patch-int": rx pkts=424, bytes=46156, drop=?, errs=?, frame=?, over=?, crc=?
           tx pkts=0, bytes=0, drop=?, errs=?, coll=?
           duration=7633.486s
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 dump-flows br-ex
 cookie=0x52451daabb7bb184, duration=7612.508s, table=0, n_packets=409763, n_bytes=29025890, priority=4,in_port="phy-br-ex",dl_vlan=2 actions=pop_vlan,NORMAL
 cookie=0x52451daabb7bb184, duration=7636.998s, table=0, n_packets=255, n_bytes=28227, priority=2,in_port="phy-br-ex" actions=drop
 cookie=0x52451daabb7bb184, duration=7637.020s, table=0, n_packets=700547, n_bytes=1083834985, priority=0 actions=NORMAL
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 dump-flows br-int
 cookie=0x61b3bbddd8c8421c, duration=5625.320s, table=0, n_packets=10, n_bytes=860, priority=10,icmp6,in_port="qvo0f0b2f1c-fe",icmp_type=136 actions=goto_table:24
 cookie=0x61b3bbddd8c8421c, duration=1366.002s, table=0, n_packets=0, n_bytes=0, priority=10,icmp6,in_port="qvo96ceaf3c-e8",icmp_type=136 actions=goto_table:24
 cookie=0x61b3bbddd8c8421c, duration=5625.317s, table=0, n_packets=199, n_bytes=8358, priority=10,arp,in_port="qvo0f0b2f1c-fe" actions=goto_table:24
 cookie=0x61b3bbddd8c8421c, duration=1365.997s, table=0, n_packets=55, n_bytes=2310, priority=10,arp,in_port="qvo96ceaf3c-e8" actions=goto_table:24
 cookie=0x61b3bbddd8c8421c, duration=7642.436s, table=0, n_packets=25, n_bytes=3339, priority=2,in_port="int-br-ex" actions=drop
 cookie=0x61b3bbddd8c8421c, duration=5625.325s, table=0, n_packets=410623, n_bytes=29123690, priority=9,in_port="qvo0f0b2f1c-fe" actions=goto_table:25
 cookie=0x61b3bbddd8c8421c, duration=1366.009s, table=0, n_packets=860, n_bytes=90204, priority=9,in_port="qvo96ceaf3c-e8" actions=goto_table:25
 cookie=0x61b3bbddd8c8421c, duration=7617.943s, table=0, n_packets=700523, n_bytes=1083831819, priority=3,in_port="int-br-ex",vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4098->vlan_vid,goto_table:60
 cookie=0x61b3bbddd8c8421c, duration=7642.639s, table=0, n_packets=1110863, n_bytes=1112920685, priority=0 actions=goto_table:60
 cookie=0x61b3bbddd8c8421c, duration=7642.640s, table=23, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0x61b3bbddd8c8421c, duration=5625.323s, table=24, n_packets=1, n_bytes=86, priority=2,icmp6,in_port="qvo0f0b2f1c-fe",icmp_type=136,nd_target=fdf0:e510:5486:0:f816:3eff:fe6e:a424 actions=goto_table:60
 cookie=0x61b3bbddd8c8421c, duration=5625.322s, table=24, n_packets=9, n_bytes=774, priority=2,icmp6,in_port="qvo0f0b2f1c-fe",icmp_type=136,nd_target=fe80::f816:3eff:fe6e:a424 actions=goto_table:60
 cookie=0x61b3bbddd8c8421c, duration=1366.006s, table=24, n_packets=0, n_bytes=0, priority=2,icmp6,in_port="qvo96ceaf3c-e8",icmp_type=136,nd_target=fe80::f816:3eff:fec6:f1ca actions=goto_table:60
 cookie=0x61b3bbddd8c8421c, duration=1366.004s, table=24, n_packets=0, n_bytes=0, priority=2,icmp6,in_port="qvo96ceaf3c-e8",icmp_type=136,nd_target=fdf0:e510:5486:0:f816:3eff:fec6:f1ca actions=goto_table:60
 cookie=0x61b3bbddd8c8421c, duration=5625.319s, table=24, n_packets=199, n_bytes=8358, priority=2,arp,in_port="qvo0f0b2f1c-fe",arp_spa=10.0.0.4 actions=goto_table:25
 cookie=0x61b3bbddd8c8421c, duration=1366s, table=24, n_packets=55, n_bytes=2310, priority=2,arp,in_port="qvo96ceaf3c-e8",arp_spa=10.0.0.11 actions=goto_table:25
 cookie=0x61b3bbddd8c8421c, duration=7642.635s, table=24, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0x61b3bbddd8c8421c, duration=5625.329s, table=25, n_packets=410802, n_bytes=29128800, priority=2,in_port="qvo0f0b2f1c-fe",dl_src=fa:16:3e:6e:a4:24 actions=goto_table:60
 cookie=0x61b3bbddd8c8421c, duration=1366.015s, table=25, n_packets=902, n_bytes=89869, priority=2,in_port="qvo96ceaf3c-e8",dl_src=fa:16:3e:c6:f1:ca actions=goto_table:60
 cookie=0x61b3bbddd8c8421c, duration=7642.637s, table=60, n_packets=2224009, n_bytes=2226051885, priority=3 actions=NORMAL
stack@workstation:~/devstack$ sudo ovs-ofctl --protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14 dump-flows br-tun
 cookie=0x3eb375ce2058e86a, duration=7648.285s, table=0, n_packets=424, n_bytes=46156, priority=1,in_port="patch-int" actions=goto_table:2
 cookie=0x3eb375ce2058e86a, duration=7648.283s, table=0, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0x3eb375ce2058e86a, duration=7648.281s, table=2, n_packets=14, n_bytes=1020, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=goto_table:20
 cookie=0x3eb375ce2058e86a, duration=7648.279s, table=2, n_packets=410, n_bytes=45136, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=goto_table:22
 cookie=0x3eb375ce2058e86a, duration=7648.277s, table=3, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0x3eb375ce2058e86a, duration=7637.907s, table=4, n_packets=0, n_bytes=0, priority=1,tun_id=0x2b actions=push_vlan:0x8100,set_field:4097->vlan_vid,goto_table:10
 cookie=0x3eb375ce2058e86a, duration=7648.275s, table=4, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0x3eb375ce2058e86a, duration=7648.273s, table=6, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0x3eb375ce2058e86a, duration=7648.271s, table=10, n_packets=0, n_bytes=0, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0x3eb375ce2058e86a,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:OXM_OF_IN_PORT[]),output:"patch-int"
 cookie=0x3eb375ce2058e86a, duration=7648.267s, table=20, n_packets=14, n_bytes=1020, priority=0 actions=goto_table:22
 cookie=0x3eb375ce2058e86a, duration=7648.265s, table=22, n_packets=424, n_bytes=46156, priority=0 actions=drop
stack@workstation:~/devstack$ sudo iptables --line-numbers -L -nv -t filter
Chain INPUT (policy ACCEPT 435K packets, 1046M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    2269K 9677M neutron-openvswi-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
3        0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
4        0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
5        0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67

Chain FORWARD (policy ACCEPT 416K packets, 413M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    2236K 2206M neutron-filter-top  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2    2236K 2206M neutron-openvswi-FORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
4        0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
5        0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
6        0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
7        0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 434K packets, 1042M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    2261K 9630M neutron-filter-top  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2    2261K 9630M neutron-openvswi-OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68

Chain neutron-filter-top (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1    4497K   12G neutron-openvswi-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain neutron-openvswi-FORWARD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tap0a773b78-86 --physdev-is-bridged /* Accept all packets when port is trusted. */
2        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tapbece279d-64 --physdev-is-bridged /* Accept all packets when port is trusted. */
3        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tap114a286b-54 --physdev-is-bridged /* Accept all packets when port is trusted. */
4        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tapa9dcc10f-32 --physdev-is-bridged /* Accept all packets when port is trusted. */
5     704K 1080M neutron-openvswi-sg-chain  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tap0f0b2f1c-fe --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
6     413K   23M neutron-openvswi-sg-chain  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tap0f0b2f1c-fe --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
7      807 83745 neutron-openvswi-sg-chain  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tap96ceaf3c-e8 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
8      855 76457 neutron-openvswi-sg-chain  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tap96ceaf3c-e8 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */

Chain neutron-openvswi-INPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 neutron-openvswi-o0f0b2f1c-f  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tap0f0b2f1c-fe --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */
2        0     0 neutron-openvswi-o96ceaf3c-e  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tap96ceaf3c-e8 --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */

Chain neutron-openvswi-OUTPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain neutron-openvswi-i0f0b2f1c-f (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     704K 1080M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
2        2   727 RETURN     udp  --  *      *       0.0.0.0/0            10.0.0.4             udp spt:67 dpt:68
3        0     0 RETURN     udp  --  *      *       0.0.0.0/0            255.255.255.255      udp spt:67 dpt:68
4       13   852 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set NIPv44c10ca24-b903-48ec-a1c5- src
5        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
6        2   648 neutron-openvswi-sg-fallback  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-i96ceaf3c-e (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      801 82793 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
2        2   728 RETURN     udp  --  *      *       0.0.0.0/0            10.0.0.11            udp spt:67 dpt:68
3        0     0 RETURN     udp  --  *      *       0.0.0.0/0            255.255.255.255      udp spt:67 dpt:68
4        4   224 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set NIPv44c10ca24-b903-48ec-a1c5- src
5        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
6        0     0 neutron-openvswi-sg-fallback  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-local (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain neutron-openvswi-o0f0b2f1c-f (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        2   656 RETURN     udp  --  *      *       0.0.0.0              255.255.255.255      udp spt:68 dpt:67 /* Allow DHCP client traffic. */
2     413K   23M neutron-openvswi-s0f0b2f1c-f  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:68 dpt:67 /* Allow DHCP client traffic. */
4        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68 /* Prevent DHCP Spoofing by VM. */
5     412K   23M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
6      964 61386 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
8        0     0 neutron-openvswi-sg-fallback  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-o96ceaf3c-e (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        2   648 RETURN     udp  --  *      *       0.0.0.0              255.255.255.255      udp spt:68 dpt:67 /* Allow DHCP client traffic. */
2      853 75809 neutron-openvswi-s96ceaf3c-e  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:68 dpt:67 /* Allow DHCP client traffic. */
4        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68 /* Prevent DHCP Spoofing by VM. */
5      813 73258 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
6       40  2551 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
8        0     0 neutron-openvswi-sg-fallback  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-s0f0b2f1c-f (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     413K   23M RETURN     all  --  *      *       10.0.0.4             0.0.0.0/0            MAC FA:16:3E:6E:A4:24 /* Allow traffic from defined IP/MAC pairs. */
2        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Drop traffic without an IP/MAC allow rule. */

Chain neutron-openvswi-s96ceaf3c-e (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      853 75809 RETURN     all  --  *      *       10.0.0.11            0.0.0.0/0            MAC FA:16:3E:C6:F1:CA /* Allow traffic from defined IP/MAC pairs. */
2        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Drop traffic without an IP/MAC allow rule. */

Chain neutron-openvswi-sg-chain (4 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     704K 1080M neutron-openvswi-i0f0b2f1c-f  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tap0f0b2f1c-fe --physdev-is-bridged /* Jump to the VM specific chain. */
2     413K   23M neutron-openvswi-o0f0b2f1c-f  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tap0f0b2f1c-fe --physdev-is-bridged /* Jump to the VM specific chain. */
3      807 83745 neutron-openvswi-i96ceaf3c-e  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tap96ceaf3c-e8 --physdev-is-bridged /* Jump to the VM specific chain. */
4      855 76457 neutron-openvswi-o96ceaf3c-e  all  --  *      *       0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tap96ceaf3c-e8 --physdev-is-bridged /* Jump to the VM specific chain. */
5    1120K 1103M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain neutron-openvswi-sg-fallback (4 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       22  2256 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Default drop rule for unmatched traffic. */
stack@workstation:~/devstack$ sudo iptables --line-numbers -L -nv -t nat
Chain PREROUTING (policy ACCEPT 1005 packets, 71535 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 36 packets, 7279 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 9252 packets, 565K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 9998 packets, 615K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       20  2077 RETURN     all  --  *      *       192.168.122.0/24     224.0.0.0/24        
2        0     0 RETURN     all  --  *      *       192.168.122.0/24     255.255.255.255     
3        0     0 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
4        0     0 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
5        0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24    
6      203 12594 MASQUERADE  all  --  *      enp0s25  172.24.4.0/24        0.0.0.0/0           
7        0     0 MASQUERADE  all  --  *      wlp4s0  172.24.4.0/24        0.0.0.0/0           
stack@workstation:~/devstack$ sudo iptables --line-numbers -L -nv -t mangle
Chain PREROUTING (policy ACCEPT 4978K packets, 13G bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 2740K packets, 10G bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 2238K packets, 2209M bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 2558K packets, 9690M bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 4796K packets, 12G bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 CHECKSUM   udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68 CHECKSUM fill
stack@workstation:~/devstack$ sudo ebtables -t filter -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
stack@workstation:~/devstack$ sudo ebtables -t nat -L
Bridge table: nat

Bridge chain: PREROUTING, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

Bridge chain: POSTROUTING, entries: 0, policy: ACCEPT
stack@workstation:~/devstack$ sudo ebtables -t broute -L
Bridge table: broute

Bridge chain: BROUTING, entries: 0, policy: ACCEPT
stack@workstation:~/devstack$

PreviousTempest NextDebug

Last updated 7 years ago