HP Service Insertion Guide K/KA/WB.15.15

ManualsBrandsHP ManualsSoftwareHP Network Protector SDN Application 250 Concurrent Clients E-LTU

Troubleshooting helpPossible causeIssueID

Relevant MIB objects:

tunnelInetConfigIfIndex

(rfc4087 MIB)

From an OF response perspective,

the flow mod request will be rejected

with error type="BAD_ACTION",

code="BAD_OUT_PORT"

NAOpenFlow 1.0 instanceFlowMod failure when trying to

program an OpenFlow rule that is

2

OpenFlow Forwarding to a tunnel

interface is only supported on 1.3

instances.

diverting packets to a tunnel

interface.

If the instance is a 1.0, the FlowMod

will fail.

The flow mod request will be rejected

with error type="BAD_ACTION",

code="BAD_OUT_PORT".

Tunnel ‘outport action’ limitations

There are some restrictions with using

Tunnels as outports as listed here:

• Cannot add tunnel interface as

one of the ports in a multi-port

output action.

• Cannot club a flow-rule’s output

action of sending packets to a

tunnel with “Normal” or

“SendToController” actions.

• Cannot club a flow-rule’s output

action of sending packets to a

tunnel with OpenFlow Strip-VLAN

action as the inner encapsulated

packets will always be VLAN

tagged.

• Tunnel interface cannot be part of

a FLOOD action.

FlowMod failure when trying to

program an OpenFlow rule that is

diverting packets to a tunnel

interface.

3

The flow mod request is rejected with

error type="BAD_REQUEST",

code="BAD_TABLE_ID".

Limitations with OpenFlow tables and

tunnels

The outport action for tunnel

interfaces is only supported on the

FlowMod failure when trying to

program an OpenFlow rule that is

diverting packets to a tunnel

interface.

4

Policy Engine (TCAM) tables and not

on the other tables including the

OpenFlow software tables.

The flow mod request is rejected with

error type="BAD_ACTION",

code="BAD_ARGUMENT".

Match criteria limitations with tunnels

Tunnel Interfaces cannot be used as

a match field (IN_PORT) in

OpenFlow rules.

FlowMod failure when programming

OpenFlow rules with in_port as

tunnel IfIndex.

5

Check if there are overlapping rules

with higher precedence compared to

tunnel rules.

Higher precedence rule

Another higher precedence

OpenFlow rule matched instead of

the DNS/IP match rule.

DNS/IP packets not sent out to the

tunnel.

6

If so, check the packet counts of the

higher precedence overlapping rules

to see if they are incrementing.

Run the following CLI command to

know if there are MTU violations

causing packets to not be tunneled.

Packet encapsulation failure

If the tunnel is UP and packets are

matching an OpenFlow rule that is

DNS/IP packets not sent out to the

tunnel.

7

HP-3800-SW$ show interface

tunnel type intercept

statistics

directing traffic to the tunnel but

packets are not being sent to the

Troubleshooting 21