Traffic not flowing through the container!

[AJNOURI]

I am running the ovs container in interactive mode

cid=$(docker run -itd socketplane/openvswitch)
docker exec -it $cid /bin/sh

Connected new container interfaces (ethi) to host bridges (br10i)

sudo pipework br101 -i eth1 $RCID 0/0
sudo pipework br102 -i eth2 $RCID 0/0
sudo pipework br103 -i eth3 $RCID 0/0
sudo pipework br104 -i eth4 $RCID 0/0

and I bridged four VMs to br101...br104

Container (interfaces created successfully)

/ # ip a | grep eth
69: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 scope global eth0
71: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 96:a6:ea:2d:2f:8c brd ff:ff:ff:ff:ff:ff
73: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether c2:80:72:05:cd:f8 brd ff:ff:ff:ff:ff:ff
75: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 92:f4:ad:e6:24:73 brd ff:ff:ff:ff:ff:ff
77: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 0a:f2:45:3f:f2:43 brd ff:ff:ff:ff:ff:ff

Container (include all interfaces into the same VLAN)

/ # ovs-vsctl add-br br0

ovs-vsctl: Error detected while setting up 'br0'.  See ovs-vswitchd log for details.
/ # ovs-vsctl add-port br0 eth1 tag=10
ovs-vsctl: Error detected while setting up 'eth1'.  See ovs-vswitchd log for details.
/ # ovs-vsctl add-port br0 eth2 tag=10
ovs-vsctl: Error detected while setting up 'eth2'.  See ovs-vswitchd log for details.
/ # ovs-vsctl add-port br0 eth3 tag=10
ovs-vsctl: Error detected while setting up 'eth3'.  See ovs-vswitchd log for details.
/ # ovs-vsctl add-port br0 eth4 tag=10
ovs-vsctl: Error detected while setting up 'eth4'.  See ovs-vswitchd log for details.

Result of ovs-vswitchd.log

https://docs.google.com/document/d/1RYlbF5yFDNXYuX--R5yfjv_hHGCBxpJgpVN-xkZXBIw/edit?usp=sharing

Noticeable error:

2015-07-26T18:22:00Z|00142|netlink_socket|DBG|nl_sock_recv__ (Success): nl(len:76, type=2(error), flags=0, seq=a, pid=15 error(-1(Operation not permitted), in-reply-to(nl(len:56, type=26(ovs_datapath), flags=9[REQUEST][ECHO], seq=a, pid=15))
2015-07-26T18:22:00Z|00143|netlink_socket|DBG|received NAK error=0 (Operation not permitted)
2015-07-26T18:22:00Z|00144|dpif|WARN|failed to create datapath ovs-system: Operation not permitted
2015-07-26T18:22:00Z|00145|ofproto_dpif|ERR|failed to open datapath of type system: Operation not permitted
2015-07-26T18:22:00Z|00146|ofproto|ERR|failed to open datapath br0: Operation not permitted
2015-07-26T18:22:00Z|00147|bridge|ERR|failed to create bridge br0: Operation not permitted

Despite the error mesages, it looks like the coommands run successfully:

lsmod | grep openvswitch

openvswitch            66908  0 
gre                    13796  1 openvswitch
vxlan                  37619  1 openvswitch
libcrc32c              12644  1 openvswitch

Container (correct port to bridge mapping)

/ # ovs-vsctl show
d0b49a49-a925-4fff-8c94-5fed590de4a2
    Manager "ptcp:6640"
    Bridge "br0"
        Port "eth1"
            tag: 10
            Interface "eth1"
        Port "eth2"
            tag: 10
            Interface "eth2"
        Port "br0"
            Interface "br0"
                type: internal
        Port "eth3"
            tag: 10
            Interface "eth3"
        Port "eth4"
            tag: 10
            Interface "eth4"
    ovs_version: "2.3.2"

But no traffic goes through the switch!

[dave-tucker]

Hi @AJNOURI

I think the issue is that the container wasn't started with --cap-add NET_ADMIN This is covered in the README

[AJNOURI]

Many thanks @dave-tucker, Now works like a charm!!