<div dir="ltr">vm created on a vlan tenant network is using geneve tunnel(between compute and gateway nodes) to reach external network. Because of this, we need to consider tunnelling overhead while assigning MTU for vlan network. Can we improve OVN to avoid tunnelling in this case.<div><br></div><div>I have captured <span style="font-size:12.8px">ovn logical flows and corresponding physical flows in this case for understanding.</span></div><div><br></div><div><div style="font-size:12.8px">Created a vm on net2(a vlan tenant network), from this vm pinged 8.8.8.8 and noticed packet leaving the compute through tunnel port.</div><div style="font-size:12.8px">Same tested with ovn-trace command(i.e vm ip as source and 8.8.8.8 as dest ip)</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">sudo ovn-trace --db=tcp:<a href="http://172.16.2.8:6642/" target="_blank">172.16.2.8:6642</a> neutron-16fa5757-a44e-472a-<wbr>a2f8-997107b378c7 &#39;inport == &quot;8c11682c-5112-4810-84bd-<wbr>61a85d52cf63&quot; &amp;&amp; eth.src == fa:16:3e:b7:b0:82 &amp;&amp; eth.dst == fa:16:3e:8c:02:5d &amp;&amp; ip4.src == 172.16.2.106 &amp;&amp; ip4.dst == 8.8.8.8 &amp;&amp; ip.ttl == 64 &amp;&amp; icmp4.type==8&#39;</div></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><span style="font-size:12.8px"><br></span></div><div style="font-size:12.8px"><div style="font-size:12.8px">Within the compute node, packet leaving the vlan network and reaching the router ingress pipeline through logical patch port.</div><div style="font-size:12.8px"><div style="font-size:12.8px"><br class="gmail-Apple-interchange-newline">egress(dp=&quot;net2&quot;, inport=&quot;8c1168&quot;, outport=&quot;b8ad7d&quot;)</div><div style="font-size:12.8px">------------------------------<wbr>----------------------</div><div style="font-size:12.8px"> 9. ls_out_port_sec_l2 (ovn-northd.c:4080): outport == &quot;b8ad7d&quot;, priority 50, uuid c70c0020</div><div style="font-size:12.8px">    output;</div><div style="font-size:12.8px">    /* output to &quot;b8ad7d&quot;, type &quot;patch&quot; */</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"> cookie=0xc70c0020, duration=191601.944s, table=49, n_packets=304, n_bytes=29792, idle_age=0, hard_age=65534, priority=50,reg15=0x4,<wbr>metadata=0x3 actions=resubmit(,64)</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"> cookie=0x0, duration=191599.487s, table=65, n_packets=305, n_bytes=29834, idle_age=0, hard_age=65534, priority=100,reg15=0x4,<wbr>metadata=0x3 actions=clone(ct_clear,load:0-<wbr>&gt;NXM_NX_REG11[],load:0-&gt;NXM_<wbr>NX_REG12[],load:0-&gt;NXM_NX_<wbr>REG13[],load:0x6-&gt;NXM_NX_<wbr>REG11[],load:0x7-&gt;NXM_NX_<wbr>REG12[],load:0x2-&gt;OXM_OF_<wbr>METADATA[],load:0x2-&gt;NXM_NX_<wbr>REG14[],load:0-&gt;NXM_NX_REG10[]<wbr>,load:0-&gt;NXM_NX_REG15[],load:<wbr>0-&gt;NXM_NX_REG0[],load:0-&gt;NXM_<wbr>NX_REG1[],load:0-&gt;NXM_NX_REG2[<wbr>],load:0-&gt;NXM_NX_REG3[],load:<wbr>0-&gt;NXM_NX_REG4[],load:0-&gt;NXM_<wbr>NX_REG5[],load:0-&gt;NXM_NX_REG6[<wbr>],load:0-&gt;NXM_NX_REG7[],load:<wbr>0-&gt;NXM_NX_REG8[],load:0-&gt;NXM_<wbr>NX_REG9[],load:0-&gt;NXM_OF_IN_<wbr>PORT[],resubmit(,8))</div><div style="font-size:12.8px"><br></div></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Router ingress pipeline is run in the compute. This ingress pipeline is sending packet to controller though tunnel(bundle action), as outport is a distributed port.</div></div><div><br></div><div><div style="font-size:12.8px">ingress(dp=&quot;r1&quot;, inport=&quot;lrp-b8ad7d&quot;)</div><div style="font-size:12.8px">------------------------------<wbr>-------</div><div style="font-size:12.8px"> 7. lr_in_ip_routing (ovn-northd.c:4208): ip4.dst == <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>, priority 1, uuid 5d9f11b5</div><div style="font-size:12.8px">    ip.ttl--;</div><div style="font-size:12.8px">    reg0 = 10.0.0.1;</div><div style="font-size:12.8px">    reg1 = 10.0.0.101;</div><div style="font-size:12.8px">    eth.src = fa:16:3e:49:bb:60;</div><div style="font-size:12.8px">    outport = &quot;lrp-f74de5&quot;;</div><div style="font-size:12.8px">    flags.loopback = 1;</div><div style="font-size:12.8px">    next;</div><div style="font-size:12.8px"> cookie=0x5d9f11b5, duration=171682.987s, table=15, n_packets=285, n_bytes=27930, idle_age=0, hard_age=65534, priority=1,ip,metadata=0x2 actions=dec_ttl(),load:<wbr>0xa000001-&gt;NXM_NX_XXREG0[96..<wbr>127],load:0xa000065-&gt;NXM_NX_<wbr>XXREG0[64..95],mod_dl_src:fa:<wbr>16:3e:49:bb:60,load:0x3-&gt;NXM_<wbr>NX_REG15[],load:0x1-&gt;NXM_NX_<wbr>REG10[0],resubmit(,16)</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"> 9. lr_in_gw_redirect (ovn-northd.c:5911): outport == &quot;lrp-f74de5&quot;, priority 50, uuid bf45f06a</div><div style="font-size:12.8px">    outport = &quot;cr-lrp-f74de5&quot;;</div><div style="font-size:12.8px"> cookie=0xbf45f06a, duration=171682.987s, table=17, n_packets=285, n_bytes=27930, idle_age=0, hard_age=65534, priority=50,reg15=0x3,<wbr>metadata=0x2 actions=load:0x4-&gt;NXM_NX_<wbr>REG15[],resubmit(,18)</div><div style="font-size:12.8px"> cookie=0x0, duration=171682.987s, table=32, n_packets=285, n_bytes=27930, idle_age=0, hard_age=65534, priority=100,reg15=0x4,<wbr>metadata=0x2 actions=load:0x2-&gt;NXM_NX_TUN_<wbr>ID[0..23],set_field:0x4-&gt;tun_<wbr>metadata0,move:NXM_NX_REG14[0.<wbr>.14]-&gt;NXM_NX_TUN_METADATA0[16.<wbr>.30],bundle(eth_src,0,active_<wbr>backup,ofport,slaves:3,4)</div></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Thanks</div><div style="font-size:12.8px">Anil</div><div style="font-size:12.8px"><br></div></div>