[ovs-dev] [PATCH v2 3/3] datapath: add layer 3 flow/port support

Mon May 26 10:13:47 UTC 2014

Hi Jesse,

2014-05-22, Jesse Gross:
>> 2014-05-19, Jesse Gross:
>> [...snip...]
>>>>> I actually have much less of a problem with including an EtherType
>>>>> from a GRE tunnel. For one thing it actually exists in the packet
>>>>> rather than being an artificial namespace. Another thing is that it is
>>>>> metadata akin to the input port that can't be reproduced from the
>>>>> packet data since it comes from the tunnel header that has been
>>>>> stripped off.
>>>>
>>>> Ok.
>>>>
>>>> So we would settle on preserving the ethertype in OVS_KEY_ATTR_ETHERTYPE
>>>> for non-Ethernet payloads received over GRE ?
>>>
>>> I think what I would probably do is to define a new tunnel attribute
>>> for EtherType and unconditionally include it when it is part of the
>>> protocol. This most closely reflects the format of the data and should
>>> hopefully avoid any quirks with layers or wildcards later on.
>>
>> Two questions, to make sure we are clear on the type of genericity to
>> achieve:
>> - rules to process a packet depending on its ethertype, and process
>> packets possibly coming from Eth ports and GRE ports, would need to be
>> duplicated to test the Ethernet ethertype and the tunnel ethertype ?
>
> You mean at the OpenFlow layer, right? I think this could very well be
> different from what we are talking about here and would likely be
> based on EXT-112, as mentioned earlier.
>
> However, even with with EXT-112 I think that would be true. In the
> case of an Ethernet packet, the type would be "Ethernet", not the type
> of the L3 header.

Ok, you're correct. What is in the matching rules is a distinct issue.

>> - what about other link layers than ethernet that may have an ethertype
>> ? (thinking Infiniband at least for IP and ARP payloads, ATM too,...)
>
> These would presumably look more like raw Ethernet where we have a MAC
> header, then EtherType, etc.
>
> Tunnels are different because they are terminated before the main flow
> table. This means that anything extracted from the tunnel header is
> really metadata and not part of the payload flowing through the
> switch.

You could also consider a generic design that does not make a special 
case of tunnels, just considers them like a link layer among others, and 
just like the current implementation preserves the Ethernet header, 
preserves the tunnel header (or a part of it). You would still have some 
metadata to carry; e.g. at least the incoming port identifier, and 
eventually data from the part of the tunnel header that would not have 
been preserved (e.g. outer header IP addresses).

-Thomas

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.