[ovs-dev] [PATCH 1/1] netdev-vport: reject concomitant incompatible tunnels

Thadeu Lima de Souza Cascardo cascardo at cascardo.eti.br
Mon Jul 10 09:47:22 UTC 2017


On Mon, Jul 10, 2017 at 10:19:49AM +0200, Eelco Chaudron wrote:
> On 07/07/2017 08:32 PM, Ben Pfaff wrote:
> > On Fri, Jun 09, 2017 at 11:09:08AM +0200, Eelco Chaudron wrote:
> > > This is a follow up patch for an earlier patch send by Cascardo,
> > > however I think this patch might not be needed...
> > > 
> > > This patch will make sure VXLAN tunnels with and without the group
> > > based policy (gbp) option enabled can not coexist on the same
> > > destination udp port.
> > > 
> > > However the interface ports for VXLAN have to be unique on the same
> > > destination port, i.e. they need a different VNI. Looking at the
> > > datapath code (only Linux seems to support this), this is not a
> > > problem for the ingress/egress path. For egress based on the
> > > configuration the correct header is build. For ingress, if gbp is not
> > > configured and a gbp VXLAN is received the packet is dropped. If gbp
> > > is enabled and a non gbp packet is received its accepted (meaning
> > > default group policy as per the draft rfc).

But, then, it does not go through the non-GBP configured vport, does it?
So any flows configured for the non-GBP port are ignored. Doesn't it at
least cause user confusion? I'd say it's a non-supported configuration,
and OVS should just not allow it.

Cascardo.

> > > 
> > > Can some one that worked more in depth on the VXLAN side confirm this
> > > patch can be tossed in the bin? If I missed some specific
> > > configuration / use case why it is needed, please review the patch.
> > > 
> > > Signed-off-by: Eelco Chaudron <echaudro at redhat.com>
> > I've read this commit message a few times and I'm still not confident
> > that I understand.  Let me restate it and you can correct me if I'm
> > wrong.  I *think* that you are saying that the Linux datapath handles
> > GBP and non-GBP tunnels that are otherwise the same in a sensible way,
> > so that there is no need to add code to reject them.  Is that right?
> > 
> > Thanks,
> > 
> > Ben.
> Hi Ben,
> 
> Yes your summary is correct! I was just wondering if I missed something
> that does require this fix to be added.
> 
> Cheers,
> 
> Eelco


More information about the dev mailing list