[ovs-dev] 答复: Re: 答复: Re: 答复: Re: 答复: Re: [PATCH v2] ovn: Support for taas(tap-as-a-service) function
Russell Bryant
russell at ovn.org
Mon Sep 11 21:38:03 UTC 2017
I was wondering the same ... it seems odd to make it both the mirror
destination and a regular port at the same time.
On Sun, Sep 10, 2017 at 9:13 PM, Gao Zhenyu <sysugaozhenyu at gmail.com> wrote:
> A application may link to this destination port for collecting/analysing mirror
> traffic. How to distinguish a packet whether it's regular traffic or
> mirror traffic if destination port receives both regular traffic and mirror
> traffic?
>
> Thanks
> Zhenyu Gao
>
> 2017-09-09 11:10 GMT+08:00 <wang.qianyu at zte.com.cn>:
>
>> If destination port only receive mirrored traffic, this function do not
>> need add port with new type of taas. In this situation, the mirror flag is
>> needed.
>>
>> But, I think, destination port receive both mirrored traffic and regular
>> traffic may be more flexible.
>>
>> Thanks
>>
>>
>> *Takashi YAMAMOTO <yamamoto at ovn.org <yamamoto at ovn.org>>*
>>
>> 2017/09/08 20:54
>>
>> 收件人: Russell Bryant <russell at ovn.org>,
>> 抄送: wang.qianyu at zte.com.cn, ovs dev <dev at openvswitch.org>,
>> zhou.huijing at zte.com.cn, xurong00037997 <xu.rong at zte.com.cn>
>> 主题: Re: [ovs-dev] 答复: Re: 答复: Re: 答复: Re: [PATCH v2] ovn:
>> Support for taas(tap-as-a-service) function
>>
>>
>>
>>
>>
>> On Wed, Sep 6, 2017 at 3:57 AM, Russell Bryant <*russell at ovn.org*
>> <russell at ovn.org>> wrote:
>> What if a mirror port *only* receives mirrored packets? If the only
>> packets it ever receives are mirrored packets, a new flag would not be
>> necessary.
>>
>> Do you intend for the port to operate as both a regular port *and* to
>> receive a mirror of traffic for another port?
>>
>> in taas, a destination port is supposed to receive both of mirrored
>> traffic and regular traffic.
>>
>> (i haven't looked at this implementation yet)
>>
>>
>> On Thu, Aug 24, 2017 at 10:31 PM, <*wang.qianyu at zte.com.cn*
>> <wang.qianyu at zte.com.cn>> wrote:
>>
>> > I know your mean.
>> > The receiver need to distinguish the traffic is regular or mirror. This
>> > may need some special flow table to deal with it.
>> >
>> > Thanks
>> >
>> >
>> >
>> > *Gao Zhenyu <*sysugaozhenyu at gmail.com* <sysugaozhenyu at gmail.com> <
>> *sysugaozhenyu at gmail.com* <sysugaozhenyu at gmail.com>>>*
>> >
>> > 2017/08/25 10:12
>> >
>> > 收件人: *wang.qianyu at zte.com.cn* <wang.qianyu at zte.com.cn>,
>> > 抄送: ovs dev <*dev at openvswitch.org* <dev at openvswitch.org>>,
>> Russell Bryant <
>> > *russell at ovn.org* <russell at ovn.org>>, xurong00037997 <
>> *xu.rong at zte.com.cn* <xu.rong at zte.com.cn>>,
>> > *zhou.huijing at zte.com.cn* <zhou.huijing at zte.com.cn>
>> > 主题: Re: 答复: Re: [ovs-dev] 答复: Re: [PATCH v2] ovn: Support
>> > for taas(tap-as-a-service) function
>> >
>> >
>> > I mean for regular packet, ovs should not add the geneve option, the
>> new
>> > geneve option is only for mirror traffic.
>> >
>> > Did you meant some mirror traffic has mirror flag and some would not
>> have?
>> >
>> > Thanks
>> > Zhenyu Gao
>> >
>> > 2017-08-25 9:44 GMT+08:00 <**wang.qianyu at zte.com.cn*
>> <wang.qianyu at zte.com.cn>*
>> > <*wang.qianyu at zte.com.cn* <wang.qianyu at zte.com.cn>>>:
>> > Hi zhenyu,
>> > Thanks for your opinion.
>> > The mirror flag is not always exist, so I do not think add a new geneve
>> > option is a good idea.
>> >
>> > Thanks.
>> >
>> >
>> > *Gao Zhenyu <***sysugaozhenyu at gmail.com* <sysugaozhenyu at gmail.com>* <
>> *sysugaozhenyu at gmail.com* <sysugaozhenyu at gmail.com>>*>*
>> >
>> > 2017/08/25 09:34
>> >
>> > 收件人: **wang.qianyu at zte.com.cn* <wang.qianyu at zte.com.cn>*
>> <*wang.qianyu at zte.com.cn* <wang.qianyu at zte.com.cn>>,
>> > 抄送: Russell Bryant <**russell at ovn.org* <russell at ovn.org>*
>> <*russell at ovn.org* <russell at ovn.org>>>,
>> > ovs dev <**dev at openvswitch.org* <dev at openvswitch.org>* <
>> *dev at openvswitch.org* <dev at openvswitch.org>>>,
>> > **zhou.huijing at zte.com.cn* <zhou.huijing at zte.com.cn>* <
>> *zhou.huijing at zte.com.cn* <zhou.huijing at zte.com.cn>>, xurong00037997 <
>> > **xu.rong at zte.com.cn* <xu.rong at zte.com.cn>* <*xu.rong at zte.com.cn*
>> <xu.rong at zte.com.cn>>>
>> > 主题: Re: [ovs-dev] 答复: Re: [PATCH v2] ovn: Support for
>> > taas(tap-as-a-service) function
>> >
>> >
>> >
>> > Although adding a new geneve option is more complicate but I think it
>> > still worth having that.
>> > Once the destination chassis found that geneve option, it can tag the
>> > mirror flag on packet. And it make the whole process looks same no
>> matter
>> > on same chassis or not.
>> >
>> > Thanks
>> > Zhenyu Gao
>> >
>> > 2017-08-25 9:15 GMT+08:00 <**wang.qianyu at zte.com.cn*
>> <wang.qianyu at zte.com.cn>*
>> > <*wang.qianyu at zte.com.cn* <wang.qianyu at zte.com.cn>>>:
>> > Hi Russell,
>> >
>> > Thanks for your review.
>> >
>> > When the mirror destination is in other chassis, the mirror flag which
>> > used to mark the packet need be transmitted to the destination chassis.
>> >
>> > We could use the inport, geneve option or new type of out port to
>> indicate
>> > the packet as a mirrored packet.
>> >
>> > When we use inport to indicate the flag, this may need use inport as the
>> > match field in the egress pipeline, I think this may conflict with the
>> > egress pipeline.
>> >
>> > If use geneve option to deliver the mirror flag, this may be more
>> > complicated. So, I add a new type of port as the destination of mirror
>> > flow. The port types of mirror and taas corresponding to configurations
>> of
>> > tap-flow and tap-service.
>> >
>> > Thanks.
>> >
>> >
>> >
>> >
>> >
>> > Russell Bryant <**russell at ovn.org* <russell at ovn.org>* <
>> *russell at ovn.org* <russell at ovn.org>>>
>> > 2017/08/25 04:44
>> >
>> > 收件人: **wang.qianyu at zte.com.cn* <wang.qianyu at zte.com.cn>*
>> <*wang.qianyu at zte.com.cn* <wang.qianyu at zte.com.cn>>,
>> > 抄送: ovs dev <**dev at openvswitch.org* <dev at openvswitch.org>* <
>> *dev at openvswitch.org* <dev at openvswitch.org>>>,
>> > **zhou.huijing at zte.com.cn* <zhou.huijing at zte.com.cn>* <
>> *zhou.huijing at zte.com.cn* <zhou.huijing at zte.com.cn>>,
>> > xurong00037997 <**xu.rong at zte.com.cn* <xu.rong at zte.com.cn>* <
>> *xu.rong at zte.com.cn* <xu.rong at zte.com.cn>>>
>> > 主题: Re: [ovs-dev] [PATCH v2] ovn: Support for
>> > taas(tap-as-a-service) function
>> >
>> >
>> > Sorry for the delay in getting back to this ...
>> >
>> > On Tue, Aug 15, 2017 at 4:28 AM, <**wang.qianyu at zte.com.cn*
>> <wang.qianyu at zte.com.cn>*
>> > <*wang.qianyu at zte.com.cn* <wang.qianyu at zte.com.cn>>> wrote:
>> > > Taas was designed to provide tenants and service providers a means of
>> > > monitoring the traffic flowing in their Neutron provisioned virtual
>> > > networks. It is useful for network trouble-shooting, security and
>> > > analytics. The taas presentations could be found from
>> > >
>> >
>> > *
>> *https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst**
>> <https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst*>
>> > <
>> *https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst*
>> <https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst>
>> >
>> >
>> > > , and the api reference could be found from
>> > >
>> >
>> > *
>> *https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst**
>> <https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst*>
>> > <
>> *https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst*
>> <https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst>
>> >
>> >
>> > >
>> > > To support taas function, this patch add two type of
>> logica_switch_port,
>> > > "mirror" and "taas". port with type "mirror" is used as inport for
>> > monitor
>> > > flow in logica_switch, and port with type "taas" is used as outport
>> for
>> > > monitor flow in logica_switch.
>> > >
>> > > The ovn-controller will make the relations of the ports in tap_service
>> > and
>> > > tap_flow to mirror port and taas port.
>> > >
>> > > Signed-off-by: wang qianyu <**wang.qianyu at zte.com.cn*
>> <wang.qianyu at zte.com.cn>*
>> > <*wang.qianyu at zte.com.cn* <wang.qianyu at zte.com.cn>>>
>> >
>> > > diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
>> > > index 31303a8..5fdd045 100644
>> > > --- a/ovn/ovn-nb.xml
>> > > +++ b/ovn/ovn-nb.xml
>> > > @@ -301,6 +301,20 @@
>> > > <dd>
>> > > A port to a logical switch on a VTEP gateway.
>> > > </dd>
>> > > +
>> > > + <dt><code>mirror</code></dt>
>> > > + <dd>
>> > > + A port indicate the inport of mirrored flows. The user
>> need
>> > > to
>> > > + create this port in the logical_switch. This port should
>> > one
>> > > to
>> > > + one correspondence with the the tap_flows
>> > > + </dd>
>> > > +
>> > > + <dt><code>taas</code></dt>
>> > > + <dd>
>> > > + A port indicate the outport of mirrored flows. The user
>> > need
>> > > to
>> > > + create this port in logical_switch. This port should one
>> to
>> > > + one correspondence with the the tap_service.
>> > > + </dd>
>> > > </dl>
>> > > </column>
>> > > </group>
>> > > @@ -445,6 +459,61 @@
>> > > interface, in bits.
>> > > </column>
>> > > </group>
>> > > +
>> > > + <group title="Options for mirror ports">
>> > > + <p>
>> > > + These options apply when <ref column="type"/> is
>> > > + <code>mirror</code>.
>> > > + </p>
>> > > +
>> > > + <column name="options" key="source-port">
>> > > + Required. The <ref column="name"/> of the <ref
>> > > + table="Logical_switch_Port"/> that indicates where the
>> > > + cloned flows come from.
>> > > + </column>
>> > > +
>> > > + <column name="options" key="taas-port">
>> > > + Required. The <ref column="name"/> of the <ref
>> > > + table="Logical_switch_Port"/> with type taas.
>> > > + </column>
>> > > +
>> > > + <column name="options" key="direction">
>> > > + <p>
>> > > + This option indicates whitch
>> > direction(from-port/to-port/all)
>> > > of
>> > > + packet will be cloned to the taas-port. The directions
>> are
>> > > defined
>> > > + as follow:
>> > > + </p>
>> > > + <dl>
>> > > + <dt><code>from-port</code></dt>
>> > > + <dd>
>> > > + The packets from this port will be cloned to specified
>> > > mirror
>> > > + port.
>> > > + </dd>
>> > > + <dt><code>to-port</code></dt>
>> > > + <dd>
>> > > + The packets to this port will be cloned to specified
>> > mirror
>> > > + port.
>> > > + </dd>
>> > > + <dt><code>both</code></dt>
>> > > + <dd>
>> > > + The packets both from and to this port will be cloned
>> to
>> > > + specified mirror port.
>> > > + </dd>
>> > > + </dl>
>> > > + </column>
>> > > + </group>
>> > > +
>> > > + <group title="Options for taas ports">
>> > > + <p>
>> > > + These options apply when <ref column="type"/> is
>> > > <code>taas</code>.
>> > > + </p>
>> > > +
>> > > + <column name="options" key="target-port">
>> > > + Required. The <ref column="name"/> of the <ref
>> > > + table="Logical_switch_Port"/> that indicates where the
>> > > + cloned flows come to.
>> > > + </column>
>> > > + </group>
>> > > </group>
>> > >
>> > > <group title="Containers">
>> >
>> > I'm having a hard time understanding this schema. Could you expand on
>> > why both a "mirror" and "taas" port type was needed?
>> >
>> > I was hoping for only a single new port type, "mirror" for example,
>> > with options to specify what port it is receiving a mirror of traffic
>> > for.
>> >
>> > Does something like that not express everything needed here?
>> >
>> > --
>> > Russell Bryant
>> >
>> >
>> > _______________________________________________
>> > dev mailing list
>> > **dev at openvswitch.org* <dev at openvswitch.org>* <*dev at openvswitch.org*
>> <dev at openvswitch.org>>
>> > **https://mail.openvswitch.org/mailman/listinfo/ovs-dev**
>> <https://mail.openvswitch.org/mailman/listinfo/ovs-dev*>
>> > <*https://mail.openvswitch.org/mailman/listinfo/ovs-dev*
>> <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>>
>> >
>> >
>> >
>>
>>
>> --
>> Russell Bryant
>> _______________________________________________
>> dev mailing list
>> *dev at openvswitch.org* <dev at openvswitch.org>
>> *https://mail.openvswitch.org/mailman/listinfo/ovs-dev*
>> <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>
>>
>>
>
--
Russell Bryant
More information about the dev
mailing list