[ovs-discuss] Flows for passing LLDP frames with NCB address, possible fix.

Wed Apr 23 22:02:51 UTC 2014

Hello,
I am using OVS 2.1.0. I have a requirement to send and receive LLDP frames with a a Nearest Customer Bridge (NCB) DMAC (0180.c200.0000). This is supported in the standard (http://www.ieee802.org/1/files/private/bg-drafts/d2/802-1qbg-d2-2.pdf). This is what I did, (thanks to the Tutorial) after creating the bridge and necessary tap interfaces:

sudo ovs-ofctl add-flow EXT_TEST priority=0,in_port=1,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc,actions=output:4
sudo ovs-ofctl add-flow EXT_TEST priority=0,in_port=4,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc,actions=output:1

Basically, any LLDP frame seen on tap interface, put it out of the physical port and vice-versa. Now, when i do the trace:

$~$ sudo ovs-appctl ofproto/trace EXT_TEST in_port=4,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc
Bridge: EXT_TEST
Flow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc
Rule: table=0 cookie=0 priority=0,in_port=4,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc
OpenFlow actions=output:1
STP not in listening state, skipping bpdu output
Final flow: unchanged
Relevant fields: skb_priority=0,in_port=4,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc
Datapath actions: drop

Looks like these frames are dropped since they are treated as a STP frame (even though they are not) because of the DMAC. I just need to modify the check for STP in the ovs-vswitch process. After I did that and restarted ovs-vswitchd, I found it working:

$:~$ sudo ovs-appctl ofproto/trace EXT_TEST in_port=1,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc
Bridge: EXT_TEST
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc
Rule: table=0 cookie=0 priority=0,in_port=1,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc
OpenFlow actions=output:4

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,dl_dst=01:80:c2:00:00:00,dl_type=0x88cc
Datapath actions: 12

I also verified with sending and receiving LLDP frames over the wire.

Now:
1. Am I doing it right in terms of creating flows? I want it to function as a regular OVS bridge except for the two rules. I had to create a bridge as "sudo ovs-vsctl add-br EXT_TEST -- set Bridge EXT_TEST fail-mode=secure" so that it won't have normal actions. Then, after creating the above two flows, I added the "normal" action as "sudo ovs-ofctl add-flow EXT_TEST priority=0,actions=normal". This worked (after my patch). But, when I create a bridge normally and apply the flows, it discards it.
2. If I am doing right with the flows, then the userspace drops the frame thinking it's a STP BPDU. It's a minor 1 line fix. Do you want me to submit a patch?

Thanks,
Paddu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20140423/dedbaf2b/attachment-0002.html>