[ovs-discuss] openvswitch gre tunneling issues

Shivaramakrishnan Vaidyanathan shivaramakrishnan740 at gmail.com
Mon Mar 31 22:38:13 UTC 2014 

Hi,
Is there a way to tweak ovs-vswitch for handling packets more than mtu size?

I get error messages like "openvswitch dropped over-mtu packets 1542>1500"


On Mon, Mar 31, 2014 at 4:10 PM, Gurucharan Shetty <shettyg at nicira.com>wrote:

> On Mon, Mar 31, 2014 at 12:52 PM, Shivaramakrishnan Vaidyanathan
> <shivaramakrishnan740 at gmail.com> wrote:
> > Though I am able to reach any of vm's on a host from another host
> machine.I
> > am not able to reach outside ip from the vm's.
> Well, if your bridge in the hypervisor does not have a way to reach
> outside ips, your VMs can't either.
>
> One way is to give your VMs 2 interfaces. One of them is a mgmt
> interface which should be connected to a bridge in the hypervisor that
> also has another port through which you can reach the internet. Other
> VM interface is connected to a bridge that has GRE tunnels for your
> data network.
>
>
> >
> > Also,this is where I find it strange.I have a nfs server process running
> on
> > host1 vm1. When i try to write to a nfs share from a vm2 on another host2
> > connected via gre,i am not able to complete the write. Though the mount
> > succeeds.Is there any tweeking that needs to be done here?
> I don't have any suggestions here. May be you should ask a separate
> question for that.
>
> >
> >
> > On Mon, Mar 31, 2014 at 3:10 PM, Shivaramakrishnan Vaidyanathan
> > <shivaramakrishnan740 at gmail.com> wrote:
> >>
> >> Hello,
> >> Thanks a lot,It worked.
> >> I am able to communicate now between the two vm's on different hosts
> using
> >> multiple gre tunnels.
> >> But I am not able to communicate to an outside ip(say 4.2.2.2)  from
> vm.Is
> >> there a config required for this?
> >> How do i give outside connectivity for vm's.
> >>
> >>
> >> On Mon, Mar 31, 2014 at 2:41 PM, Gurucharan Shetty <shettyg at nicira.com>
> >> wrote:
> >>>
> >>> On Mon, Mar 31, 2014 at 10:07 AM, Shivaramakrishnan Vaidyanathan
> >>> <shivaramakrishnan740 at gmail.com> wrote:
> >>> > Thanks a lot.
> >>> > According to what i understand,
> >>> > Host 1: IP -- a.b.c.d
> >>> >
> >>> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
> >>> > options:remote_ip:p.q.r.s options:key=30
> >>> >
> >>> > Host2: IP -- p.q.r.s
> >>> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
> >>> > options:remote_ip:a.b.c.d options:key=30
> >>> >
> >>> > Is this what you mentioned?Just to confirm.
> >>> Yes. You have 2 pairs of gre tunnels. Each pair should have the same
> >>> key. In the above example that you have given, you have set one pair
> >>> as 30. You can set the other pair as 40.
> >>>
> >>>
> >>> >
> >>> >
> >>> > On Mon, Mar 31, 2014 at 12:29 PM, Gurucharan Shetty
> >>> > <shettyg at nicira.com>
> >>> > wrote:
> >>> >>
> >>> >> On Mon, Mar 31, 2014 at 9:20 AM, Shivaramakrishnan Vaidyanathan
> >>> >> <shivaramakrishnan740 at gmail.com> wrote:
> >>> >> > Thanks a lot Gurucharan.
> >>> >> > I am pretty new to openvswitch.Can you provide the command to
> >>> >> > achieve
> >>> >> > this?
> >>> >> > Looking forward to your reply.
> >>> >>
> >>> >> The man page says:
> >>> >> ....
> >>> >> ....
> >>> >> Tunnel Options:
> >>> >>        These options apply to interfaces with type of gre,
>  ipsec_gre,
> >>> >> gre64,
> >>> >>        ipsec_gre64, vxlan, and lisp.
> >>> >>
> >>> >>        Each  tunnel  must  be  uniquely identified by the
> combination
> >>> >> of
> >>> >> type,
> >>> >>        options:remote_ip, options:local_ip, and options:in_key.  If
> >>> >> two
> >>> >> ports
> >>> >>        are defined that are the same except one has an optional
> >>> >> identifier
> >>> >> and
> >>> >>        the  other  does  not,  the  more  specific  one  is
> matched
> >>> >> first.
> >>> >>        options:in_key  is  considered more specific than
> >>> >> options:local_ip
> >>> >> if a
> >>> >>        port defines one and another port defines the other.
> >>> >> ....
> >>> >> ...
> >>> >> options : key: optional string
> >>> >>               Optional.  Shorthand to set in_key and out_key at the
> >>> >> same
> >>> >> time.
> >>> >> ...
> >>> >> ...
> >>> >>
> >>> >> So you can do something like:
> >>> >> * If you create a new tunnel (the key should be same at both ends
> and
> >>> >> a different key at the other end):
> >>> >> ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
> >>> >> options:remote_ip:p.q.r.s options:key=30
> >>> >>
> >>> >> (note that your command does not have a '=' and instead has a ':'.
> >>> >> Also your "ovs-vsctl show" does not print any o/p)
> >>> >>
> >>> >> * Or just add a key to a existing tunnel
> >>> >> ovs-vsctl set interface gre0 options:key=20
> >>> >>
> >>> >> If you can't debug well, start with a simpler configuration. i.e., a
> >>> >> single gre tunnel. Once you get that working, you can build on top
> of
> >>> >> it.
> >>> >>
> >>> >> >
> >>> >> >
> >>> >> > On Mon, Mar 31, 2014 at 12:15 PM, Gurucharan Shetty
> >>> >> > <shettyg at nicira.com>
> >>> >> > wrote:
> >>> >> >>
> >>> >> >> On Mon, Mar 31, 2014 at 9:12 AM, Shivaramakrishnan Vaidyanathan
> >>> >> >> <shivaramakrishnan740 at gmail.com> wrote:
> >>> >> >> > So in that case,essentially we cant have multiple gre tunnels?
> >>> >> >> I think you can use unique keys to distinguish (Read "Tunnel
> >>> >> >> Options"
> >>> >> >> in "man ovs-vswitchd.conf.db").
> >>> >> >>
> >>> >> >> > Though I have multiple bridges that vm's  to communicate
> between
> >>> >> >> > each
> >>> >> >> > other.
> >>> >> >> > The requirement is I need to have multiple internal bridges for
> >>> >> >> > vm's
> >>> >> >> > and
> >>> >> >> > just one external bridge.
> >>> >> >> > Is there any alternative?
> >>> >> >> >
> >>> >> >> >
> >>> >> >> > On Mon, Mar 31, 2014 at 11:44 AM, Gurucharan Shetty
> >>> >> >> > <shettyg at nicira.com>
> >>> >> >> > wrote:
> >>> >> >> >>
> >>> >> >> >> On Mon, Mar 31, 2014 at 8:36 AM, Shiva
> >>> >> >> >> <shivaramakrishnan740 at gmail.com>
> >>> >> >> >> wrote:
> >>> >> >> >> > Hello,
> >>> >> >> >> >
> >>> >> >> >> > I am setting up two gre tunnels between two hosts using the
> >>> >> >> >> > same
> >>> >> >> >> > external
> >>> >> >> >> > bridge.In this case (br1).I use virbr3 and virbr2 for
> internal
> >>> >> >> >> > communication.
> >>> >> >> >> >
> >>> >> >> >> > This is my config steps:
> >>> >> >> >> > Hypervisor 1:
> >>> >> >> >> > External communication
> >>> >> >> >> > ovs-vsctl add-br br1
> >>> >> >> >> > ovs-vsctl add-port eth0
> >>> >> >> >> > ifconfig br1 p.q.r.s netmask 255.255.255.0
> >>> >> >> >> >
> >>> >> >> >> > Internal bridge for vm communication
> >>> >> >> >> > Tunnel1 :
> >>> >> >> >> >
> >>> >> >> >> > ovs-vsctl add-br virbr3
> >>> >> >> >> > ovs-vsctl show
> >>> >> >> >> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2
> type=gre
> >>> >> >> >> > options:remote_ip:a.b.c.d
> >>> >> >> >> >
> >>> >> >> >> > Tunnel2:
> >>> >> >> >> >
> >>> >> >> >> > ovs-vsctl add-br virbr2
> >>> >> >> >> > ovs-vsctl show
> >>> >> >> >> > ovs-vsctl add-port virbr2 gre0 -- set interface gre0
> type=gre
> >>> >> >> >> > options:remote_ip:a.b.c.d
> >>> >> >> >> Consider the case for the traffic coming into Hypervisor1. I
> >>> >> >> >> don't
> >>> >> >> >> think it is possible to figure out which of the two end points
> >>> >> >> >> the
> >>> >> >> >> packet needs to be delivered to because the 2 gre tunnels are
> >>> >> >> >> not
> >>> >> >> >> unique.
> >>> >> >> >>
> >>> >> >> >> I think if you delete one of your virbr* in each of the
> >>> >> >> >> machines,
> >>> >> >> >> you
> >>> >> >> >> should be able to communicate.
> >>> >> >> >>
> >>> >> >> >>
> >>> >> >> >> >
> >>> >> >> >> >
> >>> >> >> >> > Hypervisor 2:
> >>> >> >> >> > External communication
> >>> >> >> >> > ovs-vsctl add-br br1
> >>> >> >> >> > ovs-vsctl add-port eth0
> >>> >> >> >> > ifconfig br1 a.b.c.d netmask 255.255.255.0
> >>> >> >> >> >
> >>> >> >> >> > Internal bridge for vm communication
> >>> >> >> >> >
> >>> >> >> >> > Tunnel1:
> >>> >> >> >> >
> >>> >> >> >> >
> >>> >> >> >> > ovs-vsctl add-br virbr3
> >>> >> >> >> > ovs-vsctl show
> >>> >> >> >> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2
> type=gre
> >>> >> >> >> > options:remote_ip:p.q.r.s
> >>> >> >> >> >
> >>> >> >> >> > Tunnel2:
> >>> >> >> >> >
> >>> >> >> >> > ovs-vsctl add-br virbr2
> >>> >> >> >> > ovs-vsctl show
> >>> >> >> >> > ovs-vsctl add-port virbr3 gre0 -- set interface gre0
> type=gre
> >>> >> >> >> > options:remote_ip:p.q.r.s
> >>> >> >> >> >
> >>> >> >> >> >
> >>> >> >> >> > I am not able to communicate outside world from the vm's.I
> am
> >>> >> >> >> > just
> >>> >> >> >> > able
> >>> >> >> >> > to
> >>> >> >> >> > reach the host on which vm resides and viceversa.Can you
> >>> >> >> >> > please
> >>> >> >> >> > let
> >>> >> >> >> > me
> >>> >> >> >> > know
> >>> >> >> >> > what am i missing here?
> >>> >> >> >> >
> >>> >> >> >> > Your help in this regard is greatly appreciated.
> >>> >> >> >> >
> >>> >> >> >> >
> >>> >> >> >> > _______________________________________________
> >>> >> >> >> > discuss mailing list
> >>> >> >> >> > discuss at openvswitch.org
> >>> >> >> >> > http://openvswitch.org/mailman/listinfo/discuss
> >>> >> >> >> >
> >>> >> >> >
> >>> >> >> >
> >>> >> >
> >>> >> >
> >>> >
> >>> >
> >>
> >>
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20140331/783f4924/attachment-0002.html>

More information about the discuss mailing list