[ovs-discuss] openvswitch gre tunneling issues
Shivaramakrishnan Vaidyanathan
shivaramakrishnan740 at gmail.com
Mon Mar 31 22:46:08 UTC 2014
Sorry for asking so many questions.
How do I achieve it?Do I need to change from the vm or from host?Is there
any command to do this?If so,can you please let me know..Thanks for ur help
in advance
On Mon, Mar 31, 2014 at 6:42 PM, Gurucharan Shetty <shettyg at nicira.com>wrote:
> On Mon, Mar 31, 2014 at 3:38 PM, Shivaramakrishnan Vaidyanathan
> <shivaramakrishnan740 at gmail.com> wrote:
> > Hi,
> > Is there a way to tweak ovs-vswitch for handling packets more than mtu
> size?
> >
> > I get error messages like "openvswitch dropped over-mtu packets
> 1542>1500"
> I think one way to solve it is to reduce the mtu size of your VM's
> network interface. I suppose this is coming from the GRE tunnel
> overhead.
>
> >
> >
> > On Mon, Mar 31, 2014 at 4:10 PM, Gurucharan Shetty <shettyg at nicira.com>
> > wrote:
> >>
> >> On Mon, Mar 31, 2014 at 12:52 PM, Shivaramakrishnan Vaidyanathan
> >> <shivaramakrishnan740 at gmail.com> wrote:
> >> > Though I am able to reach any of vm's on a host from another host
> >> > machine.I
> >> > am not able to reach outside ip from the vm's.
> >> Well, if your bridge in the hypervisor does not have a way to reach
> >> outside ips, your VMs can't either.
> >>
> >> One way is to give your VMs 2 interfaces. One of them is a mgmt
> >> interface which should be connected to a bridge in the hypervisor that
> >> also has another port through which you can reach the internet. Other
> >> VM interface is connected to a bridge that has GRE tunnels for your
> >> data network.
> >>
> >>
> >> >
> >> > Also,this is where I find it strange.I have a nfs server process
> running
> >> > on
> >> > host1 vm1. When i try to write to a nfs share from a vm2 on another
> >> > host2
> >> > connected via gre,i am not able to complete the write. Though the
> mount
> >> > succeeds.Is there any tweeking that needs to be done here?
> >> I don't have any suggestions here. May be you should ask a separate
> >> question for that.
> >>
> >> >
> >> >
> >> > On Mon, Mar 31, 2014 at 3:10 PM, Shivaramakrishnan Vaidyanathan
> >> > <shivaramakrishnan740 at gmail.com> wrote:
> >> >>
> >> >> Hello,
> >> >> Thanks a lot,It worked.
> >> >> I am able to communicate now between the two vm's on different hosts
> >> >> using
> >> >> multiple gre tunnels.
> >> >> But I am not able to communicate to an outside ip(say 4.2.2.2) from
> >> >> vm.Is
> >> >> there a config required for this?
> >> >> How do i give outside connectivity for vm's.
> >> >>
> >> >>
> >> >> On Mon, Mar 31, 2014 at 2:41 PM, Gurucharan Shetty <
> shettyg at nicira.com>
> >> >> wrote:
> >> >>>
> >> >>> On Mon, Mar 31, 2014 at 10:07 AM, Shivaramakrishnan Vaidyanathan
> >> >>> <shivaramakrishnan740 at gmail.com> wrote:
> >> >>> > Thanks a lot.
> >> >>> > According to what i understand,
> >> >>> > Host 1: IP -- a.b.c.d
> >> >>> >
> >> >>> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
> >> >>> > options:remote_ip:p.q.r.s options:key=30
> >> >>> >
> >> >>> > Host2: IP -- p.q.r.s
> >> >>> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
> >> >>> > options:remote_ip:a.b.c.d options:key=30
> >> >>> >
> >> >>> > Is this what you mentioned?Just to confirm.
> >> >>> Yes. You have 2 pairs of gre tunnels. Each pair should have the same
> >> >>> key. In the above example that you have given, you have set one pair
> >> >>> as 30. You can set the other pair as 40.
> >> >>>
> >> >>>
> >> >>> >
> >> >>> >
> >> >>> > On Mon, Mar 31, 2014 at 12:29 PM, Gurucharan Shetty
> >> >>> > <shettyg at nicira.com>
> >> >>> > wrote:
> >> >>> >>
> >> >>> >> On Mon, Mar 31, 2014 at 9:20 AM, Shivaramakrishnan Vaidyanathan
> >> >>> >> <shivaramakrishnan740 at gmail.com> wrote:
> >> >>> >> > Thanks a lot Gurucharan.
> >> >>> >> > I am pretty new to openvswitch.Can you provide the command to
> >> >>> >> > achieve
> >> >>> >> > this?
> >> >>> >> > Looking forward to your reply.
> >> >>> >>
> >> >>> >> The man page says:
> >> >>> >> ....
> >> >>> >> ....
> >> >>> >> Tunnel Options:
> >> >>> >> These options apply to interfaces with type of gre,
> >> >>> >> ipsec_gre,
> >> >>> >> gre64,
> >> >>> >> ipsec_gre64, vxlan, and lisp.
> >> >>> >>
> >> >>> >> Each tunnel must be uniquely identified by the
> >> >>> >> combination
> >> >>> >> of
> >> >>> >> type,
> >> >>> >> options:remote_ip, options:local_ip, and options:in_key.
> If
> >> >>> >> two
> >> >>> >> ports
> >> >>> >> are defined that are the same except one has an optional
> >> >>> >> identifier
> >> >>> >> and
> >> >>> >> the other does not, the more specific one is
> >> >>> >> matched
> >> >>> >> first.
> >> >>> >> options:in_key is considered more specific than
> >> >>> >> options:local_ip
> >> >>> >> if a
> >> >>> >> port defines one and another port defines the other.
> >> >>> >> ....
> >> >>> >> ...
> >> >>> >> options : key: optional string
> >> >>> >> Optional. Shorthand to set in_key and out_key at
> the
> >> >>> >> same
> >> >>> >> time.
> >> >>> >> ...
> >> >>> >> ...
> >> >>> >>
> >> >>> >> So you can do something like:
> >> >>> >> * If you create a new tunnel (the key should be same at both ends
> >> >>> >> and
> >> >>> >> a different key at the other end):
> >> >>> >> ovs-vsctl add-port virbr3 gre2 -- set interface gre2 type=gre
> >> >>> >> options:remote_ip:p.q.r.s options:key=30
> >> >>> >>
> >> >>> >> (note that your command does not have a '=' and instead has a
> ':'.
> >> >>> >> Also your "ovs-vsctl show" does not print any o/p)
> >> >>> >>
> >> >>> >> * Or just add a key to a existing tunnel
> >> >>> >> ovs-vsctl set interface gre0 options:key=20
> >> >>> >>
> >> >>> >> If you can't debug well, start with a simpler configuration.
> i.e.,
> >> >>> >> a
> >> >>> >> single gre tunnel. Once you get that working, you can build on
> top
> >> >>> >> of
> >> >>> >> it.
> >> >>> >>
> >> >>> >> >
> >> >>> >> >
> >> >>> >> > On Mon, Mar 31, 2014 at 12:15 PM, Gurucharan Shetty
> >> >>> >> > <shettyg at nicira.com>
> >> >>> >> > wrote:
> >> >>> >> >>
> >> >>> >> >> On Mon, Mar 31, 2014 at 9:12 AM, Shivaramakrishnan
> Vaidyanathan
> >> >>> >> >> <shivaramakrishnan740 at gmail.com> wrote:
> >> >>> >> >> > So in that case,essentially we cant have multiple gre
> tunnels?
> >> >>> >> >> I think you can use unique keys to distinguish (Read "Tunnel
> >> >>> >> >> Options"
> >> >>> >> >> in "man ovs-vswitchd.conf.db").
> >> >>> >> >>
> >> >>> >> >> > Though I have multiple bridges that vm's to communicate
> >> >>> >> >> > between
> >> >>> >> >> > each
> >> >>> >> >> > other.
> >> >>> >> >> > The requirement is I need to have multiple internal bridges
> >> >>> >> >> > for
> >> >>> >> >> > vm's
> >> >>> >> >> > and
> >> >>> >> >> > just one external bridge.
> >> >>> >> >> > Is there any alternative?
> >> >>> >> >> >
> >> >>> >> >> >
> >> >>> >> >> > On Mon, Mar 31, 2014 at 11:44 AM, Gurucharan Shetty
> >> >>> >> >> > <shettyg at nicira.com>
> >> >>> >> >> > wrote:
> >> >>> >> >> >>
> >> >>> >> >> >> On Mon, Mar 31, 2014 at 8:36 AM, Shiva
> >> >>> >> >> >> <shivaramakrishnan740 at gmail.com>
> >> >>> >> >> >> wrote:
> >> >>> >> >> >> > Hello,
> >> >>> >> >> >> >
> >> >>> >> >> >> > I am setting up two gre tunnels between two hosts using
> the
> >> >>> >> >> >> > same
> >> >>> >> >> >> > external
> >> >>> >> >> >> > bridge.In this case (br1).I use virbr3 and virbr2 for
> >> >>> >> >> >> > internal
> >> >>> >> >> >> > communication.
> >> >>> >> >> >> >
> >> >>> >> >> >> > This is my config steps:
> >> >>> >> >> >> > Hypervisor 1:
> >> >>> >> >> >> > External communication
> >> >>> >> >> >> > ovs-vsctl add-br br1
> >> >>> >> >> >> > ovs-vsctl add-port eth0
> >> >>> >> >> >> > ifconfig br1 p.q.r.s netmask 255.255.255.0
> >> >>> >> >> >> >
> >> >>> >> >> >> > Internal bridge for vm communication
> >> >>> >> >> >> > Tunnel1 :
> >> >>> >> >> >> >
> >> >>> >> >> >> > ovs-vsctl add-br virbr3
> >> >>> >> >> >> > ovs-vsctl show
> >> >>> >> >> >> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2
> >> >>> >> >> >> > type=gre
> >> >>> >> >> >> > options:remote_ip:a.b.c.d
> >> >>> >> >> >> >
> >> >>> >> >> >> > Tunnel2:
> >> >>> >> >> >> >
> >> >>> >> >> >> > ovs-vsctl add-br virbr2
> >> >>> >> >> >> > ovs-vsctl show
> >> >>> >> >> >> > ovs-vsctl add-port virbr2 gre0 -- set interface gre0
> >> >>> >> >> >> > type=gre
> >> >>> >> >> >> > options:remote_ip:a.b.c.d
> >> >>> >> >> >> Consider the case for the traffic coming into Hypervisor1.
> I
> >> >>> >> >> >> don't
> >> >>> >> >> >> think it is possible to figure out which of the two end
> >> >>> >> >> >> points
> >> >>> >> >> >> the
> >> >>> >> >> >> packet needs to be delivered to because the 2 gre tunnels
> are
> >> >>> >> >> >> not
> >> >>> >> >> >> unique.
> >> >>> >> >> >>
> >> >>> >> >> >> I think if you delete one of your virbr* in each of the
> >> >>> >> >> >> machines,
> >> >>> >> >> >> you
> >> >>> >> >> >> should be able to communicate.
> >> >>> >> >> >>
> >> >>> >> >> >>
> >> >>> >> >> >> >
> >> >>> >> >> >> >
> >> >>> >> >> >> > Hypervisor 2:
> >> >>> >> >> >> > External communication
> >> >>> >> >> >> > ovs-vsctl add-br br1
> >> >>> >> >> >> > ovs-vsctl add-port eth0
> >> >>> >> >> >> > ifconfig br1 a.b.c.d netmask 255.255.255.0
> >> >>> >> >> >> >
> >> >>> >> >> >> > Internal bridge for vm communication
> >> >>> >> >> >> >
> >> >>> >> >> >> > Tunnel1:
> >> >>> >> >> >> >
> >> >>> >> >> >> >
> >> >>> >> >> >> > ovs-vsctl add-br virbr3
> >> >>> >> >> >> > ovs-vsctl show
> >> >>> >> >> >> > ovs-vsctl add-port virbr3 gre2 -- set interface gre2
> >> >>> >> >> >> > type=gre
> >> >>> >> >> >> > options:remote_ip:p.q.r.s
> >> >>> >> >> >> >
> >> >>> >> >> >> > Tunnel2:
> >> >>> >> >> >> >
> >> >>> >> >> >> > ovs-vsctl add-br virbr2
> >> >>> >> >> >> > ovs-vsctl show
> >> >>> >> >> >> > ovs-vsctl add-port virbr3 gre0 -- set interface gre0
> >> >>> >> >> >> > type=gre
> >> >>> >> >> >> > options:remote_ip:p.q.r.s
> >> >>> >> >> >> >
> >> >>> >> >> >> >
> >> >>> >> >> >> > I am not able to communicate outside world from the
> vm's.I
> >> >>> >> >> >> > am
> >> >>> >> >> >> > just
> >> >>> >> >> >> > able
> >> >>> >> >> >> > to
> >> >>> >> >> >> > reach the host on which vm resides and viceversa.Can you
> >> >>> >> >> >> > please
> >> >>> >> >> >> > let
> >> >>> >> >> >> > me
> >> >>> >> >> >> > know
> >> >>> >> >> >> > what am i missing here?
> >> >>> >> >> >> >
> >> >>> >> >> >> > Your help in this regard is greatly appreciated.
> >> >>> >> >> >> >
> >> >>> >> >> >> >
> >> >>> >> >> >> > _______________________________________________
> >> >>> >> >> >> > discuss mailing list
> >> >>> >> >> >> > discuss at openvswitch.org
> >> >>> >> >> >> > http://openvswitch.org/mailman/listinfo/discuss
> >> >>> >> >> >> >
> >> >>> >> >> >
> >> >>> >> >> >
> >> >>> >> >
> >> >>> >> >
> >> >>> >
> >> >>> >
> >> >>
> >> >>
> >> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20140331/65c775e1/attachment-0002.html>
More information about the discuss
mailing list