[ovs-discuss] looking for a tip to recalculate TCP checksum with openvswitch

[GAUTIER Philippe]

Hello,

Is it possible to recalculate tcp checksum with openvswitch (Maybe via tcp field modification with OpenFlow rules ?).

We want to use Openvswitch to de-enapsulate VMWARE Vspan mirroring flows (GRE) and send it back to a Network probe. We are facing the following issue "TCP checksum from outbound VM traffic are incorrect".
Of course this problem is due to TCP offloading on VMware hypervisor. But at the moment it is impossible to deactivate this parameter globally on the hypervisor.
That is why why are looking for a temporary workaround.

Use case:

VMWARE                                                                          ---->        Openvswitch switch                                    ----->    Network probe
VSPAN mirroring session using GRE tunnels                        Desencapsulation
                                                                                                                And filtering on a dedicated host

Openvswitch configuration:

ovs-vsctl add-br br-outTrafic -- set Bridge br-outTrafic fail-mode=secure

ovs-vsctl add-port br-outTrafic eth4 \
                -- set Interface eth4 ofport_request=1
ovs-ofctl mod-port br-outTrafic eth4 up


ovs-vsctl add-port br-outTrafic gre0 \
-- set interface gre0 type=gre options:remote_ip=flow options:in_key=flow options:local_ip=<ip> \
-- set Interface gre0 ofport_request=2
ovs-ofctl mod-port br-outTrafic gre0 up


# send trafic to network probe
ovs-ofctl add-flow br-outTrafic \
                "cookie=4, table=0, priority=0,in_port=2, actions=output:1"


Regards,

Philippe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20150123/5afdb81b/attachment-0002.html>