[ovs-discuss] Issue while using Firewall/conntrack with OVS 2.5 + DPDK 2.2.0 in user mode

Fischetti, Antonio antonio.fischetti at intel.com
Mon Feb 1 09:26:32 UTC 2016


Hi All,
I ran some tests by using the source code at
https://github.com/ddiproietto/ovs/tree/userconntrack_20151115

I could use the add-flow commands, the only thing was to remember the
" " like in the following

sudo $OVS_DIR/utilities/ovs-ofctl add-flow br0 "table=0,in_port=1,tcp,
ct_state=-trk,action=ct(commit,zone=9),2"

Antonio

> -----Original Message-----
> From: discuss [mailto:discuss-bounces at openvswitch.org] On Behalf Of
> Daniele Di Proietto
> Sent: Saturday, January 30, 2016 3:04 AM
> To: sourabh.bansal at wipro.com
> Cc: discuss at openvswitch.org
> Subject: Re: [ovs-discuss] Issue while using Firewall/conntrack with OVS 2.5 +
> DPDK 2.2.0 in user mode
> 
> 
> 
> On 29/01/2016 15:14, "Ben Pfaff" <blp at ovn.org> wrote:
> 
> >On Fri, Jan 29, 2016 at 12:02:04PM +0000, sourabh.bansal at wipro.com
> wrote:
> >> Hi OVS Folk,
> >>
> >> I checked out OVS 2.5 branch code from git hub and building ovs 2.5
> >>with DPDK 2.2.0 on Centos OS 7, kernel 3.18.22 and its building
> >>successfully with below commands:
> >>
> >> ./configure --with-dpdk=/home../DPDK/x86_64-ivshmem-linuxapp-gcc
> >>
> >> But I am not able to see Firewall (conntrack) related commands support.
> >>As shown below:
> >>
> >> [root at Potasium ovs-branch-2.5]# ./utilities/ovs-ofctl add-flow br0
> >>table=1,in_port=2,ip,ct_state=+new,action=1
> >> OFPT_ERROR (xid=0x6): OFPBMC_BAD_MASK
> >> NXT_FLOW_MOD (xid=0x6):
> >> (***truncated to 64 bytes from 80***)
> >> 00000000  01 04 00 50 00 00 00 06-00 00 23 20 00 00 00 0d |...P......#
> >>....|
> >> 00000010  00 00 00 00 00 00 00 00-01 00 00 00 00 00 80 00
> >>|................|
> >> 00000020  ff ff ff ff ff ff 00 00-00 18 00 00 00 00 00 00
> >>|................|
> >> 00000030  00 00 00 02 00 02 00 00-06 02 08 00 00 01 d3 08
> >>|................|
> >>
> >> I am getting above highlighted error and no flow is getting added. I
> >>used many options as specified in ovs-ofctl man page.
> >>
> >> Then I found below command to configure OVS with linux.
> >> ./configure --with-dpdk=$DPDK_BUILD --with-linux=/lib/modules/`uname
> >>-r`/build
> >>
> >> It's building successfully but facing same issues while adding flows
> >>with ovs-ofctl command using ct_state flags or ct.
> >>
> >> [root at Potasium ovs-branch-2.5]# ./ovs-branch-2.5/utilities/ovs-ofctl
> >>add-flow br0 in_port=1,tcp,ct_state=+trk-new,actions=ct,output:2
> >> OFPT_ERROR (xid=0x4): OFPBMC_BAD_MASK
> >> NXT_FLOW_MOD (xid=0x4):
> >> (***truncated to 64 bytes from 112***)
> >> 00000000  01 04 00 70 00 00 00 04-00 00 23 20 00 00 00 0d |...p......#
> >>....|
> >> 00000010  00 00 00 00 00 00 00 00-00 00 00 00 00 00 80 00
> >>|................|
> >> 00000020  ff ff ff ff ff ff 00 00-00 1d 00 00 00 00 00 00
> >>|................|
> >> 00000030  00 00 00 02 00 01 00 00-06 02 08 00 00 00 0c 01
> >>|................|
> >>
> >> So, my questions are:
> >> How to confirm whether conntrack is built and running with OVS + DPDK?
> >>I can see the netlink_conntrack.o file in /lib dir.
> >> Is Conntrack running in user mode with OVS and dpdk?
> >> Am I using the right commands of connection tracker?
> >
> >The FAQ has feature support information:
> >
> >### Q: Are all features available with all datapaths?
> >
> >A: Open vSwitch supports different datapaths on different platforms.  Each
> >   datapath has a different feature set: the following tables try to
> >summarize
> >   the status.
> >
> >   Supported datapaths:
> >
> >   * *Linux upstream*: The datapath implemented by the kernel module
> >shipped
> >                       with Linux upstream.  Since features have been
> >gradually
> >                       introduced into the kernel, the table mentions the
> >first
> >                       Linux release whose OVS module supports the
> >feature.
> >
> >   * *Linux OVS tree*: The datapath implemented by the Linux kernel module
> >                       distributed with the OVS source tree. Some
> >features of
> >                       this module rely on functionality not available in
> >older
> >                       kernels: in this case the minumum Linux version
> >(against
> >                       which the feature can be compiled) is listed.
> >
> >   * *Userspace*: Also known as DPDK, dpif-netdev or dummy datapath. It
> >is the
> >                  only datapath that works on NetBSD and FreeBSD.
> >
> >   * *Hyper-V*: Also known as the Windows datapath.
> >
> >   The following table lists the datapath supported features from
> >   an Open vSwitch user's perspective.
> >
> >Feature               | Linux upstream | Linux OVS tree | Userspace |
> >Hyper-V |
> >----------------------|:--------------:|:--------------:|:---------:|:----
> >---:|
> >Connection tracking   |      4.3       |       3.10     |    NO     |
> >NO    |
> 
> You can find a first version of the userspace connection tracker here:
> 
> http://openvswitch.org/pipermail/dev/2015-November/062228.html
> 
> I still need to handle some feedback and send out a v2, I hope I can do it
> soon
> 
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss


More information about the discuss mailing list