[ovs-discuss] Issue while using Firewall/conntrack with OVS 2.5 + DPDK 2.2.0 in user mode
Daniele Di Proietto
diproiettod at vmware.com
Sat Jan 30 03:04:13 UTC 2016
On 29/01/2016 15:14, "Ben Pfaff" <blp at ovn.org> wrote:
>On Fri, Jan 29, 2016 at 12:02:04PM +0000, sourabh.bansal at wipro.com wrote:
>> Hi OVS Folk,
>>
>> I checked out OVS 2.5 branch code from git hub and building ovs 2.5
>>with DPDK 2.2.0 on Centos OS 7, kernel 3.18.22 and its building
>>successfully with below commands:
>>
>> ./configure --with-dpdk=/home../DPDK/x86_64-ivshmem-linuxapp-gcc
>>
>> But I am not able to see Firewall (conntrack) related commands support.
>>As shown below:
>>
>> [root at Potasium ovs-branch-2.5]# ./utilities/ovs-ofctl add-flow br0
>>table=1,in_port=2,ip,ct_state=+new,action=1
>> OFPT_ERROR (xid=0x6): OFPBMC_BAD_MASK
>> NXT_FLOW_MOD (xid=0x6):
>> (***truncated to 64 bytes from 80***)
>> 00000000 01 04 00 50 00 00 00 06-00 00 23 20 00 00 00 0d |...P......#
>>....|
>> 00000010 00 00 00 00 00 00 00 00-01 00 00 00 00 00 80 00
>>|................|
>> 00000020 ff ff ff ff ff ff 00 00-00 18 00 00 00 00 00 00
>>|................|
>> 00000030 00 00 00 02 00 02 00 00-06 02 08 00 00 01 d3 08
>>|................|
>>
>> I am getting above highlighted error and no flow is getting added. I
>>used many options as specified in ovs-ofctl man page.
>>
>> Then I found below command to configure OVS with linux.
>> ./configure --with-dpdk=$DPDK_BUILD --with-linux=/lib/modules/`uname
>>-r`/build
>>
>> It's building successfully but facing same issues while adding flows
>>with ovs-ofctl command using ct_state flags or ct.
>>
>> [root at Potasium ovs-branch-2.5]# ./ovs-branch-2.5/utilities/ovs-ofctl
>>add-flow br0 in_port=1,tcp,ct_state=+trk-new,actions=ct,output:2
>> OFPT_ERROR (xid=0x4): OFPBMC_BAD_MASK
>> NXT_FLOW_MOD (xid=0x4):
>> (***truncated to 64 bytes from 112***)
>> 00000000 01 04 00 70 00 00 00 04-00 00 23 20 00 00 00 0d |...p......#
>>....|
>> 00000010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 80 00
>>|................|
>> 00000020 ff ff ff ff ff ff 00 00-00 1d 00 00 00 00 00 00
>>|................|
>> 00000030 00 00 00 02 00 01 00 00-06 02 08 00 00 00 0c 01
>>|................|
>>
>> So, my questions are:
>> How to confirm whether conntrack is built and running with OVS + DPDK?
>>I can see the netlink_conntrack.o file in /lib dir.
>> Is Conntrack running in user mode with OVS and dpdk?
>> Am I using the right commands of connection tracker?
>
>The FAQ has feature support information:
>
>### Q: Are all features available with all datapaths?
>
>A: Open vSwitch supports different datapaths on different platforms. Each
> datapath has a different feature set: the following tables try to
>summarize
> the status.
>
> Supported datapaths:
>
> * *Linux upstream*: The datapath implemented by the kernel module
>shipped
> with Linux upstream. Since features have been
>gradually
> introduced into the kernel, the table mentions the
>first
> Linux release whose OVS module supports the
>feature.
>
> * *Linux OVS tree*: The datapath implemented by the Linux kernel module
> distributed with the OVS source tree. Some
>features of
> this module rely on functionality not available in
>older
> kernels: in this case the minumum Linux version
>(against
> which the feature can be compiled) is listed.
>
> * *Userspace*: Also known as DPDK, dpif-netdev or dummy datapath. It
>is the
> only datapath that works on NetBSD and FreeBSD.
>
> * *Hyper-V*: Also known as the Windows datapath.
>
> The following table lists the datapath supported features from
> an Open vSwitch user's perspective.
>
>Feature | Linux upstream | Linux OVS tree | Userspace |
>Hyper-V |
>----------------------|:--------------:|:--------------:|:---------:|:----
>---:|
>Connection tracking | 4.3 | 3.10 | NO |
>NO |
You can find a first version of the userspace connection tracker here:
http://openvswitch.org/pipermail/dev/2015-November/062228.html
I still need to handle some feedback and send out a v2, I hope I can do it
soon
More information about the discuss
mailing list