From xianghuir at gmail.com  Sat Jul  1 00:33:49 2017
From: xianghuir at gmail.com (Hui Xiang)
Date: Sat, 1 Jul 2017 08:33:49 +0800
Subject: [ovs-discuss] max mega flow 64k per pmd or per dpcls?
In-Reply-To: <FA0B93F3-C2D0-44C8-B1C9-6A11B65E0139@vmware.com>
References: <CAPbR-pug5HkLdKTt=_QHJXcLRV-8RAg1pO48gypJvWWTiucsvw@mail.gmail.com>
	<CAPbR-pucM8TPhQ1EbH=+kuE9LsEyqP1BnJxWVBv6WKkA10hzUQ@mail.gmail.com>
	<39989602-A66C-405A-83AF-77CDE30466DF@vmware.com>
	<CAPbR-pu8s7ZbdkwB5O9HR6JedW2JJ5zt4gmHJDR_47nQ9kmkow@mail.gmail.com>
	<CAPbR-pseErnNTruSt2ShoRK12MOH5OPED85XctBxkPFJEZPGDA@mail.gmail.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD3746E78F@IRSMSX104.ger.corp.intel.com>
	<AD65DF9C-717C-4191-ACB6-3BFC35F7D65C@vmware.com>
	<CAPbR-psY8DK4B1Gw63Y+9g_zs8DNxD4=tKuT_DHupmNw-xE17Q@mail.gmail.com>
	<FA0B93F3-C2D0-44C8-B1C9-6A11B65E0139@vmware.com>
Message-ID: <CAPbR-puQ9sxnpx994qrDfKSaVWsDaK0+cGuoqScE3fRnR2L1Aw@mail.gmail.com>

Thanks Darrell, comment inline.

On Sat, Jul 1, 2017 at 1:02 AM, Darrell Ball <dball at vmware.com> wrote:

>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Thursday, June 29, 2017 at 6:57 PM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"Bodireddy, Bhanuprakash" <bhanuprakash.bodireddy at intel.com>, "
> ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] max mega flow 64k per pmd or per dpcls?
>
>
>
> I am interested about how to define 'reasonable' here, how it is got and
> what what is the 'many case'? is there any document/link to refer this
> information, please shed me some light.
>
>
>
> It is based on real usage scenarios for the number of megaflows needed.
>
> The usage may be less in most cases.
>
> In cases where larger, it may imply that more threads are better and
> dividing among queues.
>
Yes, more threads are better, but the overall cores are limited, more
threads pinned on cores for OVS-DPDK, less available for vms.

>
>
> Why do think having more than 64k per PMD would be optimal ?
>
I originally thought that the bottleneck in classifier because it is
saturated full so that look up has to be going to flow table, so I think
why not just increase the dpcls flows per PMD, but seems I am wrong based
on your explanation.

> What is your use case(s) ?
>
My usecase might be setup a VBRAS VNF with OVS-DPDK as an NFV normal case,
and it requires a good performance, however, OVS-DPDK seems still not reach
its needs compared with  hardware offloading, we are evaluating VPP as
well, basically I am looking to find out what's the bottleneck so far in
OVS-DPDK (seems in flow look up), and if there are some solutions being
discussed or working in progress.

> Are you wanting for this number to be larger by default ?
>
I am not sure, I need to understand whether it is good or bad to set it
larger.

> Are you wanting for this number to be configurable ?
>
Probably good.

>
>
BTW, after reading part of DPDK document, it strengthens to decrease to
copy between cache and memory and get cache hit as much as possible to get
fewer cpu cycles to fetch data, but now I am totally lost on how does
OVS-DPDK emc and classifier map to the LLC.

>
>
> On Thu, Jun 29, 2017 at 10:47 PM, Darrell Ball <dball at vmware.com> wrote:
>
> Q: ?how it is calculated in such an exact number? ?
>
> A: It is a reasonable number to accommodate many cases.
>
> Q: ?If there are more ports added for polling, for avoid competing can I
> increase the 64k size into a
> bigger one??
>
> A: If a larger number is needed, it may imply that adding another PMD and
> dividing the forwarding
> work would be best.  Maybe even a smaller number of flows may be best
> served with more PMDs.
>
>
>
>
>
>
> On 6/29/17, 7:23 AM, "ovs-discuss-bounces at openvswitch.org on behalf of
> Bodireddy, Bhanuprakash" <ovs-discuss-bounces at openvswitch.org on behalf
> of bhanuprakash.bodireddy at intel.com> wrote:
>
>     >
>
>     >I guess the answer is now the general LLC is 2.5M per core so that
> there is 64k
>
>     >flows per thread.
>
>
>
>     AFAIK, the no. of flows here may not have to do anything with LLC.
> Also there is EMC cache(8k entries) of ~4MB per PMD thread.
>
>
>
>
>
>     Yes the performance will be nice with simple test cases (P2P with 1
> PMD thread) as most of this fits in to LLC. But in real scenarios  OvS-DPDK
> can be memory bound.
>
>
>
>     BTW, on my DUT the LLC is 35MB and has 28 cores and so the assumption
> of 2.5M/core isn't right.
>
>
>
>     - Bhanuprakash.
>
>
>
>     >
>
>     >On Fri, Jun 23, 2017 at 11:15 AM, Hui Xiang <xianghuir at gmail.com>
> wrote:
>
>     >Thanks Darrell,
>
>     >
>
>     >More questions:
>
>     >Why not allocating 64k for each dpcls? does the 64k just fit in L3
> cache or
>
>     >anywhere? how it is calculated in such an exact number?  If there are
> more
>
>     >ports added for polling, for avoid competing can I increase the 64k
> size into a
>
>     >bigger one? Thanks.
>
>     >
>
>     >Hui.
>
>     >
>
>     >
>
>
>     _______________________________________________
>     discuss mailing list
>     discuss at openvswitch.org
>     https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.
> openvswitch.org_mailman_listinfo_ovs-2Ddiscuss&d=DwIGaQ&c=
> uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=-
> aL2AdnELLqgfD2paHXevABAGM7lXVTVcc-WMLHqINE&s=pSk0G_pj9n5VvpbG_
> ukDYkjSnSmA9Q9h37XchMZofuU&e=
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170701/67609b3c/attachment-0001.html>

From lc1986 at gmail.com  Sun Jul  2 22:17:28 2017
From: lc1986 at gmail.com (Barrred Kola)
Date: Sun, 2 Jul 2017 23:17:28 +0100
Subject: [ovs-discuss] Some OVS 2.5.1 kernel driver performance
	measurements
In-Reply-To: <CAO3_t3gq8CctnvD8f=ZhTUY+t7cNEEUUhe2fQKhC+xBmirYZkA@mail.gmail.com>
References: <CAO3_t3iDp1BujPSDYcg=8r=bku_3RTHGC1SyUOz1MCcOHeQgnQ@mail.gmail.com>
	<CAO3_t3gq8CctnvD8f=ZhTUY+t7cNEEUUhe2fQKhC+xBmirYZkA@mail.gmail.com>
Message-ID: <CAO3_t3geU9yFzT_mUFLODYPOuytdQDUBGLGPRyyQ7-39hk9j8g@mail.gmail.com>

Dear All,

New measurement results are available. This time we examined the the most
recent release of OVS, namely version 2.7.0. For the first date, we use
only the kernel driver, but comparing the results to former measurements
conducted via earlier versions, the performance (in some cases) has been
(significantly) improved.
Results were fed back to NFPA website:

Check out the bridge use case with the most diverse traffic trace:
http://nfpa.tmit.bme.hu/index.php?page=compare&vnf_name=ovs|ovs|&vnf_ver=2.7.0|2.5.1|&vnf_func=bridge|bridge|&vnf_driver=kernel|kernel|&vnf_driver_version=4.9.0-2|3.16|&virt=no|no|&cpu_make=intel%20xeon|intel%20xeon|&cpu_model=e5-2620v3|e5-2620v3|&nic_make=intel|intel|&traffic_name=trpr_100000|trpr_100000|&nic_model=xl710|xl710|&bidir=FALSE|FALSE|&type=normal|normal|&prefix=1|1|&timestamp=2017-07-01%2011:32:26.26%2B02|2017-03-11%2023:08:53.05%2B01|&used_cores=0|0|&cfgdNFPA=true|true|&VNF_trace=trpr|trpr|

The same for the l2-switch use case:
http://nfpa.tmit.bme.hu/index.php?page=compare&vnf_name=ovs|ovs|&vnf_ver=2.5.1|2.7.0|&vnf_func=l2-switch|l2-switch|&vnf_driver=kernel|kernel|&vnf_driver_version=3.16|4.9.0-2|&virt=no|no|&cpu_make=intel%20xeon|intel%20xeon|&cpu_model=e5-2620v3|e5-2620v3|&nic_make=intel|intel|&traffic_name=trpr_100000|trpr_100000|&nic_model=xl710|xl710|&bidir=FALSE|FALSE|&type=normal|normal|&prefix=1|1|&timestamp=2017-03-14%2009:43:35.31%2B01|2017-07-01%2012:53:52.19%2B02|&used_cores=0|0|&cfgdNFPA=true|true|&VNF_trace=trpr|trpr|

The same for the l3-router use case:
http://nfpa.tmit.bme.hu/index.php?page=compare&vnf_name=ovs|ovs|&vnf_ver=2.7.0|2.5.1|&vnf_func=l3-router|l3-router|&vnf_driver=kernel|kernel|&vnf_driver_version=4.9.0-2|3.16|&virt=no|no|&cpu_make=intel%20xeon|intel%20xeon|&cpu_model=e5-2620v3|e5-2620v3|&nic_make=intel|intel|&traffic_name=trpr_100000|trpr_100000|&nic_model=xl710|xl710|&bidir=FALSE|FALSE|&type=normal|normal|&prefix=1|1|&timestamp=2017-07-01%2014:15:42.2%2B02|2017-03-14%2011:35:49.44%2B01|&used_cores=0|0|&cfgdNFPA=true|true|&VNF_trace=trpr|trpr|

To not overload this mail, check out the other 3-4 use cases by manually
setting the parameters via the form at:
http://nfpa.tmit.bme.hu/index.php?page=compare

Cheers,
Barry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170702/eced4bac/attachment.html>

From wangzhike at jd.com  Mon Jul  3 06:26:09 2017
From: wangzhike at jd.com (=?utf-8?B?546L5b+X5YWL?=)
Date: Mon, 3 Jul 2017 06:26:09 +0000
Subject: [ovs-discuss] What is the proper memory size for OVS+DPDK
Message-ID: <6DAF063A35010343823807B082E5681F1A724A22@mbx05.360buyAD.local>

Hi All,

I am wondering to know the best memory size for OVS+DPDK. Now the DPDK is initialized by ??socket-mem=1024,0?, and I am wondering what is the best value? Why not 2048, 4096?

Appreciate to know what determines the best number (like ovs itself consume x memory, VM itself consumes y memory?.)

Also, if OVS+DPDK uses more memory than the configured socket-mem, what is the behavior? Will ovs try to allocate the memory dynamically? Thanks.

Br,
Wang Zhike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170703/eb1bb75e/attachment-0001.html>

From bhanuprakash.bodireddy at intel.com  Mon Jul  3 09:00:05 2017
From: bhanuprakash.bodireddy at intel.com (Bodireddy, Bhanuprakash)
Date: Mon, 3 Jul 2017 09:00:05 +0000
Subject: [ovs-discuss] max mega flow 64k per pmd or per dpcls?
In-Reply-To: <CAPbR-puQ9sxnpx994qrDfKSaVWsDaK0+cGuoqScE3fRnR2L1Aw@mail.gmail.com>
References: <CAPbR-pug5HkLdKTt=_QHJXcLRV-8RAg1pO48gypJvWWTiucsvw@mail.gmail.com>
	<CAPbR-pucM8TPhQ1EbH=+kuE9LsEyqP1BnJxWVBv6WKkA10hzUQ@mail.gmail.com>
	<39989602-A66C-405A-83AF-77CDE30466DF@vmware.com>
	<CAPbR-pu8s7ZbdkwB5O9HR6JedW2JJ5zt4gmHJDR_47nQ9kmkow@mail.gmail.com>
	<CAPbR-pseErnNTruSt2ShoRK12MOH5OPED85XctBxkPFJEZPGDA@mail.gmail.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD3746E78F@IRSMSX104.ger.corp.intel.com>
	<AD65DF9C-717C-4191-ACB6-3BFC35F7D65C@vmware.com>
	<CAPbR-psY8DK4B1Gw63Y+9g_zs8DNxD4=tKuT_DHupmNw-xE17Q@mail.gmail.com>
	<FA0B93F3-C2D0-44C8-B1C9-6A11B65E0139@vmware.com>
	<CAPbR-puQ9sxnpx994qrDfKSaVWsDaK0+cGuoqScE3fRnR2L1Aw@mail.gmail.com>
Message-ID: <7EE4206A5F421D4FBA0A4623185DE2BD3746FDBF@IRSMSX104.ger.corp.intel.com>

It?s a long weekend in US and will try answering some of your questions in Darrell's absence.

>Why do think having more than 64k per PMD would be optimal ?
>I originally thought that the bottleneck in classifier because it is saturated full
>so that look up has to be going to flow table, so I think why not just increase
>the dpcls flows per PMD, but seems I am wrong based on your explanation.

For few use cases much of the bottleneck moves to Classifier when EMC is saturated. You may have
to add more  PMD threads (again this depends on the availability of cores in your case.)
As your initial investigation proved classifier is bottleneck, just curious about few things.
     -  In the 'dpif-netdev/pmd-stats-show' output, what does the ' avg. subtable lookups per hit:'  looks like?
     -  In steady state do 'dpcls_lookup()' top the list of functions with 'perf top'.

>What is your use case(s) ?
>My usecase might be setup a VBRAS VNF with OVS-DPDK as an NFV normal
>case, and it requires a good performance, however, OVS-DPDK seems still not
>reach its needs compared with ?hardware offloading, we are evaluating VPP as
>well, 
As you mentioned VPP here, It's worth looking at the benchmarks that were carried comparing
OvS and VPP for L3-VPN use case by Intel, Ericsson and was presented in OvS Fall conference.
The slides can be found @ http://openvswitch.org/support/ovscon2016/8/1400-gray.pdf.

basically I am looking to find out what's the bottleneck so far in OVS-
>DPDK (seems in flow look up), and if there are some solutions being discussed
>or working in progress.

I personally did some investigation in this area. One of the bottlenecks in classifier is due to sub-table lookup.
Murmur hash is used in OvS and it is  recommended enabling intrinsics with -march=native/CFLAGS="-msse4.2"  if not done. 
If you have more subtables, the lookups may be taking significant cycles.  I presume you are using OvS 2.7. Some optimizations
were done to  improve classifier  performance(subtable ranking, hash optimizations). 
If emc_lookup()/emc_insert() show up in top 5 functions taking significant cycles, worth disabling EMC as below.
          'ovs-vsctl set Open_vSwitch . other_config:emc-insert-inv-prob=0'

>Are you wanting for this number to be larger by default ?
>I am not sure, I need to understand whether it is good or bad to set it larger.
>Are you wanting for this number to be configurable ?
>Probably good.
>
>BTW, after reading part of DPDK document, it strengthens to decrease to copy
>between cache and memory and get cache hit as much as possible to get
>fewer cpu cycles to fetch data, but now I am totally lost on how does OVS-
>DPDK emc and classifier map to the LLC.

I didn't get your question here. PMD is like any other thread and has EMC and a classifier per ingress port.
The EMC,  classifier subtables and other data structures will make it to LLC when accessed. 

As already mentioned using RDT Cache Allocation Technology(CAT), one can assign cache ways to high priority threads
https://software.intel.com/en-us/articles/introduction-to-cache-allocation-technology

- Bhanuprakash.


From wangzhike at jd.com  Mon Jul  3 13:05:39 2017
From: wangzhike at jd.com (=?utf-8?B?546L5b+X5YWL?=)
Date: Mon, 3 Jul 2017 13:05:39 +0000
Subject: [ovs-discuss] How to specify the memory size for VM and OVS DPDK
 communication only?
Message-ID: <6DAF063A35010343823807B082E5681F1A724AE9@mbx05.360buyAD.local>

Hi,

I am reading OVS+DPDK, and it said hugetlbfs is needed for networking between VM and OVS. The question is:
1) How to specify the VM memory for other purpose (non networking with OVS Host)? Is it possible to NOT use the hugetlbfs for non networking?
2) If above is yes, what is the proper value for networking memory?
[cid:image001.png at 01D2F43E.D23EDAD0]

http://docs.openvswitch.org/en/latest/topics/dpdk/vhost-user/?highlight=vhost-user


Thanks.

Br,
Wang Zhike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170703/bb785ed1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 27818 bytes
Desc: image001.png
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170703/bb785ed1/attachment-0001.png>

From wangzhike at jd.com  Mon Jul  3 14:12:02 2017
From: wangzhike at jd.com (=?utf-8?B?546L5b+X5YWL?=)
Date: Mon, 3 Jul 2017 14:12:02 +0000
Subject: [ovs-discuss] How to specify the memory size for VM and OVS
 DPDK communication only?
Message-ID: <6DAF063A35010343823807B082E5681F1A724B12@mbx05.360buyAD.local>

Another question is:
Why ?-numa? option is needed to start the VM?

Wang Zhike

From: ???
Sent: Monday, July 03, 2017 9:06 PM
To: ovs-discuss at openvswitch.org
Subject: How to specify the memory size for VM and OVS DPDK communication only?

Hi,

I am reading OVS+DPDK, and it said hugetlbfs is needed for networking between VM and OVS. The question is:
1) How to specify the VM memory for other purpose (non networking with OVS Host)? Is it possible to NOT use the hugetlbfs for non networking?
2) If above is yes, what is the proper value for networking memory?
[cid:image001.png at 01D2F449.65B004B0]

http://docs.openvswitch.org/en/latest/topics/dpdk/vhost-user/?highlight=vhost-user


Thanks.

Br,
Wang Zhike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170703/766a3713/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 27818 bytes
Desc: image001.png
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170703/766a3713/attachment-0001.png>

From xianghuir at gmail.com  Mon Jul  3 14:41:29 2017
From: xianghuir at gmail.com (Hui Xiang)
Date: Mon, 3 Jul 2017 22:41:29 +0800
Subject: [ovs-discuss] max mega flow 64k per pmd or per dpcls?
In-Reply-To: <7EE4206A5F421D4FBA0A4623185DE2BD3746FDBF@IRSMSX104.ger.corp.intel.com>
References: <CAPbR-pug5HkLdKTt=_QHJXcLRV-8RAg1pO48gypJvWWTiucsvw@mail.gmail.com>
	<CAPbR-pucM8TPhQ1EbH=+kuE9LsEyqP1BnJxWVBv6WKkA10hzUQ@mail.gmail.com>
	<39989602-A66C-405A-83AF-77CDE30466DF@vmware.com>
	<CAPbR-pu8s7ZbdkwB5O9HR6JedW2JJ5zt4gmHJDR_47nQ9kmkow@mail.gmail.com>
	<CAPbR-pseErnNTruSt2ShoRK12MOH5OPED85XctBxkPFJEZPGDA@mail.gmail.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD3746E78F@IRSMSX104.ger.corp.intel.com>
	<AD65DF9C-717C-4191-ACB6-3BFC35F7D65C@vmware.com>
	<CAPbR-psY8DK4B1Gw63Y+9g_zs8DNxD4=tKuT_DHupmNw-xE17Q@mail.gmail.com>
	<FA0B93F3-C2D0-44C8-B1C9-6A11B65E0139@vmware.com>
	<CAPbR-puQ9sxnpx994qrDfKSaVWsDaK0+cGuoqScE3fRnR2L1Aw@mail.gmail.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD3746FDBF@IRSMSX104.ger.corp.intel.com>
Message-ID: <CAPbR-psT3v+9DoP-HxE_1thQ1RuxzvtGQx9Q++7UPur6mrK_yg@mail.gmail.com>

Thanks much Bodireddy again! comment inline.

On Mon, Jul 3, 2017 at 5:00 PM, Bodireddy, Bhanuprakash <
bhanuprakash.bodireddy at intel.com> wrote:

> It?s a long weekend in US and will try answering some of your questions in
> Darrell's absence.
>
> >Why do think having more than 64k per PMD would be optimal ?
> >I originally thought that the bottleneck in classifier because it is
> saturated full
> >so that look up has to be going to flow table, so I think why not just
> increase
> >the dpcls flows per PMD, but seems I am wrong based on your explanation.
>
> For few use cases much of the bottleneck moves to Classifier when EMC is
> saturated. You may have
> to add more  PMD threads (again this depends on the availability of cores
> in your case.)
> As your initial investigation proved classifier is bottleneck, just
> curious about few things.
>      -  In the 'dpif-netdev/pmd-stats-show' output, what does the ' avg.
> subtable lookups per hit:'  looks like?
>      -  In steady state do 'dpcls_lookup()' top the list of functions with
> 'perf top'.
>
> Those are great advices, I'll check more.

> >What is your use case(s) ?
> >My usecase might be setup a VBRAS VNF with OVS-DPDK as an NFV normal
> >case, and it requires a good performance, however, OVS-DPDK seems still
> not
> >reach its needs compared with  hardware offloading, we are evaluating VPP
> as
> >well,
> As you mentioned VPP here, It's worth looking at the benchmarks that were
> carried comparing
> OvS and VPP for L3-VPN use case by Intel, Ericsson and was presented in
> OvS Fall conference.
> The slides can be found @ http://openvswitch.org/
> support/ovscon2016/8/1400-gray.pdf.
>
In above pdf page 12, why does classifier showed a constant throughput with
increasing concurrent L4 flows? shouldn't the performance get degradation
with more subtable look up as you mentioned.

>
> basically I am looking to find out what's the bottleneck so far in OVS-
> >DPDK (seems in flow look up), and if there are some solutions being
> discussed
> >or working in progress.
>
> I personally did some investigation in this area. One of the bottlenecks
> in classifier is due to sub-table lookup.
> Murmur hash is used in OvS and it is  recommended enabling intrinsics with
> -march=native/CFLAGS="-msse4.2"  if not done.
> If you have more subtables, the lookups may be taking significant cycles.
> I presume you are using OvS 2.7. Some optimizations
> were done to  improve classifier  performance(subtable ranking, hash
> optimizations).
> If emc_lookup()/emc_insert() show up in top 5 functions taking significant
> cycles, worth disabling EMC as below.
>           'ovs-vsctl set Open_vSwitch . other_config:emc-insert-inv-
> prob=0'
>
Thanks much for your advice.

>
> >Are you wanting for this number to be larger by default ?
> >I am not sure, I need to understand whether it is good or bad to set it
> larger.
> >Are you wanting for this number to be configurable ?
> >Probably good.
> >
> >BTW, after reading part of DPDK document, it strengthens to decrease to
> copy
> >between cache and memory and get cache hit as much as possible to get
> >fewer cpu cycles to fetch data, but now I am totally lost on how does OVS-
> >DPDK emc and classifier map to the LLC.
>
> I didn't get your question here. PMD is like any other thread and has EMC
> and a classifier per ingress port.
> The EMC,  classifier subtables and other data structures will make it to
> LLC when accessed.
>
ACK.

>
> As already mentioned using RDT Cache Allocation Technology(CAT), one can
> assign cache ways to high priority threads
> https://software.intel.com/en-us/articles/introduction-to-
> cache-allocation-technology
>
> - Bhanuprakash.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170703/1b3245ac/attachment.html>

From bhanuprakash.bodireddy at intel.com  Mon Jul  3 14:57:37 2017
From: bhanuprakash.bodireddy at intel.com (Bodireddy, Bhanuprakash)
Date: Mon, 3 Jul 2017 14:57:37 +0000
Subject: [ovs-discuss] max mega flow 64k per pmd or per dpcls?
In-Reply-To: <CAPbR-psT3v+9DoP-HxE_1thQ1RuxzvtGQx9Q++7UPur6mrK_yg@mail.gmail.com>
References: <CAPbR-pug5HkLdKTt=_QHJXcLRV-8RAg1pO48gypJvWWTiucsvw@mail.gmail.com>
	<CAPbR-pucM8TPhQ1EbH=+kuE9LsEyqP1BnJxWVBv6WKkA10hzUQ@mail.gmail.com>
	<39989602-A66C-405A-83AF-77CDE30466DF@vmware.com>
	<CAPbR-pu8s7ZbdkwB5O9HR6JedW2JJ5zt4gmHJDR_47nQ9kmkow@mail.gmail.com>
	<CAPbR-pseErnNTruSt2ShoRK12MOH5OPED85XctBxkPFJEZPGDA@mail.gmail.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD3746E78F@IRSMSX104.ger.corp.intel.com>
	<AD65DF9C-717C-4191-ACB6-3BFC35F7D65C@vmware.com>
	<CAPbR-psY8DK4B1Gw63Y+9g_zs8DNxD4=tKuT_DHupmNw-xE17Q@mail.gmail.com>
	<FA0B93F3-C2D0-44C8-B1C9-6A11B65E0139@vmware.com>
	<CAPbR-puQ9sxnpx994qrDfKSaVWsDaK0+cGuoqScE3fRnR2L1Aw@mail.gmail.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD3746FDBF@IRSMSX104.ger.corp.intel.com>
	<CAPbR-psT3v+9DoP-HxE_1thQ1RuxzvtGQx9Q++7UPur6mrK_yg@mail.gmail.com>
Message-ID: <7EE4206A5F421D4FBA0A4623185DE2BD37470120@IRSMSX104.ger.corp.intel.com>

>>What is your use case(s) ?
>>My usecase might be setup a VBRAS VNF with OVS-DPDK as an NFV normal
>>case, and it requires a good performance, however, OVS-DPDK seems still
>not
>>reach its needs compared with ?hardware offloading, we are evaluating VPP
>as
>>well,
>As you mentioned VPP here, It's worth looking at the benchmarks that were
>carried comparing
>OvS and VPP for L3-VPN use case by Intel, Ericsson and was presented in OvS
>Fall conference.
>The slides can be found @
>http://openvswitch.org/support/ovscon2016/8/1400-gray.pdf.
>In above pdf page 12, why does classifier showed a constant throughput with
>increasing concurrent L4 flows? shouldn't the performance get degradation
>with more subtable look up as you mentioned.

You raised a good point. The reason being the 'sorted subtable ranking' implementation in 2.7 release.
With this we will have the subtable vector sorted by frequency of hits and this reduces the number of subtable lookups.
That is the reason why I asked for the ' avg. subtable lookups per hit:'  number.

I recommend watching the video of the presentation here https://www.youtube.com/watch?v=cxRcfn2x4eE , as the
bottlenecks you are referring in this thread are more or less similar to ones discussed at the conference. 

- Bhanuprakash.

From bhanuprakash.bodireddy at intel.com  Mon Jul  3 15:08:40 2017
From: bhanuprakash.bodireddy at intel.com (Bodireddy, Bhanuprakash)
Date: Mon, 3 Jul 2017 15:08:40 +0000
Subject: [ovs-discuss] How to specify the memory size for VM and OVS
 DPDK communication only?
In-Reply-To: <6DAF063A35010343823807B082E5681F1A724B12@mbx05.360buyAD.local>
References: <6DAF063A35010343823807B082E5681F1A724B12@mbx05.360buyAD.local>
Message-ID: <7EE4206A5F421D4FBA0A4623185DE2BD37470144@IRSMSX104.ger.corp.intel.com>

>
>Another question is:
>Why ?-numa? option is needed to start the VM?

It's worth referring this link  http://download.qemu.org/qemu-doc.html  for all the information on the qemu arguments.

- Bhanuprakash.


>
>Wang Zhike
>
>From: ???
>Sent: Monday, July 03, 2017 9:06 PM
>To: ovs-discuss at openvswitch.org
>Subject: How to specify the memory size for VM and OVS DPDK
>communication only?
>
>Hi,
>
>I am reading OVS+DPDK, and it said hugetlbfs is needed for networking
>between VM and OVS. The question is:
>1) How to specify the VM memory for other purpose (non networking with
>OVS Host)? Is it possible to NOT use the hugetlbfs for non networking?
>2) If above is yes, what is the proper value for networking memory?
>
>
>http://docs.openvswitch.org/en/latest/topics/dpdk/vhost-
>user/?highlight=vhost-user
>
>
>Thanks.
>
>Br,
>Wang Zhike

From ajones at genband.com  Tue Jul  4 01:00:01 2017
From: ajones at genband.com (Alex Jones)
Date: Mon, 3 Jul 2017 21:00:01 -0400
Subject: [ovs-discuss] OVN DHCP implementation ignores broadcast bit
Message-ID: <96bc4082-b40b-22b1-db52-e05669bf3212@genband.com>

An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170703/f1b91720/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170703/f1b91720/attachment.sig>

From xianghuir at gmail.com  Tue Jul  4 01:43:48 2017
From: xianghuir at gmail.com (Hui Xiang)
Date: Tue, 4 Jul 2017 09:43:48 +0800
Subject: [ovs-discuss] max mega flow 64k per pmd or per dpcls?
In-Reply-To: <7EE4206A5F421D4FBA0A4623185DE2BD37470120@IRSMSX104.ger.corp.intel.com>
References: <CAPbR-pug5HkLdKTt=_QHJXcLRV-8RAg1pO48gypJvWWTiucsvw@mail.gmail.com>
	<CAPbR-pucM8TPhQ1EbH=+kuE9LsEyqP1BnJxWVBv6WKkA10hzUQ@mail.gmail.com>
	<39989602-A66C-405A-83AF-77CDE30466DF@vmware.com>
	<CAPbR-pu8s7ZbdkwB5O9HR6JedW2JJ5zt4gmHJDR_47nQ9kmkow@mail.gmail.com>
	<CAPbR-pseErnNTruSt2ShoRK12MOH5OPED85XctBxkPFJEZPGDA@mail.gmail.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD3746E78F@IRSMSX104.ger.corp.intel.com>
	<AD65DF9C-717C-4191-ACB6-3BFC35F7D65C@vmware.com>
	<CAPbR-psY8DK4B1Gw63Y+9g_zs8DNxD4=tKuT_DHupmNw-xE17Q@mail.gmail.com>
	<FA0B93F3-C2D0-44C8-B1C9-6A11B65E0139@vmware.com>
	<CAPbR-puQ9sxnpx994qrDfKSaVWsDaK0+cGuoqScE3fRnR2L1Aw@mail.gmail.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD3746FDBF@IRSMSX104.ger.corp.intel.com>
	<CAPbR-psT3v+9DoP-HxE_1thQ1RuxzvtGQx9Q++7UPur6mrK_yg@mail.gmail.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD37470120@IRSMSX104.ger.corp.intel.com>
Message-ID: <CAPbR-pvJCaoa-dLMevboDZhW=g-E3iBUqTftmHAqS5-f=nti=A@mail.gmail.com>

Your help was greatly appreciated, thanks Bodireddy.

On Mon, Jul 3, 2017 at 10:57 PM, Bodireddy, Bhanuprakash <
bhanuprakash.bodireddy at intel.com> wrote:

> >>What is your use case(s) ?
> >>My usecase might be setup a VBRAS VNF with OVS-DPDK as an NFV normal
> >>case, and it requires a good performance, however, OVS-DPDK seems still
> >not
> >>reach its needs compared with  hardware offloading, we are evaluating VPP
> >as
> >>well,
> >As you mentioned VPP here, It's worth looking at the benchmarks that were
> >carried comparing
> >OvS and VPP for L3-VPN use case by Intel, Ericsson and was presented in
> OvS
> >Fall conference.
> >The slides can be found @
> >http://openvswitch.org/support/ovscon2016/8/1400-gray.pdf.
> >In above pdf page 12, why does classifier showed a constant throughput
> with
> >increasing concurrent L4 flows? shouldn't the performance get degradation
> >with more subtable look up as you mentioned.
>
> You raised a good point. The reason being the 'sorted subtable ranking'
> implementation in 2.7 release.
> With this we will have the subtable vector sorted by frequency of hits and
> this reduces the number of subtable lookups.
> That is the reason why I asked for the ' avg. subtable lookups per hit:'
> number.
>
> I recommend watching the video of the presentation here
> https://www.youtube.com/watch?v=cxRcfn2x4eE , as the
> bottlenecks you are referring in this thread are more or less similar to
> ones discussed at the conference.
>
> - Bhanuprakash.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170704/7e29ff18/attachment-0001.html>

From cynthia_zhang123 at 163.com  Tue Jul  4 03:24:41 2017
From: cynthia_zhang123 at 163.com (cynthiazhang)
Date: Tue, 4 Jul 2017 11:24:41 +0800 (CST)
Subject: [ovs-discuss] Questions about Replacement  Policy in emc_insert()
Message-ID: <71c402e8.7fd5.15d0ba0ebfc.Coremail.cynthia_zhang123@163.com>

Hi:
When I read the code of emc_cache in dips-netdev.c, I could not understand the replacement policy below in emc_insert() as follows():
      /* Replacement policy: put the flow in an empty (not alive) entry, or
         * in the first entry where it can be */
        if (!to_be_replaced
            || (emc_entry_alive(to_be_replaced)
                && !emc_entry_alive(current_entry))
            || current_entry->key.hash < to_be_replaced->key.hash) {
            to_be_replaced = current_entry;
        }
1)The EMC_FOR_EACH_POS_WITH_HASH makes us have two locations to put the flow in. If the first entry is dead and the function emc_cache_slow_sweep() has not clear this entry, and the second entry is also in the same condition. So does this mean that we should compare the hash value of each entry?If so ,why we choose the smaller hash value to put the new flow in? How to understand the "first place" in the Replacement Policy?
2)So the second question is when we should compare the value of the two entries? And why we do this?
3)Besides, why we define EM_FLOW_HASH_SEGS as 2? 


Thanks,
Cynthia.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170704/7af57b5d/attachment.html>

From dickens.yeh at gmail.com  Tue Jul  4 07:27:50 2017
From: dickens.yeh at gmail.com (Dickens Yeh)
Date: Tue, 4 Jul 2017 15:27:50 +0800
Subject: [ovs-discuss] Cannot match correct ethertype after POP vlan and
	GOTO table
Message-ID: <CAFw10rE6ZxM0DmNPYRG0ewSfMhLxNvynM=oAQUgaMfj4Kn4Qzg@mail.gmail.com>

Hi,
I have an question, and I haven't found any OpenFlow Spec to defined it ,
please give me a help.

I am trying to work with 3 vlan tags, but it cannot match correct ethertype
after pop 1 vlan tag.
OVS Bridge already set with vlan-limit = 0, and it can watch over 2 vlan
and match the correct ethertype like ARP.

My question is:  the packet have 3 vlan tags, pop 1 vlan tag and goto-table
1. In table 1, will it match with the new packet (modified) or the original
packet like in table 0?

Thanks for answering my question.

best wishes,
Dickens Yeh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170704/ac377062/attachment.html>

From bhanuprakash.bodireddy at intel.com  Tue Jul  4 09:01:52 2017
From: bhanuprakash.bodireddy at intel.com (Bodireddy, Bhanuprakash)
Date: Tue, 4 Jul 2017 09:01:52 +0000
Subject: [ovs-discuss] Questions about Replacement Policy in emc_insert()
In-Reply-To: <71c402e8.7fd5.15d0ba0ebfc.Coremail.cynthia_zhang123@163.com>
References: <71c402e8.7fd5.15d0ba0ebfc.Coremail.cynthia_zhang123@163.com>
Message-ID: <7EE4206A5F421D4FBA0A4623185DE2BD37470882@IRSMSX104.ger.corp.intel.com>

>Hi:
>When I read the code of emc_cache in dips-netdev.c, I could not understand
>the replacement policy below in emc_insert() as follows():
>? ? ? /* Replacement policy: put the flow in an empty (not alive) entry, or
>? ? ? ? ?* in the first entry where it can be */
>? ? ? ? if (!to_be_replaced
>? ? ? ? ? ? || (emc_entry_alive(to_be_replaced)
>? ? ? ? ? ? ? ? && !emc_entry_alive(current_entry))
>? ? ? ? ? ? || current_entry->key.hash < to_be_replaced->key.hash) {
>? ? ? ? ? ? to_be_replaced = current_entry;
>? ? ? ? }
>1)The EMC_FOR_EACH_POS_WITH_HASH makes us have two locations to put
>the flow in. If the first entry is dead and the
>function?emc_cache_slow_sweep() has not clear this entry, and the second
>entry is also in the same condition. So does this mean that we should compare
>the hash value of each entry?If so ,why we choose the smaller hash value to
>put the new flow in? How to understand the "first place" in the Replacement
>Policy?
>2)So the second question is when we should compare the value of the two
>entries? And why we do this?
>3)Besides, why we define EM_FLOW_HASH_SEGS as 2?

AFAIK, cuckoo hash is used for this implementation. You should read 'Optimistic Concurrent Cuckoo Hash'  
description in https://github.com/openvswitch/ovs/blob/master/lib/cmap.c
This will give greater insights In to cuckoo hash and answers all the above questions. 

-  Bhanuprakash.


From aserdean at cloudbasesolutions.com  Tue Jul  4 12:18:46 2017
From: aserdean at cloudbasesolutions.com (Alin Serdean)
Date: Tue, 4 Jul 2017 12:18:46 +0000
Subject: [ovs-discuss] OVN DHCP implementation ignores broadcast bit
In-Reply-To: <96bc4082-b40b-22b1-db52-e05669bf3212@genband.com>
References: <96bc4082-b40b-22b1-db52-e05669bf3212@genband.com>
Message-ID: <6FDA0CACF4BC624BBE12167875D71C9B409C08DB@CBSEX1.cloudbase.local>

Hi Alex,

You can send it to dev at openvswitch.org<mailto:dev at openvswitch.org> or create a new pull request via github.

Thanks,
Alin.

From: ovs-discuss-bounces at openvswitch.org [mailto:ovs-discuss-bounces at openvswitch.org] On Behalf Of Alex Jones
Sent: Tuesday, July 4, 2017 4:00 AM
To: ovs-discuss at openvswitch.org
Subject: [ovs-discuss] OVN DHCP implementation ignores broadcast bit


Hi All,

  I have OVN up and running (version 2.7), and it is working well except for one case. We have a VM which uses its own IP stack and does not accept unicast DHCP offers. After examining the OVN code, I found that it currently doesn't support the broadcast bit if set by the client.

  I didn't see any bugs regarding this, so I did a patch myself. The patch modifies put_dhcp_options to return 2 if the broadcast bit was set in the DISCOVER/REQUEST, and 1 if not set (both indicate success). Then I modified the current logical flow to check if the return code is 1, then execute the current logical flow. I added a new logical flow to handle the broadcast bit set case. If the return value from put_dhcp_options is 2, the new flow is executed which sets the dest MAC and dest IP to broadcast.

  I'd like to submit this. Do I just post it here?

Alex


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170704/5f67c027/attachment.html>

From Volkan.Atli at argela.com.tr  Tue Jul  4 17:52:06 2017
From: Volkan.Atli at argela.com.tr (Ali Volkan Atli)
Date: Tue, 4 Jul 2017 17:52:06 +0000
Subject: [ovs-discuss] set-controller for IPv6 gives invalid argument error
Message-ID: <871e620f2193436fa5cddc3cbac1c929@MX2.argela.com.tr>

Hi 

I'm trying to connect OVS to a controller using IPv6 as below, but it is not working.

# sudo ovs-vsctl set-controller s1 tcp:[fe80::41f3:ab56:bbab:a528]

However, it gives the following error: 

2017-07-04T17:47:00Z|00730|rconn|WARN|s1<->tcp:[fe80::41f3:ab56:bbab:a528]: connection failed (Invalid argument)
2017-07-04T17:47:08Z|00731|stream_tcp|ERR|tcp:[fe80::41f3:ab56:bbab:a528]: connect: Invalid argument

When I check ping6, I can ping

# ping6 -I eth0 fe80::41f3:ab56:bbab:a528
PING fe80::41f3:ab56:bbab:a528(fe80::41f3:ab56:bbab:a528) from fe80::f22:a6c2:6603:13b eth0: 56 data bytes
64 bytes from fe80::41f3:ab56:bbab:a528: icmp_seq=1 ttl=128 time=0.429 ms
64 bytes from fe80::41f3:ab56:bbab:a528: icmp_seq=2 ttl=128 time=0.740 ms

What should I do? Thanks in advance..

- Volkan

From cynthia_zhang123 at 163.com  Wed Jul  5 01:36:17 2017
From: cynthia_zhang123 at 163.com (cynthiazhang)
Date: Wed, 5 Jul 2017 09:36:17 +0800 (CST)
Subject: [ovs-discuss] Questions about Replacement Policy in emc_insert()
In-Reply-To: <7EE4206A5F421D4FBA0A4623185DE2BD37470882@IRSMSX104.ger.corp.intel.com>
References: <71c402e8.7fd5.15d0ba0ebfc.Coremail.cynthia_zhang123@163.com>
	<7EE4206A5F421D4FBA0A4623185DE2BD37470882@IRSMSX104.ger.corp.intel.com>
Message-ID: <5f83781e.39cc.15d10640939.Coremail.cynthia_zhang123@163.com>

From my point of view, the emc_cache in OVS is microflow cache, and it is not implemented  by cuckoo hash. And the second level cache -- megaflow cache uses cuckoo hash.


Thanks.
At 2017-07-04 17:01:52, "Bodireddy, Bhanuprakash" <bhanuprakash.bodireddy at intel.com> wrote:
>>Hi:
>>When I read the code of emc_cache in dips-netdev.c, I could not understand
>>the replacement policy below in emc_insert() as follows():
>>      /* Replacement policy: put the flow in an empty (not alive) entry, or
>>         * in the first entry where it can be */
>>        if (!to_be_replaced
>>            || (emc_entry_alive(to_be_replaced)
>>                && !emc_entry_alive(current_entry))
>>            || current_entry->key.hash < to_be_replaced->key.hash) {
>>            to_be_replaced = current_entry;
>>        }
>>1)The EMC_FOR_EACH_POS_WITH_HASH makes us have two locations to put
>>the flow in. If the first entry is dead and the
>>function emc_cache_slow_sweep() has not clear this entry, and the second
>>entry is also in the same condition. So does this mean that we should compare
>>the hash value of each entry?If so ,why we choose the smaller hash value to
>>put the new flow in? How to understand the "first place" in the Replacement
>>Policy?
>>2)So the second question is when we should compare the value of the two
>>entries? And why we do this?
>>3)Besides, why we define EM_FLOW_HASH_SEGS as 2?
>
>AFAIK, cuckoo hash is used for this implementation. You should read 'Optimistic Concurrent Cuckoo Hash'  
>description in https://github.com/openvswitch/ovs/blob/master/lib/cmap.c
>This will give greater insights In to cuckoo hash and answers all the above questions. 
>
>-  Bhanuprakash.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170705/01916014/attachment-0001.html>

From wangzhike at jd.com  Wed Jul  5 01:44:35 2017
From: wangzhike at jd.com (=?utf-8?B?546L5b+X5YWL?=)
Date: Wed, 5 Jul 2017 01:44:35 +0000
Subject: [ovs-discuss] How to specify the memory size for VM and OVS
 DPDK communication only?
In-Reply-To: <7EE4206A5F421D4FBA0A4623185DE2BD37470144@IRSMSX104.ger.corp.intel.com>
References: <6DAF063A35010343823807B082E5681F1A724B12@mbx05.360buyAD.local>
	<7EE4206A5F421D4FBA0A4623185DE2BD37470144@IRSMSX104.ger.corp.intel.com>
Message-ID: <6DAF063A35010343823807B082E5681F1A724C46@mbx05.360buyAD.local>

Thanks. Now my understanding of using numa for vhost-user port is to have "shared=on" for the hugepage. It does not have any relationship with numa. It just wants to use the param "MemAccess" in numa. Is my understanding correct?

In addition, anyone have idea bout my question 1 and 2? I am wondering whether hugepage can only be used for networking but not for all.

Br,
Wang Zhike

-----Original Message-----
From: Bodireddy, Bhanuprakash [mailto:bhanuprakash.bodireddy at intel.com] 
Sent: Monday, July 03, 2017 11:09 PM
To: ???; ovs-discuss at openvswitch.org
Subject: RE: [ovs-discuss] How to specify the memory size for VM and OVS DPDK communication only?

>
>Another question is:
>Why ?-numa? option is needed to start the VM?

It's worth referring this link  http://download.qemu.org/qemu-doc.html  for all the information on the qemu arguments.

- Bhanuprakash.


>
>Wang Zhike
>
>From: ???
>Sent: Monday, July 03, 2017 9:06 PM
>To: ovs-discuss at openvswitch.org
>Subject: How to specify the memory size for VM and OVS DPDK
>communication only?
>
>Hi,
>
>I am reading OVS+DPDK, and it said hugetlbfs is needed for networking
>between VM and OVS. The question is:
>1) How to specify the VM memory for other purpose (non networking with
>OVS Host)? Is it possible to NOT use the hugetlbfs for non networking?
>2) If above is yes, what is the proper value for networking memory?
>
>
>http://docs.openvswitch.org/en/latest/topics/dpdk/vhost-
>user/?highlight=vhost-user
>
>
>Thanks.
>
>Br,
>Wang Zhike

From nusiddiq at redhat.com  Wed Jul  5 03:39:48 2017
From: nusiddiq at redhat.com (Numan Siddique)
Date: Wed, 5 Jul 2017 09:09:48 +0530
Subject: [ovs-discuss] OVN DHCP implementation ignores broadcast bit
In-Reply-To: <6FDA0CACF4BC624BBE12167875D71C9B409C08DB@CBSEX1.cloudbase.local>
References: <96bc4082-b40b-22b1-db52-e05669bf3212@genband.com>
	<6FDA0CACF4BC624BBE12167875D71C9B409C08DB@CBSEX1.cloudbase.local>
Message-ID: <CAH=CPzoEK13O=YoLD3b0QF9O46hWjADicL=xY37QbDO=k-CV8A@mail.gmail.com>

On Tue, Jul 4, 2017 at 5:48 PM, Alin Serdean <
aserdean at cloudbasesolutions.com> wrote:

> Hi Alex,
>
>
>
> You can send it to dev at openvswitch.org or create a new pull request via
> github.
>
>
>
> Thanks,
>
> Alin.
>
>
>
> *From:* ovs-discuss-bounces at openvswitch.org [mailto:ovs-discuss-bounces@
> openvswitch.org] *On Behalf Of *Alex Jones
> *Sent:* Tuesday, July 4, 2017 4:00 AM
> *To:* ovs-discuss at openvswitch.org
> *Subject:* [ovs-discuss] OVN DHCP implementation ignores broadcast bit
>
>
>
> Hi All,
>
>   I have OVN up and running (version 2.7), and it is working well except
> for one case. We have a VM which uses its own IP stack and does not accept
> unicast DHCP offers. After examining the OVN code, I found that it
> currently doesn't support the broadcast bit if set by the client.
>
>   I didn't see any bugs regarding this, so I did a patch myself. The patch
> modifies put_dhcp_options to return 2 if the broadcast bit was set in the
> DISCOVER/REQUEST, and 1 if not set (both indicate success). Then I modified
> the current logical flow to check if the return code is 1, then execute the
> current logical flow. I added a new logical flow to handle the broadcast
> bit set case. If the return value from put_dhcp_options is 2, the new flow
> is executed which sets the dest MAC and dest IP to broadcast.
>
>   I'd like to submit this. Do I just post it here?
>
> Alex
>
>
The other simpler approach could be to set "ip4.dst and eth.dst" to
broadcast addresses if broadcast bit is set, giaddr and ciaddr is 0 (as per
the RFC - https://www.ietf.org/rfc/rfc2131.txt) in the function
"pinctrl_handle_put_dhcp_opts" (in ovn/controller/pinctrl.c) and modify
ovn-northd.c to not set the eth.dst and ip4.dst fields in the
S_SWITCH_IN_DHCP_RESPONSE  pipeline.

Probably we should also set ip4.dst to giaddr (to support dhcp relay) if it
is set.

Thanks
Numan


>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170705/b41de4de/attachment.html>

From hschoi at os.korea.ac.kr  Wed Jul  5 05:05:47 2017
From: hschoi at os.korea.ac.kr (Heung Sik Choi)
Date: Wed, 5 Jul 2017 14:05:47 +0900
Subject: [ovs-discuss] Is running vswitchd of dpdk-ovs as secondary process?
Message-ID: <CAAZV7DD=wsfScvYY79E-Q2nXBQrkSyaJMyWNwn2ENN=PpM2B9A@mail.gmail.com>

Hi,

I've used dpdk-ovs and studied it. Recently I came to know that DPDK
applications can be run as primary or secondary process.

So, I'm wondering if there is secondary process when ovs-dpdk is run.

Especially, is ovs-vswitchd run as secondary process?

Please let me know if you have any insights.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170705/a2328fc9/attachment.html>

From gvrose8192 at gmail.com  Wed Jul  5 10:35:11 2017
From: gvrose8192 at gmail.com (Greg Rose)
Date: Wed, 5 Jul 2017 11:35:11 +0100
Subject: [ovs-discuss] OVN DHCP implementation ignores broadcast bit
In-Reply-To: <96bc4082-b40b-22b1-db52-e05669bf3212@genband.com>
References: <96bc4082-b40b-22b1-db52-e05669bf3212@genband.com>
Message-ID: <CALgkqUp_XevKzaN1eou-gmf3w8GHjogWc4wRUCPShzpvcdnVKQ@mail.gmail.com>

On Tue, Jul 4, 2017 at 2:00 AM, Alex Jones <ajones at genband.com> wrote:

> Hi All,
>
>   I have OVN up and running (version 2.7), and it is working well except
> for one case. We have a VM which uses its own IP stack and does not accept
> unicast DHCP offers. After examining the OVN code, I found that it
> currently doesn't support the broadcast bit if set by the client.
>
>   I didn't see any bugs regarding this, so I did a patch myself. The patch
> modifies put_dhcp_options to return 2 if the broadcast bit was set in the
> DISCOVER/REQUEST, and 1 if not set (both indicate success). Then I modified
> the current logical flow to check if the return code is 1, then execute the
> current logical flow. I added a new logical flow to handle the broadcast
> bit set case. If the return value from put_dhcp_options is 2, the new flow
> is executed which sets the dest MAC and dest IP to broadcast.
>
>   I'd like to submit this. Do I just post it here?
>
> Alex
>
> ?
>
?Patches should be posted to the Open vSwitch dev list -
ovs-dev at openvswitch.org?


?Thanks,?

- Greg

> ?
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170705/13a440d3/attachment.html>

From matecs at niif.hu  Wed Jul  5 14:52:25 2017
From: matecs at niif.hu (matecs)
Date: Wed, 5 Jul 2017 16:52:25 +0200
Subject: [ovs-discuss] eompls support
Message-ID: <168df0bf-cad2-78ec-894e-799ae92ca48f@niif.hu>

hi,

i'm developing a router (freerouter.nop.hu) which supports openflow for 
table export.

most of the layer3 things are working now including routing, mpls, but i 
cannot find

a useful action for the ethernet over mpls (or vpls, which is a 
collection of eompls tunnels).

for it, i would need to be able to push an ethernet header with the 
original source/destination

mac addresses and ethertype.

did i missed something, or eompls is really impossible with openflow?

if the latter, can you propagate a "push/pop ethernet header" action to 
the next openflow standard?

thanks in advance,

csaba mate




From blp at ovn.org  Thu Jul  6 00:21:19 2017
From: blp at ovn.org (Ben Pfaff)
Date: Wed, 5 Jul 2017 17:21:19 -0700
Subject: [ovs-discuss] set-controller for IPv6 gives invalid argument
 error
In-Reply-To: <871e620f2193436fa5cddc3cbac1c929@MX2.argela.com.tr>
References: <871e620f2193436fa5cddc3cbac1c929@MX2.argela.com.tr>
Message-ID: <20170706002119.GH16370@ovn.org>

On Tue, Jul 04, 2017 at 05:52:06PM +0000, Ali Volkan Atli wrote:
> Hi 
> 
> I'm trying to connect OVS to a controller using IPv6 as below, but it is not working.
> 
> # sudo ovs-vsctl set-controller s1 tcp:[fe80::41f3:ab56:bbab:a528]
> 
> However, it gives the following error: 
> 
> 2017-07-04T17:47:00Z|00730|rconn|WARN|s1<->tcp:[fe80::41f3:ab56:bbab:a528]: connection failed (Invalid argument)
> 2017-07-04T17:47:08Z|00731|stream_tcp|ERR|tcp:[fe80::41f3:ab56:bbab:a528]: connect: Invalid argument
> 
> When I check ping6, I can ping
> 
> # ping6 -I eth0 fe80::41f3:ab56:bbab:a528
> PING fe80::41f3:ab56:bbab:a528(fe80::41f3:ab56:bbab:a528) from fe80::f22:a6c2:6603:13b eth0: 56 data bytes
> 64 bytes from fe80::41f3:ab56:bbab:a528: icmp_seq=1 ttl=128 time=0.429 ms
> 64 bytes from fe80::41f3:ab56:bbab:a528: icmp_seq=2 ttl=128 time=0.740 ms
> 
> What should I do? Thanks in advance..

Interesting, I'd never even heard of such issues.

I sent a patch that should allow you to use this via:
        sudo ovs-vsctl set-controller s1 'tcp:[fe80::41f3:ab56:bbab:a528%eth0]'

(I recommend quoting anything with shell metacharacters like [], by the
way.)

From juanlucruz at gmail.com  Tue Jul  4 14:40:25 2017
From: juanlucruz at gmail.com (Juan Luis de la Cruz)
Date: Tue, 4 Jul 2017 16:40:25 +0200
Subject: [ovs-discuss] Using openvswitch with mpls and tcp
Message-ID: <9e060da2-392f-1c85-508f-b9522078b147@gmail.com>

Hi,

Im having issues using openvswitch and mpls. In this case scenario, we 
use MPLS labeling, and Open vSwitch as software-switches. We are using 2 
server nodes with ovs 2.6.0, with kernel modules loaded, and 2 hosts.

They are directly connected through 1 Gigabit Ethernet connections, and 
there is arround 1 ms of rtt, and in the case of the first packet less 
than 3 ms (using ping utility). Im using Iperf3 for doing the tests. The 
first test is the performance reached without using mpls labeling, and 
the second test is using mpls labeling. The MTU is adjusted so as not to 
have fragmentation. I tried adjusting the congestion window and other 
parameters like TCP algorithm used.

|mar jul 4 12:21:09 CEST 2017 Connecting to host 192.168.20.2, port 5201 
[ 4] local 192.168.20.1 port 43526 connected to 192.168.20.2 port 5201 [ 
ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 112 MBytes 
943 Mbits/sec 0 450 KBytes [ 4] 1.00-2.00 sec 112 MBytes 937 Mbits/sec 0 
516 KBytes [ 4] 2.00-3.00 sec 112 MBytes 938 Mbits/sec 0 571 KBytes [ 4] 
3.00-4.00 sec 112 MBytes 937 Mbits/sec 0 625 KBytes [ 4] 4.00-5.00 sec 
112 MBytes 943 Mbits/sec 0 633 KBytes [ 4] 5.00-6.00 sec 111 MBytes 933 
Mbits/sec 0 633 KBytes [ 4] 6.00-7.00 sec 111 MBytes 933 Mbits/sec 0 664 
KBytes [ 4] 7.00-8.00 sec 112 MBytes 944 Mbits/sec 0 664 KBytes [ 4] 
8.00-9.00 sec 111 MBytes 933 Mbits/sec 0 697 KBytes [ 4] 9.00-9.16 sec 
18.8 MBytes 977 Mbits/sec 0 697 KBytes - - - - - - - - - - - - - - - - - 
- - - - - - - - [ ID] Interval Transfer Bandwidth Retr [ 4] 0.00-9.16 
sec 1.00 GBytes 939 Mbits/sec 0 sender [ 4] 0.00-9.16 sec 1022 MBytes 
935 Mbits/sec receiver iperf Done. <-----------> mar jul 4 12:40:10 CEST 
2017 Connecting to host 192.168.20.2, port 5201 [ 4] local 192.168.20.1 
port 43530 connected to 192.168.20.2 port 5201 [ ID] Interval Transfer 
Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 203 KBytes 1.66 Mbits/sec 57 2.82 
KBytes [ 4] 1.00-2.00 sec 398 KBytes 3.26 Mbits/sec 124 2.82 KBytes [ 4] 
2.00-3.00 sec 400 KBytes 3.28 Mbits/sec 124 2.82 KBytes [ 4] 3.00-4.00 
sec 319 KBytes 2.61 Mbits/sec 124 2.82 KBytes [ 4] 4.00-5.00 sec 398 
KBytes 3.26 Mbits/sec 126 2.82 KBytes [ 4] 5.00-6.00 sec 395 KBytes 3.24 
Mbits/sec 124 2.82 KBytes [ 4] 6.00-7.00 sec 398 KBytes 3.26 Mbits/sec 
126 2.82 KBytes [ 4] 7.00-8.00 sec 324 KBytes 2.66 Mbits/sec 124 2.82 
KBytes [ 4] 8.00-9.00 sec 398 KBytes 3.26 Mbits/sec 124 2.82 KBytes [ 4] 
9.00-10.00 sec 400 KBytes 3.28 Mbits/sec 126 2.82 KBytes - - - - - - - - 
- - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr 
[ 4] 0.00-10.00 sec 3.55 MBytes 2.98 Mbits/sec 1179 sender [ 4] 
0.00-10.00 sec 3.42 MBytes 2.87 Mbits/sec receiver |

I know there are issues using MPLS and using ovs, but there are some 
facts that are weird in this case:

  * If i use UDP instead of TCP, there is one packet out of order, but
    the rest are good, so packets are using kernel datapath i guess.
  * There are 9 packets lost at the start of the TCP transmission, and
    there are more packets lost periodically. Looking the tcpdump
    traces, those packets are "missing" in the first node, because in
    the second hop they are not captured.
  * As you can see above, the performance using TCP without MPLS
    labeling is very good.

Any idea why is this happening, or how can i solve it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170704/6716bffe/attachment.html>

From sarojpandey574 at gmail.com  Thu Jul  6 06:44:28 2017
From: sarojpandey574 at gmail.com (Saroj Pandey)
Date: Thu, 6 Jul 2017 12:14:28 +0530
Subject: [ovs-discuss] error with openvswitch
 (dpif(handler2)|WARN|system@ovs-system: failed to put[create] (Invalid
 argument) ufid:)
Message-ID: <CAFmTiY-JX1T9TSk9=Vm_Jnkazhrq6t38AHgko4Sv6QU8CtXCbg@mail.gmail.com>

Dear Sir Kindly suggest me.How can resolve below the error?

dpif(handler2)|WARN|system at ovs-system: failed to put[create] (Invalid
argument) ufid:


Thanks :-

S PANDEY
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170706/39140cf0/attachment.html>

From jpettit at ovn.org  Thu Jul  6 07:30:24 2017
From: jpettit at ovn.org (Justin Pettit)
Date: Thu, 6 Jul 2017 00:30:24 -0700
Subject: [ovs-discuss] Open vSwitch 2.7.1 Available
Message-ID: <71FE4690-D363-4253-B45F-13AA0379ECEA@ovn.org>

The Open vSwitch team is pleased to announce the release of Open vSwitch 2.7.1:

   http://openvswitch.org/releases/openvswitch-2.7.1.tar.gz

This release contains bug fixes and minor improvements for 2.7.0.

--The Open vSwitch Team 

--------------------
Open vSwitch is a production quality, multilayer open source virtual switch. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces. Open vSwitch can operate both as a soft switch running within the hypervisor, and as the control stack for switching silicon. It has been ported to multiple virtualization platforms and switching chipsets.



From mchandras at suse.de  Thu Jul  6 07:57:06 2017
From: mchandras at suse.de (Markos Chandras)
Date: Thu, 6 Jul 2017 10:57:06 +0300
Subject: [ovs-discuss] Open vSwitch 2.7.1 Available
In-Reply-To: <71FE4690-D363-4253-B45F-13AA0379ECEA@ovn.org>
References: <71FE4690-D363-4253-B45F-13AA0379ECEA@ovn.org>
Message-ID: <9fd59bc6-3843-3d4a-0abc-151a4fcf18b3@suse.de>

On 07/06/2017 10:30 AM, Justin Pettit wrote:
> The Open vSwitch team is pleased to announce the release of Open vSwitch 2.7.1:
> 
>    http://openvswitch.org/releases/openvswitch-2.7.1.tar.gz
> 
> This release contains bug fixes and minor improvements for 2.7.0.
> 
> --The Open vSwitch Team 
> 

Hello Justin,

Could you also push a v2.7.1 tag for this release? I can't see one in
https://github.com/openvswitch/ovs/releases

Thank you

-- 
markos

SUSE LINUX GmbH | GF: Felix Imend?rffer, Jane Smithard, Graham Norton
HRB 21284 (AG N?rnberg) Maxfeldstr. 5, D-90409, N?rnberg

From nusiddiq at redhat.com  Thu Jul  6 08:55:13 2017
From: nusiddiq at redhat.com (Numan Siddique)
Date: Thu, 6 Jul 2017 14:25:13 +0530
Subject: [ovs-discuss] Issue with connection tracking for packets
 modified in pipeline
In-Reply-To: <CAH=CPzphx=a+4eu1VVF2tD8v0kyz7jKgX-L2qonn8ifDC30Sjg@mail.gmail.com>
References: <CACz-6Jzote2sNP17EZoynj6et-3Ypke37H+dv9D+qeEjhGdwMw@mail.gmail.com>
	<CAPWQB7EDwJ9tg+xL8fr6xYzJGuTpMtnY7KJhLJQt3qY2U=nE6A@mail.gmail.com>
	<CACz-6JzsFs_OwibwWnr6+GWqyaUq2B57W1yJ_JjuUWA3b8NdTw@mail.gmail.com>
	<CACz-6Jz3d67b2UMsdH96hSRgGoZYH4GRbBLR0mig22TR4DYawg@mail.gmail.com>
	<CAH=CPzrh3XnZ92SAhbRYs7CdJQWhX871vF6eg88Aa4=o7icucg@mail.gmail.com>
	<CAPWQB7HrHm-Qmmconwk24Qd7gCZJnaSfC+3VwXgyg899U=fKqA@mail.gmail.com>
	<CAH=CPzonMhQ3=SHViv4MAh=Rx6u+X4De+2pGZ7OqbOzAxeR7eQ@mail.gmail.com>
	<CAPWQB7F9OPeEyKx8Ok=K8aS4SEtK=9Nx8kka8EPwv88vd=s8RA@mail.gmail.com>
	<CAH=CPzrBLzYK+gat42riV86h_0GGwnoPGQKkfvUBmSBjtTBW4w@mail.gmail.com>
	<CAPWQB7EfQ8Ga9T=2_8LGiten4J51r3JnOK6izDYQYLAXb=tCTA@mail.gmail.com>
	<CAH=CPzpzmnmcyYgfZJy99TNL15ZxuqgTb3HyLAwjWzU=k+rvag@mail.gmail.com>
	<CAPWQB7HRE1sr-C_aRNphbeyZAE=Z5VT1hAQDbyB7TN0-4kx+PQ@mail.gmail.com>
	<CAH=CPzpV2MEm0iqTyST-3FqhEBzVgyBfz89iX+k_4XR-BTjz=Q@mail.gmail.com>
	<CAPWQB7E=C82CNTXiYYDFPXDczqZafXQu1Agh9LecbHZeAvhBpA@mail.gmail.com>
	<CAH=CPzphx=a+4eu1VVF2tD8v0kyz7jKgX-L2qonn8ifDC30Sjg@mail.gmail.com>
Message-ID: <CAH=CPzqZqLbt7uhfhk=MnshXaHcHU86cTYeXLhyiwqgwg7MSHw@mail.gmail.com>

On Wed, Jun 28, 2017 at 7:06 AM, Numan Siddique <nusiddiq at redhat.com> wrote:

>
>
> On Jun 23, 2017 2:25 PM, "Joe Stringer" <joe at ovn.org> wrote:
>
> On 22 June 2017 at 16:08, Numan Siddique <nusiddiq at redhat.com> wrote:
> >
> >
> > On Jun 23, 2017 1:31 AM, "Joe Stringer" <joe at ovn.org> wrote:
> >
> > On 22 June 2017 at 04:16, Numan Siddique <nusiddiq at redhat.com> wrote:
> >>
> >>
> >> On Thu, Jun 22, 2017 at 5:45 AM, Joe Stringer <joe at ovn.org> wrote:
> >>>
> >>> On 21 June 2017 at 04:19, Numan Siddique <nusiddiq at redhat.com> wrote:
> >>> >
> >>> >
> >>> > On Tue, Jun 20, 2017 at 3:11 AM, Joe Stringer <joe at ovn.org> wrote:
> >>> >>
> >>> >> On 19 June 2017 at 00:37, Numan Siddique <nusiddiq at redhat.com>
> wrote:
> >>> >> >
> >>> >> >
> >>> >> > On Fri, Jun 16, 2017 at 11:22 PM, Joe Stringer <joe at ovn.org>
> wrote:
> >>> >> >>
> >>> >> >> On 15 June 2017 at 22:20, Numan Siddique <nusiddiq at redhat.com>
> >>> >> >> wrote:
> >>> >> >> >
> >>> >> >> >
> >>> >> >> > On Thu, Jun 15, 2017 at 5:06 PM, Aswin S <
> aswinsuryan at gmail.com>
> >>> >> >> > wrote:
> >>> >> >> >>
> >>> >> >> >>
> >>> >> >> >> Adding some more info here, Thanks Numan! for pointing to
> this.
> >>> >> >> >>
> >>> >> >> >> The issue I am facing looks similar to the one described in
> [1]
> >>> >> >> >> and
> >>> >> >> >> [2].
> >>> >> >> >> But it seems the issue is not yet fixed.  Is there a plan to
> fix
> >>> >> >> >> this
> >>> >> >> >> soon?
> >>> >> >> >> In Opendaylight security groups is implemented using
> >>> >> >> >> ovs-conntrack.
> >>> >> >> >> So
> >>> >> >> >> the
> >>> >> >> >> flow based router  ping  responder and floating IP
> translations
> >>> >> >> >> hits
> >>> >> >> >> this
> >>> >> >> >> issue.
> >>> >> >> >>
> >>> >> >> >>
> >>> >> >> >>
> >>> >> >> >>
> >>> >> >> >>
> >>> >> >> >> [1]https://mail.openvswitch.org/pipermail/ovs-dev/2017-March
> /329542.html
> >>> >> >> >> [2]https://patchwork.ozlabs.org/patch/739796/
> >>> >> >> >>
> >>> >> >> >
> >>> >> >> > The same issuse is also seen in OVN as pointed by Aswin.
> >>> >> >> >
> >>> >> >> > Joe - If you remember, we had a chat about this same issue
> during
> >>> >> >> > the
> >>> >> >> > Openstack Boston summit.
> >>> >> >>
> >>> >> >> Hi Numan, yeah I recall we had this discussion. I didn't have
> much
> >>> >> >> clarity on where we're at with this.  Looking at patchwork, I
> >>> >> >> provided
> >>> >> >> some feedback on the RFC. The most straightforward approach seems
> >>> >> >> to
> >>> >> >> be adding a nf_ct_set(skb, NULL, 0); call for each of the 5tuple
> >>> >> >> "set"
> >>> >> >> actions in the datapath.
> >>> >> >
> >>> >> >
> >>> >> > Thanks. I will try it out and let you know how it went.
> >>> >> > I remember, I was suppose to provide more clarity after our
> >>> >> > discussion.
> >>> >> > My
> >>> >> > apologies. It slipped out of my head.
> >>> >>
> >>> >> No worries, let me know how you go.
> >>> >
> >>> >
> >>> > I tried this and it didn't work. In fact the function set_ipv4 (in
> >>> > datapath/actions.c) is not even called.
> >>> >
> >>> > Below is the flow which responds to ICMP request packet
> >>> >
> >>> > cookie=0x64913aa, duration=566.801s, table=17, n_packets=3,
> >>> > n_bytes=294,
> >>> > idle_age=144,
> >>> >
> >>> > priority=90,icmp,metadata=0x3,nw_dst=192.168.0.1,icmp_type=8
> ,icmp_code=0
> >>> >
> >>> >
> >>> > actions=push:NXM_OF_IP_SRC[],push:NXM_OF_IP_DST[],pop:NXM_OF
> _IP_SRC[],pop:NXM_OF_IP_DST[],load:0xff->NXM_NX_IP_TTL[],loa
> d:0->NXM_OF_ICMP_TYPE[],load:0x1->NXM_NX_REG10[0],resubmit(,18)
> >>> >
> >>> > Thanks
> >>> > Numan
> >>>
> >>> Hi Numan,
> >>>
> >>> How are you going about making these changes and testing them? Could
> >>> you double-check that the correct module was loaded when you ran the
> >>> test? Given that the IP src and dst are being modified from the flow
> >>> you described above, I think that the set_ipv4 function should be
> >>> called for such flows.
> >>>
> >>> Some sanity checks:
> >>> # modinfo openvswitch
> >>> # find /lib/modules -name openvswitch.ko* | xargs ls -l
> >>>
> >>> Might want to double-check that your depmod.d settings are set
> >>> correctly so it loads the new module instead of the one that comes
> >>> with your kernel.
> >>> # man depmod.d
> >>>
> >>> Of course, the above doesn't necessarily apply if you're making
> >>> changes directly in your kernel tree and loading the module from there
> >>> (for example, using insmod, or make modules_install into the original
> >>> module path).
> >>>
> >>
> >> Hi Joe,
> >>
> >> I verified that the loaded openvswitch module loaded is indeed modified
> by
> >> me.  I also put some printks in functions like "ovs_packet_cmd_execute"
> to
> >> verify.
> >>
> >> I created my testing scenario as per the commands here [1]. There are 2
> >> logical ports with IPs 192.168.0.2 and 192.168.0.3 associated to 2
> >> namespaces ns1 and ns2. The logical switch is also connected to a
> logical
> >> router.
> >>
> >> I pinged from 192.168.0.2 to 192.168.0.3 continuously and monitored the
> >> kernel flows with the command -
> >>
> >> $watch -n1 -d "sudo ovs-dpctl dump-flows system at ovs-system"
> >>
> >> recirc_id(0),in_port(3),eth(src=00:00:00:00:00:00/01:00:00:0
> 0:00:00,dst=50:54:00:00:00:01),eth_type(0x0800),ipv4(dst=192
> .168.0.2/255.255.255.254,frag=no),
> >> packets:28, bytes:2744, used:0.323s, actions:2
> >>
> >> recirc_id(0),in_port(2),eth(src=00:00:00:00:00:00/01:00:00:0
> 0:00:00,dst=50:54:00:00:00:02),eth_type(0x0800),ipv4(dst=192
> .168.0.2/255.255.255.254,frag=no),
> >> packets:28, bytes:2744, used:0.323s, actions:3
> >>
> >>
> >> I pinged from 192.168.0.2 to 192.168.0.1 (without any ACLs, so the ping
> >> would be successful), I observed that the action is always userspace
> and I
> >> could see that the function "odp_execute_masked_set_action" in
> >> lib/odp-execute.c is called in vswitchd.
> >>
> >> $watch -n1 -d "sudo ovs-dpctl dump-flows system at ovs-system"
> >>
> >> recirc_id(0),in_port(2),eth(src=50:54:00:00:00:01,dst=00:00:
> 00:00:ff:01),eth_type(0x0806),arp(sip=192.168.0.2,tip=192.16
> 8.0.1,op=1/0xff,sha=50:54:00:00:00:01,tha=00:00:00:00:00:00),
> >> packets:0, bytes:0, used:never,
> >> actions:userspace(pid=4294958020,slow_path(action))
> >>
> >> recirc_id(0),in_port(2),eth(src=50:54:00:00:00:01,dst=00:00:
> 00:00:ff:01),eth_type(0x0800),ipv4(src=192.168.0.2,dst=192.1
> 68.0.1,proto=1,ttl=64,frag=no),icmp(type=8,code=0),
> >> packets:9, bytes:882, used:0.937s,
> >> actions:userspace(pid=4294958021,slow_path(action))
> >>
> >> In this case, the ICMP reply is framed by the OVS flow  and there is
> >> "clone"
> >> action involved for the packet to go to and from the logical switch to
> >> logical router pipeline.
> >>
> >> To avoid clone action, I added some code in ovn-northd to respond the
> ICMP
> >> reply if the ip4.dst = 192.168.0.1 which translated to the below OF flow
> >>
> >> table=19, n_packets=619, n_bytes=60662, idle_age=1,
> >> priority=90,icmp,metadata=0x1,nw_dst=192.168.0.1,icmp_type=8
> ,icmp_code=0
> >>
> >> actions=move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[],mod_nw_src:192
> .168.0.1,push:NXM_OF_ETH_SRC[],push:NXM_OF_ETH_DST[],pop:NXM
> _OF_ETH_SRC[],pop:NXM_OF_ETH_DST[],load:0xff->NXM_NX_IP_TTL[
> ],load:0->NXM_OF_ICMP_TYPE[],load:0x1->NXM_NX_REG10[0],resubmit(,20)
> >>
> >> And in both the cases I see that there is an upcall for each packet and
> >> odp_execute_masked_set_action is called.
> >
> > OK, I think that my suggestion for that patch (patchwork 739796) was
> > actually addressing a subtly different issue.
> >
> > With regards to this issue, as far as I understand back to the
> > original report, connection with tuple A is committed to the
> > connection tracker. A is then statelessly modified to tuple B, then a
> > lookup with B is performed. Typically if you have tuple A or tuple A'
> > (ie, the reversed tuple) in the packet headers then looking up with
> > either of these headers will find the same connection. If you then
> > perform a lookup with tuple B, then it can only look up using B or B';
> > no state was kept about the translation from A->B, so there's no way
> > for the connection tracker to associate tuple B back to tuple A.
> > Lookup using B and B' cannot find a connection because it was never
> > committed like that. Therefore it would be new. However, since B is a
> > SYN-ACK packet, the Linux connection tracker considers that it is
> > invalid rather than new. For it to work, the tuple B', ie the original
> > SYN, should be committed first.
> >
> >
> > Thanks for the explanation. The issue we are seeing is for ICMP packets
> and
> > looking into the connection tracking entries I see the packet is in
> > UNREPLIED state. When the ICMP reply is framed by the ovs flows, the
> tuple
> > would still remain the same right ? Only ip4.src is swapped with ip4.dst
> and
> > ICMP code is changed.
>
> Right, so for ICMP I think the problem is different. Yes, by the looks
> only src/dst are swapped and code changed, which should produce a
> tuple that can look up and find the original connection. Given that
> the execution is happening in userspace, that would be one path to
> follow: exactly what is executed upon the packet in terms of datapath
> actions after the kernel runs userspace(...,slow_path(action))? Where
> is the conntrack call from that path, and how does it try to get the
> ct_state from the kernel?
>
> I wonder if the ICMP issue is related to the patch here:
> http://patchwork.ozlabs.org/patch/775756/
>
>
> Thanks. I will test some more and get back on this.
>

Hi Joe,

I tested the scenario again by adding the below ACLs. All my testing is
using the script here - [1]

# ACLs for sw0-port1
#  - allow all outgoing traffic and related reply traffic
#  - deny all incoming traffic not a part of an existing connection
sudo ovn-nbctl --wait=hv acl-add sw0 from-lport 1001 'inport == "sw0-port1"
&& ip' allow-related
sudo ovn-nbctl --wait=hv acl-add sw0 to-lport 1001 'outport == "sw0-port1"
&& ip' drop
sudo ovn-nbctl acl-list sw0


With the above ACLs, the ping to the router ip is dropped. Below is the
output of ovs-dpctl dump-flows

sudo ovs-dpctl dump-flows system at ovs-system
recirc_id(0x5),in_port(2),ct_state(+new-est-rel-rpl-inv+trk)
,ct_label(0/0x1),eth(src=50:54:00:00:00:01,dst=00:00:00:
00:ff:01),eth_type(0x0800),ipv4(src=192.168.0.2,dst=192.168.
0.1,proto=1,ttl=64,frag=no),icmp(type=8,code=0), packets:119, bytes:11662,
used:0.637s, actions:userspace(pid=4294963061,slow_path(action))
recirc_id(0),in_port(2),eth(src=00:00:00:00:00:00/01:00:00:
00:00:00),eth_type(0x0800),ipv4(frag=no), packets:119, bytes:11662,
used:0.637s, actions:ct(zone=1),recirc(0x5)
recirc_id(0x6),in_port(2),ct_state(+new-est-rel-rpl-inv+trk)
,ct_label(0/0x1),eth_type(0x0800),ipv4(frag=no), packets:119, bytes:11662,
used:0.637s, actions:drop


I also tested by applying the patch http://patchwork.ozlabs.
org/patch/775756/ and I could still see the issue and the datapath flows
were same in both the cases.

[1] - https://gist.github.com/russellb/4ab0a9641f12f8ac66fdd6822ee7789e



This is what I could understand on how ct_state is set and passed between
the datapath and userspace

 - During the upcall, the connection tracking state is passed in the packet
metadata in the nl attributes -
https://github.com/openvswitch/ovs/blob/master/datapath/conntrack.c#L268

 - When the vswitchd sends the packet back to the kernel datapath, it
stores the connection tracking state back here -
https://github.com/openvswitch/ovs/blob/master/ofproto/ofproto-dpif-upcall.c#L1418
https://github.com/openvswitch/ovs/blob/master/lib/odp-util.c#L4722
  Looks like even if vswitchd clears the ct state (using the ct_clear
action), it would not be passed back to the kernel datapath

 - I think even if we implement ct_clear action in datapath, it would not
solve the problem. In case if there is an upcall after ct_clear action but
before ct commit, the datapath would send the latest ct state back to the
userspace making the previous ct_clear action ineffective.

Thanks
Numan



>
> Nirman
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170706/a22da50a/attachment-0001.html>

From joe at ovn.org  Thu Jul  6 09:55:35 2017
From: joe at ovn.org (Joe Stringer)
Date: Thu, 6 Jul 2017 02:55:35 -0700
Subject: [ovs-discuss] error with openvswitch
 (dpif(handler2)|WARN|system@ovs-system: failed to put[create] (Invalid
 argument) ufid:)
In-Reply-To: <CAFmTiY-JX1T9TSk9=Vm_Jnkazhrq6t38AHgko4Sv6QU8CtXCbg@mail.gmail.com>
References: <CAFmTiY-JX1T9TSk9=Vm_Jnkazhrq6t38AHgko4Sv6QU8CtXCbg@mail.gmail.com>
Message-ID: <CAPWQB7H5-qh1nOqj4cPpu_uOPfv4p+nrDGtODn0wpebi-Fe0Kg@mail.gmail.com>

On 5 July 2017 at 23:44, Saroj Pandey <sarojpandey574 at gmail.com> wrote:
> Dear Sir Kindly suggest me.How can resolve below the error?
>
> dpif(handler2)|WARN|system at ovs-system: failed to put[create] (Invalid
> argument) ufid:

The above line by itself doesn't provide much context. Are there any
further lines below it?

From joe at ovn.org  Thu Jul  6 10:51:07 2017
From: joe at ovn.org (Joe Stringer)
Date: Thu, 6 Jul 2017 03:51:07 -0700
Subject: [ovs-discuss] error with openvswitch
 (dpif(handler2)|WARN|system@ovs-system: failed to put[create] (Invalid
 argument) ufid:)
In-Reply-To: <CAFmTiY8KXg0e-YJoeQBijbJBNC9vv78BLEmZ9jH6wRbfFGpc0A@mail.gmail.com>
References: <CAFmTiY-JX1T9TSk9=Vm_Jnkazhrq6t38AHgko4Sv6QU8CtXCbg@mail.gmail.com>
	<CAPWQB7H5-qh1nOqj4cPpu_uOPfv4p+nrDGtODn0wpebi-Fe0Kg@mail.gmail.com>
	<CAFmTiY8KXg0e-YJoeQBijbJBNC9vv78BLEmZ9jH6wRbfFGpc0A@mail.gmail.com>
Message-ID: <CAPWQB7G9+g1=L-PAp3Lx9cwnfmwigFjzRkZZZCzi9zcpyH-Kog@mail.gmail.com>

Please don't drop the list.

Does dmesg list any messages from the OVS module?

Which versions of ovs-vswitchd and the openvswitch.ko module are you using?

On 6 July 2017 at 03:06, Saroj Pandey <sarojpandey574 at gmail.com> wrote:
> Hi sir,
>
> Below the detail Logs
>
> dpif(handler2)|WARN|system at ovs-system: failed to put[create] (Invalid
> argument) ufid:68a252c5-eb36-4b01-b63e-9999a6bcd503
> skb_priority(0x6/0),in_port(1),skb_mark(0/0),eth(src=fa:16:3e:e8:e8:68,dst=01:00:5e:00:00:12),eth_type(0x0800),ipv4(src=169.254.192.2/0.0.0.0,dst=224.0.0.18/0.0.0.0,proto=112/0,tos=0xc0/0x3,ttl=255/0,frag=no),
> actions:set(tunnel(tun_id=0x25,src=192.168.12.5,dst=192.168.12.4,ttl=64,tp_dst=4789,flags(df|key))),9,push_vlan(vid=1,pcp=0),3
>
>
>
> dpif(handler2)|WARN|system at ovs-system: execute
> set(tunnel(tun_id=0x25,src=192.168.12.5,dst=192.168.12.4,ttl=64,tp_dst=4789,flags(df|key))),9,push_vlan(vid=1,pcp=0),3
> failed (Invalid argument) on packet
> ip,vlan_tci=0x0000,dl_src=fa:16:3e:e8:e8:68,dl_dst=01:00:5e:00:00:12,nw_src=169.254.192.2,nw_dst=224.0.0.18,nw_proto=112,nw_tos=192,nw_ecn=0,nw_ttl=255
>
>
> Thanks:-
> S PANDEY
>
> On Thu, Jul 6, 2017 at 3:25 PM, Joe Stringer <joe at ovn.org> wrote:
>>
>> On 5 July 2017 at 23:44, Saroj Pandey <sarojpandey574 at gmail.com> wrote:
>> > Dear Sir Kindly suggest me.How can resolve below the error?
>> >
>> > dpif(handler2)|WARN|system at ovs-system: failed to put[create] (Invalid
>> > argument) ufid:
>>
>> The above line by itself doesn't provide much context. Are there any
>> further lines below it?
>
>

From ajones at genband.com  Thu Jul  6 14:22:54 2017
From: ajones at genband.com (Alex Jones)
Date: Thu, 6 Jul 2017 10:22:54 -0400
Subject: [ovs-discuss] OVN DHCP implementation ignores broadcast bit
In-Reply-To: <CAH=CPzoEK13O=YoLD3b0QF9O46hWjADicL=xY37QbDO=k-CV8A@mail.gmail.com>
References: <96bc4082-b40b-22b1-db52-e05669bf3212@genband.com>
	<6FDA0CACF4BC624BBE12167875D71C9B409C08DB@CBSEX1.cloudbase.local>
	<CAH=CPzoEK13O=YoLD3b0QF9O46hWjADicL=xY37QbDO=k-CV8A@mail.gmail.com>
Message-ID: <62bfb218-afb4-7932-a595-1350453fd528@genband.com>

An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170706/1e538ee1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170706/1e538ee1/attachment.sig>

From blp at ovn.org  Thu Jul  6 15:22:16 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 6 Jul 2017 08:22:16 -0700
Subject: [ovs-discuss] Open vSwitch 2.7.1 Available
In-Reply-To: <9fd59bc6-3843-3d4a-0abc-151a4fcf18b3@suse.de>
References: <71FE4690-D363-4253-B45F-13AA0379ECEA@ovn.org>
	<9fd59bc6-3843-3d4a-0abc-151a4fcf18b3@suse.de>
Message-ID: <20170706152216.GK16370@ovn.org>

On Thu, Jul 06, 2017 at 10:57:06AM +0300, Markos Chandras wrote:
> On 07/06/2017 10:30 AM, Justin Pettit wrote:
> > The Open vSwitch team is pleased to announce the release of Open vSwitch 2.7.1:
> > 
> >    http://openvswitch.org/releases/openvswitch-2.7.1.tar.gz
> > 
> > This release contains bug fixes and minor improvements for 2.7.0.
> > 
> > --The Open vSwitch Team 
> > 
> 
> Hello Justin,
> 
> Could you also push a v2.7.1 tag for this release? I can't see one in
> https://github.com/openvswitch/ovs/releases

Pushed.

From outlook_C15E18DCB510DF36 at outlook.com  Thu Jul  6 16:59:40 2017
From: outlook_C15E18DCB510DF36 at outlook.com (Jeremiah Kulanda)
Date: Thu, 6 Jul 2017 16:59:40 +0000
Subject: [ovs-discuss] High availability in OVS Switches
Message-ID: <BN6PR22MB0929631703CFAF84AB0972B4B7D50@BN6PR22MB0929.namprd22.prod.outlook.com>


Is there any High Availability for two ovs switches or can a cluster of switche be implemented?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170706/dfc33fe4/attachment-0001.html>

From blp at ovn.org  Thu Jul  6 21:34:22 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 6 Jul 2017 14:34:22 -0700
Subject: [ovs-discuss]
 =?utf-8?b?562U5aSNOiAg562U5aSNOiAgYWJvdXQgPHRoZSBs?=
 =?utf-8?q?ldp_bug_cause_the_crash_of_the_process_=22ovs-vswitchd=22with_t?=
 =?utf-8?q?he_userspace_ovs_2=2E5=2E0=3E?=
In-Reply-To: <B5A5DB50D93B5049985075C48319D2552A048C48@szxemi511-mbs.china.huawei.com>
References: <B5A5DB50D93B5049985075C48319D2552A047EFD@szxemi511-mbs.china.huawei.com>
	<0101DCDD-5719-4D8D-85A7-B419CDFEFA2E@ovn.org>
	<B5A5DB50D93B5049985075C48319D2552A04828F@szxemi511-mbs.china.huawei.com>
	<20170424171454.GP9587@ovn.org>
	<B5A5DB50D93B5049985075C48319D2552A048C48@szxemi511-mbs.china.huawei.com>
Message-ID: <20170706213422.GB23376@ovn.org>

I took a (belated) look at this just now.  There's an obvious bug fix
that I sent out:
        https://mail.openvswitch.org/pipermail/ovs-dev/2017-July/335021.html

Does it make any difference?

On Tue, Apr 25, 2017 at 01:19:26AM +0000, qintao (F) wrote:
> the valgrind's report as follows:
> 
> 2017-04-25T01:38:16Z|00025|coverage|INFO|bridge_reconfigure         0.0/sec     0.000/sec        0.0000/sec   total: 1
> 2017-04-25T01:38:16Z|00026|coverage|INFO|ofproto_flush              0.0/sec     0.000/sec        0.0000/sec   total: 1
> 2017-04-25T01:38:16Z|00027|coverage|INFO|ofproto_update_port        0.0/sec     0.000/sec        0.0000/sec   total: 2
> 2017-04-25T01:38:16Z|00028|coverage|INFO|cmap_expand                0.0/sec     0.000/sec        0.0000/sec   total: 3
> 2017-04-25T01:38:16Z|00029|coverage|INFO|dpif_port_add              0.0/sec     0.000/sec        0.0000/sec   total: 2
> 2017-04-25T01:38:16Z|00030|coverage|INFO|dpif_flow_flush            0.0/sec     0.000/sec        0.0000/sec   total: 2
> 2017-04-25T01:38:16Z|00031|coverage|INFO|dpif_flow_get              0.0/sec     0.000/sec        0.0000/sec   total: 5
> 2017-04-25T01:38:16Z|00032|coverage|INFO|dpif_flow_put              0.0/sec     0.000/sec        0.0000/sec   total: 9
> 2017-04-25T01:38:16Z|00033|coverage|INFO|dpif_flow_del              0.0/sec     0.000/sec        0.0000/sec   total: 5
> 2017-04-25T01:38:16Z|00034|coverage|INFO|dpif_execute               0.0/sec     0.000/sec        0.0000/sec   total: 2
> 2017-04-25T01:38:16Z|00035|coverage|INFO|flow_extract               0.0/sec     0.000/sec        0.0000/sec   total: 1
> 2017-04-25T01:38:16Z|00036|coverage|INFO|miniflow_malloc            0.0/sec     0.000/sec        0.0000/sec   total: 44
> 2017-04-25T01:38:16Z|00037|coverage|INFO|hmap_pathological          0.0/sec     0.000/sec        0.0000/sec   total: 2
> 2017-04-25T01:38:16Z|00038|coverage|INFO|hmap_expand                0.0/sec     0.000/sec        0.0000/sec   total: 412
> 2017-04-25T01:38:16Z|00039|coverage|INFO|netdev_get_stats           0.0/sec     0.000/sec        0.0000/sec   total: 2
> 2017-04-25T01:38:16Z|00040|coverage|INFO|poll_create_node           0.0/sec     0.000/sec        0.0000/sec   total: 9
> 2017-04-25T01:38:16Z|00041|coverage|INFO|seq_change                 0.0/sec     0.000/sec        0.0000/sec   total: 598
> 2017-04-25T01:38:16Z|00042|coverage|INFO|pstream_open               0.0/sec     0.000/sec        0.0000/sec   total: 3
> 2017-04-25T01:38:16Z|00043|coverage|INFO|stream_open                0.0/sec     0.000/sec        0.0000/sec   total: 1
> 2017-04-25T01:38:16Z|00044|coverage|INFO|util_xalloc                0.0/sec     0.000/sec        0.0000/sec   total: 10064
> 2017-04-25T01:38:16Z|00045|coverage|INFO|netdev_set_policing        0.0/sec     0.000/sec        0.0000/sec   total: 2
> 2017-04-25T01:38:16Z|00046|coverage|INFO|netdev_get_ifindex         0.0/sec     0.000/sec        0.0000/sec   total: 2
> 2017-04-25T01:38:16Z|00047|coverage|INFO|netdev_get_hwaddr          0.0/sec     0.000/sec        0.0000/sec   total: 11
> 2017-04-25T01:38:16Z|00048|coverage|INFO|netdev_set_hwaddr          0.0/sec     0.000/sec        0.0000/sec   total: 1
> 2017-04-25T01:38:16Z|00049|coverage|INFO|netdev_get_ethtool         0.0/sec     0.000/sec        0.0000/sec   total: 4
> 2017-04-25T01:38:16Z|00050|coverage|INFO|netlink_received           0.0/sec     0.000/sec        0.0000/sec   total: 16
> 2017-04-25T01:38:16Z|00051|coverage|INFO|netlink_recv_jumbo         0.0/sec     0.000/sec        0.0000/sec   total: 2
> 2017-04-25T01:38:16Z|00052|coverage|INFO|netlink_sent               0.0/sec     0.000/sec        0.0000/sec   total: 15
> 2017-04-25T01:38:16Z|00053|coverage|INFO|72 events never hit
> 2017-04-25T01:38:16Z|00054|bridge|INFO|ifname=enp1s0f0, vlan=4095, oper=1
> BRIDGE_AA_VLA:i:0,reconfigure:0
> ==22676== Conditional jump or move depends on uninitialised value(s)
> ==22676==    at 0x4E10DA: uuid_compare_3way (uuid.c:139)
> ==22676==    by 0x4BB8AD: ovsdb_datum_find_key (ovsdb-data.c:1633)
> ==22676==    by 0x40E922: bridge_configure_aa (bridge.c:3865)
> ==22676==    by 0x40E922: bridge_reconfigure (bridge.c:710)
> ==22676==    by 0x40FF67: bridge_run (bridge.c:2996)
> ==22676==    by 0x40690C: main (ovs-vswitchd.c:120)
> ==22676== 
> ==22676== Conditional jump or move depends on uninitialised value(s)
> ==22676==    at 0x4BB8B0: ovsdb_datum_find_key (ovsdb-data.c:1634)
> ==22676==    by 0x40E922: bridge_configure_aa (bridge.c:3865)
> ==22676==    by 0x40E922: bridge_reconfigure (bridge.c:710)
> ==22676==    by 0x40FF67: bridge_run (bridge.c:2996)
> ==22676==    by 0x40690C: main (ovs-vswitchd.c:120)
> ==22676== 
> ==22676== Conditional jump or move depends on uninitialised value(s)
> ==22676==    at 0x4BB888: ovsdb_datum_find_key (ovsdb-data.c:1636)
> ==22676==    by 0x40E922: bridge_configure_aa (bridge.c:3865)
> ==22676==    by 0x40E922: bridge_reconfigure (bridge.c:710)
> ==22676==    by 0x40FF67: bridge_run (bridge.c:2996)
> ==22676==    by 0x40690C: main (ovs-vswitchd.c:120)
> ==22676== 
> 2017-04-25T01:38:17Z|00055|bridge|INFO|Deleting isid=1, vlan=4095
> 2017-04-25T01:38:17Z|00056|ovs_lldp|INFO|Removing mapping aux=0x7b663d0
> 2017-04-25T01:38:17Z|00057|ovs_lldp|INFO|        Removing mapping ISID=1, VLAN=4095 (lldp->name=enp1s0f0)
> 2017-04-25T01:38:17Z|00058|ovs_lldp|INFO|                hardware->h_ifname=enp1s0f0
> 2017-04-25T01:38:17Z|00059|ovs_lldp|INFO|                Removing lport, isid=1, vlan=4095
> 2017-04-25T01:38:17Z|00060|bridge|INFO|Adding isid=1, vlan=4095
> 2017-04-25T01:38:17Z|00061|ovs_lldp|INFO|Adding mapping ISID=1, VLAN=4095, aux=0x7c0a9e0
> 2017-04-25T01:38:17Z|00062|ovs_lldp|INFO|        lldp->name=enp1s0f0
> 2017-04-25T01:38:17Z|00063|ovs_lldp|INFO|                hardware->h_ifname=enp1s0f0
> 2017-04-25T01:38:17Z|00064|bridge|INFO|ovs-vswitchd (Open vSwitch) 2.5.2
> 2017-04-25T01:38:18Z|00065|bridge|INFO|ifname=enp1s0f0, vlan=4095, oper=2
> ,BRIDGE_AA_VLAN_OPER_REMOVE:i:0,j:0,port->cfg->trunks[0]:4095,m->vlan:4095
> BRIDGE_AA_VLA:i:0,reconfigure:1
> 2017-04-25T01:38:18Z|00066|bridge|INFO|ifname=enp1s0f0, vlan=4095, oper=1
> ,BRIDGE_AA_VLA:i:1,reconfigure:1
> 2017-04-25T01:38:25Z|00067|memory|INFO|65776 kB peak resident set size after 10.0 seconds
> 2017-04-25T01:38:25Z|00068|memory|INFO|handlers:2 ports:2 revalidators:2 rules:5
> ==22676== Thread 7 monitor6:
> ==22676== Invalid read of size 8
> ==22676==    at 0x42975A: ofproto_dpif_send_packet (ofproto-dpif.c:4390)
> ==22676==    by 0x43082D: monitor_mport_run (ofproto-dpif-monitor.c:290)
> ==22676==    by 0x430B63: monitor_run (ofproto-dpif-monitor.c:227)
> ==22676==    by 0x430C04: monitor_main (ofproto-dpif-monitor.c:189)
> ==22676==    by 0x4B9263: ovsthread_wrapper (ovs-thread.c:340)
> ==22676==    by 0x5491DF4: start_thread (in /usr/lib64/libpthread-2.17.so)
> ==22676==    by 0x5CA61AC: clone (in /usr/lib64/libc-2.17.so)
> ==22676==  Address 0x7b1e6c0 is 32 bytes inside a block of size 280 free'd
> ==22676==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==22676==    by 0x41E7C7: ofproto_destroy (ofproto.c:1602)
> ==22676==    by 0x4097A3: bridge_destroy (bridge.c:3233)
> ==22676==    by 0x409B9D: add_del_bridges.isra.20 (bridge.c:1734)
> ==22676==    by 0x40C591: bridge_reconfigure (bridge.c:616)
> ==22676==    by 0x40FF67: bridge_run (bridge.c:2996)
> ==22676==    by 0x40690C: main (ovs-vswitchd.c:120)
> ==22676== 
> ==22676== Invalid read of size 8
> ==22676==    at 0x42975E: ofproto_dpif_cast (ofproto-dpif.c:360)
> ==22676==    by 0x42975E: ofproto_dpif_send_packet (ofproto-dpif.c:4390)
> ==22676==    by 0x43082D: monitor_mport_run (ofproto-dpif-monitor.c:290)
> ==22676==    by 0x430B63: monitor_run (ofproto-dpif-monitor.c:227)
> ==22676==    by 0x430C04: monitor_main (ofproto-dpif-monitor.c:189)
> ==22676==    by 0x4B9263: ovsthread_wrapper (ovs-thread.c:340)
> ==22676==    by 0x5491DF4: start_thread (in /usr/lib64/libpthread-2.17.so)
> ==22676==    by 0x5CA61AC: clone (in /usr/lib64/libc-2.17.so)
> ==22676==  Address 0x7aa6450 is 32 bytes inside a block of size 1,368 free'd
> ==22676==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==22676==    by 0x41BC02: ofproto_destroy__ (ofproto.c:1569)
> ==22676==    by 0x4B8345: ovsrcu_call_postponed (ovs-rcu.c:293)
> ==22676==    by 0x4B8513: ovsrcu_postpone_thread (ovs-rcu.c:308)
> ==22676==    by 0x4B9263: ovsthread_wrapper (ovs-thread.c:340)
> ==22676==    by 0x5491DF4: start_thread (in /usr/lib64/libpthread-2.17.so)
> ==22676==    by 0x5CA61AC: clone (in /usr/lib64/libc-2.17.so)
> ==22676== 
> ==22676== Invalid read of size 8
> ==22676==    at 0x4B927C: ovs_mutex_lock_at (ovs-thread.c:76)
> ==22676==    by 0x429786: ofproto_dpif_send_packet (ofproto-dpif.c:4395)
> ==22676==    by 0x43082D: monitor_mport_run (ofproto-dpif-monitor.c:290)
> ==22676==    by 0x430B63: monitor_run (ofproto-dpif-monitor.c:227)
> ==22676==    by 0x430C04: monitor_main (ofproto-dpif-monitor.c:189)
> ==22676==    by 0x4B9263: ovsthread_wrapper (ovs-thread.c:340)
> ==22676==    by 0x5491DF4: start_thread (in /usr/lib64/libpthread-2.17.so)
> ==22676==    by 0x5CA61AC: clone (in /usr/lib64/libc-2.17.so)
> ==22676==  Address 0x7aa6780 is 848 bytes inside a block of size 1,368 free'd
> ==22676==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==22676==    by 0x41BC02: ofproto_destroy__ (ofproto.c:1569)
> ==22676==    by 0x4B8345: ovsrcu_call_postponed (ovs-rcu.c:293)
> ==22676==    by 0x4B8513: ovsrcu_postpone_thread (ovs-rcu.c:308)
> ==22676==    by 0x4B9263: ovsthread_wrapper (ovs-thread.c:340)
> ==22676==    by 0x5491DF4: start_thread (in /usr/lib64/libpthread-2.17.so)
> ==22676==    by 0x5CA61AC: clone (in /usr/lib64/libc-2.17.so)
> ==22676== 
> ovs-vswitchd(monitor6): ofproto/ofproto-dpif.c:4395: ovs_mutex_lock_at() passed uninitialized ovs_mutex
> ,==22676== 
> ==22676== HEAP SUMMARY:
> ==22676==     in use at exit: 4,277,720 bytes in 1,039 blocks
> ==22676==   total heap usage: 34,041 allocs, 33,002 frees, 25,258,154 bytes allocated
> ==22676== 
> ==22676== LEAK SUMMARY:
> ==22676==    definitely lost: 89 bytes in 4 blocks
> ==22676==    indirectly lost: 0 bytes in 0 blocks
> ==22676==      possibly lost: 4,196,601 bytes in 21 blocks
> ==22676==    still reachable: 81,030 bytes in 1,014 blocks
> ==22676==         suppressed: 0 bytes in 0 blocks
> ==22676== Rerun with --leak-check=full to see details of leaked memory
> ==22676== 
> ==22676== For counts of detected and suppressed errors, rerun with: -v
> ==22676== Use --track-origins=yes to see where uninitialised values come from
> ==22676== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 2 from 2)
> Killed
> [root at localhost ~]#
> 
> ========================================================================
> 
> the reproduction information as follows:
> 
> 1?create a bridge "br1" with the netdev type
> 2?run the command ?ovs-vsctl set int br1 lldp:enable=true ? to make the interface br1 enable the function lldp
> 3?run the command ''ovs-vsctl del-br br1" to delete the br1
> =====================================================================================
> -----????-----
> ???: Ben Pfaff [mailto:blp at ovn.org] 
> ????: 2017?4?25? 1:15
> ???: qintao (F)
> ??: Justin Pettit; Liuguifeng; ovs-discuss at openvswitch.org; wuhao (S); zhouyong (R); Lukai (Look); Guoyilong
> ??: Re: [ovs-discuss] ??: about <the lldp bug cause the crash of the process "ovs-vswitchd"with the userspace ovs 2.5.0>
> 
> OK, let's figure out the problem.  Can you provide a backtrace?  Or run OVS until valgrind and provide valgrind's report?  Or can you provide reproduction information for us?
> 
> Thanks,
> 
> Ben.
> 
> On Thu, Apr 20, 2017 at 08:21:54AM +0000, qintao (F) wrote:
> > hi,Pettit
> > 	I have reprodeuced the same issue with 2.5.2, but the result is still disappointing ,which is the crash of the process "ovs-vswitchd".
> > 
> > best regards,
> >  Tony tao
> > -----????-----
> > ???: Justin Pettit [mailto:jpettit at ovn.org]
> > ????: 2017?4?20? 5:05
> > ???: qintao (F)
> > ??: ovs-discuss at openvswitch.org; wuhao (S); Liuguifeng; Lukai (Look); 
> > Guoyilong
> > ??: Re: [ovs-discuss] about <the lldp bug cause the crash of the 
> > process "ovs-vswitchd"with the userspace ovs 2.5.0>
> > 
> > 
> > > On Apr 18, 2017, at 6:59 PM, qintao (F) <qintao5 at huawei.com> wrote:
> > > 
> > >  
> > >  
> > > Dear all ,
> > >      we create a bridge ?br1? with the type of netdev .And the version of the ovs is 2.5.0. Then we run the command ?ovs-vsctl set int br1 lldp:enable=true ? to make the interface br1 enable the function lldp.After that ,we delete the bridge br1 ,we found the the process ?ovs-vswitchd? has been lost.
> > > ?
> > 
> > Thanks for the report.  There are a couple of releases in the 2.5.x series since 2.5.0.  Are you able to reproduce the same issue with 2.5.2?
> > 
> > --Justin
> > 
> > 
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

From charles at onlab.us  Thu Jul  6 21:37:49 2017
From: charles at onlab.us (Charles Chan)
Date: Thu, 06 Jul 2017 21:37:49 +0000
Subject: [ovs-discuss] Question regarding group reference count
In-Reply-To: <CAJJLwsOxUqtdvYAm-=_twaADzjYJOUi3hYvttv_BUMtgbiFiqA@mail.gmail.com>
References: <CAJJLwsOxUqtdvYAm-=_twaADzjYJOUi3hYvttv_BUMtgbiFiqA@mail.gmail.com>
Message-ID: <CAJJLwsP22mOr240X7vkRujQVVag5tUbTnK0LYqOy=c=pcqeR7Q@mail.gmail.com>

Hi everyone,

I just downloaded the latest OVS release (2.7.1) but unfortunately I am
still able to reproduce the issue.
It seems to be an OVS-specific issue since the reference count is reported
correctly on other OF-DPA based hardware switches.
Any thought?

Thanks,
Charles

On Mon, Jun 19, 2017 at 4:46 PM Charles Chan <charles at onlab.us> wrote:

> Hi everyone,
>
> I noticed a strange behavior of group reference count in ovs 2.7.0 and
> therefore I am writing to confirm if this is expected.
>
> I created 2 indirect groups and 1 select group. There are 2 buckets in the
> select group, each of them points to one of the indirect group.
> sudo ovs-ofctl -O OpenFlow13 dump-groups ovs-br
> OFPST_GROUP_DESC reply (OF1.3) (xid=0x2):
> group_id=201,type=indirect,bucket=actions=output:1
> group_id=202,type=indirect,bucket=actions=output:2
> group_id=101,type=select,
> *bucket=actions=group:201,bucket=actions=group:202*
>
> I also created a flow that points to the select group.
> sudo ovs-ofctl -O OpenFlow13 dump-flows ovs-br
> OFPST_FLOW reply (OF1.3) (xid=0x2):
>  cookie=0x0, duration=31.409s, table=0, n_packets=0, n_bytes=0,
> vlan_tci=0x000a/0x1fff actions=group:101
>  cookie=0x0, duration=275.500s, table=0, n_packets=0, n_bytes=0,
> priority=0 actions=NORMAL
>
> However, the reference count of these 2 indirect groups are both zero.
> sudo ovs-ofctl -O OpenFlow13 dump-group-stats ovs-br
> OFPST_GROUP reply (OF1.3) (xid=0x2):
>  group_id=201,duration=185.249s,*ref_count=0*
> ,packet_count=0,byte_count=0,bucket0:packet_count=0,byte_count=0
>  group_id=202,duration=159.981s,*ref_count=0*
> ,packet_count=0,byte_count=0,bucket0:packet_count=0,byte_count=0
>
>  group_id=101,duration=111.349s,ref_count=1,packet_count=0,byte_count=0,bucket0:packet_count=0,byte_count=0,bucket1:packet_count=0,byte_count=0
>
> I further looked up OF 1.3 spec and discovered this description in the
> section of OFPMP_GROUP.
> uint32_t ref_count; /* Number of *flows or groups that directly forward
> to this group*. */
> According to my interpretation of the spec, the reference count of these
> indirect groups should both be 1 instead of 0 since they are referenced by
> the select group.
>
> This can be easily reproduced by following steps.
> sudo ovs-vsctl add-br ovs-br
> sudo ovs-ofctl -O OpenFlow13 add-group ovs-br
> group_id=201,type=indirect,bucket=actions=output:1
> sudo ovs-ofctl -O OpenFlow13 add-group ovs-br
> group_id=202,type=indirect,bucket=actions=output:2
> sudo ovs-ofctl -O OpenFlow13 add-group ovs-br
> group_id=101,type=select,bucket=actions=group:201,bucket=actions=group:202
> sudo ovs-ofctl -O OpenFlow13 add-flow ovs-br vlan_vid=10,actions=group:101
>
> I installed OVS from the 2.7.0 tarball. This is the version I am using.
> sudo ovs-vsctl --version
> ovs-vsctl (Open vSwitch) 2.7.0
> DB Schema 7.14.0
>
> Thanks,
> Charles
> --
>
> Charles Chan
> Member of Technical Staff, ON.Lab
> Member of Ambassador Steering Team, ONOS/CORD Community
>
-- 

Charles Chan
Member of Technical Staff, ONF
Member of Ambassador Steering Team, ONOS/CORD Community
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170706/8910398e/attachment.html>

From nusiddiq at redhat.com  Fri Jul  7 10:20:15 2017
From: nusiddiq at redhat.com (Numan Siddique)
Date: Fri, 7 Jul 2017 15:50:15 +0530
Subject: [ovs-discuss] OVN DHCP implementation ignores broadcast bit
In-Reply-To: <62bfb218-afb4-7932-a595-1350453fd528@genband.com>
References: <96bc4082-b40b-22b1-db52-e05669bf3212@genband.com>
	<6FDA0CACF4BC624BBE12167875D71C9B409C08DB@CBSEX1.cloudbase.local>
	<CAH=CPzoEK13O=YoLD3b0QF9O46hWjADicL=xY37QbDO=k-CV8A@mail.gmail.com>
	<62bfb218-afb4-7932-a595-1350453fd528@genband.com>
Message-ID: <CAH=CPzr0xfxbM3kgkjjS=EkLhS7R4jxM4E3xo9NSfNhQxErh4Q@mail.gmail.com>

On Thu, Jul 6, 2017 at 7:52 PM, Alex Jones <ajones at genband.com> wrote:

> Hi Numan,
>
>   It doesn't matter to me. You know the code better than I do! Do you want
> me to post the patch, and you can improve it?
>

Sure. Go ahead and post the patch.

Thanks
Numan


>   My patch does modify pinctrl_handle_put_dhcp_opts() currently.
>
> Alex
>
> On 07/04/2017 11:39 PM, Numan Siddique wrote:
>
> ------------------------------
> NOTICE: This email was received from an EXTERNAL sender
> ------------------------------
>
>
>
> On Tue, Jul 4, 2017 at 5:48 PM, Alin Serdean <aserdean at cloudbasesolutions.
> com> wrote:
>
>> Hi Alex,
>>
>>
>>
>> You can send it to dev at openvswitch.org or create a new pull request via
>> github.
>>
>>
>>
>> Thanks,
>>
>> Alin.
>>
>>
>>
>> *From:* ovs-discuss-bounces at openvswitch.org [mailto:
>> ovs-discuss-bounces at openvswitch.org] *On Behalf Of *Alex Jones
>> *Sent:* Tuesday, July 4, 2017 4:00 AM
>> *To:* ovs-discuss at openvswitch.org
>> *Subject:* [ovs-discuss] OVN DHCP implementation ignores broadcast bit
>>
>>
>>
>> Hi All,
>>
>>   I have OVN up and running (version 2.7), and it is working well except
>> for one case. We have a VM which uses its own IP stack and does not accept
>> unicast DHCP offers. After examining the OVN code, I found that it
>> currently doesn't support the broadcast bit if set by the client.
>>
>>   I didn't see any bugs regarding this, so I did a patch myself. The
>> patch modifies put_dhcp_options to return 2 if the broadcast bit was set in
>> the DISCOVER/REQUEST, and 1 if not set (both indicate success). Then I
>> modified the current logical flow to check if the return code is 1, then
>> execute the current logical flow. I added a new logical flow to handle the
>> broadcast bit set case. If the return value from put_dhcp_options is 2, the
>> new flow is executed which sets the dest MAC and dest IP to broadcast.
>>
>>   I'd like to submit this. Do I just post it here?
>>
>> Alex
>>
>
> The other simpler approach could be to set "ip4.dst and eth.dst" to
> broadcast addresses if broadcast bit is set, giaddr and ciaddr is 0 (as per
> the RFC - https://www.ietf.org/rfc/rfc2131.txt) in the function
> "pinctrl_handle_put_dhcp_opts" (in ovn/controller/pinctrl.c) and modify
> ovn-northd.c to not set the eth.dst and ip4.dst fields in the
> S_SWITCH_IN_DHCP_RESPONSE  pipeline.
>
> Probably we should also set ip4.dst to giaddr (to support dhcp relay) if
> it is set.
>
> Thanks
> Numan
>
>
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170707/f9670e65/attachment-0001.html>

From deepthysugesh at gmail.com  Fri Jul  7 15:09:08 2017
From: deepthysugesh at gmail.com (Sugu Chandran)
Date: Fri, 7 Jul 2017 16:09:08 +0100
Subject: [ovs-discuss] Issue with offloading OVS flows into MLNX-4 cards
Message-ID: <CAMHvpbOjWhA55YRxWKBhWc6ucGh=9p4=7JMM_hwmQ291nGZQuA@mail.gmail.com>

Hi,

I am trying to test hardware offloading feature in OVS using a 2*25G
mellanox NIC.   My test setup has static OVS L2 rules to forward packets
between these two ports. The traffic generators are connected to these
ports to pump in traffic.
The hardware offloading is enabled in the system by using,
    ovs-vsctl --no-wait set Open_vSwitch . other_config:hw-offload=true
I didnt set any explicit hw-policy ,  kept it default as 'None'

I noticed that when I am sending traffic to these ports, there are no rules
getting programmed into the hardware. Also there are no error reported in
ovs-vswitchd.log as such.
Of Course the packets are getting forwarded in software.  Is there anything
else needs to be done to make the TC to program the mellanox NICs?

Regards
_Sugu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170707/f7812b00/attachment.html>

From blp at ovn.org  Fri Jul  7 15:45:20 2017
From: blp at ovn.org (Ben Pfaff)
Date: Fri, 7 Jul 2017 08:45:20 -0700
Subject: [ovs-discuss] Question regarding group reference count
In-Reply-To: <CAJJLwsP22mOr240X7vkRujQVVag5tUbTnK0LYqOy=c=pcqeR7Q@mail.gmail.com>
References: <CAJJLwsOxUqtdvYAm-=_twaADzjYJOUi3hYvttv_BUMtgbiFiqA@mail.gmail.com>
	<CAJJLwsP22mOr240X7vkRujQVVag5tUbTnK0LYqOy=c=pcqeR7Q@mail.gmail.com>
Message-ID: <20170707154520.GR23376@ovn.org>

It's probably a bug in OVS.  The group reference count is, from an OVS
perspective, a bookkeeping exercise without real value, so it can easily
get out of sync.

On Thu, Jul 06, 2017 at 09:37:49PM +0000, Charles Chan wrote:
> Hi everyone,
> 
> I just downloaded the latest OVS release (2.7.1) but unfortunately I am
> still able to reproduce the issue.
> It seems to be an OVS-specific issue since the reference count is reported
> correctly on other OF-DPA based hardware switches.
> Any thought?
> 
> Thanks,
> Charles
> 
> On Mon, Jun 19, 2017 at 4:46 PM Charles Chan <charles at onlab.us> wrote:
> 
> > Hi everyone,
> >
> > I noticed a strange behavior of group reference count in ovs 2.7.0 and
> > therefore I am writing to confirm if this is expected.
> >
> > I created 2 indirect groups and 1 select group. There are 2 buckets in the
> > select group, each of them points to one of the indirect group.
> > sudo ovs-ofctl -O OpenFlow13 dump-groups ovs-br
> > OFPST_GROUP_DESC reply (OF1.3) (xid=0x2):
> > group_id=201,type=indirect,bucket=actions=output:1
> > group_id=202,type=indirect,bucket=actions=output:2
> > group_id=101,type=select,
> > *bucket=actions=group:201,bucket=actions=group:202*
> >
> > I also created a flow that points to the select group.
> > sudo ovs-ofctl -O OpenFlow13 dump-flows ovs-br
> > OFPST_FLOW reply (OF1.3) (xid=0x2):
> >  cookie=0x0, duration=31.409s, table=0, n_packets=0, n_bytes=0,
> > vlan_tci=0x000a/0x1fff actions=group:101
> >  cookie=0x0, duration=275.500s, table=0, n_packets=0, n_bytes=0,
> > priority=0 actions=NORMAL
> >
> > However, the reference count of these 2 indirect groups are both zero.
> > sudo ovs-ofctl -O OpenFlow13 dump-group-stats ovs-br
> > OFPST_GROUP reply (OF1.3) (xid=0x2):
> >  group_id=201,duration=185.249s,*ref_count=0*
> > ,packet_count=0,byte_count=0,bucket0:packet_count=0,byte_count=0
> >  group_id=202,duration=159.981s,*ref_count=0*
> > ,packet_count=0,byte_count=0,bucket0:packet_count=0,byte_count=0
> >
> >  group_id=101,duration=111.349s,ref_count=1,packet_count=0,byte_count=0,bucket0:packet_count=0,byte_count=0,bucket1:packet_count=0,byte_count=0
> >
> > I further looked up OF 1.3 spec and discovered this description in the
> > section of OFPMP_GROUP.
> > uint32_t ref_count; /* Number of *flows or groups that directly forward
> > to this group*. */
> > According to my interpretation of the spec, the reference count of these
> > indirect groups should both be 1 instead of 0 since they are referenced by
> > the select group.
> >
> > This can be easily reproduced by following steps.
> > sudo ovs-vsctl add-br ovs-br
> > sudo ovs-ofctl -O OpenFlow13 add-group ovs-br
> > group_id=201,type=indirect,bucket=actions=output:1
> > sudo ovs-ofctl -O OpenFlow13 add-group ovs-br
> > group_id=202,type=indirect,bucket=actions=output:2
> > sudo ovs-ofctl -O OpenFlow13 add-group ovs-br
> > group_id=101,type=select,bucket=actions=group:201,bucket=actions=group:202
> > sudo ovs-ofctl -O OpenFlow13 add-flow ovs-br vlan_vid=10,actions=group:101
> >
> > I installed OVS from the 2.7.0 tarball. This is the version I am using.
> > sudo ovs-vsctl --version
> > ovs-vsctl (Open vSwitch) 2.7.0
> > DB Schema 7.14.0
> >
> > Thanks,
> > Charles
> > --
> >
> > Charles Chan
> > Member of Technical Staff, ON.Lab
> > Member of Ambassador Steering Team, ONOS/CORD Community
> >
> -- 
> 
> Charles Chan
> Member of Technical Staff, ONF
> Member of Ambassador Steering Team, ONOS/CORD Community

> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


From deepthysugesh at gmail.com  Fri Jul  7 14:36:41 2017
From: deepthysugesh at gmail.com (Sugu Chandran)
Date: Fri, 7 Jul 2017 15:36:41 +0100
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4 cards
Message-ID: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>

Hi,

I am trying to test hardware offloading feature in OVS using a 2*25G
mellanox NIC.   My test setup has static OVS L2 rules to forward packets
between these two ports. The traffic generators are connected to these
ports to pump in traffic.
The hardware offloading is enabled in the system by using,
    ovs-vsctl --no-wait set Open_vSwitch . other_config:hw-offload=true
I didnt set any hw-policy explicit,  as I kept it default as 'None'

I noticed that when I am sending traffic to these ports, there are no rules
that are getting programmed into the hardware. Also there are no error
reported in ovs-vswitchd.log as such.
Of Course the packets are getting forwarded in software.  Is there anything
else needs to be done to make the TC for programming the mellanox NICs?

Regards
_Sugu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170707/32296a62/attachment.html>

From jt at labs.hpe.com  Fri Jul  7 22:20:39 2017
From: jt at labs.hpe.com (Jean Tourrilhes)
Date: Fri, 7 Jul 2017 15:20:39 -0700
Subject: [ovs-discuss] Q: Using netfilter to classify packets in OVS ?
Message-ID: <20170707222039.GA31272@labs.hpe.com>

	Hi,

	I want to classify/match packets in OVS based on some TCP
options, this is currently not supported by OVS but it is supported by
netfilter. The support for ConnTrack left me wondering if I could use
netfilter to match that field and then use the result of that in OVS.
	Thanks in advance...

	Jean

From jt at labs.hpe.com  Fri Jul  7 22:36:11 2017
From: jt at labs.hpe.com (Jean Tourrilhes)
Date: Fri, 7 Jul 2017 15:36:11 -0700
Subject: [ovs-discuss] Parallel VxLAN tunnels
Message-ID: <20170707223611.GB31272@labs.hpe.com>

	Hi,

	I want to know how to implement parallel VxLAN tunnels between
two hosts with OVS.
	Each host, h0 and h1, has two OVS instances, br0 and
br1. I want two separate VxLAN tunnels :
		h0-br0 <=> h1-br0
		h0-br1 <=> h1-br1
	Those two tunnels could be using different VNI, so is there
a way for a OVS instance to use only a single VNI ? I also saw that
VxLAN support alternate port number, should I use that ?
	Thanks in advance !

	Jean

From scott.lowe at scottlowe.org  Sun Jul  9 17:45:11 2017
From: scott.lowe at scottlowe.org (Scott Lowe)
Date: Sun, 9 Jul 2017 11:45:11 -0600
Subject: [ovs-discuss] Parallel VxLAN tunnels
In-Reply-To: <20170707223611.GB31272@labs.hpe.com>
References: <20170707223611.GB31272@labs.hpe.com>
Message-ID: <edb6e156-8aa3-3ed8-586d-9579802f0df0@scottlowe.org>

On 07/07/2017 04:36 PM, Jean Tourrilhes wrote:
> 	Hi,
> 
> 	I want to know how to implement parallel VxLAN tunnels between
> two hosts with OVS.
> 	Each host, h0 and h1, has two OVS instances, br0 and
> br1. I want two separate VxLAN tunnels :
> 		h0-br0 <=> h1-br0
> 		h0-br1 <=> h1-br1
> 	Those two tunnels could be using different VNI, so is there
> a way for a OVS instance to use only a single VNI ? I also saw that
> VxLAN support alternate port number, should I use that ?
> 	Thanks in advance !


I haven't tried this, but it seems like it should be possible to build
two VXLAN tunnels between two hosts using two different IP endpoints
(tunnel endpoints) on each host. You could accomplish this using an OVS
internal port on each bridge, like this:

	h0-br0 has internal port w/ IP addr W.X.Y.Z1
	h0-br1 has internal port w/ IP addr A.B.C.D1
	h1-br0 has internal port w/ IP addr W.X.Y.Z2
	h1-br1 has internal port w/ IP addr A.B.C.D2

Then configure the tunnels with the appropriate IP endpoints (h0-br0
points to internal port on h1-br0 and vice versa, h0-br1 points to
internal port on h1-br1 and vice versa).

Again, I haven't tested this, so there may be (one or more) things I'm
overlooking/don't know about.

Of course, then you'll have the issue of installing flows to properly
direct traffic across those tunnels, but that's a different topic.

Good luck!

-- 
Scott

From developer at it-offshore.co.uk  Sat Jul  8 21:22:17 2017
From: developer at it-offshore.co.uk (Stuart Cardall)
Date: Sat, 8 Jul 2017 22:22:17 +0100
Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767 1891
 1892 1893 1894 1895 1896 1900 1902 failed
Message-ID: <567db902-0ab4-2e5a-6eaf-a324d8130b78@it-offshore.co.uk>

Hello,

Attached is the test suite log for ovs 2.7.1 in Alpine Linux / musl c:

testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed

Kind Regards,

Stuart Cardall.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170708/4ef3116e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: testsuite.log
Type: text/x-log
Size: 374974 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170708/4ef3116e/attachment-0001.bin>

From shasija at tssg.org  Sun Jul  9 23:47:27 2017
From: shasija at tssg.org (Sidhant Hasija)
Date: Mon, 10 Jul 2017 00:47:27 +0100
Subject: [ovs-discuss] ovs-2.7.1 vxlan issue
Message-ID: <3d286c07-1ff5-28af-429a-76f10b2e45f5@tssg.org>

Hello,

I am trying to connect two openvswitch mininet network situated in two 
different hosts through a vxlan tunnel.

However, when I try to setup a vxlan port on a switch through the 
following command, I get "address family not supported error".

/ovs-vsctl add-port br0 vxlan1 -- set interface vxlan1 type=vxlan  
options:remote_ip=192.168.1.2 options:key=flow/

Error:
ovs-vsctl: Error detected while setting up 'vxlan1': could not add 
network device vxlan1 to ofproto (Address family not supported by 
protocol).  See ovs-vswitchd log for details.
Log message:
|00022|dpif|WARN|system at ovs-system: failed to add vxlan1 as port: 
Address family not supported by protocol
|00023|bridge|WARN|could not add network device vxlan1 to ofproto 
(Address family not supported by protocol)

Any inputs on this long persisted issue will be really helpful.
I am using ubuntu-16, kernel 4.4 and ovs 2.7.1

Thanks and Regards
Sidhant

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170710/54d7c281/attachment.html>

From roid at mellanox.com  Mon Jul 10 03:57:33 2017
From: roid at mellanox.com (Roi Dayan)
Date: Mon, 10 Jul 2017 06:57:33 +0300
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4
 cards
In-Reply-To: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
References: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
Message-ID: <59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>



On 07/07/2017 17:36, Sugu Chandran wrote:
> Hi,
>
> I am trying to test hardware offloading feature in OVS using a 2*25G
> mellanox NIC.   My test setup has static OVS L2 rules to forward packets
> between these two ports. The traffic generators are connected to these
> ports to pump in traffic.
> The hardware offloading is enabled in the system by using,
>     ovs-vsctl --no-wait set Open_vSwitch . other_config:hw-offload=true
> I didnt set any hw-policy explicit,  as I kept it default as 'None'
>
> I noticed that when I am sending traffic to these ports, there are no
> rules that are getting programmed into the hardware. Also there are no
> error reported in ovs-vswitchd.log as such.
> Of Course the packets are getting forwarded in software.  Is there
> anything else needs to be done to make the TC for programming the
> mellanox NICs?
>
> Regards
> _Sugu
>
>

Hi Sugo,

Since you do not have errors in the log did you check if the rules
were added to tc software?
you can dump like this:
# tc -s filter show dev ens5f0 ingress

You need to enable the offload feature on the HCA with ethtool.
example:
# ethtool -K ens5f0 hw-tc-offload on

We still need to work on docs for this feature but for now I
documented it a little here:
https://github.com/roidayan/ovs/wiki

Thanks,
Roi


>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0
>

From roid at mellanox.com  Mon Jul 10 04:06:09 2017
From: roid at mellanox.com (Roi Dayan)
Date: Mon, 10 Jul 2017 07:06:09 +0300
Subject: [ovs-discuss] OVS data path offloading
In-Reply-To: <CANjEN-F4eOEpucHB7kJR-VLn3M3=VZnuWjLBhDpLyRk8yAZn0Q@mail.gmail.com>
References: <CANjEN-F4eOEpucHB7kJR-VLn3M3=VZnuWjLBhDpLyRk8yAZn0Q@mail.gmail.com>
Message-ID: <8c0c2029-eb62-a03e-4d64-5b2bca62ee94@mellanox.com>



On 12/01/2017 16:21, Luca Salvatore via discuss wrote:
> Has anyone experimented with the netronome NICs that can do ovs data
> path offloading?
> (reference
> https://www.netronome.com/media/redactor_files/WP_OVS_Benchmarking.pdf)
>
> Wondering if anyone has some real world experience with them.
>
> Also is there any other vendor doing similar things?  Looks like
> mellanox have something similar but I can't tell if their stuff is just
> vxlan offloading capable or if it can do the whole OVS datapath offload.
>
> thanks
>
>

Hi Luca,

The current implementation support action of forward, drop, vxlan
encap/decap, vlan push/pop. protocols supported currently are
tcp, udp, arp. another limitation currently is support for a single
forward action only.

Thanks,
Roi

>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>

From mark.b.kavanagh at intel.com  Mon Jul 10 09:32:20 2017
From: mark.b.kavanagh at intel.com (Kavanagh, Mark B)
Date: Mon, 10 Jul 2017 09:32:20 +0000
Subject: [ovs-discuss] Is running vswitchd of dpdk-ovs as secondary
 process?
In-Reply-To: <CAAZV7DD=wsfScvYY79E-Q2nXBQrkSyaJMyWNwn2ENN=PpM2B9A@mail.gmail.com>
References: <CAAZV7DD=wsfScvYY79E-Q2nXBQrkSyaJMyWNwn2ENN=PpM2B9A@mail.gmail.com>
Message-ID: <DC5AD7FA266D86499789B1BCAEC715F8B1C711AB@IRSMSX101.ger.corp.intel.com>

>From: ovs-discuss-bounces at openvswitch.org [mailto:ovs-discuss-
>bounces at openvswitch.org] On Behalf Of Heung Sik Choi
>Sent: Wednesday, July 5, 2017 6:06 AM
>To: ovs-discuss at openvswitch.org
>Subject: [ovs-discuss] Is running vswitchd of dpdk-ovs as secondary process?
>
>Hi,
>
>I've used dpdk-ovs and studied it. Recently I came to know that DPDK
>applications can be run as primary or secondary process.

Hi Heung,

DPDK applications may be run as a secondary process if, and only if, there is already a DPDK primary process running. The primary process has responsibility for allocating memory from hugepages for DPDK applications, which the secondary process(es) may also lookup and use. Note that there are no secondary DPDK processes in OvS-DPDK.

Hope this clears things up,
Mark

>
>So, I'm wondering if there is secondary process when ovs-dpdk is run.
>
>Especially, is ovs-vswitchd run as secondary process?
>
>Please let me know if you have any insights.


From lrichard at redhat.com  Mon Jul 10 17:14:38 2017
From: lrichard at redhat.com (Lance Richardson)
Date: Mon, 10 Jul 2017 13:14:38 -0400 (EDT)
Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
 1891 1892 1893 1894 1895 1896 1900 1902 failed
In-Reply-To: <567db902-0ab4-2e5a-6eaf-a324d8130b78@it-offshore.co.uk>
References: <567db902-0ab4-2e5a-6eaf-a324d8130b78@it-offshore.co.uk>
Message-ID: <2093867126.31840847.1499706878012.JavaMail.zimbra@redhat.com>

> From: "Stuart Cardall" <developer at it-offshore.co.uk>
> To: bugs at openvswitch.org
> Sent: Saturday, 8 July, 2017 5:22:17 PM
> Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed
> 
> 
> 
> Hello,
> 
> Attached is the test suite log for ovs 2.7.1 in Alpine Linux / musl c:
> 
> testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed
> 
> 
> Kind Regards,
> 
> Stuart Cardall.
> 

These will pass if GNU awk is used instead of busybox awk (apk add gawk).

   7: completion.at:343  vsctl-bashcomp - basic verification
   8: completion.at:425  vsctl-bashcomp - argument completion

The other failures mostly seem to have the pattern of a "hard failure" in
OVS_WAIT_WHILE() or OVS_WAIT_UNTIL() immediately after a "kill -SEGV".
It's not clear from a quick look what the root cause might be.

   Lance

From blue at veracity.io  Mon Jul 10 20:21:36 2017
From: blue at veracity.io (Blue Lang)
Date: Mon, 10 Jul 2017 16:21:36 -0400
Subject: [ovs-discuss] building from source / ovs-dpctl-top crash
Message-ID: <CAKCC41MArv9pmiNE8U9zHR7nu-DEVQpSPstsVWYEC0kaPaW41A@mail.gmail.com>

Hello,

New to the list. My company is building an (awesome) industrial security
networking platform and OVS is a big part of the solution, so thank you all
for your work.

I'd like to use ovs-dpctl-top as part of our testing suite, but it is
crashing on launch. I built it and mininet from scratch/TOT to be sure it
wasn't an old bug. I have two suggestions for the build scripts, and the
error I'm seeing with -top.


   - Should make install create /usr/local/var/run/openvswitch by default?
   Right now this is a needless manual step.
   - Can ovsdb-server create a symlink to db.sock to avoid requiring
    "--remote=punix:/usr/local/var/run/openvswitch/db.sock" in what seems to
   be the default invocation? All of the related tools seem to want to use
   db.sock rather than the instantiation-specific socket.

Sorry if I misunderstood the operation of either of the above - this is
just based on my experience today building it for the first time.

-top dies with the following stack trace the moment mininet instantiates:

Traceback (most recent call last):

  File "/usr/local/bin/ovs-dpctl-top", line 1290, in <module>

    sys.exit(main())

  File "/usr/local/bin/ovs-dpctl-top", line 1282, in main

    flows_top(args)

  File "/usr/local/bin/ovs-dpctl-top", line 1191, in flows_top

    flows_read(ihdl, flow_db)

  File "/usr/local/bin/ovs-dpctl-top", line 593, in flows_read

    flow_db.flow_line_add(line)

  File "/usr/local/bin/ovs-dpctl-top", line 988, in flow_line_add

    self.flow_event(fields_dict, stats_old_dict, stats_dict)

  File "/usr/local/bin/ovs-dpctl-top", line 1080, in flow_event

    matches = flow_aggregate(fields_dict, stats_new_dict)

  File "/usr/local/bin/ovs-dpctl-top", line 576, in flow_aggregate

    field, stats_dict)

  File "/usr/local/bin/ovs-dpctl-top", line 268, in element_ipv6_get

    element_show = fmt % (field_type, element["src"], element["dst"])

KeyError: 'src'

If this is not a known error I can spend some time debugging it.

Steps: git ovs, git mininet, build both with defaults, no changes to
config, etc. run ovs-dpctl-top, start mininet, crash.

root at FusionOVCS:~/ovs# cat /etc/lsb-release

DISTRIB_ID=Ubuntu

DISTRIB_RELEASE=17.04

DISTRIB_CODENAME=zesty

DISTRIB_DESCRIPTION="Ubuntu 17.04"


Thanks!

-- 
Blue Lang
PM *| *Veracity

3423 Piedmont Rd NE

Suite 350

Atlanta, GA  30305
Cell:  (770) 265-1381 <+17702651381>
https://www.linkedin.com/in/bluelang/
blue at veracity.io
www.veracity.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170710/cc1b9a67/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170710/cc1b9a67/attachment.png>

From jt at labs.hpe.com  Mon Jul 10 20:31:57 2017
From: jt at labs.hpe.com (Jean Tourrilhes)
Date: Mon, 10 Jul 2017 13:31:57 -0700
Subject: [ovs-discuss] Parallel VxLAN tunnels
In-Reply-To: <edb6e156-8aa3-3ed8-586d-9579802f0df0@scottlowe.org>
References: <20170707223611.GB31272@labs.hpe.com>
	<edb6e156-8aa3-3ed8-586d-9579802f0df0@scottlowe.org>
Message-ID: <20170710203157.GA16205@labs.hpe.com>

On Sun, Jul 09, 2017 at 11:45:11AM -0600, Scott Lowe wrote:
> 
> I haven't tried this, but it seems like it should be possible to build
> two VXLAN tunnels between two hosts using two different IP endpoints

	That's the trouble, I don't want to use different IP endpoints.
	Thanks for the idea !

	Jean

From khaledmdiab at hotmail.com  Mon Jul 10 21:25:29 2017
From: khaledmdiab at hotmail.com (Khaled Diab)
Date: Mon, 10 Jul 2017 21:25:29 +0000
Subject: [ovs-discuss] pop_mpls implementation
Message-ID: <MWHPR01MB2383232AF14DD46ACA4264ADA3A90@MWHPR01MB2383.prod.exchangelabs.com>

Hello,

I am trying to modify how OVS pops MPLS labels. I have two questions about pop_mpls implementation:


1) What is the difference between the three functions:

datapath/actions.c: pop_mpls

lib/packets.c: pop_mpls

lib/flow.c: flow_pop_mpls


Specifically, when is each of them called? and why is there a flow_pop_mpls and pop_mpls?

When I commented the first two functions, pop_mpls action works as usual; when I commented the three functions, nothing was popped.


2) During executing pop_mpls (or flow_pop_mpls), can I output the packet to a particular port?



Regards,
Khaled
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170710/af76a0a5/attachment.html>

From khaledmdiab at hotmail.com  Mon Jul 10 21:20:21 2017
From: khaledmdiab at hotmail.com (Khaled Diab)
Date: Mon, 10 Jul 2017 21:20:21 +0000
Subject: [ovs-discuss] pop_mpls implementation
Message-ID: <MWHPR01MB2383793A0FD1C527D1A201A3A3A90@MWHPR01MB2383.prod.exchangelabs.com>

Hello,

I am trying to modify how OVS pops MPLS labels. I have two questions about pop_mpls implementation:


1) What is the difference between the three functions:

datapath/actions.c: pop_mpls

lib/packets.c: pop_mpls

lib/flow.c: flow_pop_mpls


Specifically, when is each of them called? and why is there a flow_pop_mpls and pop_mpls?

When I commented the first two functions, pop_mpls action works as usual; when I commented the three functions, nothing was popped.


2) During executing pop_mpls (or flow_pop_mpls), can I output the packet to a particular port?



Regards,
Khaled
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170710/bbeb7396/attachment.html>

From deepthysugesh at gmail.com  Mon Jul 10 23:20:41 2017
From: deepthysugesh at gmail.com (Sugu Deepthy)
Date: Tue, 11 Jul 2017 00:20:41 +0100
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4
	cards
In-Reply-To: <59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>
References: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
	<59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>
Message-ID: <CAMHvpbNoBp6wYozJj=DfNp=PYUVGwus_oSZDUR39XNSG6Ka95A@mail.gmail.com>

Thank you Roi for your help!

On Mon, Jul 10, 2017 at 4:57 AM, Roi Dayan <roid at mellanox.com> wrote:

>
>
> On 07/07/2017 17:36, Sugu Chandran wrote:
>
>> Hi,
>>
>> I am trying to test hardware offloading feature in OVS using a 2*25G
>> mellanox NIC.   My test setup has static OVS L2 rules to forward packets
>> between these two ports. The traffic generators are connected to these
>> ports to pump in traffic.
>> The hardware offloading is enabled in the system by using,
>>     ovs-vsctl --no-wait set Open_vSwitch . other_config:hw-offload=true
>> I didnt set any hw-policy explicit,  as I kept it default as 'None'
>>
>> I noticed that when I am sending traffic to these ports, there are no
>> rules that are getting programmed into the hardware. Also there are no
>> error reported in ovs-vswitchd.log as such.
>> Of Course the packets are getting forwarded in software.  Is there
>> anything else needs to be done to make the TC for programming the
>> mellanox NICs?
>>
>> Regards
>> _Sugu
>>
>>
>>
> Hi Sugo,
>
> Since you do not have errors in the log did you check if the rules
> were added to tc software?
> you can dump like this:
> # tc -s filter show dev ens5f0 ingress
>
I dont see any rules that are configured with above tc dump.


>
> You need to enable the offload feature on the HCA with ethtool.
> example:
> # ethtool -K ens5f0 hw-tc-offload on
>
This is enabled .

I am trying to forward traffic between two PFs on the same NIC?
Does it supported in the offload implementation?
When creating the switchdev on PFs with 2 VFs, there is no VF netdevs are
populated in my system. They are still showing as the vfs under the PF.
Ofcourse there are no errors too.

Also the system reports the mode 'inline-mode transport'is unsupported.
I am using ubunutu 17.04 with 4.10 kernel.
Is there anything I am missing here?
Any help is really appreciated!.

>
> We still need to work on docs for this feature but for now I
> documented it a little here:
> https://github.com/roidayan/ovs/wiki

As suggested in the wiki,

>
>
> Thanks,
> Roi
>
>
>
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-
>> discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814
>> cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%
>> 7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyyn
>> yaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170711/9fd12193/attachment.html>

From jt at labs.hpe.com  Mon Jul 10 23:31:25 2017
From: jt at labs.hpe.com (Jean Tourrilhes)
Date: Mon, 10 Jul 2017 16:31:25 -0700
Subject: [ovs-discuss] Parallel VxLAN tunnels
In-Reply-To: <20170707223611.GB31272@labs.hpe.com>
References: <20170707223611.GB31272@labs.hpe.com>
Message-ID: <20170710233125.GA18294@labs.hpe.com>

On Fri, Jul 07, 2017 at 03:36:11PM -0700, Jean Tourrilhes wrote:
> 	Hi,
> 
> 	I want to know how to implement parallel VxLAN tunnels between
> two hosts with OVS.
> 	Each host, h0 and h1, has two OVS instances, br0 and
> br1. I want two separate VxLAN tunnels :
> 		h0-br0 <=> h1-br0
> 		h0-br1 <=> h1-br1
> 	Those two tunnels could be using different VNI, so is there
> a way for a OVS instance to use only a single VNI ? I also saw that
> VxLAN support alternate port number, should I use that ?
> 	Thanks in advance !
> 
> 	Jean

	Ok, it was actually obvious :

# ./ovs-vsctl show
4878360b-97f7-4ed0-97a8-0d9d284257fe
    Bridge "br8"
        Controller "ptcp:6634"
        Controller "tcp:127.0.0.1:6633"
        fail_mode: secure
        Port "br8"
            Interface "br8"
                type: internal
        Port "vx2"
            Interface "vx2"
                type: vxlan
                options: {key="1", remote_ip="10.0.8.3"}
    Bridge "br9"
        Controller "tcp:127.0.0.1:6635"
        Controller "ptcp:6636"
        fail_mode: secure
        Port "vx4"
            Interface "vx4"
                type: vxlan
                options: {key="2", remote_ip="10.0.8.3"}
        Port "br9"
            Interface "br9"
                type: internal

	Have fun...

	Jean

From sara.gittlin at gmail.com  Tue Jul 11 07:58:39 2017
From: sara.gittlin at gmail.com (Sara Gittlin)
Date: Tue, 11 Jul 2017 10:58:39 +0300
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
Message-ID: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>

Hello,
I need a tool to feel up the flow tables in ofproto.
do you know what tool/other should i use ?
Thank you in advance - Sara

From deepthysugesh at gmail.com  Tue Jul 11 11:28:18 2017
From: deepthysugesh at gmail.com (Sugu Deepthy)
Date: Tue, 11 Jul 2017 12:28:18 +0100
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4
	cards
In-Reply-To: <CAMHvpbNoBp6wYozJj=DfNp=PYUVGwus_oSZDUR39XNSG6Ka95A@mail.gmail.com>
References: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
	<59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>
	<CAMHvpbNoBp6wYozJj=DfNp=PYUVGwus_oSZDUR39XNSG6Ka95A@mail.gmail.com>
Message-ID: <CAMHvpbN4v_qP+H4BzmHgkWvPNsheRzEChQ61f++SU8YO5fpGxg@mail.gmail.com>

Hi Roi

On Tue, Jul 11, 2017 at 12:20 AM, Sugu Deepthy <deepthysugesh at gmail.com>
wrote:

> Thank you Roi for your help!
>
> On Mon, Jul 10, 2017 at 4:57 AM, Roi Dayan <roid at mellanox.com> wrote:
>
>>
>>
>> On 07/07/2017 17:36, Sugu Chandran wrote:
>>
>>> Hi,
>>>
>>> I am trying to test hardware offloading feature in OVS using a 2*25G
>>> mellanox NIC.   My test setup has static OVS L2 rules to forward packets
>>> between these two ports. The traffic generators are connected to these
>>> ports to pump in traffic.
>>> The hardware offloading is enabled in the system by using,
>>>     ovs-vsctl --no-wait set Open_vSwitch . other_config:hw-offload=true
>>> I didnt set any hw-policy explicit,  as I kept it default as 'None'
>>>
>>> I noticed that when I am sending traffic to these ports, there are no
>>> rules that are getting programmed into the hardware. Also there are no
>>> error reported in ovs-vswitchd.log as such.
>>> Of Course the packets are getting forwarded in software.  Is there
>>> anything else needs to be done to make the TC for programming the
>>> mellanox NICs?
>>>
>>> Regards
>>> _Sugu
>>>
>>>
>>>
>> Hi Sugo,
>>
>> Since you do not have errors in the log did you check if the rules
>> were added to tc software?
>> you can dump like this:
>> # tc -s filter show dev ens5f0 ingress
>>
> I dont see any rules that are configured with above tc dump.
>
>
>>
>> You need to enable the offload feature on the HCA with ethtool.
>> example:
>> # ethtool -K ens5f0 hw-tc-offload on
>>
> This is enabled .
>
> I am trying to forward traffic between two PFs on the same NIC?
> Does it supported in the offload implementation?
> When creating the switchdev on PFs with 2 VFs, there is no VF netdevs are
> populated in my system. They are still showing as the vfs under the PF.
> Ofcourse there are no errors too.
>
> Also the system reports the mode 'inline-mode transport'is unsupported.
> I am using ubunutu 17.04 with 4.10 kernel.
> Is there anything I am missing here?
> Any help is really appreciated!.
>
[Sugu] Some more details on this. I was really getting error when trying to
enable hw-offload on mlnx-4 NICs.
Didnt notice in the logs before.

This the error info that I got from mellanox git.

BAD_SYS_STATE | 0x368B01 | query_vport_counter: vport is not enabled
(INIT_HCA is required)

I verfied that the ports named eth1, eth2, eth3 and et4 are created for my
vfs, when
I ran the commands 'devlink dev eswitch set pci/0000:07:00.0 mode
switchdev' and
'devlink dev eswitch set pci/0000:07:00.1 mode switchdev'

The detailed error in dmesg are given below,
[ 1245.941287] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3107):
QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
state(0x4), syndrome (0x368b01)
[ 1245.941478] mlx5_core 0000:07:00.1: mlx5_cmd_check:697:(pid 3107):
QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
state(0x4), syndrome (0x368b01)

Please note I couldn't run the "inline-mode transport" command as its not
supported.



>> We still need to work on docs for this feature but for now I
>> documented it a little here:
>> https://github.com/roidayan/ovs/wiki
>
> As suggested in the wiki,
>
>>
>>
>> Thanks,
>> Roi
>>
>>
>>
>>>
>>> _______________________________________________
>>> discuss mailing list
>>> discuss at openvswitch.org
>>> https://emea01.safelinks.protection.outlook.com/?url=https%3
>>> A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discu
>>> ss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce
>>> 08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%
>>> 7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx
>>> %2FKQzka7gedr1%2FUE%3D&reserved=0
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170711/85909bde/attachment.html>

From blp at ovn.org  Tue Jul 11 15:38:11 2017
From: blp at ovn.org (Ben Pfaff)
Date: Tue, 11 Jul 2017 08:38:11 -0700
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
Message-ID: <20170711153811.GF29918@ovn.org>

On Tue, Jul 11, 2017 at 10:58:39AM +0300, Sara Gittlin wrote:
> I need a tool to feel up the flow tables in ofproto.
> do you know what tool/other should i use ?

What does it mean "to feel up" a flow table?

From anand.nande at gmail.com  Tue Jul 11 15:55:41 2017
From: anand.nande at gmail.com (Anand Nande)
Date: Tue, 11 Jul 2017 15:55:41 +0000
Subject: [ovs-discuss] Information on Bugs in OVS v2.3.x
Message-ID: <CAHhjjb=SJxb4wG7bmOuoJsGk9EwzpgPKYuFC57=3gK7RAcUhqQ@mail.gmail.com>

Hello list,

I need information/list of all the bugs that were present in v2.3.x.

status of the bugs can be anything (CLOSED,WONTFIX,OPEN ..etc.)

Is there a way I can pull this info down from any source?

Thanks,
- Anand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170711/b9fea3d4/attachment.html>

From jpettit at ovn.org  Tue Jul 11 18:22:54 2017
From: jpettit at ovn.org (Justin Pettit)
Date: Tue, 11 Jul 2017 11:22:54 -0700
Subject: [ovs-discuss] Information on Bugs in OVS v2.3.x
In-Reply-To: <CAHhjjb=SJxb4wG7bmOuoJsGk9EwzpgPKYuFC57=3gK7RAcUhqQ@mail.gmail.com>
References: <CAHhjjb=SJxb4wG7bmOuoJsGk9EwzpgPKYuFC57=3gK7RAcUhqQ@mail.gmail.com>
Message-ID: <917FE939-D124-4264-8054-EDB274576A4B@ovn.org>


> On Jul 11, 2017, at 8:55 AM, Anand Nande <anand.nande at gmail.com> wrote:
> 
> Hello list,
> 
> I need information/list of all the bugs that were present in v2.3.x. 
> 
> status of the bugs can be anything (CLOSED,WONTFIX,OPEN ..etc.)
> 
> Is there a way I can pull this info down from any source? 

We don't have a central bug tracker.  You could look at the OVS github branch "branch-2.3" to see what's been fixed, but there's not an easy way to determine all issues that have been raised through various mailing lists.

--Justin



From magranovskiy at arccn.ru  Tue Jul 11 19:05:15 2017
From: magranovskiy at arccn.ru (=?UTF-8?B?0JzQuNGF0LDQuNC7INCQ0LPRgNCw0L3QvtCy0YHQutC40Lk=?=)
Date: Tue, 11 Jul 2017 19:05:15 +0000
Subject: [ovs-discuss] Reacting on change of BFD session state
Message-ID: <CAMkfyAQf-oT4TCSpmeNLA1syP-P8DkEh8sbysRrmC7w0NToGbg@mail.gmail.com>

Hello list,

There are 2 question to you:

1. OvS supports BFD. Does OvS react somehow on change of BFD session state?
Does BFD connection fault means something for OpenFlow-driven part of OvS?

2. In general, I consider OvS as switch side for SD-WAN solution. Thus, the
goal is to switch over links according to BFD session state. Are there some
practices of interacting with OvS this way using OpenFlow?
-- 

? ?????????, ?????? ??????????? |
Sincerely, Mikhail Agranovskiy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170711/46574e04/attachment-0001.html>

From blue at veracity.io  Tue Jul 11 20:42:15 2017
From: blue at veracity.io (Blue Lang)
Date: Tue, 11 Jul 2017 16:42:15 -0400
Subject: [ovs-discuss] Reacting on change of BFD session state
In-Reply-To: <CAMkfyAQf-oT4TCSpmeNLA1syP-P8DkEh8sbysRrmC7w0NToGbg@mail.gmail.com>
References: <CAMkfyAQf-oT4TCSpmeNLA1syP-P8DkEh8sbysRrmC7w0NToGbg@mail.gmail.com>
Message-ID: <CAKCC41PNba3XEYa-wKtxYOzRF99XVTRiETD8xBnWdhcfM_t03A@mail.gmail.com>

Looks like quite a few people have written BFD apps into various
controllers..

https://www.google.com/search?q=openflow+bfd+app&rlz=1C5CHFA_enUS736US737&oq=openflow+bfd+app&aqs=chrome..69i57.3977j0j9&sourceid=chrome&ie=UTF-8



On Tue, Jul 11, 2017 at 3:05 PM, ?????? ??????????? <magranovskiy at arccn.ru>
wrote:

> Hello list,
>
> There are 2 question to you:
>
> 1. OvS supports BFD. Does OvS react somehow on change of BFD session
> state? Does BFD connection fault means something for OpenFlow-driven part
> of OvS?
>
> 2. In general, I consider OvS as switch side for SD-WAN solution. Thus,
> the goal is to switch over links according to BFD session state. Are there
> some practices of interacting with OvS this way using OpenFlow?
> --
>
> ? ?????????, ?????? ??????????? |
> Sincerely, Mikhail Agranovskiy
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>


-- 
Blue Lang
PM *| *Veracity

3423 Piedmont Rd NE

Suite 350

Atlanta, GA  30305
Cell:  (770) 265-1381 <+17702651381>
https://www.linkedin.com/in/bluelang/
blue at veracity.io
www.veracity.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170711/a93171db/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170711/a93171db/attachment.png>

From roid at mellanox.com  Wed Jul 12 04:33:33 2017
From: roid at mellanox.com (Roi Dayan)
Date: Wed, 12 Jul 2017 07:33:33 +0300
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4
 cards
In-Reply-To: <CAMHvpbN4v_qP+H4BzmHgkWvPNsheRzEChQ61f++SU8YO5fpGxg@mail.gmail.com>
References: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
	<59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>
	<CAMHvpbNoBp6wYozJj=DfNp=PYUVGwus_oSZDUR39XNSG6Ka95A@mail.gmail.com>
	<CAMHvpbN4v_qP+H4BzmHgkWvPNsheRzEChQ61f++SU8YO5fpGxg@mail.gmail.com>
Message-ID: <57cf824f-040d-2dd4-100d-71c3c1121c25@mellanox.com>



On 11/07/2017 14:28, Sugu Deepthy wrote:
> Hi Roi
>
> On Tue, Jul 11, 2017 at 12:20 AM, Sugu Deepthy <deepthysugesh at gmail.com
> <mailto:deepthysugesh at gmail.com>> wrote:
>
>     Thank you Roi for your help!
>
>     On Mon, Jul 10, 2017 at 4:57 AM, Roi Dayan <roid at mellanox.com
>     <mailto:roid at mellanox.com>> wrote:
>
>
>
>         On 07/07/2017 17:36, Sugu Chandran wrote:
>
>             Hi,
>
>             I am trying to test hardware offloading feature in OVS using
>             a 2*25G
>             mellanox NIC.   My test setup has static OVS L2 rules to
>             forward packets
>             between these two ports. The traffic generators are
>             connected to these
>             ports to pump in traffic.
>             The hardware offloading is enabled in the system by using,
>                 ovs-vsctl --no-wait set Open_vSwitch .
>             other_config:hw-offload=true
>             I didnt set any hw-policy explicit,  as I kept it default as
>             'None'
>
>             I noticed that when I am sending traffic to these ports,
>             there are no
>             rules that are getting programmed into the hardware. Also
>             there are no
>             error reported in ovs-vswitchd.log as such.
>             Of Course the packets are getting forwarded in software.  Is
>             there
>             anything else needs to be done to make the TC for
>             programming the
>             mellanox NICs?
>
>             Regards
>             _Sugu
>
>
>
>         Hi Sugo,
>
>         Since you do not have errors in the log did you check if the rules
>         were added to tc software?
>         you can dump like this:
>         # tc -s filter show dev ens5f0 ingress
>
>     I dont see any rules that are configured with above tc dump.
>

then nothing went to the HCA because even if the HW doesn't
support it the rule should be in tc software.

>
>
>         You need to enable the offload feature on the HCA with ethtool.
>         example:
>         # ethtool -K ens5f0 hw-tc-offload on
>
>     This is enabled .
>
>     I am trying to forward traffic between two PFs on the same NIC?
>     Does it supported in the offload implementation?

offload between PF ports is currently not supported.
only PF and its VFs.


>     When creating the switchdev on PFs with 2 VFs, there is no VF
>     netdevs are populated in my system. They are still showing as the
>     vfs under the PF.
>     Ofcourse there are no errors too.
>
>     Also the system reports the mode 'inline-mode transport'is unsupported.
>     I am using ubunutu 17.04 with 4.10 kernel.
>     Is there anything I am missing here?
>     Any help is really appreciated!.
>
> [Sugu] Some more details on this. I was really getting error when trying
> to enable hw-offload on mlnx-4 NICs.
> Didnt notice in the logs before.
>
> This the error info that I got from mellanox git.
>
> BAD_SYS_STATE | 0x368B01 | query_vport_counter: vport is not enabled
> (INIT_HCA is required)

executing which command raised this error?

>
> I verfied that the ports named eth1, eth2, eth3 and et4 are created for
> my vfs, when
> I ran the commands 'devlink dev eswitch set pci/0000:07:00.0 mode
> switchdev' and
> 'devlink dev eswitch set pci/0000:07:00.1 mode switchdev'
>
> The detailed error in dmesg are given below,
> [ 1245.941287] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3107):
> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
> state(0x4), syndrome (0x368b01)
> [ 1245.941478] mlx5_core 0000:07:00.1: mlx5_cmd_check:697:(pid 3107):
> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
> state(0x4), syndrome (0x368b01)
>
> Please note I couldn't run the "inline-mode transport" command as its
> not supported.
>

maybe you need newer iproute package. try to install latest upstream.

>
>
>         We still need to work on docs for this feature but for now I
>         documented it a little here:
>         https://github.com/roidayan/ovs/wiki
>         <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Croid%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668&sdata=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0>
>
>     As suggested in the wiki,
>
>
>
>         Thanks,
>         Roi
>
>
>
>
>             _______________________________________________
>             discuss mailing list
>             discuss at openvswitch.org <mailto:discuss at openvswitch.org>
>             https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0
>             <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0>
>
>
>

From batmanustc at gmail.com  Wed Jul 12 08:21:04 2017
From: batmanustc at gmail.com (Sam)
Date: Wed, 12 Jul 2017 16:21:04 +0800
Subject: [ovs-discuss] how to get packet information in ovs-dpdk?
Message-ID: <CAOE=1Z0EW9ThTCPLwTF6TaC+ro-tGTxQZ8NrqDkWboJSGHZLcw@mail.gmail.com>

hi all,

I'm running ovs-dpdk(ovs-2.4.9), I found the counter of bond port of br_t
is increasing, but I want to know what's these packets, how could I do this?

first, I use `ovs-ofctl snoop br_t`, but it quit quickly as below:

> [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
> /usr/local/var/run/openvswitch/br_t.mgmt
> [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
> /usr/local/var/run/openvswitch/br_t.mgmt
> ovs-ofctl: /usr/local/var/run/openvswitch/ovs-ofctl.pid: already running
> as pid 22082, aborting


Then I debug ovs-vswitchd use `gdb -p 213214` and set break as below:

> Breakpoint 3, netdev_rxq_recv (rx=0x7f1a5a6ff2c0, buffers=0x7f25e17f9880,
> cnt=0x7f25e17f987c) at lib/netdev.c:695
> 695    retval = rx->netdev->netdev_class->rxq_recv(rx, buffers, cnt);
> (gdb) finish
> Run till exit from #0  netdev_rxq_recv (rx=0x7f1a5a6ff2c0,
> buffers=0x7f25e17f9880, cnt=0x7f25e17f987c)
>     at lib/netdev.c:695
> 0x000000000055eeec in dp_netdev_process_rxq_port (pmd=0x7f25e80d7010,
> port=0x1059fd0, rxq=0x7f1a5a6ff2c0)
>     at lib/dpif-netdev.c:2590
> 2590    error = netdev_rxq_recv(rxq, packets, &cnt);
> Value returned is $5 = 11
> (gdb) p packet
> No symbol "packet" in current context.
> (gdb) p p^CQuit
> (gdb) p cnt
> $6 = 0
> (gdb) d
> Delete all breakpoints? (y or n) y
> (gdb) b 2593 if cnt!=0
> Breakpoint 4 at 0x55ef27: file lib/dpif-netdev.c, line 2593.
> (gdb) c

but cnt is still 0, which means no packets received.

At last, I use `ovs-appctl vlog/set dpif_netdev dbg`, but the log show
nothing.

How could I do this? thank you~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170712/f08a3271/attachment.html>

From sara.gittlin at gmail.com  Wed Jul 12 08:40:41 2017
From: sara.gittlin at gmail.com (Sara Gittlin)
Date: Wed, 12 Jul 2017 11:40:41 +0300
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <20170711153811.GF29918@ovn.org>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
	<20170711153811.GF29918@ovn.org>
Message-ID: <CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>

Thank you Ben

>> I need a tool to feel up the flow tables in ofproto.
>> do you know what tool/other should i use ?

>What does it mean "to feel up" a flow table?

i want to be able to read ofctl tables and to get a big output ~ 10000
- 50000 flows.
i need it to order to run some algo. on these flows (e.g. try to
generate megaflows .. )
i know that i can do it with sdn controller -  is there other tools ?
Thanks you in advance - Sara

On Tue, Jul 11, 2017 at 6:38 PM, Ben Pfaff <blp at ovn.org> wrote:
> On Tue, Jul 11, 2017 at 10:58:39AM +0300, Sara Gittlin wrote:
>> I need a tool to feel up the flow tables in ofproto.
>> do you know what tool/other should i use ?
>
> What does it mean "to feel up" a flow table?

From sara.gittlin at gmail.com  Wed Jul 12 08:52:15 2017
From: sara.gittlin at gmail.com (Sara Gittlin)
Date: Wed, 12 Jul 2017 11:52:15 +0300
Subject: [ovs-discuss] Real dataset of network traffic
Message-ID: <CAA_4wja5caHV2+ntvYuKC8h_Y-AOTh0_dXtPXQh2r7HT_5GwUg@mail.gmail.com>

Hello,
I need a real dataset of network traffic with diverse matching fields.
this is required for 2 different tasks
based on this dataset i need to populate :
  - openflow tables in userspace (task 1)
  - datapath cache (task 2)

my questions  :
     - is there any dataset available?
     - how to populate for the 2 tasks?

Thanks in advance  - Sara

From akhalikov at arccn.ru  Wed Jul 12 10:20:32 2017
From: akhalikov at arccn.ru (Aleksey Khalikov)
Date: Wed, 12 Jul 2017 13:20:32 +0300
Subject: [ovs-discuss] remap double-tagged frame
Message-ID: <8880c16f-9253-4a80-2bfd-c3701bb6a024@arccn.ru>

Hi guys,

My scenario is as follows:

OVS 2.7.90 with two dpdk ports connected to IXIA two dedicated ports.

 From IXIA port1 I send double-tagged traffic to port2. I am trying to 
remap inner and outer tags of the frames with group chaining and at last 
send it out to port 2 of the OVS.

I issue these commands on the OVS:

ovs-ofctl -O OpenFlow13 add-group br0 
group_id=1,type=indirect,bucket=actions=pop_vlan,group:2
ovs-ofctl -O OpenFlow13 add-group br0 
group_id=2,type=indirect,bucket=actions=pop_vlan,group:3
ovs-ofctl -O OpenFlow13 add-group br0 
group_id=3,type=indirect,bucket=actions=push_vlan:0x8100,set_field:4607-\>vlan_vid,group:4
ovs-ofctl -O OpenFlow13 add-group br0 
group_id=4,type=indirect,bucket=actions=push_vlan:0x8100,set_field:4107-\>vlan_vid,output:2

ovs-ofctl -O Openflow13 add-flow br0 
in_port=1,idle_timeout=0,actions=group:1


As a result the flow added to direct traffic from port 1 to group1 and 
pop the first tag then to group 2 to pop second tag other groups just 
push new vlan tags to the frame and send it out to port 2. Group 
chaining works as expected btw.

After all the groups bucket actions I can examine 3 vlans (I use 
Wireshark) on second interface, inside the frame, two of them are new 
one and the one old inner tag.

Can you help me to get ovs work as expected pop two vlan tags at first 
and then push new ones?

Sincerely,

Regards,

Aleksey



From haifeng.lin at huawei.com  Wed Jul 12 09:00:48 2017
From: haifeng.lin at huawei.com (linhaifeng)
Date: Wed, 12 Jul 2017 17:00:48 +0800
Subject: [ovs-discuss] [ovs-dev] how to get packet information in
	ovs-dpdk?
In-Reply-To: <CAOE=1Z0EW9ThTCPLwTF6TaC+ro-tGTxQZ8NrqDkWboJSGHZLcw@mail.gmail.com>
References: <CAOE=1Z0EW9ThTCPLwTF6TaC+ro-tGTxQZ8NrqDkWboJSGHZLcw@mail.gmail.com>
Message-ID: <5965E540.1080505@huawei.com>

You can use dpdk tool 'pdump' to capture packets
http://dpdk.org/doc/guides-16.07/sample_app_ug/pdump.html

? 2017/7/12 16:21, Sam ??:
> hi all,
>
> I'm running ovs-dpdk(ovs-2.4.9), I found the counter of bond port of br_t
> is increasing, but I want to know what's these packets, how could I do this?
>
> first, I use `ovs-ofctl snoop br_t`, but it quit quickly as below:
>
>> [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
>> /usr/local/var/run/openvswitch/br_t.mgmt
>> [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
>> /usr/local/var/run/openvswitch/br_t.mgmt
>> ovs-ofctl: /usr/local/var/run/openvswitch/ovs-ofctl.pid: already running
>> as pid 22082, aborting
>
> Then I debug ovs-vswitchd use `gdb -p 213214` and set break as below:
>
>> Breakpoint 3, netdev_rxq_recv (rx=0x7f1a5a6ff2c0, buffers=0x7f25e17f9880,
>> cnt=0x7f25e17f987c) at lib/netdev.c:695
>> 695    retval = rx->netdev->netdev_class->rxq_recv(rx, buffers, cnt);
>> (gdb) finish
>> Run till exit from #0  netdev_rxq_recv (rx=0x7f1a5a6ff2c0,
>> buffers=0x7f25e17f9880, cnt=0x7f25e17f987c)
>>     at lib/netdev.c:695
>> 0x000000000055eeec in dp_netdev_process_rxq_port (pmd=0x7f25e80d7010,
>> port=0x1059fd0, rxq=0x7f1a5a6ff2c0)
>>     at lib/dpif-netdev.c:2590
>> 2590    error = netdev_rxq_recv(rxq, packets, &cnt);
>> Value returned is $5 = 11
>> (gdb) p packet
>> No symbol "packet" in current context.
>> (gdb) p p^CQuit
>> (gdb) p cnt
>> $6 = 0
>> (gdb) d
>> Delete all breakpoints? (y or n) y
>> (gdb) b 2593 if cnt!=0
>> Breakpoint 4 at 0x55ef27: file lib/dpif-netdev.c, line 2593.
>> (gdb) c
> but cnt is still 0, which means no packets received.
>
> At last, I use `ovs-appctl vlog/set dpif_netdev dbg`, but the log show
> nothing.
>
> How could I do this? thank you~
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>



From lvzhilong at ncic.ac.cn  Wed Jul 12 09:31:24 2017
From: lvzhilong at ncic.ac.cn (lvzhilong at ncic.ac.cn)
Date: Wed, 12 Jul 2017 17:31:24 +0800
Subject: [ovs-discuss] error: "Error attaching device '0000:83:00.0' to DPDK"
Message-ID: <201707121731237401648@ncic.ac.cn>

Hello,
I have installed OVS 2.7 running.  When I do:
# ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0
type=dpdk options:dpdk-devargs=0000:82:00.0
ovs-vsctl: Error detected while setting up 'dpdk-p0': Error attaching
device '0000:82:00.0' to DPDK.  See ovs-vswitchd log for details.

here is some informations?1.    root at oncsg4:/var/log/openvswitch# $DPDK_DIR/tools/dpdk-devbind.py --status

Network devices using DPDK-compatible driver
============================================
0000:83:00.0 'Ethernet 10G 2P X710 Adapter' drv=vfio-pci unused=uio_pci_generic
0000:83:00.1 'Ethernet 10G 2P X710 Adapter' drv=uio_pci_generic unused=vfio-pci

2. the log file shows:
      (1).    2017-07-07T10:04:40.004Z|00064|netdev_dpdk|WARN|Error attaching device '0000:82:00.0' to DPDK
      (2).    2017-07-07T10:04:40.004Z|00065|netdev|WARN|dpdk-p0: could not set configuration (Invalid argument)



lvzhilong at ncic.ac.cn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170712/665b3940/attachment-0001.html>

From blp at ovn.org  Wed Jul 12 15:15:03 2017
From: blp at ovn.org (Ben Pfaff)
Date: Wed, 12 Jul 2017 08:15:03 -0700
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
	<20170711153811.GF29918@ovn.org>
	<CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>
Message-ID: <20170712151503.GQ29918@ovn.org>

On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
> Thank you Ben
> 
> >> I need a tool to feel up the flow tables in ofproto.
> >> do you know what tool/other should i use ?
> 
> >What does it mean "to feel up" a flow table?
> 
> i want to be able to read ofctl tables and to get a big output ~ 10000
> - 50000 flows.
> i need it to order to run some algo. on these flows (e.g. try to
> generate megaflows .. )
> i know that i can do it with sdn controller -  is there other tools ?

Do you just want to run "ovs-ofctl dump-flows"?

From sugesh.chandran at intel.com  Wed Jul 12 15:16:03 2017
From: sugesh.chandran at intel.com (Chandran, Sugesh)
Date: Wed, 12 Jul 2017 15:16:03 +0000
Subject: [ovs-discuss] error: "Error attaching device '0000:83:00.0' to
 DPDK"
In-Reply-To: <201707121731237401648@ncic.ac.cn>
References: <201707121731237401648@ncic.ac.cn>
Message-ID: <2EF2F5C0CC56984AA024D0B180335FCB421DA686@IRSMSX102.ger.corp.intel.com>



Regards
_Sugesh

From: ovs-discuss-bounces at openvswitch.org [mailto:ovs-discuss-bounces at openvswitch.org] On Behalf Of lvzhilong at ncic.ac.cn
Sent: Wednesday, July 12, 2017 10:31 AM
To: ovs-discuss <ovs-discuss at openvswitch.org>
Subject: [ovs-discuss] error: "Error attaching device '0000:83:00.0' to DPDK"


Hello,

I have installed OVS 2.7 running.  When I do:

# ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0

type=dpdk options:dpdk-devargs=0000:82:00.0

ovs-vsctl: Error detected while setting up 'dpdk-p0': Error attaching

device '0000:82:00.0' to DPDK.  See ovs-vswitchd log for details.



here is some informations?
1.    root at oncsg4:/var/log/openvswitch# $DPDK_DIR/tools/dpdk-devbind.py --status

Network devices using DPDK-compatible driver
============================================
0000:83:00.0 'Ethernet 10G 2P X710 Adapter' drv=vfio-pci unused=uio_pci_generic
0000:83:00.1 'Ethernet 10G 2P X710 Adapter' drv=uio_pci_generic unused=vfio-pci




2. the log file shows:

      (1).    2017-07-07T10:04:40.004Z|00064|netdev_dpdk|WARN|Error attaching device '0000:82:00.0' to DPDK

      (2).    2017-07-07T10:04:40.004Z|00065|netdev|WARN|dpdk-p0: could not set configuration (Invalid argument)

[Sugesh] Shouldn?t be this '0000:83:00.0' instead of '0000:82:00.0'

________________________________
lvzhilong at ncic.ac.cn<mailto:lvzhilong at ncic.ac.cn>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170712/9c18c37f/attachment.html>

From blp at ovn.org  Wed Jul 12 15:24:10 2017
From: blp at ovn.org (Ben Pfaff)
Date: Wed, 12 Jul 2017 08:24:10 -0700
Subject: [ovs-discuss] [ovs-dev] how to get packet information in
	ovs-dpdk?
In-Reply-To: <CAOE=1Z0EW9ThTCPLwTF6TaC+ro-tGTxQZ8NrqDkWboJSGHZLcw@mail.gmail.com>
References: <CAOE=1Z0EW9ThTCPLwTF6TaC+ro-tGTxQZ8NrqDkWboJSGHZLcw@mail.gmail.com>
Message-ID: <20170712152410.GR29918@ovn.org>

On Wed, Jul 12, 2017 at 04:21:04PM +0800, Sam wrote:
> hi all,
> 
> I'm running ovs-dpdk(ovs-2.4.9), I found the counter of bond port of br_t
> is increasing, but I want to know what's these packets, how could I do this?
> 
> first, I use `ovs-ofctl snoop br_t`, but it quit quickly as below:
> 
> > [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
> > /usr/local/var/run/openvswitch/br_t.mgmt
> > [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
> > /usr/local/var/run/openvswitch/br_t.mgmt
> > ovs-ofctl: /usr/local/var/run/openvswitch/ovs-ofctl.pid: already running
> > as pid 22082, aborting

That is a strange message.  It should only appear if you use --pidfile
and --daemon and there's already an ovs-ofctl running that way.  Is the
above the complete context from your session?

From blue at veracity.io  Wed Jul 12 15:29:19 2017
From: blue at veracity.io (Blue Lang)
Date: Wed, 12 Jul 2017 11:29:19 -0400
Subject: [ovs-discuss] Real dataset of network traffic
In-Reply-To: <CAA_4wja5caHV2+ntvYuKC8h_Y-AOTh0_dXtPXQh2r7HT_5GwUg@mail.gmail.com>
References: <CAA_4wja5caHV2+ntvYuKC8h_Y-AOTh0_dXtPXQh2r7HT_5GwUg@mail.gmail.com>
Message-ID: <CAKCC41Nu2KVbiEBEuxNovSX=ehpGhQ+gaCpmF=SGbBKRB_5E6A@mail.gmail.com>

http://pcapr.net/home has tons of pcaps of real network traffic. As to the
rest of it, it sounds like you need to spend a lot of time with google and
develop some specific questions. You probably want to start with mininet.

https://www.youtube.com/watch?v=om4YzNSXI4E


On Wed, Jul 12, 2017 at 4:52 AM, Sara Gittlin <sara.gittlin at gmail.com>
wrote:

> Hello,
> I need a real dataset of network traffic with diverse matching fields.
> this is required for 2 different tasks
> based on this dataset i need to populate :
>   - openflow tables in userspace (task 1)
>   - datapath cache (task 2)
>
> my questions  :
>      - is there any dataset available?
>      - how to populate for the 2 tasks?
>
> Thanks in advance  - Sara
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>



-- 
Blue Lang
PM *| *Veracity

3423 Piedmont Rd NE

Suite 350

Atlanta, GA  30305
Cell:  (770) 265-1381 <+17702651381>
https://www.linkedin.com/in/bluelang/
blue at veracity.io
www.veracity.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170712/2acc3dc4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170712/2acc3dc4/attachment-0001.png>

From magranovskiy at arccn.ru  Wed Jul 12 15:41:06 2017
From: magranovskiy at arccn.ru (=?UTF-8?B?0JzQuNGF0LDQuNC7INCQ0LPRgNCw0L3QvtCy0YHQutC40Lk=?=)
Date: Wed, 12 Jul 2017 15:41:06 +0000
Subject: [ovs-discuss] Reacting on change of BFD session state
In-Reply-To: <CAKCC41PNba3XEYa-wKtxYOzRF99XVTRiETD8xBnWdhcfM_t03A@mail.gmail.com>
References: <CAMkfyAQf-oT4TCSpmeNLA1syP-P8DkEh8sbysRrmC7w0NToGbg@mail.gmail.com>
	<CAKCC41PNba3XEYa-wKtxYOzRF99XVTRiETD8xBnWdhcfM_t03A@mail.gmail.com>
Message-ID: <CAMkfyATRM=k37A=acajMVtPoSioxMd=PO=JwgZO+oZ0zeNY0Qg@mail.gmail.com>

Thanks for reply. All I've got from your link is that Ryu team implemented
establishing of BFD sessions between Ryu and whatever: controller
<--[bfd]--> switch.
In opposite, I'm asking about reacting on BFD session change *inside* OvS.
All I've got from ovs mans and sources is that I can run BFD and watch for
it's status using ovs-vsctl. Is there a way to setup dynamical reacting on
session state change?

On Tue, 11 Jul 2017 at 23:42 Blue Lang <blue at veracity.io> wrote:

> Looks like quite a few people have written BFD apps into various
> controllers..
>
>
> https://www.google.com/search?q=openflow+bfd+app&rlz=1C5CHFA_enUS736US737&oq=openflow+bfd+app&aqs=chrome..69i57.3977j0j9&sourceid=chrome&ie=UTF-8
>
>
>
> On Tue, Jul 11, 2017 at 3:05 PM, ?????? ??????????? <magranovskiy at arccn.ru
> > wrote:
>
>> Hello list,
>>
>> There are 2 question to you:
>>
>> 1. OvS supports BFD. Does OvS react somehow on change of BFD session
>> state? Does BFD connection fault means something for OpenFlow-driven part
>> of OvS?
>>
>> 2. In general, I consider OvS as switch side for SD-WAN solution. Thus,
>> the goal is to switch over links according to BFD session state. Are there
>> some practices of interacting with OvS this way using OpenFlow?
>> --
>>
>> ? ?????????, ?????? ??????????? |
>> Sincerely, Mikhail Agranovskiy
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>
>
> --
> Blue Lang
> PM *| *Veracity
>
> 3423 Piedmont Rd NE
>
> Suite 350
>
> Atlanta, GA  30305
> Cell:  (770) 265-1381 <+17702651381>
> https://www.linkedin.com/in/bluelang/
> blue at veracity.io
> www.veracity.io
>
-- 

? ?????????, ?????? ??????????? |
Sincerely, Mikhail Agranovskiy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170712/547a4e1a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170712/547a4e1a/attachment.png>

From blp at ovn.org  Wed Jul 12 16:28:29 2017
From: blp at ovn.org (Ben Pfaff)
Date: Wed, 12 Jul 2017 09:28:29 -0700
Subject: [ovs-discuss] Reacting on change of BFD session state
In-Reply-To: <CAMkfyAQf-oT4TCSpmeNLA1syP-P8DkEh8sbysRrmC7w0NToGbg@mail.gmail.com>
References: <CAMkfyAQf-oT4TCSpmeNLA1syP-P8DkEh8sbysRrmC7w0NToGbg@mail.gmail.com>
Message-ID: <20170712162829.GV29918@ovn.org>

On Tue, Jul 11, 2017 at 07:05:15PM +0000, ?????? ??????????? wrote:
> 1. OvS supports BFD. Does OvS react somehow on change of BFD session state?
> Does BFD connection fault means something for OpenFlow-driven part of OvS?
>
> 2. In general, I consider OvS as switch side for SD-WAN solution. Thus, the
> goal is to switch over links according to BFD session state. Are there some
> practices of interacting with OvS this way using OpenFlow?

OpenFlow "fast failover" groups can react, as can the Open vSwitch
extension "bundle" action.  I think that OVS bonds can react too.

The controller can also react.

I'm not sure how to differently answer these two questions.

From joe at ovn.org  Wed Jul 12 17:54:34 2017
From: joe at ovn.org (Joe Stringer)
Date: Wed, 12 Jul 2017 10:54:34 -0700
Subject: [ovs-discuss] Q: Using netfilter to classify packets in OVS ?
In-Reply-To: <20170707222039.GA31272@labs.hpe.com>
References: <20170707222039.GA31272@labs.hpe.com>
Message-ID: <CAPWQB7H7Qs+CVC01X5=MDvzrkmibEVWPHbqv4EVtBRN_vm-KkQ@mail.gmail.com>

On 7 July 2017 at 15:20, Jean Tourrilhes <jt at labs.hpe.com> wrote:
>         Hi,
>
>         I want to classify/match packets in OVS based on some TCP
> options, this is currently not supported by OVS but it is supported by
> netfilter. The support for ConnTrack left me wondering if I could use
> netfilter to match that field and then use the result of that in OVS.
>         Thanks in advance...

Hi Jean,

There's no native integration, but I could imagine that if Netfilter
ran on the packets first then modified the skb mark field, then OVS
ran later on that packet then plausibly you could match on the
pkt_mark.

From malavall at us.ibm.com  Wed Jul 12 19:10:45 2017
From: malavall at us.ibm.com (Miguel A Lavalle)
Date: Wed, 12 Jul 2017 19:10:45 +0000
Subject: [ovs-discuss] Added interface to bridge gets added unexpectedly a
	second time by OVS
Message-ID: <OF6A2C698B.0BB5E5E8-ON0025815B.006189CF-0025815B.00695AF2@notes.na.collabserv.com>

An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170712/7b9143a8/attachment-0001.html>

From jt at labs.hpe.com  Wed Jul 12 20:38:02 2017
From: jt at labs.hpe.com (Jean Tourrilhes)
Date: Wed, 12 Jul 2017 13:38:02 -0700
Subject: [ovs-discuss] Q: Using netfilter to classify packets in OVS ?
In-Reply-To: <CAPWQB7H7Qs+CVC01X5=MDvzrkmibEVWPHbqv4EVtBRN_vm-KkQ@mail.gmail.com>
References: <20170707222039.GA31272@labs.hpe.com>
	<CAPWQB7H7Qs+CVC01X5=MDvzrkmibEVWPHbqv4EVtBRN_vm-KkQ@mail.gmail.com>
Message-ID: <20170712203802.GA1568@labs.hpe.com>

On Wed, Jul 12, 2017 at 10:54:34AM -0700, Joe Stringer wrote:
> 
> Hi Jean,
> 
> There's no native integration, but I could imagine that if Netfilter
> ran on the packets first then modified the skb mark field, then OVS
> ran later on that packet then plausibly you could match on the
> pkt_mark.

	I tried it, and it works great.
	Thanks a lot !

	Jean

From e at erig.me  Wed Jul 12 21:35:30 2017
From: e at erig.me (Eric Garver)
Date: Wed, 12 Jul 2017 17:35:30 -0400
Subject: [ovs-discuss] remap double-tagged frame
In-Reply-To: <8880c16f-9253-4a80-2bfd-c3701bb6a024@arccn.ru>
References: <8880c16f-9253-4a80-2bfd-c3701bb6a024@arccn.ru>
Message-ID: <20170712213530.GT22060@dev-rhel7>

On Wed, Jul 12, 2017 at 01:20:32PM +0300, Aleksey Khalikov wrote:
> Hi guys,
> 
> My scenario is as follows:
> 
> OVS 2.7.90 with two dpdk ports connected to IXIA two dedicated ports.
> 
> From IXIA port1 I send double-tagged traffic to port2. I am trying to remap
> inner and outer tags of the frames with group chaining and at last send it
> out to port 2 of the OVS.
> 
> I issue these commands on the OVS:
> 
> ovs-ofctl -O OpenFlow13 add-group br0
> group_id=1,type=indirect,bucket=actions=pop_vlan,group:2
> ovs-ofctl -O OpenFlow13 add-group br0
> group_id=2,type=indirect,bucket=actions=pop_vlan,group:3
> ovs-ofctl -O OpenFlow13 add-group br0 group_id=3,type=indirect,bucket=actions=push_vlan:0x8100,set_field:4607-\>vlan_vid,group:4
> ovs-ofctl -O OpenFlow13 add-group br0 group_id=4,type=indirect,bucket=actions=push_vlan:0x8100,set_field:4107-\>vlan_vid,output:2
> 
> ovs-ofctl -O Openflow13 add-flow br0
> in_port=1,idle_timeout=0,actions=group:1
> 
> 
> As a result the flow added to direct traffic from port 1 to group1 and pop
> the first tag then to group 2 to pop second tag other groups just push new
> vlan tags to the frame and send it out to port 2. Group chaining works as
> expected btw.
> 
> After all the groups bucket actions I can examine 3 vlans (I use Wireshark)
> on second interface, inside the frame, two of them are new one and the one
> old inner tag.
> 
> Can you help me to get ovs work as expected pop two vlan tags at first and
> then push new ones?

You need to increase the vlan-limit to be able to match or pop multiple
VLAN tags. Otherwise the second tag is parsed as the Ethertype.
e.g.

    # ovs-vsctl set Open_vSwitch . other_config:vlan-limit=2

https://github.com/openvswitch/ovs/blob/ef241d1e8675660b698839e624695da4ccf25e1b/vswitchd/vswitch.xml#L400

From lvzhilong at ncic.ac.cn  Thu Jul 13 01:49:48 2017
From: lvzhilong at ncic.ac.cn (lvzhilong at ncic.ac.cn)
Date: Thu, 13 Jul 2017 09:49:48 +0800
Subject: [ovs-discuss] error: "Error attaching device '0000:83:00.0' to
	DPDK"
References: <201707121731237401648@ncic.ac.cn>, 
	<74F120C019F4A64C9B78E802F6AD4CC278DC291D@IRSMSX106.ger.corp.intel.com>
Message-ID: <2017071309494829635832@ncic.ac.cn>

  
  sorry, it is a obvious mistake in writing. and after I corrected it, this cmdline didn't work. 

# ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0 type=dpdk options:dpdk-devargs=0000:83:00.0ovs-vsctl: Error detected while setting up 'dpdk-p0': Error attaching device '0000:83:00.0' to DPDK.  See ovs-vswitchd log for details.

    I wonder whether there is other similar issue? and how to solve?
    
 
    I think you are adding the wrong device (::82). Try adding (::83).
 
Thanks,
Ciara
             


Hello,I have installed OVS 2.7 running.  When I do:# ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0type=dpdk options:dpdk-devargs=0000:82:00.0ovs-vsctl: Error detected while setting up 'dpdk-p0': Error attachingdevice '0000:82:00.0' to DPDK.  See ovs-vswitchd log for details. here is some informations?
1.    root at oncsg4:/var/log/openvswitch# $DPDK_DIR/tools/dpdk-devbind.py --status

Network devices using DPDK-compatible driver
============================================
0000:83:00.0 'Ethernet 10G 2P X710 Adapter' drv=vfio-pci unused=uio_pci_generic
0000:83:00.1 'Ethernet 10G 2P X710 Adapter' drv=uio_pci_generic unused=vfio-pci

 2. the log file shows:      (1).    2017-07-07T10:04:40.004Z|00064|netdev_dpdk|WARN|Error attaching device '0000:82:00.0' to DPDK      (2).    2017-07-07T10:04:40.004Z|00065|netdev|WARN|dpdk-p0: could not set configuration (Invalid argument)
 


lvzhilong at ncic.ac.cn


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170713/2de3b868/attachment.html>

From blp at ovn.org  Thu Jul 13 03:43:23 2017
From: blp at ovn.org (Ben Pfaff)
Date: Wed, 12 Jul 2017 20:43:23 -0700
Subject: [ovs-discuss] max_speed and curr_speed isnt sent correctly
In-Reply-To: <CALHmmLFayixS5-BAMJHErXkHy86CxCzoQr3r+iZxfO4V1Kasag@mail.gmail.com>
References: <CALHmmLFayixS5-BAMJHErXkHy86CxCzoQr3r+iZxfO4V1Kasag@mail.gmail.com>
Message-ID: <20170713034323.GL29918@ovn.org>

On Wed, Jun 28, 2017 at 08:52:56AM +0430, Tahereh Yaghoubi wrote:
> I want to collect of_port information from ovs switches. But in its reply,
> value of max_speed is set to 0 and value of curr_speed is set to 10M while
> I can receive ofp_port_stats correctly. Also I can ping all hosts. In my
> mininet topology I determined bandwidth of links and I expect max_speed set
> to bw.
> when packets of of_port is inspected from ovs by using wireshark, ovs sent
> these values.

OVS just reports what the kernel tells it.

From chaitanya12031 at iiitd.ac.in  Thu Jul 13 06:01:02 2017
From: chaitanya12031 at iiitd.ac.in (Chaitanya Kumar)
Date: Thu, 13 Jul 2017 11:31:02 +0530
Subject: [ovs-discuss] Throughput losses with HP Switch
Message-ID: <CAJdLDZ6PMkn=F=t=yXxhARMyicfK1ArhZ+DSjfwEQGuNLvyo-w@mail.gmail.com>

Hi

 We are working on a research project that involves HP OpenFlow-enabled
switch (HP 3500 yl). We are facing some issues with performance
particularly when operating the switch in "OpenFlow" mode. The switch is
controlled via a desktop running the Ryu controller.

The rules on the switch match packets based on the fields supported by
OpenFlow. Further, the switch also modifies a certain IP header field (in
this case the ToS bits) for packets that match the rules and are hence
forwarded.

More precisely, the rules match the ToS bits of the packet and change them
to a different value before forwarding them to a chosen host.

However, in the process, the forwarded packets achieve a throughput of no
more than 700kbps, while the source and destination hosts have 100 Mbit/s
Ethernet ports. If we disable "OpenFlow" mode and use it as it is then we
achieve a full throughput of 100Mbit/s (the Ethernet link speeds of the
client and server hosts). The end-to-end throughput was measured using
*iperf*.

Could someone shed some light on the reason for this drastic performance
degradation? (all the switch does is match packets whose ToS value is
(say,) 0x28 and replaces it with 0x40 before forwarding them to the right
destination)

Also, is there an alternative switch that someone has used successfully for
similar things?


A figure showing our experiment scenario is given below, for reference.



Thanks,

Chaitanya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170713/5b619e68/attachment-0001.html>

From jpettit at ovn.org  Thu Jul 13 06:18:33 2017
From: jpettit at ovn.org (Justin Pettit)
Date: Wed, 12 Jul 2017 23:18:33 -0700
Subject: [ovs-discuss] Throughput losses with HP Switch
In-Reply-To: <CAJdLDZ6PMkn=F=t=yXxhARMyicfK1ArhZ+DSjfwEQGuNLvyo-w@mail.gmail.com>
References: <CAJdLDZ6PMkn=F=t=yXxhARMyicfK1ArhZ+DSjfwEQGuNLvyo-w@mail.gmail.com>
Message-ID: <33814C5B-E3C1-4E2E-8307-8166DDEF496C@ovn.org>

I don't think this is the right forum for this question, since it doesn't seem related to OVS.  However, if I were to speculate, my guess is that the forwarding ASIC doesn't support modifying the ToS bits, so the packets are being forwarded to the management CPU to handle these packets.  You could probably get more definitive answers from an HP forum.

Good luck.

--Justin


> On Jul 12, 2017, at 11:01 PM, Chaitanya Kumar <chaitanya12031 at iiitd.ac.in> wrote:
> 
> Hi
>   We are working on a research project that involves HP OpenFlow-enabled switch (HP 3500 yl). We are facing some issues with performance particularly when operating the switch in "OpenFlow" mode. The switch is controlled via a desktop running the Ryu controller.
> The rules on the switch match packets based on the fields supported by OpenFlow. Further, the switch also modifies a certain IP header field (in this case the ToS bits) for packets that match the rules and are hence forwarded. 
> 
> More precisely, the rules match the ToS bits of the packet and change them to a different value before forwarding them to a chosen host. 
> 
> However, in the process, the forwarded packets achieve a throughput of no more than 700kbps, while the source and destination hosts have 100 Mbit/s Ethernet ports. 
> If we disable "OpenFlow" mode and use it as it is then we achieve a full throughput of 100Mbit/s (the Ethernet link speeds of the client and server hosts). The end-to-end throughput was measured using 
> iperf. 
> 
> Could someone shed some light on the reason for this drastic performance degradation? (all the switch does is match packets whose ToS value is (say,) 0x28 and replaces it with 0x40 before forwarding them to the right destination)
> Also, is there an alternative switch that someone has used successfully for similar things?
> 
> A figure showing our experiment scenario is given below, for reference.
> 
> 
> 
> Thanks,
> Chaitanya
> 
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


From batmanustc at gmail.com  Thu Jul 13 07:24:40 2017
From: batmanustc at gmail.com (Sam)
Date: Thu, 13 Jul 2017 15:24:40 +0800
Subject: [ovs-discuss] [ovs-dev] how to get packet information in
	ovs-dpdk?
In-Reply-To: <20170712152410.GR29918@ovn.org>
References: <CAOE=1Z0EW9ThTCPLwTF6TaC+ro-tGTxQZ8NrqDkWboJSGHZLcw@mail.gmail.com>
	<20170712152410.GR29918@ovn.org>
Message-ID: <CAOE=1Z2Vd=znuNpATBQwdowZ7oKhoz83FK=j_U-BtmZ=dFa6JQ@mail.gmail.com>

Yes it is.

I'm also confused, as when I use normal kernel based ovs-2.3.0, `ovs-ofctl
snoop br0` works good and will not quit.

2017-07-12 23:24 GMT+08:00 Ben Pfaff <blp at ovn.org>:

> On Wed, Jul 12, 2017 at 04:21:04PM +0800, Sam wrote:
> > hi all,
> >
> > I'm running ovs-dpdk(ovs-2.4.9), I found the counter of bond port of br_t
> > is increasing, but I want to know what's these packets, how could I do
> this?
> >
> > first, I use `ovs-ofctl snoop br_t`, but it quit quickly as below:
> >
> > > [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
> > > /usr/local/var/run/openvswitch/br_t.mgmt
> > > [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
> > > /usr/local/var/run/openvswitch/br_t.mgmt
> > > ovs-ofctl: /usr/local/var/run/openvswitch/ovs-ofctl.pid: already
> running
> > > as pid 22082, aborting
>
> That is a strange message.  It should only appear if you use --pidfile
> and --daemon and there's already an ovs-ofctl running that way.  Is the
> above the complete context from your session?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170713/9cabb835/attachment.html>

From JaiSingh.Rana at cavium.com  Thu Jul 13 07:49:15 2017
From: JaiSingh.Rana at cavium.com (Rana, JaiSingh)
Date: Thu, 13 Jul 2017 07:49:15 +0000
Subject: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl
	invocation.
Message-ID: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>

Hi,


Currently in Openvswitch-2.7.1, ovn-controller hard codes connection method for ovs-ofctl invokation as unix:file as  assumption is  there will be unix file created by vswitchd in OVS_RUNDIR for managing OF controller on bridge e.g. br-int.mgmt


There is an issue in our Openvswitch offload model where  vswitchd is running on nic  and ovn-controller on host.  As there is no option for telling ovn-controller to use tcp:port connection method for ovs-ofctl , flows are not being pushed to vswitchd.


For providing the patch, need some input. Should connection method be provided as an argument to ovn-controller or it can be written to /etc/sysconfig/openvswitch from where ovn-controller can read and use if option is present otherwise it defaults to unix file method.



Thanks,

Jai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170713/c54d46a5/attachment.html>

From 16125201 at bjtu.edu.cn  Thu Jul 13 08:13:33 2017
From: 16125201 at bjtu.edu.cn (=?GBK?B?0e7I89vu?=)
Date: Thu, 13 Jul 2017 16:13:33 +0800 (GMT+08:00)
Subject: [ovs-discuss] Could anyone tell me whether there is a buffer
 between M2 and vswitchd?
Message-ID: <30036551.7af.15d3b029d44.Coremail.16125201@bjtu.edu.cn>

hi all,
Recently, I analyze the performance of Open vSwitch. By reading the source code, I abstract the packet-receiving process as the model of Fig.1. Queue1 (denoting NIC DMA) is a buffer that stores the incoming packets. M1 processes the packets, and looks up the flow table to match an entry. If the match fails, the packet is sent to Queue2 in order to be handled by ovs-vswitchd. If successful, the packet will be sent out by M2, which finishes the left processing.
Please help me regarding this.
Thanks..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170713/4f6233cf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: question.jpg
Type: image/jpeg
Size: 10455 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170713/4f6233cf/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Question.pdf
Type: application/pdf
Size: 140474 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170713/4f6233cf/attachment-0001.pdf>

From ciara.loftus at intel.com  Thu Jul 13 09:31:34 2017
From: ciara.loftus at intel.com (Loftus, Ciara)
Date: Thu, 13 Jul 2017 09:31:34 +0000
Subject: [ovs-discuss] error: "Error attaching device '0000:83:00.0' to
 DPDK"
In-Reply-To: <2017071309494829635832@ncic.ac.cn>
References: <201707121731237401648@ncic.ac.cn>,
	<74F120C019F4A64C9B78E802F6AD4CC278DC291D@IRSMSX106.ger.corp.intel.com>
	<2017071309494829635832@ncic.ac.cn>
Message-ID: <74F120C019F4A64C9B78E802F6AD4CC278DC2F0A@IRSMSX106.ger.corp.intel.com>

Does it work when you use the uio_pci_generic driver?

Thanks,
Ciara

From: lvzhilong at ncic.ac.cn [mailto:lvzhilong at ncic.ac.cn]
Sent: Thursday, July 13, 2017 2:50 AM
To: Loftus, Ciara <ciara.loftus at intel.com>
Cc: ovs-discuss <ovs-discuss at openvswitch.org>
Subject: Re: RE: [ovs-discuss] error: "Error attaching device '0000:83:00.0' to DPDK"


  sorry, it is a obvious mistake in writing. and after I corrected it, this cmdline didn't work.


# ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0 type=dpdk options:dpdk-devargs=0000:83:00.0

ovs-vsctl: Error detected while setting up 'dpdk-p0': Error attaching device '0000:83:00.0' to DPDK.  See ovs-vswitchd log for details.

    I wonder whether there is other similar issue? and how to solve?


    I think you are adding the wrong device (::82). Try adding (::83).

Thanks,
Ciara





Hello,

I have installed OVS 2.7 running.  When I do:

# ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0

type=dpdk options:dpdk-devargs=0000:82:00.0

ovs-vsctl: Error detected while setting up 'dpdk-p0': Error attaching

device '0000:82:00.0' to DPDK.  See ovs-vswitchd log for details.



here is some informations?
1.    root at oncsg4:/var/log/openvswitch# $DPDK_DIR/tools/dpdk-devbind.py --status

Network devices using DPDK-compatible driver
============================================
0000:83:00.0 'Ethernet 10G 2P X710 Adapter' drv=vfio-pci unused=uio_pci_generic
0000:83:00.1 'Ethernet 10G 2P X710 Adapter' drv=uio_pci_generic unused=vfio-pci





2. the log file shows:

      (1).    2017-07-07T10:04:40.004Z|00064|netdev_dpdk|WARN|Error attaching device '0000:82:00.0' to DPDK

      (2).    2017-07-07T10:04:40.004Z|00065|netdev|WARN|dpdk-p0: could not set configuration (Invalid argument)

________________________________
lvzhilong at ncic.ac.cn<mailto:lvzhilong at ncic.ac.cn>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170713/61c8c148/attachment.html>

From mark.b.kavanagh at intel.com  Thu Jul 13 13:22:23 2017
From: mark.b.kavanagh at intel.com (Kavanagh, Mark B)
Date: Thu, 13 Jul 2017 13:22:23 +0000
Subject: [ovs-discuss] error: "Error attaching device '0000:83:00.0' to
 DPDK"
In-Reply-To: <74F120C019F4A64C9B78E802F6AD4CC278DC2F0A@IRSMSX106.ger.corp.intel.com>
References: <201707121731237401648@ncic.ac.cn>,
	<74F120C019F4A64C9B78E802F6AD4CC278DC291D@IRSMSX106.ger.corp.intel.com>
	<2017071309494829635832@ncic.ac.cn>
	<74F120C019F4A64C9B78E802F6AD4CC278DC2F0A@IRSMSX106.ger.corp.intel.com>
Message-ID: <DC5AD7FA266D86499789B1BCAEC715F8B1C74EAA@IRSMSX101.ger.corp.intel.com>

>From: ovs-discuss-bounces at openvswitch.org [mailto:ovs-discuss-
>bounces at openvswitch.org] On Behalf Of Loftus, Ciara
>Sent: Thursday, July 13, 2017 10:32 AM
>To: lvzhilong at ncic.ac.cn
>Cc: ovs-discuss <ovs-discuss at openvswitch.org>
>Subject: Re: [ovs-discuss] error: "Error attaching device '0000:83:00.0' to
>DPDK"
>
>Does it work when you use the uio_pci_generic driver?

Also, what version of DPDK are you using?

Do you encounter this issue with OvS v2.7.1 and DPDK v16.11.2?

Cheers,
Mark


>
>Thanks,
>Ciara
>
>From: lvzhilong at ncic.ac.cn [mailto:lvzhilong at ncic.ac.cn]
>Sent: Thursday, July 13, 2017 2:50 AM
>To: Loftus, Ciara <ciara.loftus at intel.com>
>Cc: ovs-discuss <ovs-discuss at openvswitch.org>
>Subject: Re: RE: [ovs-discuss] error: "Error attaching device '0000:83:00.0'
>to DPDK"
>
>
>??sorry, it is a obvious mistake in writing. and after I corrected it, this
>cmdline didn't work.
>
># ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0 type=dpdk
>options:dpdk-devargs=0000:83:00.0
>ovs-vsctl: Error detected?while?setting up?'dpdk-p0': Error attaching
>device?'0000:83:00.0'?to DPDK.? See ovs-vswitchd log?for?details.
>
>? ? I wonder whether there is other similar issue? and how to solve?
>
>
>? ??I think you are adding the wrong device (::82). Try adding (::83).
>
>Thanks,
>Ciara
>
>
>
>Hello,
>I have installed OVS 2.7 running.? When I do:
># ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0
>type=dpdk options:dpdk-devargs=0000:82:00.0
>ovs-vsctl: Error detected?while?setting up?'dpdk-p0': Error attaching
>device?'0000:82:00.0'?to DPDK.? See ovs-vswitchd log?for?details.
>
>here is some informations?
>1.? ??root at oncsg4:/var/log/openvswitch#?$DPDK_DIR/tools/dpdk-devbind.py?--
>status
>
>Network?devices?using?DPDK-compatible?driver
>============================================
>0000:83:00.0?'Ethernet?10G?2P?X710?Adapter'?drv=vfio-
>pci?unused=uio_pci_generic
>0000:83:00.1?'Ethernet?10G?2P?X710?Adapter'?drv=uio_pci_generic?unused=vfio-
>pci
>
>
>2. the log file shows:
>????? (1).????2017-07-07T10:04:40.004Z|00064|netdev_dpdk|WARN|Error attaching
>device?'0000:82:00.0'?to DPDK
>????? (2).????2017-07-07T10:04:40.004Z|00065|netdev|WARN|dpdk-p0: could
>not?set?configuration?(Invalid argument)
>
>________________________________________
>lvzhilong at ncic.ac.cn
>


From lrichard at redhat.com  Thu Jul 13 13:35:01 2017
From: lrichard at redhat.com (Lance Richardson)
Date: Thu, 13 Jul 2017 09:35:01 -0400 (EDT)
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl	invocation.
In-Reply-To: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
Message-ID: <254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>

> From: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>
> To: ovs-discuss at openvswitch.org
> Sent: Thursday, 13 July, 2017 3:49:15 AM
> Subject: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl	invocation.
> 
> 
> 
> Hi,
> 
> 
> 
> 
> Currently in Openvswitch-2.7.1, ovn-controller hard codes connection method
> for ovs-ofctl invokation as unix:file as assumption is there will be unix
> file created by vswitchd in OVS_RUNDIR for managing OF controller on bridge
> e.g. br-int.mgmt
> 
> 
> 
> 
> There is an issue in our Openvswitch offload model where vswitchd is running
> on nic and ovn-controller on host. As there is no option for telling
> ovn-controller to use tcp:port connection method for ovs-ofctl , flows are
> not being pushed to vswitchd.
> 
> 
> 
> 
> For providing the patch, need some input. Should connection method be
> provided as an argument to ovn-controller or it can be written to
> /etc/sysconfig/openvswitch from where ovn-controller can read and use if
> option is present otherwise it defaults to unix file method.
> 
> 

My suggestion would be to use external-ids in the local ovsdb, as is
currently done for ovn-remote and ovn-encap. Maybe something like:

    ovs-vsctl set open . external-ids:ovn-ofctl=tcp:w.x.y.z:abcd


From JaiSingh.Rana at cavium.com  Thu Jul 13 14:06:35 2017
From: JaiSingh.Rana at cavium.com (Rana, JaiSingh)
Date: Thu, 13 Jul 2017 14:06:35 +0000
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl	invocation.
In-Reply-To: <254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>,
	<254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
Message-ID: <MWHPR07MB3182672FDE67E2904F8187EB9BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>

Thanks Richardson for the suggestion.


This seems to be a better way than using some configuration file for picking connection method. I will look into code for changes required.


-Jai


________________________________
From: Lance Richardson <lrichard at redhat.com>
Sent: 13 July 2017 19:05
To: Rana, JaiSingh
Cc: ovs-discuss at openvswitch.org
Subject: Re: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl invocation.

> From: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>
> To: ovs-discuss at openvswitch.org
> Sent: Thursday, 13 July, 2017 3:49:15 AM
> Subject: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl  invocation.
>
>
>
> Hi,
>
>
>
>
> Currently in Openvswitch-2.7.1, ovn-controller hard codes connection method
> for ovs-ofctl invokation as unix:file as assumption is there will be unix
> file created by vswitchd in OVS_RUNDIR for managing OF controller on bridge
> e.g. br-int.mgmt
>
>
>
>
> There is an issue in our Openvswitch offload model where vswitchd is running
> on nic and ovn-controller on host. As there is no option for telling
> ovn-controller to use tcp:port connection method for ovs-ofctl , flows are
> not being pushed to vswitchd.
>
>
>
>
> For providing the patch, need some input. Should connection method be
> provided as an argument to ovn-controller or it can be written to
> /etc/sysconfig/openvswitch from where ovn-controller can read and use if
> option is present otherwise it defaults to unix file method.
>
>

My suggestion would be to use external-ids in the local ovsdb, as is
currently done for ovn-remote and ovn-encap. Maybe something like:

    ovs-vsctl set open . external-ids:ovn-ofctl=tcp:w.x.y.z:abcd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170713/eae147fa/attachment.html>

From blp at ovn.org  Thu Jul 13 16:47:47 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 09:47:47 -0700
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl	invocation.
In-Reply-To: <254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
	<254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
Message-ID: <20170713164747.GP29918@ovn.org>

On Thu, Jul 13, 2017 at 09:35:01AM -0400, Lance Richardson wrote:
> > From: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>
> > To: ovs-discuss at openvswitch.org
> > Sent: Thursday, 13 July, 2017 3:49:15 AM
> > Subject: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl	invocation.
> > 
> > 
> > 
> > Hi,
> > 
> > 
> > 
> > 
> > Currently in Openvswitch-2.7.1, ovn-controller hard codes connection method
> > for ovs-ofctl invokation as unix:file as assumption is there will be unix
> > file created by vswitchd in OVS_RUNDIR for managing OF controller on bridge
> > e.g. br-int.mgmt
> > 
> > 
> > 
> > 
> > There is an issue in our Openvswitch offload model where vswitchd is running
> > on nic and ovn-controller on host. As there is no option for telling
> > ovn-controller to use tcp:port connection method for ovs-ofctl , flows are
> > not being pushed to vswitchd.
> > 
> > 
> > 
> > 
> > For providing the patch, need some input. Should connection method be
> > provided as an argument to ovn-controller or it can be written to
> > /etc/sysconfig/openvswitch from where ovn-controller can read and use if
> > option is present otherwise it defaults to unix file method.
> > 
> > 
> 
> My suggestion would be to use external-ids in the local ovsdb, as is
> currently done for ovn-remote and ovn-encap. Maybe something like:
> 
>     ovs-vsctl set open . external-ids:ovn-ofctl=tcp:w.x.y.z:abcd

Using the name "ovs-ofctl" here is weird.  ovn-controller doesn't use
ovs-ofctl.

From lrichard at redhat.com  Thu Jul 13 16:53:11 2017
From: lrichard at redhat.com (Lance Richardson)
Date: Thu, 13 Jul 2017 12:53:11 -0400 (EDT)
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl	invocation.
In-Reply-To: <20170713164747.GP29918@ovn.org>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
	<254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
	<20170713164747.GP29918@ovn.org>
Message-ID: <971556263.33631566.1499964791494.JavaMail.zimbra@redhat.com>

> From: "Ben Pfaff" <blp at ovn.org>
> To: "Lance Richardson" <lrichard at redhat.com>
> Cc: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>, ovs-discuss at openvswitch.org
> Sent: Thursday, 13 July, 2017 12:47:47 PM
> Subject: Re: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl	invocation.
> 
> On Thu, Jul 13, 2017 at 09:35:01AM -0400, Lance Richardson wrote:
> > > From: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>
> > > To: ovs-discuss at openvswitch.org
> > > Sent: Thursday, 13 July, 2017 3:49:15 AM
> > > Subject: [ovs-discuss] Remote connection method for ovn-controller
> > > ovs-ofctl	invocation.
> > > 
> > > 
> > > 
> > > Hi,
> > > 
> > > 
> > > 
> > > 
> > > Currently in Openvswitch-2.7.1, ovn-controller hard codes connection
> > > method
> > > for ovs-ofctl invokation as unix:file as assumption is there will be unix
> > > file created by vswitchd in OVS_RUNDIR for managing OF controller on
> > > bridge
> > > e.g. br-int.mgmt
> > > 
> > > 
> > > 
> > > 
> > > There is an issue in our Openvswitch offload model where vswitchd is
> > > running
> > > on nic and ovn-controller on host. As there is no option for telling
> > > ovn-controller to use tcp:port connection method for ovs-ofctl , flows
> > > are
> > > not being pushed to vswitchd.
> > > 
> > > 
> > > 
> > > 
> > > For providing the patch, need some input. Should connection method be
> > > provided as an argument to ovn-controller or it can be written to
> > > /etc/sysconfig/openvswitch from where ovn-controller can read and use if
> > > option is present otherwise it defaults to unix file method.
> > > 
> > > 
> > 
> > My suggestion would be to use external-ids in the local ovsdb, as is
> > currently done for ovn-remote and ovn-encap. Maybe something like:
> > 
> >     ovs-vsctl set open . external-ids:ovn-ofctl=tcp:w.x.y.z:abcd
> 
> Using the name "ovs-ofctl" here is weird.  ovn-controller doesn't use
> ovs-ofctl.
> 

Well, I'm terrible with naming things, and should have added a comment to that
effect :-) 

My rationale for "ovn-ofctl" was shallowly based on the the related file,
ovn/controller/ofctrl.c (well, I omitted the 'r' for some reason,.)

What would be a more appropriate name?

Thanks,
   Lance

From blp at ovn.org  Thu Jul 13 17:04:57 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 10:04:57 -0700
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl	invocation.
In-Reply-To: <971556263.33631566.1499964791494.JavaMail.zimbra@redhat.com>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
	<254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
	<20170713164747.GP29918@ovn.org>
	<971556263.33631566.1499964791494.JavaMail.zimbra@redhat.com>
Message-ID: <20170713170457.GS29918@ovn.org>

On Thu, Jul 13, 2017 at 12:53:11PM -0400, Lance Richardson wrote:
> > From: "Ben Pfaff" <blp at ovn.org>
> > To: "Lance Richardson" <lrichard at redhat.com>
> > Cc: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>, ovs-discuss at openvswitch.org
> > Sent: Thursday, 13 July, 2017 12:47:47 PM
> > Subject: Re: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl	invocation.
> > 
> > On Thu, Jul 13, 2017 at 09:35:01AM -0400, Lance Richardson wrote:
> > > > From: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>
> > > > To: ovs-discuss at openvswitch.org
> > > > Sent: Thursday, 13 July, 2017 3:49:15 AM
> > > > Subject: [ovs-discuss] Remote connection method for ovn-controller
> > > > ovs-ofctl	invocation.
> > > > 
> > > > 
> > > > 
> > > > Hi,
> > > > 
> > > > 
> > > > 
> > > > 
> > > > Currently in Openvswitch-2.7.1, ovn-controller hard codes connection
> > > > method
> > > > for ovs-ofctl invokation as unix:file as assumption is there will be unix
> > > > file created by vswitchd in OVS_RUNDIR for managing OF controller on
> > > > bridge
> > > > e.g. br-int.mgmt
> > > > 
> > > > 
> > > > 
> > > > 
> > > > There is an issue in our Openvswitch offload model where vswitchd is
> > > > running
> > > > on nic and ovn-controller on host. As there is no option for telling
> > > > ovn-controller to use tcp:port connection method for ovs-ofctl , flows
> > > > are
> > > > not being pushed to vswitchd.
> > > > 
> > > > 
> > > > 
> > > > 
> > > > For providing the patch, need some input. Should connection method be
> > > > provided as an argument to ovn-controller or it can be written to
> > > > /etc/sysconfig/openvswitch from where ovn-controller can read and use if
> > > > option is present otherwise it defaults to unix file method.
> > > > 
> > > > 
> > > 
> > > My suggestion would be to use external-ids in the local ovsdb, as is
> > > currently done for ovn-remote and ovn-encap. Maybe something like:
> > > 
> > >     ovs-vsctl set open . external-ids:ovn-ofctl=tcp:w.x.y.z:abcd
> > 
> > Using the name "ovs-ofctl" here is weird.  ovn-controller doesn't use
> > ovs-ofctl.
> > 
> 
> Well, I'm terrible with naming things, and should have added a comment to that
> effect :-) 
> 
> My rationale for "ovn-ofctl" was shallowly based on the the related file,
> ovn/controller/ofctrl.c (well, I omitted the 'r' for some reason,.)
> 
> What would be a more appropriate name?

I really should have directed that to the original poster, since he
suggested that ovs-ofctl was involved.

Probably, something that used words like "switch", "openflow", "remote",
"connection", "ovs", etc., like "ovn-switch-connection".

However, this is not going to be the only problem that the OP will
encounter, since ovn-controller makes other assumptions that it is
running on the ovs-switchd host.

From JaiSingh.Rana at cavium.com  Thu Jul 13 17:12:28 2017
From: JaiSingh.Rana at cavium.com (Rana, JaiSingh)
Date: Thu, 13 Jul 2017 17:12:28 +0000
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl invocation.
In-Reply-To: <971556263.33631566.1499964791494.JavaMail.zimbra@redhat.com>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
	<254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
	<20170713164747.GP29918@ovn.org>
	<971556263.33631566.1499964791494.JavaMail.zimbra@redhat.com>
Message-ID: <MWHPR07MB318215B69F7AD310ABBB5C3B9BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>

Ben,
ovn-controller does invoke ovs-ofctl to push flows to vswitchd in ovn/controller/ofctrl.c and ovn/controller/pinctrl.c

 Therefore I guess naming this external id(TODO)as ovn-ofctl does make some sense. 

Thanks,
Jai





On July 13, 2017 10:23:14 PM Lance Richardson <lrichard at redhat.com> wrote:

>> From: "Ben Pfaff" <blp at ovn.org>
>> To: "Lance Richardson" <lrichard at redhat.com>
>> Cc: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>, ovs-discuss at openvswitch.org
>> Sent: Thursday, 13 July, 2017 12:47:47 PM
>> Subject: Re: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl	invocation.
>> 
>> On Thu, Jul 13, 2017 at 09:35:01AM -0400, Lance Richardson wrote:
>> > > From: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>
>> > > To: ovs-discuss at openvswitch.org
>> > > Sent: Thursday, 13 July, 2017 3:49:15 AM
>> > > Subject: [ovs-discuss] Remote connection method for ovn-controller
>> > > ovs-ofctl	invocation.
>> > > 
>> > > 
>> > > 
>> > > Hi,
>> > > 
>> > > 
>> > > 
>> > > 
>> > > Currently in Openvswitch-2.7.1, ovn-controller hard codes connection
>> > > method
>> > > for ovs-ofctl invokation as unix:file as assumption is there will be unix
>> > > file created by vswitchd in OVS_RUNDIR for managing OF controller on
>> > > bridge
>> > > e.g. br-int.mgmt
>> > > 
>> > > 
>> > > 
>> > > 
>> > > There is an issue in our Openvswitch offload model where vswitchd is
>> > > running
>> > > on nic and ovn-controller on host. As there is no option for telling
>> > > ovn-controller to use tcp:port connection method for ovs-ofctl , flows
>> > > are
>> > > not being pushed to vswitchd.
>> > > 
>> > > 
>> > > 
>> > > 
>> > > For providing the patch, need some input. Should connection method be
>> > > provided as an argument to ovn-controller or it can be written to
>> > > /etc/sysconfig/openvswitch from where ovn-controller can read and use if
>> > > option is present otherwise it defaults to unix file method.
>> > > 
>> > > 
>> > 
>> > My suggestion would be to use external-ids in the local ovsdb, as is
>> > currently done for ovn-remote and ovn-encap. Maybe something like:
>> > 
>> >     ovs-vsctl set open . external-ids:ovn-ofctl=tcp:w.x.y.z:abcd
>> 
>> Using the name "ovs-ofctl" here is weird.  ovn-controller doesn't use
>> ovs-ofctl.
>> 
>
> Well, I'm terrible with naming things, and should have added a comment to that
> effect :-) 
>
> My rationale for "ovn-ofctl" was shallowly based on the the related file,
> ovn/controller/ofctrl.c (well, I omitted the 'r' for some reason,.)
>
> What would be a more appropriate name?
>
> Thanks,
>    Lance

From blp at ovn.org  Thu Jul 13 17:16:53 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 10:16:53 -0700
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl invocation.
In-Reply-To: <MWHPR07MB318215B69F7AD310ABBB5C3B9BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
	<254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
	<20170713164747.GP29918@ovn.org>
	<971556263.33631566.1499964791494.JavaMail.zimbra@redhat.com>
	<MWHPR07MB318215B69F7AD310ABBB5C3B9BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
Message-ID: <20170713171653.GT29918@ovn.org>

No, it doesn't.  I wrote this code and I know.

On Thu, Jul 13, 2017 at 05:12:28PM +0000, Rana, JaiSingh wrote:
> Ben,
> ovn-controller does invoke ovs-ofctl to push flows to vswitchd in ovn/controller/ofctrl.c and ovn/controller/pinctrl.c
> 
>  Therefore I guess naming this external id(TODO)as ovn-ofctl does make some sense. 
> 
> Thanks,
> Jai
> 
> 
> 
> 
> 
> On July 13, 2017 10:23:14 PM Lance Richardson <lrichard at redhat.com> wrote:
> 
> >> From: "Ben Pfaff" <blp at ovn.org>
> >> To: "Lance Richardson" <lrichard at redhat.com>
> >> Cc: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>, ovs-discuss at openvswitch.org
> >> Sent: Thursday, 13 July, 2017 12:47:47 PM
> >> Subject: Re: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl	invocation.
> >> 
> >> On Thu, Jul 13, 2017 at 09:35:01AM -0400, Lance Richardson wrote:
> >> > > From: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>
> >> > > To: ovs-discuss at openvswitch.org
> >> > > Sent: Thursday, 13 July, 2017 3:49:15 AM
> >> > > Subject: [ovs-discuss] Remote connection method for ovn-controller
> >> > > ovs-ofctl	invocation.
> >> > > 
> >> > > 
> >> > > 
> >> > > Hi,
> >> > > 
> >> > > 
> >> > > 
> >> > > 
> >> > > Currently in Openvswitch-2.7.1, ovn-controller hard codes connection
> >> > > method
> >> > > for ovs-ofctl invokation as unix:file as assumption is there will be unix
> >> > > file created by vswitchd in OVS_RUNDIR for managing OF controller on
> >> > > bridge
> >> > > e.g. br-int.mgmt
> >> > > 
> >> > > 
> >> > > 
> >> > > 
> >> > > There is an issue in our Openvswitch offload model where vswitchd is
> >> > > running
> >> > > on nic and ovn-controller on host. As there is no option for telling
> >> > > ovn-controller to use tcp:port connection method for ovs-ofctl , flows
> >> > > are
> >> > > not being pushed to vswitchd.
> >> > > 
> >> > > 
> >> > > 
> >> > > 
> >> > > For providing the patch, need some input. Should connection method be
> >> > > provided as an argument to ovn-controller or it can be written to
> >> > > /etc/sysconfig/openvswitch from where ovn-controller can read and use if
> >> > > option is present otherwise it defaults to unix file method.
> >> > > 
> >> > > 
> >> > 
> >> > My suggestion would be to use external-ids in the local ovsdb, as is
> >> > currently done for ovn-remote and ovn-encap. Maybe something like:
> >> > 
> >> >     ovs-vsctl set open . external-ids:ovn-ofctl=tcp:w.x.y.z:abcd
> >> 
> >> Using the name "ovs-ofctl" here is weird.  ovn-controller doesn't use
> >> ovs-ofctl.
> >> 
> >
> > Well, I'm terrible with naming things, and should have added a comment to that
> > effect :-) 
> >
> > My rationale for "ovn-ofctl" was shallowly based on the the related file,
> > ovn/controller/ofctrl.c (well, I omitted the 'r' for some reason,.)
> >
> > What would be a more appropriate name?
> >
> > Thanks,
> >    Lance

From Volkan.Atli at argela.com.tr  Thu Jul 13 17:17:00 2017
From: Volkan.Atli at argela.com.tr (Ali Volkan Atli)
Date: Thu, 13 Jul 2017 17:17:00 +0000
Subject: [ovs-discuss] How to add real NIC interfaces into OpenStack Network
Message-ID: <1b5f7be9e8b84dd8894eac0be2d46c9b@MX2.argela.com.tr>

Hi

Actually, I'm not sure it is the right place to ask the question but I hope someone enlighten me.

First, I did ./stack from devstack using local.conf below 

    [[local|localrc]]
    ADMIN_PASSWORD=admin
    DATABASE_PASSWORD=$ADMIN_PASSWORD
    RABBIT_PASSWORD=$ADMIN_PASSWORD
    SERVICE_PASSWORD=$ADMIN_PASSWORD

    NEUTRON_CREATE_INITIAL_NETWORKS=False

I was hoping the OVS would not create any bridges, but there are several bridges as below. Even more interesting, I do not see any network on the dashboard (whatever admin or demo users). I think it is strange. Is there any explanation for that?

    stack at cloud:~/devstack$ sudo ovs-vsctl show
    a78a396a-c697-4e69-a615-fa77df2be2b1
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port br-ex
            Interface br-ex
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.6.1"

Second, I created a local network (openstack network create local_net --provider-network-type local) and I have multiple real NIC interfaces and I'd like to add the real NIC interfaces as a port into local network. But I did not see any example/tutorial etc.. for my issue. I will use "ovs-vsctl add-port" to add it my local_net created from openstack, but I don't know how to see it in OvS. What is local_net's counterpart in OVS? How can I add real NIC interfaces into local network and also local instances. I want to communicate my external laptop with an openstack instance via devstack-neutron.

Thanks in advance

- Volkan

From JaiSingh.Rana at cavium.com  Thu Jul 13 17:41:11 2017
From: JaiSingh.Rana at cavium.com (Rana, JaiSingh)
Date: Thu, 13 Jul 2017 17:41:11 +0000
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl invocation.
In-Reply-To: <20170713170457.GS29918@ovn.org>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
	<254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
	<20170713164747.GP29918@ovn.org>
	<971556263.33631566.1499964791494.JavaMail.zimbra@redhat.com>
	<20170713170457.GS29918@ovn.org>
Message-ID: <MWHPR07MB3182225472E4FE2DF40AEBFF9BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>

Hi Ben, 
Sorry for the confusion. I meant ovn-controller invocation of function for pushing open-flows   from southdb to vswitchd which is running in nic using tcp connection and I agree with Lance that using external-ids for this purpose might be better idea.
Also for now, only this assumption i.e. ovn-controller and vswitchd are running on same host is blocking me. As as a proof of concept, i hardcoded tcp connection instead of unix socket file in ovn and now flows are getting updated in vswitchd. 
Other configuration change that is done is to setup OF controller on integration bridge with ptcp instead of tcp method. 

Thanks,
Jai


On July 13, 2017 10:35:07 PM Ben Pfaff <blp at ovn.org> wrote:

> On Thu, Jul 13, 2017 at 12:53:11PM -0400, Lance Richardson wrote:
>> > From: "Ben Pfaff" <blp at ovn.org>
>> > To: "Lance Richardson" <lrichard at redhat.com>
>> > Cc: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>, ovs-discuss at openvswitch.org
>> > Sent: Thursday, 13 July, 2017 12:47:47 PM
>> > Subject: Re: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl	invocation.
>> > 
>> > On Thu, Jul 13, 2017 at 09:35:01AM -0400, Lance Richardson wrote:
>> > > > From: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>
>> > > > To: ovs-discuss at openvswitch.org
>> > > > Sent: Thursday, 13 July, 2017 3:49:15 AM
>> > > > Subject: [ovs-discuss] Remote connection method for ovn-controller
>> > > > ovs-ofctl	invocation.
>> > > > 
>> > > > 
>> > > > 
>> > > > Hi,
>> > > > 
>> > > > 
>> > > > 
>> > > > 
>> > > > Currently in Openvswitch-2.7.1, ovn-controller hard codes connection
>> > > > method
>> > > > for ovs-ofctl invokation as unix:file as assumption is there will be unix
>> > > > file created by vswitchd in OVS_RUNDIR for managing OF controller on
>> > > > bridge
>> > > > e.g. br-int.mgmt
>> > > > 
>> > > > 
>> > > > 
>> > > > 
>> > > > There is an issue in our Openvswitch offload model where vswitchd is
>> > > > running
>> > > > on nic and ovn-controller on host. As there is no option for telling
>> > > > ovn-controller to use tcp:port connection method for ovs-ofctl , flows
>> > > > are
>> > > > not being pushed to vswitchd.
>> > > > 
>> > > > 
>> > > > 
>> > > > 
>> > > > For providing the patch, need some input. Should connection method be
>> > > > provided as an argument to ovn-controller or it can be written to
>> > > > /etc/sysconfig/openvswitch from where ovn-controller can read and use if
>> > > > option is present otherwise it defaults to unix file method.
>> > > > 
>> > > > 
>> > > 
>> > > My suggestion would be to use external-ids in the local ovsdb, as is
>> > > currently done for ovn-remote and ovn-encap. Maybe something like:
>> > > 
>> > >     ovs-vsctl set open . external-ids:ovn-ofctl=tcp:w.x.y.z:abcd
>> > 
>> > Using the name "ovs-ofctl" here is weird.  ovn-controller doesn't use
>> > ovs-ofctl.
>> > 
>> 
>> Well, I'm terrible with naming things, and should have added a comment to that
>> effect :-) 
>> 
>> My rationale for "ovn-ofctl" was shallowly based on the the related file,
>> ovn/controller/ofctrl.c (well, I omitted the 'r' for some reason,.)
>> 
>> What would be a more appropriate name?
>
> I really should have directed that to the original poster, since he
> suggested that ovs-ofctl was involved.
>
> Probably, something that used words like "switch", "openflow", "remote",
> "connection", "ovs", etc., like "ovn-switch-connection".
>
> However, this is not going to be the only problem that the OP will
> encounter, since ovn-controller makes other assumptions that it is
> running on the ovs-switchd host.

From blp at ovn.org  Thu Jul 13 18:14:37 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 11:14:37 -0700
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl invocation.
In-Reply-To: <MWHPR07MB3182225472E4FE2DF40AEBFF9BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
	<254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
	<20170713164747.GP29918@ovn.org>
	<971556263.33631566.1499964791494.JavaMail.zimbra@redhat.com>
	<20170713170457.GS29918@ovn.org>
	<MWHPR07MB3182225472E4FE2DF40AEBFF9BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
Message-ID: <20170713181437.GB29918@ovn.org>

Sure, send a patch to add a configuration option.

On Thu, Jul 13, 2017 at 05:41:11PM +0000, Rana, JaiSingh wrote:
> Hi Ben, 
> Sorry for the confusion. I meant ovn-controller invocation of function for pushing open-flows   from southdb to vswitchd which is running in nic using tcp connection and I agree with Lance that using external-ids for this purpose might be better idea.
> Also for now, only this assumption i.e. ovn-controller and vswitchd are running on same host is blocking me. As as a proof of concept, i hardcoded tcp connection instead of unix socket file in ovn and now flows are getting updated in vswitchd. 
> Other configuration change that is done is to setup OF controller on integration bridge with ptcp instead of tcp method. 
> 
> Thanks,
> Jai
> 
> 
> On July 13, 2017 10:35:07 PM Ben Pfaff <blp at ovn.org> wrote:
> 
> > On Thu, Jul 13, 2017 at 12:53:11PM -0400, Lance Richardson wrote:
> >> > From: "Ben Pfaff" <blp at ovn.org>
> >> > To: "Lance Richardson" <lrichard at redhat.com>
> >> > Cc: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>, ovs-discuss at openvswitch.org
> >> > Sent: Thursday, 13 July, 2017 12:47:47 PM
> >> > Subject: Re: [ovs-discuss] Remote connection method for ovn-controller ovs-ofctl	invocation.
> >> > 
> >> > On Thu, Jul 13, 2017 at 09:35:01AM -0400, Lance Richardson wrote:
> >> > > > From: "JaiSingh Rana" <JaiSingh.Rana at cavium.com>
> >> > > > To: ovs-discuss at openvswitch.org
> >> > > > Sent: Thursday, 13 July, 2017 3:49:15 AM
> >> > > > Subject: [ovs-discuss] Remote connection method for ovn-controller
> >> > > > ovs-ofctl	invocation.
> >> > > > 
> >> > > > 
> >> > > > 
> >> > > > Hi,
> >> > > > 
> >> > > > 
> >> > > > 
> >> > > > 
> >> > > > Currently in Openvswitch-2.7.1, ovn-controller hard codes connection
> >> > > > method
> >> > > > for ovs-ofctl invokation as unix:file as assumption is there will be unix
> >> > > > file created by vswitchd in OVS_RUNDIR for managing OF controller on
> >> > > > bridge
> >> > > > e.g. br-int.mgmt
> >> > > > 
> >> > > > 
> >> > > > 
> >> > > > 
> >> > > > There is an issue in our Openvswitch offload model where vswitchd is
> >> > > > running
> >> > > > on nic and ovn-controller on host. As there is no option for telling
> >> > > > ovn-controller to use tcp:port connection method for ovs-ofctl , flows
> >> > > > are
> >> > > > not being pushed to vswitchd.
> >> > > > 
> >> > > > 
> >> > > > 
> >> > > > 
> >> > > > For providing the patch, need some input. Should connection method be
> >> > > > provided as an argument to ovn-controller or it can be written to
> >> > > > /etc/sysconfig/openvswitch from where ovn-controller can read and use if
> >> > > > option is present otherwise it defaults to unix file method.
> >> > > > 
> >> > > > 
> >> > > 
> >> > > My suggestion would be to use external-ids in the local ovsdb, as is
> >> > > currently done for ovn-remote and ovn-encap. Maybe something like:
> >> > > 
> >> > >     ovs-vsctl set open . external-ids:ovn-ofctl=tcp:w.x.y.z:abcd
> >> > 
> >> > Using the name "ovs-ofctl" here is weird.  ovn-controller doesn't use
> >> > ovs-ofctl.
> >> > 
> >> 
> >> Well, I'm terrible with naming things, and should have added a comment to that
> >> effect :-) 
> >> 
> >> My rationale for "ovn-ofctl" was shallowly based on the the related file,
> >> ovn/controller/ofctrl.c (well, I omitted the 'r' for some reason,.)
> >> 
> >> What would be a more appropriate name?
> >
> > I really should have directed that to the original poster, since he
> > suggested that ovs-ofctl was involved.
> >
> > Probably, something that used words like "switch", "openflow", "remote",
> > "connection", "ovs", etc., like "ovn-switch-connection".
> >
> > However, this is not going to be the only problem that the OP will
> > encounter, since ovn-controller makes other assumptions that it is
> > running on the ovs-switchd host.

From blp at ovn.org  Thu Jul 13 18:17:01 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 11:17:01 -0700
Subject: [ovs-discuss] Cannot match correct ethertype after POP vlan and
 GOTO table
In-Reply-To: <CAFw10rE6ZxM0DmNPYRG0ewSfMhLxNvynM=oAQUgaMfj4Kn4Qzg@mail.gmail.com>
References: <CAFw10rE6ZxM0DmNPYRG0ewSfMhLxNvynM=oAQUgaMfj4Kn4Qzg@mail.gmail.com>
Message-ID: <20170713181701.GC29918@ovn.org>

On Tue, Jul 04, 2017 at 03:27:50PM +0800, Dickens Yeh wrote:
> Hi,
> I have an question, and I haven't found any OpenFlow Spec to defined it ,
> please give me a help.
> 
> I am trying to work with 3 vlan tags, but it cannot match correct ethertype
> after pop 1 vlan tag.
> OVS Bridge already set with vlan-limit = 0, and it can watch over 2 vlan
> and match the correct ethertype like ARP.
> 
> My question is:  the packet have 3 vlan tags, pop 1 vlan tag and goto-table
> 1. In table 1, will it match with the new packet (modified) or the original
> packet like in table 0?

The OVS documentation says:

       other_config  :  vlan-limit: optional string, containing an integer, at
       least 0
              Limits the number of VLAN headers that can  be  matched  to  the
              specified  number.  Further VLAN headers will be treated as pay?
              load, e.g. a packet with more 802.1q headers will match Ethernet
              type 0x8100.

              Value  0  means  unlimited.  The actual number of supported VLAN
              headers is the smallest of vlan-limit, the number of VLANs  sup?
              ported  by  Open vSwitch userspace (currently 2), and the number
              supported by the datapath.

              If this value is absent, the default is currently 1. This  main?
              tains backward compatibility with controllers that were designed
              for use with Open vSwitch versions earlier than 2.8, which  only
              supported one VLAN.

It's not clear to me whether you're describing a bug.  Does OVS behavior
differ from what is documented abovve?

From blp at ovn.org  Thu Jul 13 18:51:51 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 11:51:51 -0700
Subject: [ovs-discuss] Could anyone tell me whether there is a buffer
 between M2 and vswitchd?
In-Reply-To: <30036551.7af.15d3b029d44.Coremail.16125201@bjtu.edu.cn>
References: <30036551.7af.15d3b029d44.Coremail.16125201@bjtu.edu.cn>
Message-ID: <20170713185151.GH29918@ovn.org>

On Thu, Jul 13, 2017 at 04:13:33PM +0800, ??? wrote:
> hi all,
> Recently, I analyze the performance of Open vSwitch. By reading the source code, I abstract the packet-receiving process as the model of Fig.1. Queue1 (denoting NIC DMA) is a buffer that stores the incoming packets. M1 processes the packets, and looks up the flow table to match an entry. If the match fails, the packet is sent to Queue2 in order to be handled by ovs-vswitchd. If successful, the packet will be sent out by M2, which finishes the left processing.
> Please help me regarding this.

What's your question?

From blp at ovn.org  Thu Jul 13 18:53:17 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 11:53:17 -0700
Subject: [ovs-discuss] [ovs-dev] how to get packet information in
	ovs-dpdk?
In-Reply-To: <CAOE=1Z2Vd=znuNpATBQwdowZ7oKhoz83FK=j_U-BtmZ=dFa6JQ@mail.gmail.com>
References: <CAOE=1Z0EW9ThTCPLwTF6TaC+ro-tGTxQZ8NrqDkWboJSGHZLcw@mail.gmail.com>
	<20170712152410.GR29918@ovn.org>
	<CAOE=1Z2Vd=znuNpATBQwdowZ7oKhoz83FK=j_U-BtmZ=dFa6JQ@mail.gmail.com>
Message-ID: <20170713185317.GI29918@ovn.org>

Now I see that you're reporting a bug in "ovs-dpdk", not in Open
vSwitch.  You should report that bug to an ovs-dpdk mailing list.

On Thu, Jul 13, 2017 at 03:24:40PM +0800, Sam wrote:
> Yes it is.
> 
> I'm also confused, as when I use normal kernel based ovs-2.3.0, `ovs-ofctl
> snoop br0` works good and will not quit.
> 
> 2017-07-12 23:24 GMT+08:00 Ben Pfaff <blp at ovn.org>:
> 
> > On Wed, Jul 12, 2017 at 04:21:04PM +0800, Sam wrote:
> > > hi all,
> > >
> > > I'm running ovs-dpdk(ovs-2.4.9), I found the counter of bond port of br_t
> > > is increasing, but I want to know what's these packets, how could I do
> > this?
> > >
> > > first, I use `ovs-ofctl snoop br_t`, but it quit quickly as below:
> > >
> > > > [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
> > > > /usr/local/var/run/openvswitch/br_t.mgmt
> > > > [root at yf-mos-test-net07 ~]# /usr/local/bin/ovs-ofctl snoop
> > > > /usr/local/var/run/openvswitch/br_t.mgmt
> > > > ovs-ofctl: /usr/local/var/run/openvswitch/ovs-ofctl.pid: already
> > running
> > > > as pid 22082, aborting
> >
> > That is a strange message.  It should only appear if you use --pidfile
> > and --daemon and there's already an ovs-ofctl running that way.  Is the
> > above the complete context from your session?
> >

From nusiddiq at redhat.com  Thu Jul 13 19:26:28 2017
From: nusiddiq at redhat.com (Numan Siddique)
Date: Fri, 14 Jul 2017 00:56:28 +0530
Subject: [ovs-discuss] Could anyone tell me whether there is a buffer
 between M2 and vswitchd?
In-Reply-To: <20170713185151.GH29918@ovn.org>
References: <30036551.7af.15d3b029d44.Coremail.16125201@bjtu.edu.cn>
	<20170713185151.GH29918@ovn.org>
Message-ID: <CAH=CPzoFv9z_ZY+AZzO-Y65LXHOtmHqK4k5DW1u6mxL=bSapDw@mail.gmail.com>

On Fri, Jul 14, 2017 at 12:21 AM, Ben Pfaff <blp at ovn.org> wrote:

> On Thu, Jul 13, 2017 at 04:13:33PM +0800, ??? wrote:
> > hi all,
> > Recently, I analyze the performance of Open vSwitch. By reading the
> source code, I abstract the packet-receiving process as the model of Fig.1.
> Queue1 (denoting NIC DMA) is a buffer that stores the incoming packets. M1
> processes the packets, and looks up the flow table to match an entry. If
> the match fails, the packet is sent to Queue2 in order to be handled by
> ovs-vswitchd. If successful, the packet will be sent out by M2, which
> finishes the left processing.
> > Please help me regarding this.
>
> What's your question?
>

Looks like the question is in the attached pdf file - question.pdf


Could anyone tell me whether there is a buffer between M2 and vswitchd?
Recently, I analyze the performance of Open vSwitch. By reading the source
code, I
abstract the packet-receiving process as the model of Fig.1. Queue1
(denoting NIC DMA) is
a buffer that stores the incoming packets. M1 processes the packets, and
looks up the flow
table to match an entry. If the match fails, the packet is sent to Queue2
in order to be handled
by ovs-vswitchd. If successful, the packet will be sent out by M2, which
finishes the left
processing.


Numan


_______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170714/60ef9fa3/attachment.html>

From blp at ovn.org  Thu Jul 13 20:10:40 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 13:10:40 -0700
Subject: [ovs-discuss] Could anyone tell me whether there is a buffer
 between M2 and vswitchd?
In-Reply-To: <CAH=CPzoFv9z_ZY+AZzO-Y65LXHOtmHqK4k5DW1u6mxL=bSapDw@mail.gmail.com>
References: <30036551.7af.15d3b029d44.Coremail.16125201@bjtu.edu.cn>
	<20170713185151.GH29918@ovn.org>
	<CAH=CPzoFv9z_ZY+AZzO-Y65LXHOtmHqK4k5DW1u6mxL=bSapDw@mail.gmail.com>
Message-ID: <20170713201040.GJ29918@ovn.org>

On Fri, Jul 14, 2017 at 12:56:28AM +0530, Numan Siddique wrote:
> On Fri, Jul 14, 2017 at 12:21 AM, Ben Pfaff <blp at ovn.org> wrote:
> 
> > On Thu, Jul 13, 2017 at 04:13:33PM +0800, ??? wrote:
> > > hi all,
> > > Recently, I analyze the performance of Open vSwitch. By reading the
> > source code, I abstract the packet-receiving process as the model of Fig.1.
> > Queue1 (denoting NIC DMA) is a buffer that stores the incoming packets. M1
> > processes the packets, and looks up the flow table to match an entry. If
> > the match fails, the packet is sent to Queue2 in order to be handled by
> > ovs-vswitchd. If successful, the packet will be sent out by M2, which
> > finishes the left processing.
> > > Please help me regarding this.
> >
> > What's your question?
> >
> 
> Looks like the question is in the attached pdf file - question.pdf
> 
> 
> Could anyone tell me whether there is a buffer between M2 and vswitchd?
> Recently, I analyze the performance of Open vSwitch. By reading the source
> code, I
> abstract the packet-receiving process as the model of Fig.1. Queue1
> (denoting NIC DMA) is
> a buffer that stores the incoming packets. M1 processes the packets, and
> looks up the flow
> table to match an entry. If the match fails, the packet is sent to Queue2
> in order to be handled
> by ovs-vswitchd. If successful, the packet will be sent out by M2, which
> finishes the left
> processing.

There's no buffer.

From blp at ovn.org  Thu Jul 13 23:46:13 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 16:46:13 -0700
Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
 1891 1892 1893 1894 1895 1896 1900 1902 failed
In-Reply-To: <2093867126.31840847.1499706878012.JavaMail.zimbra@redhat.com>
References: <567db902-0ab4-2e5a-6eaf-a324d8130b78@it-offshore.co.uk>
	<2093867126.31840847.1499706878012.JavaMail.zimbra@redhat.com>
Message-ID: <20170713234613.GW29918@ovn.org>

On Mon, Jul 10, 2017 at 01:14:38PM -0400, Lance Richardson wrote:
> > From: "Stuart Cardall" <developer at it-offshore.co.uk>
> > To: bugs at openvswitch.org
> > Sent: Saturday, 8 July, 2017 5:22:17 PM
> > Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed
> > 
> > 
> > 
> > Hello,
> > 
> > Attached is the test suite log for ovs 2.7.1 in Alpine Linux / musl c:
> > 
> > testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed
> > 
> > 
> > Kind Regards,
> > 
> > Stuart Cardall.
> > 
> 
> These will pass if GNU awk is used instead of busybox awk (apk add gawk).
> 
>    7: completion.at:343  vsctl-bashcomp - basic verification
>    8: completion.at:425  vsctl-bashcomp - argument completion

That's interesting.  I thought I'd try to figure out the root of the
problem, but I don't get failures in my usual environment if I replace
"awk" by "busybox awk" and run these tests, so I wonder whether there's
something else at play.

From blp at ovn.org  Thu Jul 13 23:51:47 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 16:51:47 -0700
Subject: [ovs-discuss] building from source / ovs-dpctl-top crash
In-Reply-To: <CAKCC41MArv9pmiNE8U9zHR7nu-DEVQpSPstsVWYEC0kaPaW41A@mail.gmail.com>
References: <CAKCC41MArv9pmiNE8U9zHR7nu-DEVQpSPstsVWYEC0kaPaW41A@mail.gmail.com>
Message-ID: <20170713235147.GX29918@ovn.org>

On Mon, Jul 10, 2017 at 04:21:36PM -0400, Blue Lang wrote:
> New to the list. My company is building an (awesome) industrial security
> networking platform and OVS is a big part of the solution, so thank you all
> for your work.
> 
> I'd like to use ovs-dpctl-top as part of our testing suite, but it is
> crashing on launch. I built it and mininet from scratch/TOT to be sure it
> wasn't an old bug. I have two suggestions for the build scripts, and the
> error I'm seeing with -top.
> 
> 
>    - Should make install create /usr/local/var/run/openvswitch by default?
>    Right now this is a needless manual step.

ovs-ctl will create this before it starts any daemon, and the distro
packages also create it, so it's usually not necessary.

>    - Can ovsdb-server create a symlink to db.sock to avoid requiring
>     "--remote=punix:/usr/local/var/run/openvswitch/db.sock" in what seems to
>    be the default invocation? All of the related tools seem to want to use
>    db.sock rather than the instantiation-specific socket.

What symlink do you mean?  I don't know of installations that use a
symlink here.

> Sorry if I misunderstood the operation of either of the above - this is
> just based on my experience today building it for the first time.
> 
> -top dies with the following stack trace the moment mininet instantiates:
> 
> Traceback (most recent call last):
> 
>   File "/usr/local/bin/ovs-dpctl-top", line 1290, in <module>
> 
>     sys.exit(main())
> 
>   File "/usr/local/bin/ovs-dpctl-top", line 1282, in main
> 
>     flows_top(args)
> 
>   File "/usr/local/bin/ovs-dpctl-top", line 1191, in flows_top
> 
>     flows_read(ihdl, flow_db)
> 
>   File "/usr/local/bin/ovs-dpctl-top", line 593, in flows_read
> 
>     flow_db.flow_line_add(line)
> 
>   File "/usr/local/bin/ovs-dpctl-top", line 988, in flow_line_add
> 
>     self.flow_event(fields_dict, stats_old_dict, stats_dict)
> 
>   File "/usr/local/bin/ovs-dpctl-top", line 1080, in flow_event
> 
>     matches = flow_aggregate(fields_dict, stats_new_dict)
> 
>   File "/usr/local/bin/ovs-dpctl-top", line 576, in flow_aggregate
> 
>     field, stats_dict)
> 
>   File "/usr/local/bin/ovs-dpctl-top", line 268, in element_ipv6_get
> 
>     element_show = fmt % (field_type, element["src"], element["dst"])
> 
> KeyError: 'src'
> 
> If this is not a known error I can spend some time debugging it.

I think that ovs-dpctl-top is probably not used very much.  Maybe bugs
have crept in because no one is using it.  If you find the problem and
fix it, please pass it along.

From lrichard at redhat.com  Fri Jul 14 00:12:30 2017
From: lrichard at redhat.com (Lance Richardson)
Date: Thu, 13 Jul 2017 20:12:30 -0400 (EDT)
Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
 1891 1892 1893 1894 1895 1896 1900 1902 failed
In-Reply-To: <20170713234613.GW29918@ovn.org>
References: <567db902-0ab4-2e5a-6eaf-a324d8130b78@it-offshore.co.uk>
	<2093867126.31840847.1499706878012.JavaMail.zimbra@redhat.com>
	<20170713234613.GW29918@ovn.org>
Message-ID: <734553386.33699574.1499991150279.JavaMail.zimbra@redhat.com>

> From: "Ben Pfaff" <blp at ovn.org>
> To: "Lance Richardson" <lrichard at redhat.com>
> Cc: developer at it-offshore.co.uk, bugs at openvswitch.org
> Sent: Thursday, 13 July, 2017 7:46:13 PM
> Subject: Re: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902
> failed
> 
> On Mon, Jul 10, 2017 at 01:14:38PM -0400, Lance Richardson wrote:
> > > From: "Stuart Cardall" <developer at it-offshore.co.uk>
> > > To: bugs at openvswitch.org
> > > Sent: Saturday, 8 July, 2017 5:22:17 PM
> > > Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
> > > 1891 1892 1893 1894 1895 1896 1900 1902 failed
> > > 
> > > 
> > > 
> > > Hello,
> > > 
> > > Attached is the test suite log for ovs 2.7.1 in Alpine Linux / musl c:
> > > 
> > > testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed
> > > 
> > > 
> > > Kind Regards,
> > > 
> > > Stuart Cardall.
> > > 
> > 
> > These will pass if GNU awk is used instead of busybox awk (apk add gawk).
> > 
> >    7: completion.at:343  vsctl-bashcomp - basic verification
> >    8: completion.at:425  vsctl-bashcomp - argument completion
> 
> That's interesting.  I thought I'd try to figure out the root of the
> problem, but I don't get failures in my usual environment if I replace
> "awk" by "busybox awk" and run these tests, so I wonder whether there's
> something else at play.
> 

I just tried that (s/awk/busybox awk/ in utilities/ovs-vsctl-bashcomp.bash)
and got failures in those tests with similar symptom (no completions given).

This was on F26, x86_64, with busybox-1.22.1-6.

Strange... no idea. I did find a nice wiki explaining some differences between
busybox awk and some other implementations:

    https://wiki.alpinelinux.org/wiki/Awk

From lrichard at redhat.com  Fri Jul 14 00:34:30 2017
From: lrichard at redhat.com (Lance Richardson)
Date: Thu, 13 Jul 2017 20:34:30 -0400 (EDT)
Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
 1891 1892 1893 1894 1895 1896 1900 1902 failed
In-Reply-To: <734553386.33699574.1499991150279.JavaMail.zimbra@redhat.com>
References: <567db902-0ab4-2e5a-6eaf-a324d8130b78@it-offshore.co.uk>
	<2093867126.31840847.1499706878012.JavaMail.zimbra@redhat.com>
	<20170713234613.GW29918@ovn.org>
	<734553386.33699574.1499991150279.JavaMail.zimbra@redhat.com>
Message-ID: <440950592.33701615.1499992470208.JavaMail.zimbra@redhat.com>

> From: "Lance Richardson" <lrichard at redhat.com>
> To: "Ben Pfaff" <blp at ovn.org>
> Cc: developer at it-offshore.co.uk, bugs at openvswitch.org
> Sent: Thursday, 13 July, 2017 8:12:30 PM
> Subject: Re: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902
> failed
> 
> > From: "Ben Pfaff" <blp at ovn.org>
> > To: "Lance Richardson" <lrichard at redhat.com>
> > Cc: developer at it-offshore.co.uk, bugs at openvswitch.org
> > Sent: Thursday, 13 July, 2017 7:46:13 PM
> > Subject: Re: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
> > 1891 1892 1893 1894 1895 1896 1900 1902
> > failed
> > 
> > On Mon, Jul 10, 2017 at 01:14:38PM -0400, Lance Richardson wrote:
> > > > From: "Stuart Cardall" <developer at it-offshore.co.uk>
> > > > To: bugs at openvswitch.org
> > > > Sent: Saturday, 8 July, 2017 5:22:17 PM
> > > > Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
> > > > 1891 1892 1893 1894 1895 1896 1900 1902 failed
> > > > 
> > > > 
> > > > 
> > > > Hello,
> > > > 
> > > > Attached is the test suite log for ovs 2.7.1 in Alpine Linux / musl c:
> > > > 
> > > > testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed
> > > > 
> > > > 
> > > > Kind Regards,
> > > > 
> > > > Stuart Cardall.
> > > > 
> > > 
> > > These will pass if GNU awk is used instead of busybox awk (apk add gawk).
> > > 
> > >    7: completion.at:343  vsctl-bashcomp - basic verification
> > >    8: completion.at:425  vsctl-bashcomp - argument completion
> > 
> > That's interesting.  I thought I'd try to figure out the root of the
> > problem, but I don't get failures in my usual environment if I replace
> > "awk" by "busybox awk" and run these tests, so I wonder whether there's
> > something else at play.
> > 
> 
> I just tried that (s/awk/busybox awk/ in utilities/ovs-vsctl-bashcomp.bash)
> and got failures in those tests with similar symptom (no completions given).
> 
> This was on F26, x86_64, with busybox-1.22.1-6.
> 
> Strange... no idea. I did find a nice wiki explaining some differences
> between
> busybox awk and some other implementations:
> 
>     https://wiki.alpinelinux.org/wiki/Awk
> 

One more tidbit... if I use busybox awk here, I get failures, otherwise I
don't (the other invocations of awk in this script work either way):

# This is a convenience function to make sure that user input is
# looked at as a fixed string when being compared to something.  $1 is
# the input; this behaves like 'grep "^$1"' but deals with regex
# metacharacters in $1.
_ovs_vsctl_check_startswith_string () {
    awk 'index($0, thearg)==1' thearg="$1"
}

The extent of my awk knowledge is knowing where the name comes from, so
I have no idea what might causing the problem here or what alternative
implementations might be worth trying...

Regards,

   Lance

From batmanustc at gmail.com  Fri Jul 14 01:46:39 2017
From: batmanustc at gmail.com (Sam)
Date: Fri, 14 Jul 2017 09:46:39 +0800
Subject: [ovs-discuss] When did vlan tag add into packet in ovs and ovs-dpdk?
Message-ID: <CAOE=1Z0qem4n08nMb41s_gcFYNzp8t1y6E_mkTEMk--3QqA1Jw@mail.gmail.com>

Hi all,

I'm testing vlan in both ovs and ovs-dpdk. My topology is:

vm(121)     vm(120)                           vm(220)
    |                  |                                       |
   -------------------                                    ------------------
       br_t07        | b2                           b2 |      br_t08
                        ----------------------------------

I set vlan 1020 by `ovs-vsctl set vm121 tag 1020` in br_t07's vm(121) port
and vm(120) port, so the vm(121) could ping through vm(120).

I set no vlan tag on vm(220), so vm(121) could not ping through vm(220).

For normal ovs, vm(121) etc port is internal type, b2 is bond port; for
ovs-dpdk it's dpdkvhostuser type, b2 is dpdk bond port.

Now I use ovs-dump tool to capture packets in br_t07's b2, and I can's
capture packets with vlan 1020 tag; and I use gdb to debug, also I can't
get it.

My question is:
1. In normal ovs, where or which function is to add vlan tag onto packet? I
think it's in datapath?
2. This is important, in ovs-dpdk, where or which function is to add vlan
tag onto packet? I think it's in pmd?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170714/d7df58b9/attachment.html>

From batmanustc at gmail.com  Fri Jul 14 02:04:57 2017
From: batmanustc at gmail.com (Sam)
Date: Fri, 14 Jul 2017 10:04:57 +0800
Subject: [ovs-discuss] When did vlan tag add into packet in ovs and
	ovs-dpdk?
In-Reply-To: <CAOE=1Z0qem4n08nMb41s_gcFYNzp8t1y6E_mkTEMk--3QqA1Jw@mail.gmail.com>
References: <CAOE=1Z0qem4n08nMb41s_gcFYNzp8t1y6E_mkTEMk--3QqA1Jw@mail.gmail.com>
Message-ID: <CAOE=1Z3L32tM-OkkmFzE7w=p1=Kgmd17QReyR98bJLkate6w+g@mail.gmail.com>

For hardware switch, a port with vlan 1020, it's behavior is:

1. packet come into port will set vlan tag 1020 in switch, and then send it.
2. only packet with vlan 1020 will come out from this port.

So I don't know if ovs works like this?

2017-07-14 9:46 GMT+08:00 Sam <batmanustc at gmail.com>:

> Hi all,
>
> I'm testing vlan in both ovs and ovs-dpdk. My topology is:
>
> vm(121)     vm(120)                           vm(220)
>     |                  |                                       |
>    -------------------
>  ------------------
>        br_t07        | b2                           b2 |      br_t08
>                         ----------------------------------
>
> I set vlan 1020 by `ovs-vsctl set vm121 tag 1020` in br_t07's vm(121) port
> and vm(120) port, so the vm(121) could ping through vm(120).
>
> I set no vlan tag on vm(220), so vm(121) could not ping through vm(220).
>
> For normal ovs, vm(121) etc port is internal type, b2 is bond port; for
> ovs-dpdk it's dpdkvhostuser type, b2 is dpdk bond port.
>
> Now I use ovs-dump tool to capture packets in br_t07's b2, and I can's
> capture packets with vlan 1020 tag; and I use gdb to debug, also I can't
> get it.
>
> My question is:
> 1. In normal ovs, where or which function is to add vlan tag onto packet?
> I think it's in datapath?
> 2. This is important, in ovs-dpdk, where or which function is to add vlan
> tag onto packet? I think it's in pmd?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170714/3ccb9943/attachment.html>

From batmanustc at gmail.com  Fri Jul 14 02:17:17 2017
From: batmanustc at gmail.com (Sam)
Date: Fri, 14 Jul 2017 10:17:17 +0800
Subject: [ovs-discuss] When did vlan tag add into packet in ovs and
	ovs-dpdk?
In-Reply-To: <CAOE=1Z0qem4n08nMb41s_gcFYNzp8t1y6E_mkTEMk--3QqA1Jw@mail.gmail.com>
References: <CAOE=1Z0qem4n08nMb41s_gcFYNzp8t1y6E_mkTEMk--3QqA1Jw@mail.gmail.com>
Message-ID: <CAOE=1Z0HVKKFDubQ5yCiaHsf2XoHvqvVXFNuwBf4bnHeOurT1g@mail.gmail.com>

Sorry, Add a question:

3. I start to capture packets in b2 port on br_t07, when I use vm(121) to
ping vm(120), I could not capture any packets(including arp); when I use
vm(121) to ping vm(220), I could capture it; when I use vm(121) to ping
unknown host like 123, I could not capture any thing.
Why no thing when I ping unknown host?

2017-07-14 9:46 GMT+08:00 Sam <batmanustc at gmail.com>:

> Hi all,
>
> I'm testing vlan in both ovs and ovs-dpdk. My topology is:
>
> vm(121)     vm(120)                           vm(220)
>     |                  |                                       |
>    -------------------
>  ------------------
>        br_t07        | b2                           b2 |      br_t08
>                         ----------------------------------
>
> I set vlan 1020 by `ovs-vsctl set vm121 tag 1020` in br_t07's vm(121) port
> and vm(120) port, so the vm(121) could ping through vm(120).
>
> I set no vlan tag on vm(220), so vm(121) could not ping through vm(220).
>
> For normal ovs, vm(121) etc port is internal type, b2 is bond port; for
> ovs-dpdk it's dpdkvhostuser type, b2 is dpdk bond port.
>
> Now I use ovs-dump tool to capture packets in br_t07's b2, and I can's
> capture packets with vlan 1020 tag; and I use gdb to debug, also I can't
> get it.
>
> My question is:
> 1. In normal ovs, where or which function is to add vlan tag onto packet?
> I think it's in datapath?
> 2. This is important, in ovs-dpdk, where or which function is to add vlan
> tag onto packet? I think it's in pmd?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170714/dedc366e/attachment.html>

From blp at ovn.org  Fri Jul 14 04:43:15 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 13 Jul 2017 21:43:15 -0700
Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
 1891 1892 1893 1894 1895 1896 1900 1902 failed
In-Reply-To: <440950592.33701615.1499992470208.JavaMail.zimbra@redhat.com>
References: <567db902-0ab4-2e5a-6eaf-a324d8130b78@it-offshore.co.uk>
	<2093867126.31840847.1499706878012.JavaMail.zimbra@redhat.com>
	<20170713234613.GW29918@ovn.org>
	<734553386.33699574.1499991150279.JavaMail.zimbra@redhat.com>
	<440950592.33701615.1499992470208.JavaMail.zimbra@redhat.com>
Message-ID: <20170714044315.GG29918@ovn.org>

On Thu, Jul 13, 2017 at 08:34:30PM -0400, Lance Richardson wrote:
> > From: "Lance Richardson" <lrichard at redhat.com>
> > To: "Ben Pfaff" <blp at ovn.org>
> > Cc: developer at it-offshore.co.uk, bugs at openvswitch.org
> > Sent: Thursday, 13 July, 2017 8:12:30 PM
> > Subject: Re: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902
> > failed
> > 
> > > From: "Ben Pfaff" <blp at ovn.org>
> > > To: "Lance Richardson" <lrichard at redhat.com>
> > > Cc: developer at it-offshore.co.uk, bugs at openvswitch.org
> > > Sent: Thursday, 13 July, 2017 7:46:13 PM
> > > Subject: Re: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
> > > 1891 1892 1893 1894 1895 1896 1900 1902
> > > failed
> > > 
> > > On Mon, Jul 10, 2017 at 01:14:38PM -0400, Lance Richardson wrote:
> > > > > From: "Stuart Cardall" <developer at it-offshore.co.uk>
> > > > > To: bugs at openvswitch.org
> > > > > Sent: Saturday, 8 July, 2017 5:22:17 PM
> > > > > Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
> > > > > 1891 1892 1893 1894 1895 1896 1900 1902 failed
> > > > > 
> > > > > 
> > > > > 
> > > > > Hello,
> > > > > 
> > > > > Attached is the test suite log for ovs 2.7.1 in Alpine Linux / musl c:
> > > > > 
> > > > > testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed
> > > > > 
> > > > > 
> > > > > Kind Regards,
> > > > > 
> > > > > Stuart Cardall.
> > > > > 
> > > > 
> > > > These will pass if GNU awk is used instead of busybox awk (apk add gawk).
> > > > 
> > > >    7: completion.at:343  vsctl-bashcomp - basic verification
> > > >    8: completion.at:425  vsctl-bashcomp - argument completion
> > > 
> > > That's interesting.  I thought I'd try to figure out the root of the
> > > problem, but I don't get failures in my usual environment if I replace
> > > "awk" by "busybox awk" and run these tests, so I wonder whether there's
> > > something else at play.
> > > 
> > 
> > I just tried that (s/awk/busybox awk/ in utilities/ovs-vsctl-bashcomp.bash)
> > and got failures in those tests with similar symptom (no completions given).
> > 
> > This was on F26, x86_64, with busybox-1.22.1-6.
> > 
> > Strange... no idea. I did find a nice wiki explaining some differences
> > between
> > busybox awk and some other implementations:
> > 
> >     https://wiki.alpinelinux.org/wiki/Awk
> > 
> 
> One more tidbit... if I use busybox awk here, I get failures, otherwise I
> don't (the other invocations of awk in this script work either way):
> 
> # This is a convenience function to make sure that user input is
> # looked at as a fixed string when being compared to something.  $1 is
> # the input; this behaves like 'grep "^$1"' but deals with regex
> # metacharacters in $1.
> _ovs_vsctl_check_startswith_string () {
>     awk 'index($0, thearg)==1' thearg="$1"
> }
> 
> The extent of my awk knowledge is knowing where the name comes from, so
> I have no idea what might causing the problem here or what alternative
> implementations might be worth trying...

I missed that invocation.

After some experimentation, I found the problem:
        https://mail.openvswitch.org/pipermail/ovs-dev/2017-July/335522.html

From developer at it-offshore.co.uk  Thu Jul 13 23:51:45 2017
From: developer at it-offshore.co.uk (Stuart Cardall)
Date: Fri, 14 Jul 2017 00:51:45 +0100
Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767
 1891 1892 1893 1894 1895 1896 1900 1902 failed
In-Reply-To: <20170713234613.GW29918@ovn.org>
References: <567db902-0ab4-2e5a-6eaf-a324d8130b78@it-offshore.co.uk>
	<2093867126.31840847.1499706878012.JavaMail.zimbra@redhat.com>
	<20170713234613.GW29918@ovn.org>
Message-ID: <79fcf666-dc8d-a2cc-4170-5457ac37603b@it-offshore.co.uk>

adding gawk to the ovs APKBUILD fixes tests 7 & 8

Stuart.


On 07/14/2017 12:46 AM, Ben Pfaff wrote:
> On Mon, Jul 10, 2017 at 01:14:38PM -0400, Lance Richardson wrote:
>>> From: "Stuart Cardall" <developer at it-offshore.co.uk>
>>> To: bugs at openvswitch.org
>>> Sent: Saturday, 8 July, 2017 5:22:17 PM
>>> Subject: [ovs-discuss] Subject: [openvswitch 2.7.1] testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed
>>>
>>>
>>>
>>> Hello,
>>>
>>> Attached is the test suite log for ovs 2.7.1 in Alpine Linux / musl c:
>>>
>>> testsuite: 7 8 767 1891 1892 1893 1894 1895 1896 1900 1902 failed
>>>
>>>
>>> Kind Regards,
>>>
>>> Stuart Cardall.
>>>
>> These will pass if GNU awk is used instead of busybox awk (apk add gawk).
>>
>>    7: completion.at:343  vsctl-bashcomp - basic verification
>>    8: completion.at:425  vsctl-bashcomp - argument completion
> That's interesting.  I thought I'd try to figure out the root of the
> problem, but I don't get failures in my usual environment if I replace
> "awk" by "busybox awk" and run these tests, so I wonder whether there's
> something else at play.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170714/715aaa22/attachment.html>

From keyaozhang at 126.com  Fri Jul 14 08:14:29 2017
From: keyaozhang at 126.com (=?GBK?B?1cW/y9Ki?=)
Date: Fri, 14 Jul 2017 16:14:29 +0800 (CST)
Subject: [ovs-discuss] How does OVS ensure only the first packet of a flow
	is upcalled?
Message-ID: <85062f1.6ab0.15d4029d2fc.Coremail.keyaozhang@126.com>

Hi, All

The document of ovs says the datapath is a flow-based software switch. A flow consists of many packets. Datapath needs to handle every packet. When it does't match any datapath flows, it will do upcall. Vswitchd needs to handle upcalls and send netlink messages to datapath to install the datapath flows. But before the datapath flows are added, another packet of the same flow arrived, will the packet be upcalled? That means if I send packets at faster rate, more upcalls will be expected?

Thank you!

keyaozhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170714/cb3a5d77/attachment.html>

From balazs.nemeth at ericsson.com  Fri Jul 14 14:39:26 2017
From: balazs.nemeth at ericsson.com (Balazs Nemeth)
Date: Fri, 14 Jul 2017 14:39:26 +0000
Subject: [ovs-discuss] Questions regarding tunnel reconfiguration
Message-ID: <DB5PR07MB1496F775D931746E5062F4039FAD0@DB5PR07MB1496.eurprd07.prod.outlook.com>

Hi,



I have two questions regarding the tunnel handling. These are potential areas in the code where change can be needed. I plan to make the changes, but I would like to discuss if the below actions are valid or not.



1. Currently it is possible to reconfigure the type of an OpenFlow tunnel port in OVS (e.g. from gre to vxlan). Is it OK to reconfigure the port type, like this?



2. Currently it is allowed to reconfigure the dst_port option of on OpenFlow tunnel port. It is possible to set unique dst_port for a VXLAN tunnel, e.g. the default 6081 UDP port of Geneve tunnels, and vice versa. Is it OK, to reconfigure ports like this?

In this case the tnl_port_in structure will not be correct in this case (printed by ovs-appctl tnl/ports/show -v). The following entries will be seen in case of originally 1-1 VXLAN/Geneve port existing, and the VXLAN is reconfigured with dst_port=6081 option. There will be no vxlan_sys_6081 (2) member in tnl_port_in structure.

    > sudo ovs-appctl tnl/ports/show

    Listening ports:

    genev_sys_6081 (6081) ref_cnt=1

    vxlan_sys_6081 (2) ref_cnt=1

    > sudo ovs-appctl tnl/ports/show -v

    Listening ports:

    genev_sys_6081 (6081) : eth(dst=00:13:5e:ea:0d:e2),eth_type(0x0800),ipv4(dst=172.31.40.101,proto=17,frag=no),udp(dst=6081)

    genev_sys_6081 (6081) : eth(dst=00:13:5e:ea:0d:e2),eth_type(0x86dd),ipv6(dst=fe80::213:5eff:feea:de2,proto=17,frag=no),udp(dst=6081)



BR,

Balazs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170714/bbc9f840/attachment-0001.html>

From blp at ovn.org  Fri Jul 14 15:48:32 2017
From: blp at ovn.org (Ben Pfaff)
Date: Fri, 14 Jul 2017 08:48:32 -0700
Subject: [ovs-discuss] Questions regarding tunnel reconfiguration
In-Reply-To: <DB5PR07MB1496F775D931746E5062F4039FAD0@DB5PR07MB1496.eurprd07.prod.outlook.com>
References: <DB5PR07MB1496F775D931746E5062F4039FAD0@DB5PR07MB1496.eurprd07.prod.outlook.com>
Message-ID: <20170714154832.GJ29918@ovn.org>

On Fri, Jul 14, 2017 at 02:39:26PM +0000, Balazs Nemeth wrote:
> 1. Currently it is possible to reconfigure the type of an OpenFlow
> tunnel port in OVS (e.g. from gre to vxlan). Is it OK to reconfigure
> the port type, like this?

Yes.  If it doesn't work, that is a bug.

> 2. Currently it is allowed to reconfigure the dst_port option of on OpenFlow tunnel port. It is possible to set unique dst_port for a VXLAN tunnel, e.g. the default 6081 UDP port of Geneve tunnels, and vice versa. Is it OK, to reconfigure ports like this?

Yes.  If it doesn't work, that is a bug.

> In this case the tnl_port_in structure will not be correct in this case (printed by ovs-appctl tnl/ports/show -v). The following entries will be seen in case of originally 1-1 VXLAN/Geneve port existing, and the VXLAN is reconfigured with dst_port=6081 option. There will be no vxlan_sys_6081 (2) member in tnl_port_in structure.

Sounds like a bug.

From feihu929 at sina.com  Fri Jul 14 13:58:10 2017
From: feihu929 at sina.com (feihu929 at sina.com)
Date: Fri, 14 Jul 2017 21:58:10 +0800
Subject: [ovs-discuss] about L3 Route problem with two host
Message-ID: <20170714135810.9A713380544@webmail.sinamail.sina.com.cn>

I build a L3 Route Test with Three Host(network1/ovn-central, network2/ovn-host, network3/ovn-host), each ovn-host node run 2 vm and conntected by 2 logical switch, the two logical switch connected by 1 logical router, as below

                     network1
                  ---------------
                  |	ovn-central |
                  ---------------
                    /         \
                   /           \
                  /             \
                 /               \
                /                 \
               /                   \
              /                     \
  ---------------                     --------------- 
  |  --------   |     lswtich 1       |  --------   |
  |  | vm1  |---|---------------------|  | vm1  |---|
  |  --------   |         |           |  --------   |
  |             |         |           |             |
  |             |         |           |             |
  |             |    -------------    |             |
  |   ovn-host  |    | lrouter 1 |    |  ovn-host   |
  |             |    -------------    |             |
  |             |         |           |             |
  |             |         |           |             |
  |  --------   |     lswtich 2       |  --------   |
  |  | vm1  |---|---------------------|  | vm1  |---|
  |  --------   |                     |  --------   |
  |             |                     |             |
  ---------------                     ---------------
      network2                           network3




When testing, I encount a problem as below.
1. the vm1 can ping vm2 which in the same logical switch not in the same host node.
2. the vm1 can ping vm3 which not in the same logical switch and in the same host node.
3. the vm1 CAN NOT ping vm4 which not in the same logical switch and not in the same host node.

the host (network1/2/3) is centos7 with openvswitch/ovn 2.6.1

the build command as below
---------------------------
# Create the first logical switch and its two ports.
ovn-nbctl ls-add sw0

ovn-nbctl lsp-add sw0 sw0-port1
ovn-nbctl lsp-set-addresses sw0-port1 "00:00:00:00:00:01 10.0.0.51"
ovn-nbctl lsp-set-port-security sw0-port1 "00:00:00:00:00:01 10.0.0.51"

ovn-nbctl lsp-add sw0 sw0-port2
ovn-nbctl lsp-set-addresses sw0-port2 "00:00:00:00:00:02 10.0.0.52"
ovn-nbctl lsp-set-port-security sw0-port2 "00:00:00:00:00:02 10.0.0.52"

# Create the second logical switch and its two ports.
ovn-nbctl ls-add sw1

ovn-nbctl lsp-add sw1 sw1-port1
ovn-nbctl lsp-set-addresses sw1-port1 "00:00:00:00:00:03 192.168.1.51"
ovn-nbctl lsp-set-port-security sw1-port1 "00:00:00:00:00:03 192.168.1.51"

ovn-nbctl lsp-add sw1 sw1-port2
ovn-nbctl lsp-set-addresses sw1-port2 "00:00:00:00:00:04 192.168.1.52"
ovn-nbctl lsp-set-port-security sw1-port2 "00:00:00:00:00:04 192.168.1.52"

# Create a logical router between sw0 and sw1.
ovn-nbctl create Logical_Router name=lr0

ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 10.0.0.1/24
ovn-nbctl lsp-add sw0 sw0-lrp0 \
    -- set Logical_Switch_Port sw0-lrp0 type=router \
    options:router-port=lrp0 addresses='"00:00:00:00:ff:01"'

ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 192.168.1.1/24
ovn-nbctl lsp-add sw1 sw1-lrp1 \
    -- set Logical_Switch_Port sw1-lrp1 type=router \
    options:router-port=lrp1 addresses='"00:00:00:00:ff:02"'


$ ovn-nbctl show
    switch bf4ba6c6-91c5-4f56-9981-72643816f923 (sw1)
        port sw1-lrp1
            addresses: ["00:00:00:00:ff:02"]
        port sw1-port2
            addresses: ["00:00:00:00:00:04 192.168.1.52"]
        port sw1-port1
            addresses: ["00:00:00:00:00:03 192.168.1.51"]
    switch 13b80127-4b36-46ea-816a-1ba4ffd6ac57 (sw0)
        port sw0-port1
            addresses: ["00:00:00:00:00:01 10.0.0.51"]
        port sw0-lrp0
            addresses: ["00:00:00:00:ff:01"]
        port sw0-port2
            addresses: ["00:00:00:00:00:02 10.0.0.52"]
    router 68935017-967a-4c4a-9dad-5d325a9f203a (lr0)
        port lrp0
            mac: "00:00:00:00:ff:01"
            networks: ["10.0.0.1/24"]
        port lrp1
            mac: "00:00:00:00:ff:02"
            networks: ["192.168.1.1/24"]

# on network2 host
ip netns add vm1
ovs-vsctl add-port br-int vm1 -- set interface vm1 type=internal
ip link set vm1 netns vm1
ovs-vsctl set Interface vm1 external_ids:iface-id=sw0-port1
ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:01
ip netns exec vm1 ip addr add 10.0.0.51/24 dev vm1
ip netns exec vm1 ip link set vm1 up
ip netns exec vm1 ip route add default via 10.0.0.1 dev vm1

ip netns add vm3
ovs-vsctl add-port br-int vm3 -- set interface vm3 type=internal
ip link set vm3 netns vm3
ovs-vsctl set Interface vm3 external_ids:iface-id=sw1-port1
ip netns exec vm3 ip link set vm3 address 00:00:00:00:00:03
ip netns exec vm3 ip addr add 192.168.1.51/24 dev vm3
ip netns exec vm3 ip link set vm3 up
ip netns exec vm3 ip route add default via 192.168.1.1 dev vm3

    
# on network3 host
ip netns add vm2
ovs-vsctl add-port br-int vm2 -- set interface vm2 type=internal
ip link set vm2 netns vm2
ovs-vsctl set Interface vm2 external_ids:iface-id=sw0-port2
ip netns exec vm2 ip link set vm2 address 00:00:00:00:00:02
ip netns exec vm2 ip addr add 10.0.0.52/24 dev vm2
ip netns exec vm2 ip link set vm2 up
ip netns exec vm2 ip route add default via 10.0.0.1 dev vm2

ip netns add vm4
ovs-vsctl add-port br-int vm4 -- set interface vm4 type=internal
ip link set vm4 netns vm4
ovs-vsctl set Interface vm4 external_ids:iface-id=sw1-port2
ip netns exec vm4 ip link set vm4 address 00:00:00:00:00:04
ip netns exec vm4 ip addr add 192.168.1.52/24 dev vm4
ip netns exec vm4 ip link set vm4 up
ip netns exec vm4 ip route add default via 192.168.1.1 dev vm4


[root at network1 ~]# ovn-sbctl show 
Chassis "8b3511e6-ae41-4988-ae91-cc829fb1878c"
    hostname: "network3"
    Encap vxlan
        ip: "10.2.170.113"
        options: {csum="true"}
    Port_Binding "sw1-port2"
    Port_Binding "sw0-port2"
Chassis "e8821b82-a4a5-4b3b-9f2a-36f9be23ba3e"
    hostname: "network1"
    Encap vxlan
        ip: "10.2.170.111"
        options: {csum="true"}
Chassis "d934c4d5-9374-4dd2-a51e-8fafd45519c0"
    hostname: "network2"
    Encap vxlan
        ip: "10.2.170.112"
        options: {csum="true"}
    Port_Binding "sw1-port1"
    Port_Binding "sw0-port1"


#ping vm2 from vm 1
[root at network2 ~]# ip netns exec vm1 ping 10.0.0.52
PING 10.0.0.52 (10.0.0.52) 56(84) bytes of data.
64 bytes from 10.0.0.52: icmp_seq=1 ttl=64 time=0.971 ms
64 bytes from 10.0.0.52: icmp_seq=2 ttl=64 time=0.233 ms
64 bytes from 10.0.0.52: icmp_seq=3 ttl=64 time=0.266 ms

#ping vm3 from vm 1
[root at network2 ~]# ip netns exec vm1 ping 192.168.1.51
PING 192.168.1.51 (192.168.1.51) 56(84) bytes of data.
64 bytes from 192.168.1.51: icmp_seq=1 ttl=63 time=0.515 ms
64 bytes from 192.168.1.51: icmp_seq=2 ttl=63 time=0.043 ms
64 bytes from 192.168.1.51: icmp_seq=3 ttl=63 time=0.037 ms

#ping vm4 from vm 1
[root at network2 ~]# ip netns exec vm1 ping 192.168.1.52
PING 192.168.1.52 (192.168.1.52) 56(84) bytes of data.

^C
--- 192.168.1.52 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms

#ping vm4 from vm 3
[root at network2 ~]# ip netns exec vm3 ping 192.168.1.52 
PING 192.168.1.52 (192.168.1.52) 56(84) bytes of data.
64 bytes from 192.168.1.52: icmp_seq=1 ttl=64 time=1.14 ms
64 bytes from 192.168.1.52: icmp_seq=2 ttl=64 time=0.210 ms
64 bytes from 192.168.1.52: icmp_seq=3 ttl=64 time=0.264 ms


#when ping vm4 from vm 1, the network 3 already recived the ping packet
[root at network3 ~]# ovs-tcpdump -i ovn-d934c4-0 host 192.168.1.52  -e          
tcpdump: WARNING: miovn-d934c4-0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on miovn-d934c4-0, link-type EN10MB (Ethernet), capture size 65535 bytes
21:46:50.214453 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 1, length 64
21:46:51.213986 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 2, length 64
21:46:52.214016 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 3, length 64
21:46:53.214042 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 4, length 64
21:46:54.214029 00:00:00:00:ff:02 (oui Ethernet) > 00:00:00:00:00:04 (oui Ethernet), ethertype IPv4 (0x0800), length 98: 10.0.0.51 > 192.168.1.52: ICMP echo request, id 2850, seq 5, length 64

# the ovn-d934c4-0 as below
[root at network3 ~]# ovs-vsctl show
6cec42de-1724-4e87-847c-01070c068015
    Bridge br-int
        fail_mode: secure
        Port "patch-lrp0-to-sw0-lrp0"
            Interface "patch-lrp0-to-sw0-lrp0"
                type: patch
                options: {peer="patch-sw0-lrp0-to-lrp0"}
        Port br-int
            Interface br-int
                type: internal
        Port "ovn-d934c4-0"
            Interface "ovn-d934c4-0"
                type: vxlan
                options: {csum="true", key=flow, remote_ip="10.2.170.112"}
        Port "ovn-e8821b-0"
            Interface "ovn-e8821b-0"
                type: vxlan
                options: {csum="true", key=flow, remote_ip="10.2.170.111"}
        Port "patch-sw0-lrp0-to-lrp0"
            Interface "patch-sw0-lrp0-to-lrp0"
                type: patch
                options: {peer="patch-lrp0-to-sw0-lrp0"}
        Port "patch-lrp1-to-sw1-lrp1"
            Interface "patch-lrp1-to-sw1-lrp1"
                type: patch
                options: {peer="patch-sw1-lrp1-to-lrp1"}
        Port "patch-sw1-lrp1-to-lrp1"
            Interface "patch-sw1-lrp1-to-lrp1"
                type: patch
                options: {peer="patch-lrp1-to-sw1-lrp1"}
        Port "vm4"
            Interface "vm4"
                type: internal
        Port "vm2"
            Interface "vm2"
                type: internal
    ovs_version: "2.6.1"

From lrichard at redhat.com  Sat Jul 15 15:50:09 2017
From: lrichard at redhat.com (Lance Richardson)
Date: Sat, 15 Jul 2017 11:50:09 -0400 (EDT)
Subject: [ovs-discuss] Remote connection method for ovn-controller
 ovs-ofctl	invocation.
In-Reply-To: <20170713170457.GS29918@ovn.org>
References: <MWHPR07MB318200BECA5C2EE9D47E6BD79BAC0@MWHPR07MB3182.namprd07.prod.outlook.com>
	<254973291.33537511.1499952901730.JavaMail.zimbra@redhat.com>
	<20170713164747.GP29918@ovn.org>
	<971556263.33631566.1499964791494.JavaMail.zimbra@redhat.com>
	<20170713170457.GS29918@ovn.org>
Message-ID: <1121395473.34734797.1500133809244.JavaMail.zimbra@redhat.com>

> From: "Ben Pfaff" <blp at ovn.org>

...

> However, this is not going to be the only problem that the OP will
> encounter, since ovn-controller makes other assumptions that it is
> running on the ovs-switchd host.
> 

Right, e.g. OVN's QoS features will not work if ovn-controller and
ovs-vswitchd are running on different hosts.

   Lance

From chaithanmp at yahoo.co.in  Sun Jul 16 01:16:18 2017
From: chaithanmp at yahoo.co.in (Chaithan M.P.)
Date: Sun, 16 Jul 2017 01:16:18 +0000 (UTC)
Subject: [ovs-discuss] Does port addition order matter when bridge is in
 normal mode and contains a tunnel port?
References: <500096627.1430449.1500167778822.ref@mail.yahoo.com>
Message-ID: <500096627.1430449.1500167778822@mail.yahoo.com>

Hi,
I was looking at this simple tunneling example from the docs.?
http://docs.openvswitch.org/en/latest/howto/tunneling/

It says "Pings between any of the VMs should work, regardless of whether the VMs are running on the same host or different hosts".
But it seems to me that the order in which the ports are added to the bridge matters. If we add the tunnel port before adding the tap interfaces, then the datapath flows are setup such that the VMs on the same host may not be able to communicate with each other.
For example, ignoring the remote host, I just add 2 tap interfaces and a geneve tunnel port to the OVS bridge.I will use ofproto/trace to generate the datapath flows for a broadcast packet originating from one of the tap interfaces.?
In this first attempt, I will reverse the order from the above doc by adding the tunnel port first and then add the tap interfaces to the bridge. Please look at the Datapath actions that get generated. The packet is transformed by the set_tunnel action before outputting to port-4 (vport1). Is this expected? If I was pinging from vport2 to vport1 and this were an initial broadcast arp packet, it would have been dropped at vport1 as malformed and ping wouldn't succeed.
root at ubuntu:~# ovs-vsctl add-port br0 tun1 -- set interface tun1 type=geneve options:remote_ip=4.4.4.4root at ubuntu:~# ovs-vsctl add-port br0 vport1 -- add-port br0 vport2

root at ubuntu:~# ovs-ofctl show br0 (partial output)
?1(tun1): addr:0e:ba:6b:40:fb:52
?2(vport2): addr:a2:2c:48:53:e7:e5
?3(vport1): addr:fa:6a:41:04:ac:ee
root at ubuntu:~# ovs-dpctl show (partial output)
system at ovs-system: port 0: ovs-system (internal)
 port 1: br0 (internal) port 2: genev_sys_6081 (geneve) port 3: vport2 port 4: vport1?
root at ubuntu:~# ovs-appctl ofproto/trace br0 in_port=2,dl_dst=ff:ff:ff:ff:ff:ffBridge: br0Flow: in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Rule: table=0 cookie=0 priority=0OpenFlow actions=NORMALno learned MAC for destination, floodingoutput to kernel tunnel
Final flow: in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000Megaflow: recirc_id=0,in_port=2,vlan_tci=0x0000/0x1fff,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000Datapath actions: 1,set(tunnel(dst=4.4.4.4,ttl=64,flags(df))),2,4
-------------------
On the other hand, if I follow the order from the doc, i.e., add tap interfaces first and then the tunnel port, then the datapath actions look fine as the output to vport happens before the set_tunnel action and so ping would succeed.
root at ubuntu:~# ovs-vsctl add-port br1 vport3 -- add-port br1 vport4
root at ubuntu:~# ovs-vsctl add-port br1 tun2 -- set interface tun2 type=geneve options:remote_ip=5.5.5.5
root at ubuntu:~# ovs-ofctl show br1 (partial output)?1(vport3): addr:0e:9c:cb:2e:3c:c2
?2(vport4): addr:26:7f:e7:2c:3c:6a
?3(tun2): addr:4e:f4:ec:6e:9f:a3
root at ubuntu:~# ovs-dpctl show (partial output)
system at ovs-system: port 0: ovs-system (internal)
 port 2: genev_sys_6081 (geneve)
 port 5: br1 (internal)
 port 6: vport3 port 7: vport4
root at ubuntu:~# ovs-appctl ofproto/trace br1 in_port=1,dl_dst=ff:ff:ff:ff:ff:ffBridge: br1Flow: in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Rule: table=0 cookie=0 priority=0OpenFlow actions=NORMALno learned MAC for destination, floodingoutput to kernel tunnel
Final flow: in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000Megaflow: recirc_id=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000Datapath actions: 5,7,set(tunnel(dst=5.5.5.5,ttl=64,flags(df))),2

Thanks,Chaithan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170716/59366f42/attachment-0001.html>

From sara.gittlin at gmail.com  Sun Jul 16 06:37:05 2017
From: sara.gittlin at gmail.com (Sara Gittlin)
Date: Sun, 16 Jul 2017 09:37:05 +0300
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <20170712151503.GQ29918@ovn.org>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
	<20170711153811.GF29918@ovn.org>
	<CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>
	<20170712151503.GQ29918@ovn.org>
Message-ID: <CAA_4wjYfUa+b3R4W_y_QaYMGcAXjKaV=1p93O+onhEy+7QE4_w@mail.gmail.com>

On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
> Thank you Ben
>
> >> I need a tool to feel up the flow tables in ofproto.
> >> do you know what tool/other should i use ?
>
> >What does it mean "to feel up" a flow table?
>
> i want to be able to read ofctl tables and to get a big output ~ 10000
> - 50000 flows.
> i need it to order to run some algo. on these flows (e.g. try to
> generate megaflows .. )
> i know that i can do it with sdn controller -  is there other tools ?

Do you just want to run "ovs-ofctl dump-flows"?

Thanks Ben
this can be an option, unless there is a better way to retrieve all
flows in ofproto
Sara


On Wed, Jul 12, 2017 at 6:15 PM, Ben Pfaff <blp at ovn.org> wrote:
> On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
>> Thank you Ben
>>
>> >> I need a tool to feel up the flow tables in ofproto.
>> >> do you know what tool/other should i use ?
>>
>> >What does it mean "to feel up" a flow table?
>>
>> i want to be able to read ofctl tables and to get a big output ~ 10000
>> - 50000 flows.
>> i need it to order to run some algo. on these flows (e.g. try to
>> generate megaflows .. )
>> i know that i can do it with sdn controller -  is there other tools ?
>
> Do you just want to run "ovs-ofctl dump-flows"?

From feihu929 at sina.com  Sun Jul 16 10:19:49 2017
From: feihu929 at sina.com (feihu929 at sina.com)
Date: Sun, 16 Jul 2017 18:19:49 +0800
Subject: [ovs-discuss] about L3 Route problem with two host
Message-ID: <20170716101949.DE5A2380546@webmail.sinamail.sina.com.cn>

I found the reason why the vm1 can not ping vm4.
It's may be I use vxlan to build the tun,  when replace geneve,  the vm1 can ping vm4

when use vxlan, run as below command in network1/2/3 host , 
[root at xxx ~]# ovs-vsctl set Open_vSwitch . external-ids:ovn-encap-type=vxlan 
the vm CAN NOT ping each other which not in the same logical switch and not in the same host node.

when use geneve, run as below command in network1/2/3 host , 
[root at xxx ~]# ovs-vsctl set Open_vSwitch . external-ids:ovn-encap-type=geneve
the vm CAN ping each other which not in the same logical switch and not in the same host node.

May be is a bug with vxlan?

From drizzle_su at 126.com  Sun Jul 16 15:30:09 2017
From: drizzle_su at 126.com (sujz)
Date: Sun, 16 Jul 2017 23:30:09 +0800 (CST)
Subject: [ovs-discuss] How to configure VxLAN tunnel with OpenVSwitch-2.7.0
 on Ubuntu14.04.1 ?
Message-ID: <5788477.4c9d.15d4c0567fe.Coremail.drizzle_su@126.com>

Hi, ALL:
 
I want to connect VMs located on two different machines with ovs bridge and VxLAN tunnel, suppose the topology as the picture 
shows, my configuration on host A like this(configuration on host B is almost the same except changing remote_ip to address of host A'eth0):
 
ovs-vsctl add-br ovs-br0
ovs-vsctl add-port ovs-br0 vtep -- set interface vtep type=vxlan options:remote_ip=172.168.1.200 options:key=5000
 

tap0 is created and automatically added to bridge ovs-br0 while starting VMs with qemu, but I cannot ping from VM1 to VM2.

I also googled some links like this: http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-openvswitch/ , which says I have to create two ovs-bridge, unfortunately, it doesn't tell whether(and how to) it is necessary to link these two bridges together.

I am confused that how does the ovs-br0 and eth0 communicate, does that the kernel TCP/IP stack help doing this job, or I have to create another ovs-bridge and connect these two bridges with patch ports ?

So please correct me if my topology or configurations aren't right, and many thanks in advance.

 

I also tried to configure vtep: ovs-vsctl add-port ovs-br0 vtep -- set interface vtep type=vxlan options:remote_ip=flow options:local_ip=flow options:key=flow Then add flow entry explicitly to match ARP request from VM1 and forward them to vtep. ovs-ofctl add-flow ovs-br0 "table=0, priority=50, in_port=ofport_of_tap0, actions=output:ofport_of_vtep". After ping from VM1 to VM2, dump-flows showed that the added entry was matched (according to the entry matched packets should be forwarded to vtep), but dump-ports showed that vtep received nothing, I don't know why, any hints are appreciated. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170716/dc0defa3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: topo.png
Type: image/png
Size: 33645 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170716/dc0defa3/attachment-0001.png>

From blp at ovn.org  Sun Jul 16 17:46:40 2017
From: blp at ovn.org (Ben Pfaff)
Date: Sun, 16 Jul 2017 10:46:40 -0700
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <CAA_4wjYfUa+b3R4W_y_QaYMGcAXjKaV=1p93O+onhEy+7QE4_w@mail.gmail.com>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
	<20170711153811.GF29918@ovn.org>
	<CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>
	<20170712151503.GQ29918@ovn.org>
	<CAA_4wjYfUa+b3R4W_y_QaYMGcAXjKaV=1p93O+onhEy+7QE4_w@mail.gmail.com>
Message-ID: <20170716174640.GO29918@ovn.org>

On Sun, Jul 16, 2017 at 09:37:05AM +0300, Sara Gittlin wrote:
> On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
> > Thank you Ben
> >
> > >> I need a tool to feel up the flow tables in ofproto.
> > >> do you know what tool/other should i use ?
> >
> > >What does it mean "to feel up" a flow table?
> >
> > i want to be able to read ofctl tables and to get a big output ~ 10000
> > - 50000 flows.
> > i need it to order to run some algo. on these flows (e.g. try to
> > generate megaflows .. )
> > i know that i can do it with sdn controller -  is there other tools ?
> 
> Do you just want to run "ovs-ofctl dump-flows"?
> 
> Thanks Ben
> this can be an option, unless there is a better way to retrieve all
> flows in ofproto

So far, you've said that you don't want to use a controller and you want
something "better" than ovs-ofctl.  What would be better?  It's
difficult to help when you don't give us much information on what you
want.

From scott.lowe at scottlowe.org  Mon Jul 17 03:14:09 2017
From: scott.lowe at scottlowe.org (Scott Lowe)
Date: Sun, 16 Jul 2017 21:14:09 -0600
Subject: [ovs-discuss] How to configure VxLAN tunnel with
 OpenVSwitch-2.7.0 on Ubuntu14.04.1 ?
In-Reply-To: <5788477.4c9d.15d4c0567fe.Coremail.drizzle_su@126.com>
References: <5788477.4c9d.15d4c0567fe.Coremail.drizzle_su@126.com>
Message-ID: <060CA38B-0B6A-4D96-9FFF-E9B4AC9AE70E@scottlowe.org>


> On Jul 16, 2017, at 9:30 AM, sujz <drizzle_su at 126.com> wrote:
> 
> Hi, ALL:
>  
> I want to connect VMs located on two different machines with ovs bridge and VxLAN tunnel, suppose the topology as the picture <topo.png>
> shows, my configuration on host A like this(configuration on host B is almost the same except changing remote_ip to address of host A'eth0):
>  
> ovs-vsctl add-br ovs-br0
> ovs-vsctl add-port ovs-br0 vtep -- set interface vtep type=vxlan options:remote_ip=172.168.1.200 options:key=5000
> 
>  
> tap0 is created and automatically added to bridge ovs-br0 while starting VMs with qemu, but I cannot ping from VM1 to VM2.
> 
> I also googled some links like this: http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-openvswitch/ , which says I have to create two ovs-bridge, unfortunately, it doesn't tell whether(and how to) it is necessary to link these two bridges together.
> 
> I am confused that how does the ovs-br0 and eth0 communicate, does that the kernel TCP/IP stack help doing this job, or I have to create another ovs-bridge and connect these two bridges with patch ports ?
> 
> So please correct me if my topology or configurations aren't right, and many thanks in advance.
> 
>  
> I also tried to configure vtep: ovs-vsctl add-port ovs-br0 vtep -- set interface vtep type=vxlan options:remote_ip=flow options:local_ip=flow options:key=flow Then add flow entry explicitly to match ARP request from VM1 and forward them to vtep. ovs-ofctl add-flow ovs-br0 "table=0, priority=50, in_port=ofport_of_tap0, actions=output:ofport_of_vtep". After ping from VM1 to VM2, dump-flows showed that the added entry was matched (according to the entry matched packets should be forwarded to vtep), but dump-ports showed that vtep received nothing, I don't know why, any hints are appreciated. 


If I?m understanding your configuration correctly, you don?t need an additional bridge. The OVS bridge hosting the VTEP (and the TAP interface) doesn?t need any additional interfaces or patch ports; you just need to ensure that the host system has a route to the tunnel endpoint on the other host. You may also need to adjust the MTU, since the VXLAN encapsulation adds some overhead.

-- 
Scott


From akhalikov at arccn.ru  Mon Jul 17 07:38:44 2017
From: akhalikov at arccn.ru (Aleksey Khalikov)
Date: Mon, 17 Jul 2017 10:38:44 +0300
Subject: [ovs-discuss] remap double-tagged frame
In-Reply-To: <20170712213530.GT22060@dev-rhel7>
References: <8880c16f-9253-4a80-2bfd-c3701bb6a024@arccn.ru>
	<20170712213530.GT22060@dev-rhel7>
Message-ID: <e1abc896-07c3-bfed-cd09-786164f90af3@arccn.ru>

Hello Eric,

That was the case! Thank you very much! Works like a charm!

Regards,

Aleksey


On 13.07.2017 00:35, Eric Garver wrote:
> ovs-vsctl set Open_vSwitch . other_config:vlan-limit=2


From sara.gittlin at gmail.com  Mon Jul 17 07:47:12 2017
From: sara.gittlin at gmail.com (Sara Gittlin)
Date: Mon, 17 Jul 2017 10:47:12 +0300
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <20170716174640.GO29918@ovn.org>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
	<20170711153811.GF29918@ovn.org>
	<CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>
	<20170712151503.GQ29918@ovn.org>
	<CAA_4wjYfUa+b3R4W_y_QaYMGcAXjKaV=1p93O+onhEy+7QE4_w@mail.gmail.com>
	<20170716174640.GO29918@ovn.org>
Message-ID: <CAA_4wjYzZrt2m30Yh-pnuX-yzWx6WWYBBHY-vw0VHjwcitSPEg@mail.gmail.com>

On Sun, Jul 16, 2017 at 09:37:05AM +0300, Sara Gittlin wrote:
> On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
> > Thank you Ben
> >
> > >> I need a tool to feel up the flow tables in ofproto.
> > >> do you know what tool/other should i use ?
> >
> > >What does it mean "to feel up" a flow table?
> >
> > i want to be able to read ofctl tables and to get a big output ~ 10000
> > - 50000 flows.
> > i need it to order to run some algo. on these flows (e.g. try to
> > generate megaflows .. )
> > i know that i can do it with sdn controller -  is there other tools ?
>
> >Do you just want to run "ovs-ofctl dump-flows"?
> >
>>  Thanks Ben
>>  this can be an option, unless there is a better way to retrieve all
> > flows in ofproto

> So far, you've said that you don't want to use a controller and you want
> something "better" than ovs-ofctl.  What would be better?  It's
> difficult to help when you don't give us much information on what you
> want.

Ben,  i think i understand now.
I should use SDN controller , but how to create a big topology so lot
of flows can be created ?
mininet ? openstack ? other ?
Thank you. Sara

On Sun, Jul 16, 2017 at 8:46 PM, Ben Pfaff <blp at ovn.org> wrote:
> On Sun, Jul 16, 2017 at 09:37:05AM +0300, Sara Gittlin wrote:
>> On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
>> > Thank you Ben
>> >
>> > >> I need a tool to feel up the flow tables in ofproto.
>> > >> do you know what tool/other should i use ?
>> >
>> > >What does it mean "to feel up" a flow table?
>> >
>> > i want to be able to read ofctl tables and to get a big output ~ 10000
>> > - 50000 flows.
>> > i need it to order to run some algo. on these flows (e.g. try to
>> > generate megaflows .. )
>> > i know that i can do it with sdn controller -  is there other tools ?
>>
>> Do you just want to run "ovs-ofctl dump-flows"?
>>
>> Thanks Ben
>> this can be an option, unless there is a better way to retrieve all
>> flows in ofproto
>
> So far, you've said that you don't want to use a controller and you want
> something "better" than ovs-ofctl.  What would be better?  It's
> difficult to help when you don't give us much information on what you
> want.

From de.techno at gmail.com  Mon Jul 17 13:23:29 2017
From: de.techno at gmail.com (dE)
Date: Mon, 17 Jul 2017 18:53:29 +0530
Subject: [ovs-discuss] Getting to learn how OVS works.
Message-ID: <05757332-a7ff-665c-23d9-d3a73457f8bc@gmail.com>

Hi,
     I was browsing through the documentation searching for the internal 
workings of OVS. It appears there are 2 levels of details that the OVS 
project provides about OVS --

1) Extreme -- 
http://docs.openvswitch.org/en/latest/tutorials/ovs-advanced/, 
http://docs.openvswitch.org/en/latest/topics/datapath/ etc...
2) In brief -- http://docs.openvswitch.org/en/latest/intro/install/, 
http://docs.openvswitch.org/en/latest/intro/what-is-ovs/, 
http://docs.openvswitch.org/en/latest/intro/why-ovs/

You can't jump from 1) to 2) or 2) to 1) without an intermediate 1.5) 
which explains things like --

What kind of bridge does OVS make? How does it behave?
The concept of ports and interfaces.
The 'controller' and where does it exist and how to build it (well 1st 
let's try to explain what this is in term of OVS).
The role of tunnels(like GRE) and how does OVS accomplish a single 
switch view using them.

From aserdean at cloudbasesolutions.com  Mon Jul 17 14:42:54 2017
From: aserdean at cloudbasesolutions.com (Alin Serdean)
Date: Mon, 17 Jul 2017 14:42:54 +0000
Subject: [ovs-discuss] [openvswitch 2.7.90] testsuite: 2341 failed
Message-ID: <6FDA0CACF4BC624BBE12167875D71C9B409F8E29@CBSEX1.cloudbase.local>

## ------------------------------ ##
## openvswitch 2.7.90 test suite. ##
## ------------------------------ ##
2341. ovn.at:6815: testing ovn -- packet test with HA distributed router gateway port ...
creating ovn-sb database
creating ovn-nb database
starting ovn-northd
adding simulator 'main'
adding simulator 'hv1'
adding simulator 'gw1'
adding simulator 'gw2'
adding simulator 'ext1'
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
5e70205e-9cfe-4917-969c-d67b4a4bc43e
96c55603-9eea-467d-91f9-ae6b17fc6633
9b0c0120-8e6c-4ffd-a995-c6a701406535
./ovn.at:6910: ovn-nbctl --timeout=3 --wait=sb sync
stdout:
rm: cannot remove `ext1/vif1-rx.pcap': Permission denied
rm: cannot remove `ext1/vif1-tx.pcap': Permission denied

checking packets in ext1/vif1-tx.pcap against ext1-vif1.expected:
./ovn.at:6975: sort $rcv_text
--- expout      2017-07-17 17:39:40 +0300
+++ /c/_2017/july/17/ovs/tests/testsuite.dir/at-groups/2341/stdout      2017-07-17 17:39:40 +0300
@@ -1 +1,2 @@
 f0000001020400000201020308004500001c000000003f110100c0a80102ac1001030035111100080000
+ffffffffffff00000201020308060001080006040001000002010203ac100101000000000000ac100103
2341. ovn.at:6815:  FAILED (ovn.at:6975)

From de.techno at gmail.com  Mon Jul 17 14:43:11 2017
From: de.techno at gmail.com (dE)
Date: Mon, 17 Jul 2017 20:13:11 +0530
Subject: [ovs-discuss] Getting to learn how OVS works.
In-Reply-To: <05757332-a7ff-665c-23d9-d3a73457f8bc@gmail.com>
References: <05757332-a7ff-665c-23d9-d3a73457f8bc@gmail.com>
Message-ID: <e84c30b6-773e-142e-4f0b-ab0e65dd400e@gmail.com>

Ok so I guess I missed out the question and that is -- is there any 
document/reference/tutorial etc... which explains the mode of operation 
of OVS?


On 07/17/17 18:53, dE wrote:
> Hi,
>     I was browsing through the documentation searching for the 
> internal workings of OVS. It appears there are 2 levels of details 
> that the OVS project provides about OVS --
>
> 1) Extreme -- 
> http://docs.openvswitch.org/en/latest/tutorials/ovs-advanced/, 
> http://docs.openvswitch.org/en/latest/topics/datapath/ etc...
> 2) In brief -- http://docs.openvswitch.org/en/latest/intro/install/, 
> http://docs.openvswitch.org/en/latest/intro/what-is-ovs/, 
> http://docs.openvswitch.org/en/latest/intro/why-ovs/
>
> You can't jump from 1) to 2) or 2) to 1) without an intermediate 1.5) 
> which explains things like --
>
> What kind of bridge does OVS make? How does it behave?
> The concept of ports and interfaces.
> The 'controller' and where does it exist and how to build it (well 1st 
> let's try to explain what this is in term of OVS).
> The role of tunnels(like GRE) and how does OVS accomplish a single 
> switch view using them.


From scott.lowe at scottlowe.org  Mon Jul 17 15:19:38 2017
From: scott.lowe at scottlowe.org (Scott Lowe)
Date: Mon, 17 Jul 2017 09:19:38 -0600
Subject: [ovs-discuss] Getting to learn how OVS works.
In-Reply-To: <e84c30b6-773e-142e-4f0b-ab0e65dd400e@gmail.com>
References: <05757332-a7ff-665c-23d9-d3a73457f8bc@gmail.com>
	<e84c30b6-773e-142e-4f0b-ab0e65dd400e@gmail.com>
Message-ID: <B461602E-6F29-4DE1-9469-FBC4470815AA@scottlowe.org>


> On Jul 17, 2017, at 8:43 AM, dE <de.techno at gmail.com> wrote:
> 
> Ok so I guess I missed out the question and that is -- is there any document/reference/tutorial etc... which explains the mode of operation of OVS?
> 
> 
> On 07/17/17 18:53, dE wrote:
>> Hi,
>>    I was browsing through the documentation searching for the internal workings of OVS. It appears there are 2 levels of details that the OVS project provides about OVS --
>> 
>> 1) Extreme -- http://docs.openvswitch.org/en/latest/tutorials/ovs-advanced/, http://docs.openvswitch.org/en/latest/topics/datapath/ etc...
>> 2) In brief -- http://docs.openvswitch.org/en/latest/intro/install/, http://docs.openvswitch.org/en/latest/intro/what-is-ovs/, http://docs.openvswitch.org/en/latest/intro/why-ovs/
>> 
>> You can't jump from 1) to 2) or 2) to 1) without an intermediate 1.5) which explains things like --
>> 
>> What kind of bridge does OVS make? How does it behave?
>> The concept of ports and interfaces.
>> The 'controller' and where does it exist and how to build it (well 1st let's try to explain what this is in term of OVS).
>> The role of tunnels(like GRE) and how does OVS accomplish a single switch view using them.


This is a difficult question to answer because OVS can be used in many different ways. How you would use OVS in conjunction with OpenStack, for example, could be _very_ different than how you might use OVS with an SDN controller such as OpenDaylight.

Is there a particular use case/solution for which you need more information? That might better enable the OVS community to help you. We _want_ to help; we just need a bit more information in order to do so.

-- 
Scott


From blp at ovn.org  Mon Jul 17 16:46:37 2017
From: blp at ovn.org (Ben Pfaff)
Date: Mon, 17 Jul 2017 09:46:37 -0700
Subject: [ovs-discuss] [openvswitch 2.7.90] testsuite: 2341 failed
In-Reply-To: <6FDA0CACF4BC624BBE12167875D71C9B409F8E29@CBSEX1.cloudbase.local>
References: <6FDA0CACF4BC624BBE12167875D71C9B409F8E29@CBSEX1.cloudbase.local>
Message-ID: <20170717164637.GV29918@ovn.org>

On Mon, Jul 17, 2017 at 02:42:54PM +0000, Alin Serdean wrote:
> ## ------------------------------ ##
> ## openvswitch 2.7.90 test suite. ##
> ## ------------------------------ ##
> 2341. ovn.at:6815: testing ovn -- packet test with HA distributed router gateway port ...

[...]

> ./ovn.at:6975: sort $rcv_text
> --- expout      2017-07-17 17:39:40 +0300
> +++ /c/_2017/july/17/ovs/tests/testsuite.dir/at-groups/2341/stdout      2017-07-17 17:39:40 +0300
> @@ -1 +1,2 @@
>  f0000001020400000201020308004500001c000000003f110100c0a80102ac1001030035111100080000
> +ffffffffffff00000201020308060001080006040001000002010203ac100101000000000000ac100103

This test also hangs, apparently consistently, on my usual test machine.

From blp at ovn.org  Mon Jul 17 17:21:45 2017
From: blp at ovn.org (Ben Pfaff)
Date: Mon, 17 Jul 2017 10:21:45 -0700
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <CAA_4wjYzZrt2m30Yh-pnuX-yzWx6WWYBBHY-vw0VHjwcitSPEg@mail.gmail.com>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
	<20170711153811.GF29918@ovn.org>
	<CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>
	<20170712151503.GQ29918@ovn.org>
	<CAA_4wjYfUa+b3R4W_y_QaYMGcAXjKaV=1p93O+onhEy+7QE4_w@mail.gmail.com>
	<20170716174640.GO29918@ovn.org>
	<CAA_4wjYzZrt2m30Yh-pnuX-yzWx6WWYBBHY-vw0VHjwcitSPEg@mail.gmail.com>
Message-ID: <20170717172145.GC29918@ovn.org>

On Mon, Jul 17, 2017 at 10:47:12AM +0300, Sara Gittlin wrote:
> On Sun, Jul 16, 2017 at 09:37:05AM +0300, Sara Gittlin wrote:
> > On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
> > > Thank you Ben
> > >
> > > >> I need a tool to feel up the flow tables in ofproto.
> > > >> do you know what tool/other should i use ?
> > >
> > > >What does it mean "to feel up" a flow table?
> > >
> > > i want to be able to read ofctl tables and to get a big output ~ 10000
> > > - 50000 flows.
> > > i need it to order to run some algo. on these flows (e.g. try to
> > > generate megaflows .. )
> > > i know that i can do it with sdn controller -  is there other tools ?
> >
> > >Do you just want to run "ovs-ofctl dump-flows"?
> > >
> >>  Thanks Ben
> >>  this can be an option, unless there is a better way to retrieve all
> > > flows in ofproto
> 
> > So far, you've said that you don't want to use a controller and you want
> > something "better" than ovs-ofctl.  What would be better?  It's
> > difficult to help when you don't give us much information on what you
> > want.
> 
> Ben,  i think i understand now.
> I should use SDN controller , but how to create a big topology so lot
> of flows can be created ?
> mininet ? openstack ? other ?

I'll have to leave that question to others, because it's not my area of
expertise.  I do hear a lot of good things about mininet.

From e at erig.me  Tue Jul 18 16:56:55 2017
From: e at erig.me (Eric Garver)
Date: Tue, 18 Jul 2017 12:56:55 -0400
Subject: [ovs-discuss] Cannot match correct ethertype after POP vlan and
 GOTO table
In-Reply-To: <CAFw10rE6ZxM0DmNPYRG0ewSfMhLxNvynM=oAQUgaMfj4Kn4Qzg@mail.gmail.com>
References: <CAFw10rE6ZxM0DmNPYRG0ewSfMhLxNvynM=oAQUgaMfj4Kn4Qzg@mail.gmail.com>
Message-ID: <20170718165655.GU22060@dev-rhel7>

On Tue, Jul 04, 2017 at 03:27:50PM +0800, Dickens Yeh wrote:
> Hi,
> I have an question, and I haven't found any OpenFlow Spec to defined it ,
> please give me a help.
> 
> I am trying to work with 3 vlan tags, but it cannot match correct ethertype
> after pop 1 vlan tag.
> OVS Bridge already set with vlan-limit = 0, and it can watch over 2 vlan
> and match the correct ethertype like ARP.
> 
> My question is:  the packet have 3 vlan tags, pop 1 vlan tag and goto-table
> 1. In table 1, will it match with the new packet (modified) or the original
> packet like in table 0?

Original packet as in table 0. dl_type would be the 3rd VLAN tag in the
packet. goto_table does not cause the packet to be reparsed. Currently
OVS supports/parses 2 VLAN tags.

> 
> Thanks for answering my question.
> 
> best wishes,
> Dickens Yeh

> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


From jpettit at ovn.org  Wed Jul 19 06:40:41 2017
From: jpettit at ovn.org (Justin Pettit)
Date: Tue, 18 Jul 2017 23:40:41 -0700
Subject: [ovs-discuss] Open vSwitch 2.7.2 and 2.5.3 Available
Message-ID: <5D873EFA-586B-44DA-A0D2-3DCF1C1FE519@ovn.org>

The Open vSwitch team is pleased to announce the release of Open vSwitch 2.7.2:

   http://openvswitch.org/releases/openvswitch-2.7.2.tar.gz

This release contains bug fixes and minor improvements for 2.7.1.  Due to an issue introduced in the previous release, it is highly recommended that users of 2.7.1 upgrade.

In addition to the 2.7.2 release, we've also released 2.5.3 from our LTS branch, which contains fixes for 2.5.2:

   http://openvswitch.org/releases/openvswitch-2.5.3.tar.gz

--The Open vSwitch Team 

--------------------
Open vSwitch is a production quality, multilayer open source virtual switch. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces. Open vSwitch can operate both as a soft switch running within the hypervisor, and as the control stack for switching silicon. It has been ported to multiple virtualization platforms and switching chipsets.



From akhalikov at arccn.ru  Wed Jul 19 08:06:57 2017
From: akhalikov at arccn.ru (Aleksey Khalikov)
Date: Wed, 19 Jul 2017 11:06:57 +0300
Subject: [ovs-discuss] OVS with DPDK QoS (Priority Queue)
Message-ID: <0ad92979-2221-7328-2cec-180f1e075852@arccn.ru>

Hello guys!

I have another important question regarding QoS mechanisms.

Does OVS with DPDK have a possibility to create multiple queues and put 
the traffic with different priorities to corresponding queues.

If not, will you put on the development of these features?

Thanks in advance!

Very best regards,

Aleksey



From sara.gittlin at gmail.com  Wed Jul 19 11:12:24 2017
From: sara.gittlin at gmail.com (Sara Gittlin)
Date: Wed, 19 Jul 2017 14:12:24 +0300
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <20170717172145.GC29918@ovn.org>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
	<20170711153811.GF29918@ovn.org>
	<CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>
	<20170712151503.GQ29918@ovn.org>
	<CAA_4wjYfUa+b3R4W_y_QaYMGcAXjKaV=1p93O+onhEy+7QE4_w@mail.gmail.com>
	<20170716174640.GO29918@ovn.org>
	<CAA_4wjYzZrt2m30Yh-pnuX-yzWx6WWYBBHY-vw0VHjwcitSPEg@mail.gmail.com>
	<20170717172145.GC29918@ovn.org>
Message-ID: <CAA_4wjY7aiCqeR_W+8VLKC-wxMgRP+w-gLvBPOHYRWoWYTCySQ@mail.gmail.com>

On Mon, Jul 17, 2017 at 8:21 PM, Ben Pfaff <blp at ovn.org> wrote:
> On Mon, Jul 17, 2017 at 10:47:12AM +0300, Sara Gittlin wrote:
>> On Sun, Jul 16, 2017 at 09:37:05AM +0300, Sara Gittlin wrote:
>> > On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
>> > > Thank you Ben
>> > >
>> > > >> I need a tool to feel up the flow tables in ofproto.
>> > > >> do you know what tool/other should i use ?
>> > >
>> > > >What does it mean "to feel up" a flow table?
>> > >
>> > > i want to be able to read ofctl tables and to get a big output ~ 10000
>> > > - 50000 flows.
>> > > i need it to order to run some algo. on these flows (e.g. try to
>> > > generate megaflows .. )
>> > > i know that i can do it with sdn controller -  is there other tools ?
>> >
>> > >Do you just want to run "ovs-ofctl dump-flows"?
>> > >
>> >>  Thanks Ben
>> >>  this can be an option, unless there is a better way to retrieve all
>> > > flows in ofproto
>>
>> > So far, you've said that you don't want to use a controller and you want
>> > something "better" than ovs-ofctl.  What would be better?  It's
>> > difficult to help when you don't give us much information on what you
>> > want.
>>
>> Ben,  i think i understand now.
>> I should use SDN controller , but how to create a big topology so lot
>> of flows can be created ?
>> mininet ? openstack ? other ?
>
> I'll have to leave that question to others, because it's not my area of
> expertise.  I do hear a lot of good things about mininet.
Alternatively - where  can i find a real dataset of the output  of
ovs-dpct dump-flows   or ovs-ofctl dump-flows br
this should be a big dump  file  of the output of one of these commands above
Thanks - Sara

From blue at veracity.io  Wed Jul 19 17:05:47 2017
From: blue at veracity.io (Blue Lang)
Date: Wed, 19 Jul 2017 13:05:47 -0400
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <CAA_4wjY7aiCqeR_W+8VLKC-wxMgRP+w-gLvBPOHYRWoWYTCySQ@mail.gmail.com>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
	<20170711153811.GF29918@ovn.org>
	<CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>
	<20170712151503.GQ29918@ovn.org>
	<CAA_4wjYfUa+b3R4W_y_QaYMGcAXjKaV=1p93O+onhEy+7QE4_w@mail.gmail.com>
	<20170716174640.GO29918@ovn.org>
	<CAA_4wjYzZrt2m30Yh-pnuX-yzWx6WWYBBHY-vw0VHjwcitSPEg@mail.gmail.com>
	<20170717172145.GC29918@ovn.org>
	<CAA_4wjY7aiCqeR_W+8VLKC-wxMgRP+w-gLvBPOHYRWoWYTCySQ@mail.gmail.com>
Message-ID: <CAKCC41MKs_QPARx_j5g-BGH11t=V+Rb4YyiKzYALu80rnKkDTw@mail.gmail.com>

Sara,

Follow the mininet tutorials for creating large topologies with nox or pox,
then run dump-flows accordingly.

https://inside-openflow.com/2016/06/29/custom-mininet-topologies-and-introducing-atom/


Thanks,

On Wed, Jul 19, 2017 at 7:12 AM, Sara Gittlin <sara.gittlin at gmail.com>
wrote:

> On Mon, Jul 17, 2017 at 8:21 PM, Ben Pfaff <blp at ovn.org> wrote:
> > On Mon, Jul 17, 2017 at 10:47:12AM +0300, Sara Gittlin wrote:
> >> On Sun, Jul 16, 2017 at 09:37:05AM +0300, Sara Gittlin wrote:
> >> > On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
> >> > > Thank you Ben
> >> > >
> >> > > >> I need a tool to feel up the flow tables in ofproto.
> >> > > >> do you know what tool/other should i use ?
> >> > >
> >> > > >What does it mean "to feel up" a flow table?
> >> > >
> >> > > i want to be able to read ofctl tables and to get a big output ~
> 10000
> >> > > - 50000 flows.
> >> > > i need it to order to run some algo. on these flows (e.g. try to
> >> > > generate megaflows .. )
> >> > > i know that i can do it with sdn controller -  is there other tools
> ?
> >> >
> >> > >Do you just want to run "ovs-ofctl dump-flows"?
> >> > >
> >> >>  Thanks Ben
> >> >>  this can be an option, unless there is a better way to retrieve all
> >> > > flows in ofproto
> >>
> >> > So far, you've said that you don't want to use a controller and you
> want
> >> > something "better" than ovs-ofctl.  What would be better?  It's
> >> > difficult to help when you don't give us much information on what you
> >> > want.
> >>
> >> Ben,  i think i understand now.
> >> I should use SDN controller , but how to create a big topology so lot
> >> of flows can be created ?
> >> mininet ? openstack ? other ?
> >
> > I'll have to leave that question to others, because it's not my area of
> > expertise.  I do hear a lot of good things about mininet.
> Alternatively - where  can i find a real dataset of the output  of
> ovs-dpct dump-flows   or ovs-ofctl dump-flows br
> this should be a big dump  file  of the output of one of these commands
> above
> Thanks - Sara
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>



-- 
Blue Lang
PM *| *Veracity

3423 Piedmont Rd NE

Suite 350

Atlanta, GA  30305
Cell:  (770) 265-1381 <+17702651381>
https://www.linkedin.com/in/bluelang/
blue at veracity.io
www.veracity.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170719/9aea7fdf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170719/9aea7fdf/attachment-0001.png>

From sara.gittlin at gmail.com  Thu Jul 20 16:25:37 2017
From: sara.gittlin at gmail.com (Sara Gittlin)
Date: Thu, 20 Jul 2017 19:25:37 +0300
Subject: [ovs-discuss] A tool to feel-up flow-tables in ofproto
In-Reply-To: <CAKCC41MKs_QPARx_j5g-BGH11t=V+Rb4YyiKzYALu80rnKkDTw@mail.gmail.com>
References: <CAA_4wjacHs0C3gXs4z7c7MfKQbbmx6VUWSA8J_iOH_BJEp941g@mail.gmail.com>
	<20170711153811.GF29918@ovn.org>
	<CAA_4wjYmVUSr5wAzLhBZtTdhEnLJup-fY48vZ6gUrjFKNXu8FA@mail.gmail.com>
	<20170712151503.GQ29918@ovn.org>
	<CAA_4wjYfUa+b3R4W_y_QaYMGcAXjKaV=1p93O+onhEy+7QE4_w@mail.gmail.com>
	<20170716174640.GO29918@ovn.org>
	<CAA_4wjYzZrt2m30Yh-pnuX-yzWx6WWYBBHY-vw0VHjwcitSPEg@mail.gmail.com>
	<20170717172145.GC29918@ovn.org>
	<CAA_4wjY7aiCqeR_W+8VLKC-wxMgRP+w-gLvBPOHYRWoWYTCySQ@mail.gmail.com>
	<CAKCC41MKs_QPARx_j5g-BGH11t=V+Rb4YyiKzYALu80rnKkDTw@mail.gmail.com>
Message-ID: <CAA_4wjYSQDGmHuGoPSfArv5e=g5ZDzMpZcWR9cD3255DVNpZ2w@mail.gmail.com>

Many thanks Blue
Now im able to generate huge amount of entries in ofproto tables. These are
simple flows because i run the controller w simple-switch-l3 .how to run it
to generate more complex flows.
Sara.

?????? 19 ????? 2017 20:05,? "Blue Lang" <blue at veracity.io> ???:

> Sara,
>
> Follow the mininet tutorials for creating large topologies with nox or
> pox, then run dump-flows accordingly.
>
> https://inside-openflow.com/2016/06/29/custom-mininet-
> topologies-and-introducing-atom/
>
>
> Thanks,
>
> On Wed, Jul 19, 2017 at 7:12 AM, Sara Gittlin <sara.gittlin at gmail.com>
> wrote:
>
>> On Mon, Jul 17, 2017 at 8:21 PM, Ben Pfaff <blp at ovn.org> wrote:
>> > On Mon, Jul 17, 2017 at 10:47:12AM +0300, Sara Gittlin wrote:
>> >> On Sun, Jul 16, 2017 at 09:37:05AM +0300, Sara Gittlin wrote:
>> >> > On Wed, Jul 12, 2017 at 11:40:41AM +0300, Sara Gittlin wrote:
>> >> > > Thank you Ben
>> >> > >
>> >> > > >> I need a tool to feel up the flow tables in ofproto.
>> >> > > >> do you know what tool/other should i use ?
>> >> > >
>> >> > > >What does it mean "to feel up" a flow table?
>> >> > >
>> >> > > i want to be able to read ofctl tables and to get a big output ~
>> 10000
>> >> > > - 50000 flows.
>> >> > > i need it to order to run some algo. on these flows (e.g. try to
>> >> > > generate megaflows .. )
>> >> > > i know that i can do it with sdn controller -  is there other
>> tools ?
>> >> >
>> >> > >Do you just want to run "ovs-ofctl dump-flows"?
>> >> > >
>> >> >>  Thanks Ben
>> >> >>  this can be an option, unless there is a better way to retrieve all
>> >> > > flows in ofproto
>> >>
>> >> > So far, you've said that you don't want to use a controller and you
>> want
>> >> > something "better" than ovs-ofctl.  What would be better?  It's
>> >> > difficult to help when you don't give us much information on what you
>> >> > want.
>> >>
>> >> Ben,  i think i understand now.
>> >> I should use SDN controller , but how to create a big topology so lot
>> >> of flows can be created ?
>> >> mininet ? openstack ? other ?
>> >
>> > I'll have to leave that question to others, because it's not my area of
>> > expertise.  I do hear a lot of good things about mininet.
>> Alternatively - where  can i find a real dataset of the output  of
>> ovs-dpct dump-flows   or ovs-ofctl dump-flows br
>> this should be a big dump  file  of the output of one of these commands
>> above
>> Thanks - Sara
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>
>
>
> --
> Blue Lang
> PM *| *Veracity
>
> 3423 Piedmont Rd NE
>
> Suite 350
>
> Atlanta, GA  30305
> Cell:  (770) 265-1381 <+17702651381>
> https://www.linkedin.com/in/bluelang/
> blue at veracity.io
> www.veracity.io
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170720/8dc07f5e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170720/8dc07f5e/attachment.png>

From shivaram.mysore at gmail.com  Thu Jul 20 16:30:08 2017
From: shivaram.mysore at gmail.com (Shivaram Mysore)
Date: Thu, 20 Jul 2017 09:30:08 -0700
Subject: [ovs-discuss] multiple controllers to OVS secured via TLS
Message-ID: <CAJRY+jqT3rTs-gKmDOEOyoB1HF_nObnoy9Gxe3y+Y6tcdMJE0A@mail.gmail.com>

Hi,
I am using ovs-vsctl set-ssl to set certificate and key information for OF
Control channel secured via TLS.  I need to have more than one SSL
controller configured.  The certs, keys and even CA certs are different.
How can use the set-ssl option to configure the same?

Pointers to any documentation is also highly appreciated.

thanks

/Shivaram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170720/8aec0bbb/attachment.html>

From shivaram.mysore at gmail.com  Sat Jul 22 00:18:08 2017
From: shivaram.mysore at gmail.com (Shivaram Mysore)
Date: Fri, 21 Jul 2017 17:18:08 -0700
Subject: [ovs-discuss] multiple controllers to OVS secured via TLS
In-Reply-To: <CAJRY+jqT3rTs-gKmDOEOyoB1HF_nObnoy9Gxe3y+Y6tcdMJE0A@mail.gmail.com>
References: <CAJRY+jqT3rTs-gKmDOEOyoB1HF_nObnoy9Gxe3y+Y6tcdMJE0A@mail.gmail.com>
Message-ID: <CAJRY+jqDGd6e0Y21ST18t3uLf=ykZBHB53UkDmKiSvy6f7=4gg@mail.gmail.com>

Any pointers to my question?
Thanks!

On Thu, Jul 20, 2017 at 9:30 AM, Shivaram Mysore <shivaram.mysore at gmail.com>
wrote:

> Hi,
> I am using ovs-vsctl set-ssl to set certificate and key information for
> OF Control channel secured via TLS.  I need to have more than one SSL
> controller configured.  The certs, keys and even CA certs are different.
> How can use the set-ssl option to configure the same?
>
> Pointers to any documentation is also highly appreciated.
>
> thanks
>
> /Shivaram
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170721/3600b596/attachment-0001.html>

From lrichard at redhat.com  Sat Jul 22 12:45:55 2017
From: lrichard at redhat.com (Lance Richardson)
Date: Sat, 22 Jul 2017 08:45:55 -0400 (EDT)
Subject: [ovs-discuss] multiple controllers to OVS secured via TLS
In-Reply-To: <CAJRY+jqDGd6e0Y21ST18t3uLf=ykZBHB53UkDmKiSvy6f7=4gg@mail.gmail.com>
References: <CAJRY+jqT3rTs-gKmDOEOyoB1HF_nObnoy9Gxe3y+Y6tcdMJE0A@mail.gmail.com>
	<CAJRY+jqDGd6e0Y21ST18t3uLf=ykZBHB53UkDmKiSvy6f7=4gg@mail.gmail.com>
Message-ID: <1638504521.37166283.1500727555467.JavaMail.zimbra@redhat.com>

> From: "Shivaram Mysore" <shivaram.mysore at gmail.com>
> To: ovs-discuss at openvswitch.org
> Sent: Friday, 21 July, 2017 8:18:08 PM
> Subject: Re: [ovs-discuss] multiple controllers to OVS secured via TLS
> 
> Any pointers to my question?
> Thanks!
> 
> On Thu, Jul 20, 2017 at 9:30 AM, Shivaram Mysore < shivaram.mysore at gmail.com
> > wrote:
> 
> 
> 
> Hi,
> I am using ovs-vsctl set-ssl to set certificate and key information for OF
> Control channel secured via TLS. I need to have more than one SSL controller
> configured. The certs, keys and even CA certs are different. How can use the
> set-ssl option to configure the same?
> 
> Pointers to any documentation is also highly appreciated.
> 
> thanks
> 
> /Shivaram
> 

This isn't possible with the current implementation.

Regards,

   Lance

From shivaram.mysore at gmail.com  Sat Jul 22 13:32:14 2017
From: shivaram.mysore at gmail.com (Shivaram Mysore)
Date: Sat, 22 Jul 2017 06:32:14 -0700
Subject: [ovs-discuss] multiple controllers to OVS secured via TLS
In-Reply-To: <1638504521.37166283.1500727555467.JavaMail.zimbra@redhat.com>
References: <CAJRY+jqT3rTs-gKmDOEOyoB1HF_nObnoy9Gxe3y+Y6tcdMJE0A@mail.gmail.com>
	<CAJRY+jqDGd6e0Y21ST18t3uLf=ykZBHB53UkDmKiSvy6f7=4gg@mail.gmail.com>
	<1638504521.37166283.1500727555467.JavaMail.zimbra@redhat.com>
Message-ID: <619D9C37-3624-457C-B6B1-7C7287656642@gmail.com>

Thanks Lance for the response.  Are there plans to update this?

/Shivaram
::Sent from my mobile device::

On Jul 22, 2017, at 5:45 AM, Lance Richardson <lrichard at redhat.com> wrote:

>> From: "Shivaram Mysore" <shivaram.mysore at gmail.com>
>> To: ovs-discuss at openvswitch.org
>> Sent: Friday, 21 July, 2017 8:18:08 PM
>> Subject: Re: [ovs-discuss] multiple controllers to OVS secured via TLS
>> 
>> Any pointers to my question?
>> Thanks!
>> 
>> On Thu, Jul 20, 2017 at 9:30 AM, Shivaram Mysore < shivaram.mysore at gmail.com
>>> wrote:
>> 
>> 
>> 
>> Hi,
>> I am using ovs-vsctl set-ssl to set certificate and key information for OF
>> Control channel secured via TLS. I need to have more than one SSL controller
>> configured. The certs, keys and even CA certs are different. How can use the
>> set-ssl option to configure the same?
>> 
>> Pointers to any documentation is also highly appreciated.
>> 
>> thanks
>> 
>> /Shivaram
>> 
> 
> This isn't possible with the current implementation.
> 
> Regards,
> 
>   Lance

From sara.gittlin at gmail.com  Sun Jul 23 13:37:08 2017
From: sara.gittlin at gmail.com (Sara Gittlin)
Date: Sun, 23 Jul 2017 16:37:08 +0300
Subject: [ovs-discuss] OVS megaflows
Message-ID: <CAA_4wjbvkHGz9yk29mEg2_p2souMwEb8GyaCJ9Y-5GOxhQWzTA@mail.gmail.com>

Hello,
I understand that there is a support for megaflows in the kernel and netlink.
I also understand that there is no megaflow implementation in ofproto.
i.e. there is no implementation of compressing (if possible) all flows
in ofproto table to megaflows and installing it in the datapath. is
that correct ?
Thanks in advance - Sara

From deepthysugesh at gmail.com  Sun Jul 23 21:36:32 2017
From: deepthysugesh at gmail.com (Sugu Deepthy)
Date: Sun, 23 Jul 2017 22:36:32 +0100
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4
	cards
In-Reply-To: <57cf824f-040d-2dd4-100d-71c3c1121c25@mellanox.com>
References: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
	<59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>
	<CAMHvpbNoBp6wYozJj=DfNp=PYUVGwus_oSZDUR39XNSG6Ka95A@mail.gmail.com>
	<CAMHvpbN4v_qP+H4BzmHgkWvPNsheRzEChQ61f++SU8YO5fpGxg@mail.gmail.com>
	<57cf824f-040d-2dd4-100d-71c3c1121c25@mellanox.com>
Message-ID: <CAMHvpbN+EN4nHgjdi4ETHfR11J4Re9cdL9hzmjV1cSU9xjH56A@mail.gmail.com>

Hi Roi,
Thank you for  your reply.
Sorry for not getting back on this before. Was held up in some other stuff.
Please find my answers below.

On Wed, Jul 12, 2017 at 5:33 AM, Roi Dayan <roid at mellanox.com> wrote:

>
>
> On 11/07/2017 14:28, Sugu Deepthy wrote:
>
>> Hi Roi
>>
>> On Tue, Jul 11, 2017 at 12:20 AM, Sugu Deepthy <deepthysugesh at gmail.com
>> <mailto:deepthysugesh at gmail.com>> wrote:
>>
>>     Thank you Roi for your help!
>>
>>     On Mon, Jul 10, 2017 at 4:57 AM, Roi Dayan <roid at mellanox.com
>>     <mailto:roid at mellanox.com>> wrote:
>>
>>
>>
>>         On 07/07/2017 17:36, Sugu Chandran wrote:
>>
>>             Hi,
>>
>>             I am trying to test hardware offloading feature in OVS using
>>             a 2*25G
>>             mellanox NIC.   My test setup has static OVS L2 rules to
>>             forward packets
>>             between these two ports. The traffic generators are
>>             connected to these
>>             ports to pump in traffic.
>>             The hardware offloading is enabled in the system by using,
>>                 ovs-vsctl --no-wait set Open_vSwitch .
>>             other_config:hw-offload=true
>>             I didnt set any hw-policy explicit,  as I kept it default as
>>             'None'
>>
>>             I noticed that when I am sending traffic to these ports,
>>             there are no
>>             rules that are getting programmed into the hardware. Also
>>             there are no
>>             error reported in ovs-vswitchd.log as such.
>>             Of Course the packets are getting forwarded in software.  Is
>>             there
>>             anything else needs to be done to make the TC for
>>             programming the
>>             mellanox NICs?
>>
>>             Regards
>>             _Sugu
>>
>>
>>
>>         Hi Sugo,
>>
>>         Since you do not have errors in the log did you check if the rules
>>         were added to tc software?
>>         you can dump like this:
>>         # tc -s filter show dev ens5f0 ingress
>>
>>     I dont see any rules that are configured with above tc dump.
>>
>>
> then nothing went to the HCA because even if the HW doesn't
> support it the rule should be in tc software.

[Sugesh] Yes thats right.

>
>
>>
>>         You need to enable the offload feature on the HCA with ethtool.
>>         example:
>>         # ethtool -K ens5f0 hw-tc-offload on
>>
>>     This is enabled .
>>
>>     I am trying to forward traffic between two PFs on the same NIC?
>>     Does it supported in the offload implementation?
>>
>
> offload between PF ports is currently not supported.
> only PF and its VFs.

[Sugu]
Ok. I am trying to do the traffic forwarding between PF and VFs . But no
luck so far.

>
>
>
>     When creating the switchdev on PFs with 2 VFs, there is no VF
>>     netdevs are populated in my system. They are still showing as the
>>     vfs under the PF.
>>     Ofcourse there are no errors too.
>>
>>     Also the system reports the mode 'inline-mode transport'is
>> unsupported.
>>     I am using ubunutu 17.04 with 4.10 kernel.
>>     Is there anything I am missing here?
>>     Any help is really appreciated!.
>>
>> [Sugu] Some more details on this. I was really getting error when trying
>> to enable hw-offload on mlnx-4 NICs.
>> Didnt notice in the logs before.
>>
>> This the error info that I got from mellanox git.
>>
>> BAD_SYS_STATE | 0x368B01 | query_vport_counter: vport is not enabled
>> (INIT_HCA is required)
>>
>
> executing which command raised this error?

[Sugu] I upgraded the system and now I dont see this error anymore. Instead
I see this

[ 1103.216355] mlx5_3:wait_for_async_commands:722:(pid 3097): done with all
pending requests
[ 1115.954770] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
state(0x4), syndrome (0x368b01)
[ 1115.954902] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
state(0x4), syndrome (0x368b01)

I am getting this error back to back for every command(2 entry for each
command as I have 2 VFs, may be?)
starting from unbind, devlink, ethtool and starting the VM.
And inside the VM the VFs are not bound to any driver either. Is there any
wrong with the NIC?



>
>
>
>> I verfied that the ports named eth1, eth2, eth3 and et4 are created for
>> my vfs, when
>> I ran the commands 'devlink dev eswitch set pci/0000:07:00.0 mode
>> switchdev' and
>> 'devlink dev eswitch set pci/0000:07:00.1 mode switchdev'
>>
>> The detailed error in dmesg are given below,
>> [ 1245.941287] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3107):
>> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>> state(0x4), syndrome (0x368b01)
>> [ 1245.941478] mlx5_core 0000:07:00.1: mlx5_cmd_check:697:(pid 3107):
>> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>> state(0x4), syndrome (0x368b01)
>>
>> Please note I couldn't run the "inline-mode transport" command as its
>> not supported.
>>
>>
> maybe you need newer iproute package. try to install latest upstream.
>
[Sugu]
I am using latest Ubuntu release
>>>

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu Artful Aardvark (development branch)
Release:        17.10
Codename:       artful
>>>>>
and my kernel is
4.11.0-10-generic #15-Ubuntu SMP Thu Jun 29 15:03:41 UTC 2017 x86_64 x86_64
x86_64 GNU/Linux

And still it need to install the newer iproute package additonally? Is that
the requirement to use the hardware offload in OVS?
And my iproute version is
ip -V
ip utility, iproute2-ss161212
Can you share which version of iproute you use for the testing?



>
>>
>>         We still need to work on docs for this feature but for now I
>>         documented it a little here:
>>         https://github.com/roidayan/ovs/wiki
>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Cro
>> id%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca6529
>> 71c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668&sda
>> ta=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0>
>>
>>     As suggested in the wiki,
>>
>>
>>
>>         Thanks,
>>         Roi
>>
>>
>>
>>
>>             _______________________________________________
>>             discuss mailing list
>>             discuss at openvswitch.org <mailto:discuss at openvswitch.org>
>>             https://emea01.safelinks.protection.outlook.com/?url=https%3
>> A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discu
>> ss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce
>> 08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C63
>> 6350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%
>> 2FKQzka7gedr1%2FUE%3D&reserved=0
>>             <https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-disc
>> uss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87c
>> e08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C6
>> 36350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%
>> 2FKQzka7gedr1%2FUE%3D&reserved=0>
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170723/54ff2fe5/attachment-0001.html>

From blak111 at gmail.com  Sun Jul 23 23:59:44 2017
From: blak111 at gmail.com (Kevin Benton)
Date: Sun, 23 Jul 2017 16:59:44 -0700
Subject: [ovs-discuss] Added interface to bridge gets added unexpectedly
 a second time by OVS
In-Reply-To: <OF6A2C698B.0BB5E5E8-ON0025815B.006189CF-0025815B.00695AF2@notes.na.collabserv.com>
References: <OF6A2C698B.0BB5E5E8-ON0025815B.006189CF-0025815B.00695AF2@notes.na.collabserv.com>
Message-ID: <CAO_F6JMt4kymaHeQ2SHT=LT5AGsX3tfMmgDc1qEmLK2UbSiOAg@mail.gmail.com>

For more info, we had been running into this issue when immediately trying
to set the MAC address on a port right after it was created.

Nobody was able to figure out why the port would disappear from OVS and
then re-appear so we ended up merging an ugly hack to deal with it:
https://github.com/openstack/neutron/commit/a75ce6850f3954edafbb0c128750e39b57875743

Here is the bug report that has some more info:
https://bugs.launchpad.net/neutron/+bug/1618987

On Wed, Jul 12, 2017 at 12:10 PM, Miguel A Lavalle <malavall at us.ibm.com>
wrote:

> Hi,
>
> I am debugging failures in OpenStack Neutron functional tests. The
> sequence of events is the following:
>
> 1) An interface is added successfully to a bridge
>
> 2) The addition of the interface is logged by ovs-vswitchd
>
> 3) The test fails because it cannot find the interface when trying to move
> it to a linux namespace
>
> 4) ovs-vswitchd logs a second time the addition of the interface to the
> bridge
>
> These are the relevant entries from the ovs-vswitchd and the functional
> test logs (the INFO level entries come from ovs-vswitchd):
> http://paste.openstack.org/show/615193/
>
> OVS version from the ovs-vswitchd:
>
> 2017-07-12T07:56:31.554Z|00006|bridge|INFO|ovs-vswitchd (Open vSwitch) 2.5.2
>
>
> Miguel A. Lavalle
> OpenStack Neutron Software Developement Lead
> Linux Technology Center
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>


-- 
Kevin Benton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170723/19a31b1d/attachment.html>

From bike2wrk at gmail.com  Mon Jul 24 00:08:25 2017
From: bike2wrk at gmail.com (Christopher Wiedmaier)
Date: Sun, 23 Jul 2017 20:08:25 -0400
Subject: [ovs-discuss] OVN OpenStack Tutorial
Message-ID: <CA+1p47i53Ev0Nrth51qjSx4YokrkcQjPYSE0=FE2o7trWLq0TA@mail.gmail.com>

I am following the OVN OpenStack tutorial
http://docs.openvswitch.org/en/latest/tutorials/ovn-openstack/ but I am
unable to initialize devstack.  After running stack.sh I receive the
following error,

No package kernel-devel-3.10.0_514.26.2.e17.x86_64 available.

I tried to fix the error by running yum install kernel-devel and the
following is the output

Package kernel-devel-3.10.0-514.26.2.e17.x86_64 already exists.

After rerunning stach.sh I still receive the same error.  Not sure if the
script is looking for a package name with an "underscore" in the package
name when the correct package name uses a hyphen.

Any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170723/1d8f9e6b/attachment.html>

From sudhanshugupta1991 at gmail.com  Tue Jul 18 07:12:38 2017
From: sudhanshugupta1991 at gmail.com (Sudhanshu Gupta)
Date: Tue, 18 Jul 2017 12:42:38 +0530
Subject: [ovs-discuss] 802.1ad (QinQ) Support
Message-ID: <CAEjsOQdz54-eerz0G3w7fTyMGk8Mwbwx_RDF3aEuD2pJ5XBg=g@mail.gmail.com>

Hi,

I want to know whether double vlan tagged packets are supported in OVS
release 2.7.1 ?

If not, which version of OVS supports double vlan tagged packets?

Thanks,
Sudhanshu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170718/b151e8f1/attachment-0001.html>

From zkry.akgul at gmail.com  Wed Jul 19 14:28:07 2017
From: zkry.akgul at gmail.com (=?UTF-8?Q?Zekeriya_Akg=C3=BCl?=)
Date: Wed, 19 Jul 2017 17:28:07 +0300
Subject: [ovs-discuss] About ovs-docker
Message-ID: <CABX849oFkU=nDBsSBwnhrOQJQeFxe=AO44DHRGqO=a2gqy8Hgw@mail.gmail.com>

Hi,
I am student on Necmettin Erbakan Universty in Turkey.And working on
communication between dpdk powered openvswitch and docker.And some issues
occured about communication between docker and other hosts.

I explained my problem in this post:
https://superuser.com/questions/1231090/connected-with-open-
v-switch-connection-issue-between-docker-container-and-othe

Please response this post or response me by e-mail.

Thank you!
------------------------
Zekeriya AKG?L
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170719/64c41e83/attachment-0001.html>

From kevin at benton.pub  Sun Jul 23 23:57:05 2017
From: kevin at benton.pub (Kevin Benton)
Date: Sun, 23 Jul 2017 16:57:05 -0700
Subject: [ovs-discuss] Added interface to bridge gets added unexpectedly
 a second time by OVS
In-Reply-To: <OF6A2C698B.0BB5E5E8-ON0025815B.006189CF-0025815B.00695AF2@notes.na.collabserv.com>
References: <OF6A2C698B.0BB5E5E8-ON0025815B.006189CF-0025815B.00695AF2@notes.na.collabserv.com>
Message-ID: <CAO_F6JMYHovUOyOXD3G1etUkDHkuF0A8P4PrHqg-Eg1iSLAG1Q@mail.gmail.com>

For more info, we had been running into this issue when immediately trying
to set the MAC address on a port right after it was created.

Nobody was able to figure out why the port would disappear from OVS and
then re-appear so we ended up merging an ugly hack to deal with it:
https://github.com/openstack/neutron/commit/a75ce6850f3954edafbb0c128750e39b57875743

Here is the bug report that has some more info:
https://bugs.launchpad.net/neutron/+bug/1618987

On Wed, Jul 12, 2017 at 12:10 PM, Miguel A Lavalle <malavall at us.ibm.com>
wrote:

> Hi,
>
> I am debugging failures in OpenStack Neutron functional tests. The
> sequence of events is the following:
>
> 1) An interface is added successfully to a bridge
>
> 2) The addition of the interface is logged by ovs-vswitchd
>
> 3) The test fails because it cannot find the interface when trying to move
> it to a linux namespace
>
> 4) ovs-vswitchd logs a second time the addition of the interface to the
> bridge
>
> These are the relevant entries from the ovs-vswitchd and the functional
> test logs (the INFO level entries come from ovs-vswitchd):
> http://paste.openstack.org/show/615193/
>
> OVS version from the ovs-vswitchd:
>
> 2017-07-12T07:56:31.554Z|00006|bridge|INFO|ovs-vswitchd (Open vSwitch) 2.5.2
>
>
> Miguel A. Lavalle
> OpenStack Neutron Software Developement Lead
> Linux Technology Center
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170723/ed70c472/attachment-0001.html>

From roid at mellanox.com  Mon Jul 24 04:46:00 2017
From: roid at mellanox.com (Roi Dayan)
Date: Mon, 24 Jul 2017 07:46:00 +0300
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4
 cards
In-Reply-To: <CAMHvpbN+EN4nHgjdi4ETHfR11J4Re9cdL9hzmjV1cSU9xjH56A@mail.gmail.com>
References: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
	<59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>
	<CAMHvpbNoBp6wYozJj=DfNp=PYUVGwus_oSZDUR39XNSG6Ka95A@mail.gmail.com>
	<CAMHvpbN4v_qP+H4BzmHgkWvPNsheRzEChQ61f++SU8YO5fpGxg@mail.gmail.com>
	<57cf824f-040d-2dd4-100d-71c3c1121c25@mellanox.com>
	<CAMHvpbN+EN4nHgjdi4ETHfR11J4Re9cdL9hzmjV1cSU9xjH56A@mail.gmail.com>
Message-ID: <51c3d412-536c-587b-4da4-d3c9137063fa@mellanox.com>



On 24/07/2017 00:36, Sugu Deepthy wrote:
> Hi Roi,
> Thank you for  your reply.
> Sorry for not getting back on this before. Was held up in some other stuff.
> Please find my answers below.
>
> On Wed, Jul 12, 2017 at 5:33 AM, Roi Dayan <roid at mellanox.com
> <mailto:roid at mellanox.com>> wrote:
>
>
>
>     On 11/07/2017 14:28, Sugu Deepthy wrote:
>
>         Hi Roi
>
>         On Tue, Jul 11, 2017 at 12:20 AM, Sugu Deepthy
>         <deepthysugesh at gmail.com <mailto:deepthysugesh at gmail.com>
>         <mailto:deepthysugesh at gmail.com
>         <mailto:deepthysugesh at gmail.com>>> wrote:
>
>             Thank you Roi for your help!
>
>             On Mon, Jul 10, 2017 at 4:57 AM, Roi Dayan
>         <roid at mellanox.com <mailto:roid at mellanox.com>
>             <mailto:roid at mellanox.com <mailto:roid at mellanox.com>>> wrote:
>
>
>
>                 On 07/07/2017 17:36, Sugu Chandran wrote:
>
>                     Hi,
>
>                     I am trying to test hardware offloading feature in
>         OVS using
>                     a 2*25G
>                     mellanox NIC.   My test setup has static OVS L2 rules to
>                     forward packets
>                     between these two ports. The traffic generators are
>                     connected to these
>                     ports to pump in traffic.
>                     The hardware offloading is enabled in the system by
>         using,
>                         ovs-vsctl --no-wait set Open_vSwitch .
>                     other_config:hw-offload=true
>                     I didnt set any hw-policy explicit,  as I kept it
>         default as
>                     'None'
>
>                     I noticed that when I am sending traffic to these ports,
>                     there are no
>                     rules that are getting programmed into the hardware.
>         Also
>                     there are no
>                     error reported in ovs-vswitchd.log as such.
>                     Of Course the packets are getting forwarded in
>         software.  Is
>                     there
>                     anything else needs to be done to make the TC for
>                     programming the
>                     mellanox NICs?
>
>                     Regards
>                     _Sugu
>
>
>
>                 Hi Sugo,
>
>                 Since you do not have errors in the log did you check if
>         the rules
>                 were added to tc software?
>                 you can dump like this:
>                 # tc -s filter show dev ens5f0 ingress
>
>             I dont see any rules that are configured with above tc dump.
>
>
>     then nothing went to the HCA because even if the HW doesn't
>     support it the rule should be in tc software.
>
> [Sugesh] Yes thats right.
>
>
>
>
>                 You need to enable the offload feature on the HCA with
>         ethtool.
>                 example:
>                 # ethtool -K ens5f0 hw-tc-offload on
>
>             This is enabled .
>
>             I am trying to forward traffic between two PFs on the same NIC?
>             Does it supported in the offload implementation?
>
>
>     offload between PF ports is currently not supported.
>     only PF and its VFs.
>
> [Sugu]
> Ok. I am trying to do the traffic forwarding between PF and VFs . But no
> luck so far.
>
>
>
>
>             When creating the switchdev on PFs with 2 VFs, there is no VF
>             netdevs are populated in my system. They are still showing
>         as the
>             vfs under the PF.
>             Ofcourse there are no errors too.
>
>             Also the system reports the mode 'inline-mode transport'is
>         unsupported.
>             I am using ubunutu 17.04 with 4.10 kernel.
>             Is there anything I am missing here?
>             Any help is really appreciated!.
>
>         [Sugu] Some more details on this. I was really getting error
>         when trying
>         to enable hw-offload on mlnx-4 NICs.
>         Didnt notice in the logs before.
>
>         This the error info that I got from mellanox git.
>
>         BAD_SYS_STATE | 0x368B01 | query_vport_counter: vport is not enabled
>         (INIT_HCA is required)
>
>
>     executing which command raised this error?
>
> [Sugu] I upgraded the system and now I dont see this error anymore.
> Instead I see this
>
> [ 1103.216355] mlx5_3:wait_for_async_commands:722:(pid 3097): done with
> all pending requests
> [ 1115.954770] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
> state(0x4), syndrome (0x368b01)
> [ 1115.954902] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
> state(0x4), syndrome (0x368b01)
>
> I am getting this error back to back for every command(2 entry for each
> command as I have 2 VFs, may be?)
> starting from unbind, devlink, ethtool and starting the VM.
> And inside the VM the VFs are not bound to any driver either. Is there
> any wrong with the NIC?


looks like the syndrome you get is caused by querying a counter while
the HCA is not yes configured properly.
can you verify you are using the latest firmware?
can you verify the steps you do? did you enable sriov and moved to
switchdev mode?

>
>
>
>
>
>
>         I verfied that the ports named eth1, eth2, eth3 and et4 are
>         created for
>         my vfs, when
>         I ran the commands 'devlink dev eswitch set pci/0000:07:00.0 mode
>         switchdev' and
>         'devlink dev eswitch set pci/0000:07:00.1 mode switchdev'
>
>         The detailed error in dmesg are given below,
>         [ 1245.941287] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid
>         3107):
>         QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>         state(0x4), syndrome (0x368b01)
>         [ 1245.941478] mlx5_core 0000:07:00.1: mlx5_cmd_check:697:(pid
>         3107):
>         QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>         state(0x4), syndrome (0x368b01)
>
>         Please note I couldn't run the "inline-mode transport" command
>         as its
>         not supported.
>
>
>     maybe you need newer iproute package. try to install latest upstream.
>
> [Sugu]
> I am using latest Ubuntu release
>>>>
>
> No LSB modules are available.
> Distributor ID: Ubuntu
> Description:    Ubuntu Artful Aardvark (development branch)
> Release:        17.10
> Codename:       artful
>>>>>>
> and my kernel is
> 4.11.0-10-generic #15-Ubuntu SMP Thu Jun 29 15:03:41 UTC 2017 x86_64
> x86_64 x86_64 GNU/Linux
>
> And still it need to install the newer iproute package additonally? Is
> that the requirement to use the hardware offload in OVS?
> And my iproute version is
> ip -V
> ip utility, iproute2-ss161212
> Can you share which version of iproute you use for the testing?

I'm using latest upstream. I'm not sure if all needed patches are in
Ubuntu distro.
my versions looks like this: ip utility, iproute2-ss170501

if you have devlink and you can change mode to switchdev without an
error then it's ok to start going.


>
>
>
>
>
>                 We still need to work on docs for this feature but for now I
>                 documented it a little here:
>                 https://github.com/roidayan/ovs/wiki
>         <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Croid%40mellanox.com%7C2bbfa311e8124ec5ded508d4d212e423%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636364425969048836&sdata=C1Hc08dwe3cjYKIgUyNeCbHI%2FnuZlITuPhPpdyZYyME%3D&reserved=0>
>
>         <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Croid%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668&sdata=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0
>         <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Croid%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668&sdata=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0>>
>
>             As suggested in the wiki,
>
>
>
>                 Thanks,
>                 Roi
>
>
>
>
>                     _______________________________________________
>                     discuss mailing list
>                     discuss at openvswitch.org
>         <mailto:discuss at openvswitch.org> <mailto:discuss at openvswitch.org
>         <mailto:discuss at openvswitch.org>>
>
>         https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0
>         <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0>
>
>         <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0
>         <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0>>
>
>
>
>

From deepthysugesh at gmail.com  Mon Jul 24 08:05:36 2017
From: deepthysugesh at gmail.com (Sugu Deepthy)
Date: Mon, 24 Jul 2017 09:05:36 +0100
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4
	cards
In-Reply-To: <51c3d412-536c-587b-4da4-d3c9137063fa@mellanox.com>
References: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
	<59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>
	<CAMHvpbNoBp6wYozJj=DfNp=PYUVGwus_oSZDUR39XNSG6Ka95A@mail.gmail.com>
	<CAMHvpbN4v_qP+H4BzmHgkWvPNsheRzEChQ61f++SU8YO5fpGxg@mail.gmail.com>
	<57cf824f-040d-2dd4-100d-71c3c1121c25@mellanox.com>
	<CAMHvpbN+EN4nHgjdi4ETHfR11J4Re9cdL9hzmjV1cSU9xjH56A@mail.gmail.com>
	<51c3d412-536c-587b-4da4-d3c9137063fa@mellanox.com>
Message-ID: <CAMHvpbOBKgy34x_xFHkSbaahw_pa3S8wym7Ai=BkpUuyziD=tg@mail.gmail.com>

On Mon, Jul 24, 2017 at 5:46 AM, Roi Dayan <roid at mellanox.com> wrote:
<snip..>

>
>
>> [Sugu] I upgraded the system and now I dont see this error anymore.
>> Instead I see this
>>
>> [ 1103.216355] mlx5_3:wait_for_async_commands:722:(pid 3097): done with
>> all pending requests
>> [ 1115.954770] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
>> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>> state(0x4), syndrome (0x368b01)
>> [ 1115.954902] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
>> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>> state(0x4), syndrome (0x368b01)
>>
>> I am getting this error back to back for every command(2 entry for each
>> command as I have 2 VFs, may be?)
>> starting from unbind, devlink, ethtool and starting the VM.
>> And inside the VM the VFs are not bound to any driver either. Is there
>> any wrong with the NIC?
>>
>
>
> looks like the syndrome you get is caused by querying a counter while
> the HCA is not yes configured properly.
> can you verify you are using the latest firmware?
> can you verify the steps you do? did you enable sriov and moved to
> switchdev mode?

[Sugu] Ok. SR-IOV is enabled on the board. and the device is moved to
switchdev mode though it throws the error that shown above.

The firmware version of the card is
# ethtool -i ens786f0
driver: mlx5_core
version: 3.0-1 (January 2015)
firmware-version: 14.17.2032
expansion-rom-version:
bus-info: 0000:07:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: yes

Do you think this version firmware cannot support the offload??
Will try to install the latest firmware and keep you posted.

>
>
>
>>
>>
>>
>>
>>
>>         I verfied that the ports named eth1, eth2, eth3 and et4 are
>>         created for
>>         my vfs, when
>>         I ran the commands 'devlink dev eswitch set pci/0000:07:00.0 mode
>>         switchdev' and
>>         'devlink dev eswitch set pci/0000:07:00.1 mode switchdev'
>>
>>         The detailed error in dmesg are given below,
>>         [ 1245.941287] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid
>>         3107):
>>         QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>>         state(0x4), syndrome (0x368b01)
>>         [ 1245.941478] mlx5_core 0000:07:00.1: mlx5_cmd_check:697:(pid
>>         3107):
>>         QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>>         state(0x4), syndrome (0x368b01)
>>
>>         Please note I couldn't run the "inline-mode transport" command
>>         as its
>>         not supported.
>>
>>
>>     maybe you need newer iproute package. try to install latest upstream.
>>
>> [Sugu]
>> I am using latest Ubuntu release
>>
>>>
>>>>>
>> No LSB modules are available.
>> Distributor ID: Ubuntu
>> Description:    Ubuntu Artful Aardvark (development branch)
>> Release:        17.10
>> Codename:       artful
>>
>>>
>>>>>>> and my kernel is
>> 4.11.0-10-generic #15-Ubuntu SMP Thu Jun 29 15:03:41 UTC 2017 x86_64
>> x86_64 x86_64 GNU/Linux
>>
>> And still it need to install the newer iproute package additonally? Is
>> that the requirement to use the hardware offload in OVS?
>> And my iproute version is
>> ip -V
>> ip utility, iproute2-ss161212
>> Can you share which version of iproute you use for the testing?
>>
>
> I'm using latest upstream. I'm not sure if all needed patches are in
> Ubuntu distro.
> my versions looks like this: ip utility, iproute2-ss170501
>
> if you have devlink and you can change mode to switchdev without an
> error then it's ok to start going.
>
[Sugu] Ok. Thank you for confirming.

>
>
>
>>
>>
>>
>>
>>                 We still need to work on docs for this feature but for
>> now I
>>                 documented it a little here:
>>                 https://github.com/roidayan/ovs/wiki
>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%
>> 7Croid%40mellanox.com%7C2bbfa311e8124ec5ded508d4d212e423%7Ca
>> 652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636364425969048836
>> &sdata=C1Hc08dwe3cjYKIgUyNeCbHI%2FnuZlITuPhPpdyZYyME%3D&reserved=0>
>>
>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%
>> 7Croid%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca
>> 652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668
>> &sdata=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0
>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%
>> 7Croid%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca
>> 652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668
>> &sdata=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0>>
>>
>>             As suggested in the wiki,
>>
>>
>>
>>                 Thanks,
>>                 Roi
>>
>>
>>
>>
>>                     _______________________________________________
>>                     discuss mailing list
>>                     discuss at openvswitch.org
>>         <mailto:discuss at openvswitch.org> <mailto:discuss at openvswitch.org
>>         <mailto:discuss at openvswitch.org>>
>>
>>         https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-
>> discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814
>> cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%
>> 7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyyn
>> yaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0
>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-
>> discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814
>> cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%
>> 7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyyn
>> yaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0>
>>
>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-
>> discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814
>> cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%
>> 7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyyn
>> yaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0
>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-
>> discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814
>> cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%
>> 7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyyn
>> yaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0>>
>>
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170724/5a852517/attachment-0001.html>

From ppousada at gti.uvigo.es  Mon Jul 24 11:04:34 2017
From: ppousada at gti.uvigo.es (Pablo Pousada)
Date: Mon, 24 Jul 2017 13:04:34 +0200
Subject: [ovs-discuss] Lost connectivity when having multiple ports
Message-ID: <08a79dda-8699-18e4-6069-cae82bf8f5a8@gti.uvigo.es>

I've been encountering an error on the testbed I'm building, where 
having multiple ports added to a ovs bridge blocks all outwards 
communication.

Example: Having the following setup, i have connectivity through the 
eth0.3 port:

root at LEDE:~# ovs-vsctl show
41ae4f8f-55db-4cd0-8dd1-3e7b001d8f54
     Bridge "br0"
         Controller "tcp:192.168.1.151"
         Port "br0"
             Interface "br0"
                 type: internal
         Port "eth0.3"
             Interface "eth0.3"

Whenever I add another port to that bridge, inward packages are 
received, but outward packages are never sent. The problem persists with 
or without controller.

?Does anyone have any info on where the problem might be?

I'm using Open vSwitch version 2.5.0 over LEDE.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170724/1fb0ee81/attachment.html>

From e at erig.me  Mon Jul 24 12:38:47 2017
From: e at erig.me (Eric Garver)
Date: Mon, 24 Jul 2017 08:38:47 -0400
Subject: [ovs-discuss] 802.1ad (QinQ) Support
In-Reply-To: <CAEjsOQdz54-eerz0G3w7fTyMGk8Mwbwx_RDF3aEuD2pJ5XBg=g@mail.gmail.com>
References: <CAEjsOQdz54-eerz0G3w7fTyMGk8Mwbwx_RDF3aEuD2pJ5XBg=g@mail.gmail.com>
Message-ID: <20170724123847.GH29034@dev-rhel7>

On Tue, Jul 18, 2017 at 12:42:38PM +0530, Sudhanshu Gupta wrote:
> Hi,
> 
> I want to know whether double vlan tagged packets are supported in OVS
> release 2.7.1 ?

No. Not in the 2.7.x stream.

> 
> If not, which version of OVS supports double vlan tagged packets?

The next minor release, 2.8, will have support.

> 
> Thanks,
> Sudhanshu

> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

From madko77 at gmail.com  Mon Jul 24 18:28:59 2017
From: madko77 at gmail.com (Madko)
Date: Mon, 24 Jul 2017 18:28:59 +0000
Subject: [ovs-discuss] OVN OpenStack Tutorial
In-Reply-To: <CA+1p47i53Ev0Nrth51qjSx4YokrkcQjPYSE0=FE2o7trWLq0TA@mail.gmail.com>
References: <CA+1p47i53Ev0Nrth51qjSx4YokrkcQjPYSE0=FE2o7trWLq0TA@mail.gmail.com>
Message-ID: <CAJBde5bvFFATkWHRhQoTt2O2y3s5V9sekhJmuL2nN-vDOoVv8g@mail.gmail.com>

The script is wrong, just change in the script the _ by a - for the
kernel-devel package. Had the same issue here

Le lun. 24 juil. 2017 ? 02:08, Christopher Wiedmaier <bike2wrk at gmail.com> a
?crit :

> I am following the OVN OpenStack tutorial
> http://docs.openvswitch.org/en/latest/tutorials/ovn-openstack/ but I am
> unable to initialize devstack.  After running stack.sh I receive the
> following error,
>
> No package kernel-devel-3.10.0_514.26.2.e17.x86_64 available.
>
> I tried to fix the error by running yum install kernel-devel and the
> following is the output
>
> Package kernel-devel-3.10.0-514.26.2.e17.x86_64 already exists.
>
> After rerunning stach.sh I still receive the same error.  Not sure if the
> script is looking for a package name with an "underscore" in the package
> name when the correct package name uses a hyphen.
>
> Any ideas?
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170724/b907ff6f/attachment.html>

From guru at ovn.org  Mon Jul 24 19:47:38 2017
From: guru at ovn.org (Guru Shetty)
Date: Mon, 24 Jul 2017 12:47:38 -0700
Subject: [ovs-discuss] About ovs-docker
In-Reply-To: <CABX849oFkU=nDBsSBwnhrOQJQeFxe=AO44DHRGqO=a2gqy8Hgw@mail.gmail.com>
References: <CABX849oFkU=nDBsSBwnhrOQJQeFxe=AO44DHRGqO=a2gqy8Hgw@mail.gmail.com>
Message-ID: <CAM_3v9KyAM-URY7D5LCFZNr-F_J5si4Gs=d8Lf_LOcBmmXF+8Q@mail.gmail.com>

It looks like you already figured it out.

On 19 July 2017 at 07:28, Zekeriya Akg?l <zkry.akgul at gmail.com> wrote:

> Hi,
> I am student on Necmettin Erbakan Universty in Turkey.And working on
> communication between dpdk powered openvswitch and docker.And some issues
> occured about communication between docker and other hosts.
>
> I explained my problem in this post:
> https://superuser.com/questions/1231090/connected-with-open-
> v-switch-connection-issue-between-docker-container-and-othe
>
> Please response this post or response me by e-mail.
>
> Thank you!
> ------------------------
> Zekeriya AKG?L
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170724/fbe6835a/attachment.html>

From joe at ovn.org  Mon Jul 24 19:58:56 2017
From: joe at ovn.org (Joe Stringer)
Date: Mon, 24 Jul 2017 12:58:56 -0700
Subject: [ovs-discuss] OVS megaflows
In-Reply-To: <CAA_4wjbvkHGz9yk29mEg2_p2souMwEb8GyaCJ9Y-5GOxhQWzTA@mail.gmail.com>
References: <CAA_4wjbvkHGz9yk29mEg2_p2souMwEb8GyaCJ9Y-5GOxhQWzTA@mail.gmail.com>
Message-ID: <CAPWQB7Ex8MSOmEwk7Vc7rJ9H62j5tKOuJOfdVQB-baaSyNqoAQ@mail.gmail.com>

On 23 July 2017 at 06:37, Sara Gittlin <sara.gittlin at gmail.com> wrote:
> Hello,
> I understand that there is a support for megaflows in the kernel and netlink.
> I also understand that there is no megaflow implementation in ofproto.
> i.e. there is no implementation of compressing (if possible) all flows
> in ofproto table to megaflows and installing it in the datapath. is
> that correct ?

That's right - rather than pre-populating a representation of the
entire OpenFlow state, the ofproto-dpif implementation uses an
"upcall" model where the datapath acts as a cache for forwarding
behaviour, and the cache is populated on-demand as traffic arrives.

From newsforharbor at gmail.com  Tue Jul 25 03:17:12 2017
From: newsforharbor at gmail.com (Harbor Wang)
Date: Tue, 25 Jul 2017 11:17:12 +0800
Subject: [ovs-discuss] How OVN works with Openflow fast-failover group table
Message-ID: <CAJ07dVruRbDhEn2U3Pw4i_xzEZf3FN0AFLe=_hdijqbN96J97Q@mail.gmail.com>

Hi,

   I'm learning OVN and wonder how to let OVN works with  Openflow
fast-failover group table? We have a case that one port done the flow
should redirect to backup port.

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170725/4d665b63/attachment-0001.html>

From my_ovs_discuss at yahoo.com  Tue Jul 25 19:24:04 2017
From: my_ovs_discuss at yahoo.com (MY-OVS DISCUSS)
Date: Tue, 25 Jul 2017 19:24:04 +0000 (UTC)
Subject: [ovs-discuss] openvswitch-2.5.0 ovs-vsctl slow
References: <878376745.633212.1501010644009.ref@mail.yahoo.com>
Message-ID: <878376745.633212.1501010644009@mail.yahoo.com>

Hi,
Is there a way to set/remove/clear port's trunks using another command other than ovs-vsctl?ovs-vsctl is really slow in executing these operations, especially when there are more number of ports.
Currently we use ovs-vsctl add port foo1 trunks 123.
Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170725/a113d4eb/attachment.html>

From xianghuir at gmail.com  Thu Jul 27 02:47:16 2017
From: xianghuir at gmail.com (Hui Xiang)
Date: Thu, 27 Jul 2017 10:47:16 +0800
Subject: [ovs-discuss]  OVS-DPDK IP fragmentation require
Message-ID: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>

Hi guys,

  Seems OVS-DPDK still missing IP fragmentation support, is there any
schedule to have it? I'm  transferring to use OVN, but for those nodes
which have external network connection, they may face this problem, except
to configure Jumbo frames, is there any other workaround?

BR.
Hui.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/be93efd3/attachment.html>

From dball at vmware.com  Thu Jul 27 04:08:00 2017
From: dball at vmware.com (Darrell Ball)
Date: Thu, 27 Jul 2017 04:08:00 +0000
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
Message-ID: <A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>



From: <ovs-discuss-bounces at openvswitch.org> on behalf of Hui Xiang <xianghuir at gmail.com>
Date: Wednesday, July 26, 2017 at 7:47 PM
To: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require

Hi guys,

  Seems OVS-DPDK still missing IP fragmentation support, is there any schedule to have it?
OVS 2.9
I'm  transferring to use OVN, but for those nodes which have external network connection, they may face this problem,
except to configure Jumbo frames, is there any other workaround?

I am not clear on the situation however.
You mention about configuring jumbo frames which means you can avoid the fragments by doing this ?
If this is true, then this is the best way to proceed since performance will be better.
What is wrong with jumbo frames ?


BR.
Hui.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/822adea3/attachment.html>

From dball at vmware.com  Thu Jul 27 04:29:55 2017
From: dball at vmware.com (Darrell Ball)
Date: Thu, 27 Jul 2017 04:29:55 +0000
Subject: [ovs-discuss] OVS with DPDK QoS (Priority Queue)
In-Reply-To: <0ad92979-2221-7328-2cec-180f1e075852@arccn.ru>
References: <0ad92979-2221-7328-2cec-180f1e075852@arccn.ru>
Message-ID: <17DD69A8-B47D-4C1F-800F-8F2D66EB8C3F@vmware.com>



-----Original Message-----
From: <ovs-discuss-bounces at openvswitch.org> on behalf of Aleksey Khalikov <akhalikov at arccn.ru>
Date: Wednesday, July 19, 2017 at 1:06 AM
To: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
Subject: [ovs-discuss] OVS with DPDK QoS (Priority Queue)

    Hello guys!
    
    I have another important question regarding QoS mechanisms.
    
    Does OVS with DPDK have a possibility to create multiple queues and put 
    the traffic with different priorities to corresponding queues.

Is this what you are looking for ?
https://mail.openvswitch.org/pipermail/ovs-dev/2017-July/335986.html

    
    If not, will you put on the development of these features?
    
    Thanks in advance!
    
    Very best regards,
    
    Aleksey
    
    
    _______________________________________________
    discuss mailing list
    discuss at openvswitch.org
    https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddiscuss&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=tMtWoJzQ8XByPuSKllI9T8nE4Mm_P9M-2PjiZun115E&s=YUddvIkJ-Uzprveu6cX-ZncdMB1ahJuQkLeYGFBSz1I&e= 
    


From xianghuir at gmail.com  Thu Jul 27 04:43:03 2017
From: xianghuir at gmail.com (Hui Xiang)
Date: Thu, 27 Jul 2017 12:43:03 +0800
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
	<A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
Message-ID: <CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>

Thanks Darrell, comment inline.

On Thu, Jul 27, 2017 at 12:08 PM, Darrell Ball <dball at vmware.com> wrote:

>
>
>
>
> *From: *<ovs-discuss-bounces at openvswitch.org> on behalf of Hui Xiang <
> xianghuir at gmail.com>
> *Date: *Wednesday, July 26, 2017 at 7:47 PM
> *To: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *[ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
> Hi guys,
>
>
>
>   Seems OVS-DPDK still missing IP fragmentation support, is there any
> schedule to have it?
>
> OVS 2.9
>
> I'm  transferring to use OVN, but for those nodes which have external
> network connection, they may face this problem,
>
> except to configure Jumbo frames, is there any other workaround?
>
>
>
> I am not clear on the situation however.
>
> You mention about configuring jumbo frames which means you can avoid the
> fragments by doing this ?
>
No, I can't guarantee that, only can do it inside OpenStack, it is limited.

> If this is true, then this is the best way to proceed since performance
> will be better.
>
> What is wrong with jumbo frames ?
>
It's good but it's limited can't be guaranteed, so I am asking is there any
other way without IP fragmentation so far.

>
>
>
>
> BR.
>
> Hui.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/6367973a/attachment-0001.html>

From dball at vmware.com  Thu Jul 27 06:49:42 2017
From: dball at vmware.com (Darrell Ball)
Date: Thu, 27 Jul 2017 06:49:42 +0000
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
	<A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
	<CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>
Message-ID: <5270259E-FA59-4A20-8341-6E0C9C136AA8@vmware.com>



From: Hui Xiang <xianghuir at gmail.com>
Date: Wednesday, July 26, 2017 at 9:43 PM
To: Darrell Ball <dball at vmware.com>
Cc: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require

Thanks Darrell, comment inline.

On Thu, Jul 27, 2017 at 12:08 PM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: <ovs-discuss-bounces at openvswitch.org<mailto:ovs-discuss-bounces at openvswitch.org>> on behalf of Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Wednesday, July 26, 2017 at 7:47 PM
To: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require

Hi guys,

  Seems OVS-DPDK still missing IP fragmentation support, is there any schedule to have it?
OVS 2.9
I'm  transferring to use OVN, but for those nodes which have external network connection, they may face this problem,
except to configure Jumbo frames, is there any other workaround?

I am not clear on the situation however.
You mention about configuring jumbo frames which means you can avoid the fragments by doing this ?
No, I can't guarantee that, only can do it inside OpenStack, it is limited.
If this is true, then this is the best way to proceed since performance will be better.
What is wrong with jumbo frames ?
It's good but it's limited can't be guaranteed, so I am asking is there any other way without IP fragmentation so far.

It sounds like you want to avoid IP fragmentation; so far so good.
I am not sure I understand the whole picture though.
Maybe you can describe what you see ?; maybe a simple diagram would help ?


BR.
Hui.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/7351e2e3/attachment.html>

From deepthysugesh at gmail.com  Thu Jul 27 09:57:41 2017
From: deepthysugesh at gmail.com (Sugu Deepthy)
Date: Thu, 27 Jul 2017 10:57:41 +0100
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4
	cards
In-Reply-To: <CAMHvpbOBKgy34x_xFHkSbaahw_pa3S8wym7Ai=BkpUuyziD=tg@mail.gmail.com>
References: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
	<59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>
	<CAMHvpbNoBp6wYozJj=DfNp=PYUVGwus_oSZDUR39XNSG6Ka95A@mail.gmail.com>
	<CAMHvpbN4v_qP+H4BzmHgkWvPNsheRzEChQ61f++SU8YO5fpGxg@mail.gmail.com>
	<57cf824f-040d-2dd4-100d-71c3c1121c25@mellanox.com>
	<CAMHvpbN+EN4nHgjdi4ETHfR11J4Re9cdL9hzmjV1cSU9xjH56A@mail.gmail.com>
	<51c3d412-536c-587b-4da4-d3c9137063fa@mellanox.com>
	<CAMHvpbOBKgy34x_xFHkSbaahw_pa3S8wym7Ai=BkpUuyziD=tg@mail.gmail.com>
Message-ID: <CAMHvpbOKEb7u=xd203x9QdDqQwS_KokY+BMQJ3GcwRy5uwWuxQ@mail.gmail.com>

Hi Roi,
Thank you for the help,
Upgraded the firmware to 14.20 and used latest kernel(4.10) in VM.
Now its working correctly. I can forward packets between VM and physical
ports in the NIC. The oflloaded flows are showing in the OVS.

Few suggestions while preparing the installation document for hardware
offload.
1) Must need to provide minimum kernel version to use this feature.
2) The default MLNX firmware is not supporting the hardware offload for
some reason. Must specify what version of firmware and supported NICs
3) Even though I use the ethernet NIC, I have to install the IB verbs src
in the VM for attaching the VF to the DPDK. Not sure why this is a
prerequisite

Once again thank for the suggestions to make it working. :)

On Mon, Jul 24, 2017 at 9:05 AM, Sugu Deepthy <deepthysugesh at gmail.com>
wrote:

>
>
> On Mon, Jul 24, 2017 at 5:46 AM, Roi Dayan <roid at mellanox.com> wrote:
> <snip..>
>
>>
>>
>>> [Sugu] I upgraded the system and now I dont see this error anymore.
>>> Instead I see this
>>>
>>> [ 1103.216355] mlx5_3:wait_for_async_commands:722:(pid 3097): done with
>>> all pending requests
>>> [ 1115.954770] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
>>> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>>> state(0x4), syndrome (0x368b01)
>>> [ 1115.954902] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
>>> QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>>> state(0x4), syndrome (0x368b01)
>>>
>>> I am getting this error back to back for every command(2 entry for each
>>> command as I have 2 VFs, may be?)
>>> starting from unbind, devlink, ethtool and starting the VM.
>>> And inside the VM the VFs are not bound to any driver either. Is there
>>> any wrong with the NIC?
>>>
>>
>>
>> looks like the syndrome you get is caused by querying a counter while
>> the HCA is not yes configured properly.
>> can you verify you are using the latest firmware?
>> can you verify the steps you do? did you enable sriov and moved to
>> switchdev mode?
>
> [Sugu] Ok. SR-IOV is enabled on the board. and the device is moved to
> switchdev mode though it throws the error that shown above.
>
> The firmware version of the card is
> # ethtool -i ens786f0
> driver: mlx5_core
> version: 3.0-1 (January 2015)
> firmware-version: 14.17.2032
> expansion-rom-version:
> bus-info: 0000:07:00.0
> supports-statistics: yes
> supports-test: yes
> supports-eeprom-access: no
> supports-register-dump: no
> supports-priv-flags: yes
>
> Do you think this version firmware cannot support the offload??
> Will try to install the latest firmware and keep you posted.
>
>>
>>
>>
>>>
>>>
>>>
>>>
>>>
>>>         I verfied that the ports named eth1, eth2, eth3 and et4 are
>>>         created for
>>>         my vfs, when
>>>         I ran the commands 'devlink dev eswitch set pci/0000:07:00.0 mode
>>>         switchdev' and
>>>         'devlink dev eswitch set pci/0000:07:00.1 mode switchdev'
>>>
>>>         The detailed error in dmesg are given below,
>>>         [ 1245.941287] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid
>>>         3107):
>>>         QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>>>         state(0x4), syndrome (0x368b01)
>>>         [ 1245.941478] mlx5_core 0000:07:00.1: mlx5_cmd_check:697:(pid
>>>         3107):
>>>         QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
>>>         state(0x4), syndrome (0x368b01)
>>>
>>>         Please note I couldn't run the "inline-mode transport" command
>>>         as its
>>>         not supported.
>>>
>>>
>>>     maybe you need newer iproute package. try to install latest upstream.
>>>
>>> [Sugu]
>>> I am using latest Ubuntu release
>>>
>>>>
>>>>>>
>>> No LSB modules are available.
>>> Distributor ID: Ubuntu
>>> Description:    Ubuntu Artful Aardvark (development branch)
>>> Release:        17.10
>>> Codename:       artful
>>>
>>>>
>>>>>>>> and my kernel is
>>> 4.11.0-10-generic #15-Ubuntu SMP Thu Jun 29 15:03:41 UTC 2017 x86_64
>>> x86_64 x86_64 GNU/Linux
>>>
>>> And still it need to install the newer iproute package additonally? Is
>>> that the requirement to use the hardware offload in OVS?
>>> And my iproute version is
>>> ip -V
>>> ip utility, iproute2-ss161212
>>> Can you share which version of iproute you use for the testing?
>>>
>>
>> I'm using latest upstream. I'm not sure if all needed patches are in
>> Ubuntu distro.
>> my versions looks like this: ip utility, iproute2-ss170501
>>
>> if you have devlink and you can change mode to switchdev without an
>> error then it's ok to start going.
>>
> [Sugu] Ok. Thank you for confirming.
>
>>
>>
>>
>>>
>>>
>>>
>>>
>>>                 We still need to work on docs for this feature but for
>>> now I
>>>                 documented it a little here:
>>>                 https://github.com/roidayan/ovs/wiki
>>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>>> 3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Cro
>>> id%40mellanox.com%7C2bbfa311e8124ec5ded508d4d212e423%7Ca6529
>>> 71c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636364425969048836&
>>> sdata=C1Hc08dwe3cjYKIgUyNeCbHI%2FnuZlITuPhPpdyZYyME%3D&reserved=0>
>>>
>>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>>> 3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Cro
>>> id%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca6529
>>> 71c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668&
>>> sdata=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0
>>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>>> 3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Cro
>>> id%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca6529
>>> 71c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668&
>>> sdata=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0>>
>>>
>>>             As suggested in the wiki,
>>>
>>>
>>>
>>>                 Thanks,
>>>                 Roi
>>>
>>>
>>>
>>>
>>>                     _______________________________________________
>>>                     discuss mailing list
>>>                     discuss at openvswitch.org
>>>         <mailto:discuss at openvswitch.org> <mailto:discuss at openvswitch.org
>>>         <mailto:discuss at openvswitch.org>>
>>>
>>>         https://emea01.safelinks.protection.outlook.com/?url=https%3
>>> A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discu
>>> ss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce
>>> 08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%
>>> 7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx
>>> %2FKQzka7gedr1%2FUE%3D&reserved=0
>>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>>> 3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-disc
>>> uss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87c
>>> e08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%
>>> 7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx
>>> %2FKQzka7gedr1%2FUE%3D&reserved=0>
>>>
>>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>>> 3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-disc
>>> uss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87c
>>> e08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%
>>> 7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx
>>> %2FKQzka7gedr1%2FUE%3D&reserved=0
>>>         <https://emea01.safelinks.protection.outlook.com/?url=https%
>>> 3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-disc
>>> uss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87c
>>> e08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%
>>> 7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx
>>> %2FKQzka7gedr1%2FUE%3D&reserved=0>>
>>>
>>>
>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/da7b2c83/attachment-0001.html>

From gowrishankar.m at linux.vnet.ibm.com  Thu Jul 27 10:11:46 2017
From: gowrishankar.m at linux.vnet.ibm.com (gowrishankar muthukrishnan)
Date: Thu, 27 Jul 2017 15:41:46 +0530
Subject: [ovs-discuss] less tcp perf with active-backup bonding mode on XL710
Message-ID: <e4d04559-a27c-db1b-c451-c2fac5355cd8@linux.vnet.ibm.com>

Hi,
I am using XL710 NIC (2 ports) as part of OVS bonding port in 
active-backup mode
in x86_64 servers. Setup is pretty simple. Two machines each with XL710 NIC
connected each other back-to-back on these ports. Bonding is setup 
through OVS
active-backup mode. After bonding port is created, I assign an IP address on
bridge and run iperf for TCP perf comparison.

iperf (with default params) between bonding ports shows very less 
throughput of
around 1 Mbps where as in same server, when I use 82599 (ixgbe) I find 
better
throughput of around 20 Mbps. I tried with dpdk poll mode driver as 
well. It helps
ixgbe to get near 250 Mbps but, same poor performance I get for i40e.

Has anyone observed this reduced throughput (with or without dpdk) in XL710
while in OVS active-backup bonding ?. Any pointer to find hot spot causing
trouble (I am trying perf for the moment).

OVS version of 2.6 as well as 2.7 tried (along with dpdk 16.11.1).

-- 
Regards,
Gowrishankar M


From xianghuir at gmail.com  Thu Jul 27 10:18:37 2017
From: xianghuir at gmail.com (Hui Xiang)
Date: Thu, 27 Jul 2017 18:18:37 +0800
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <5270259E-FA59-4A20-8341-6E0C9C136AA8@vmware.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
	<A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
	<CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>
	<5270259E-FA59-4A20-8341-6E0C9C136AA8@vmware.com>
Message-ID: <CAPbR-ptLETv+XDQeWfV1CzEAoK5_BxTooc2Q2=C9AuXVqh0RoQ@mail.gmail.com>

Blow is the diagram (using OVS-DPDK):

1. For packets coming to vm1 from internet where could have MTU 1500, there
could be including some fragmented packets,
    how does the ALC/Security groups handle these fragmented packets? do
nothing and pass it next which may pass the packets
    should be dropped or any special handling?
2. For packets egress from vm1, if all internal physical switch support
Jumbo Frame, that's fine, but if there are some physical swithes
    just support 1500/2000 MTU, then fragmented packets generated again.
The ACL/Security groups face problem as item 1 as well.

[image: Inline image 1]

On Thu, Jul 27, 2017 at 2:49 PM, Darrell Ball <dball at vmware.com> wrote:

>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Wednesday, July 26, 2017 at 9:43 PM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
> Thanks Darrell, comment inline.
>
>
>
> On Thu, Jul 27, 2017 at 12:08 PM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *<ovs-discuss-bounces at openvswitch.org> on behalf of Hui Xiang <
> xianghuir at gmail.com>
> *Date: *Wednesday, July 26, 2017 at 7:47 PM
> *To: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *[ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
> Hi guys,
>
>
>
>   Seems OVS-DPDK still missing IP fragmentation support, is there any
> schedule to have it?
>
> OVS 2.9
>
> I'm  transferring to use OVN, but for those nodes which have external
> network connection, they may face this problem,
>
> except to configure Jumbo frames, is there any other workaround?
>
>
>
> I am not clear on the situation however.
>
> You mention about configuring jumbo frames which means you can avoid the
> fragments by doing this ?
>
> No, I can't guarantee that, only can do it inside OpenStack, it is
> limited.
>
> If this is true, then this is the best way to proceed since performance
> will be better.
>
> What is wrong with jumbo frames ?
>
> It's good but it's limited can't be guaranteed, so I am asking is there
> any other way without IP fragmentation so far.
>
>
>
> It sounds like you want to avoid IP fragmentation; so far so good.
>
> I am not sure I understand the whole picture though.
>
> Maybe you can describe what you see ?; maybe a simple diagram would help ?
>
>
>
>
>
> BR.
>
> Hui.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/8aab80b2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 83570 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/8aab80b2/attachment-0001.png>

From e at erig.me  Thu Jul 27 13:00:12 2017
From: e at erig.me (Eric Garver)
Date: Thu, 27 Jul 2017 09:00:12 -0400
Subject: [ovs-discuss] 802.1ad (QinQ) Support
In-Reply-To: <CAEjsOQcquvoX9QhgZat-sAeXhBM6gK2wmXYpwwuGG=aozNGFcw@mail.gmail.com>
References: <CAEjsOQdz54-eerz0G3w7fTyMGk8Mwbwx_RDF3aEuD2pJ5XBg=g@mail.gmail.com>
	<20170724123847.GH29034@dev-rhel7>
	<CAEjsOQcquvoX9QhgZat-sAeXhBM6gK2wmXYpwwuGG=aozNGFcw@mail.gmail.com>
Message-ID: <20170727130011.GA18705@roberto>

On Thu, Jul 27, 2017 at 02:25:46PM +0530, Sudhanshu Gupta wrote:
> Thanks Eric, for replying.
> 
> Is there any tentative date for release of OVS 2.8?

I don't think there is a set date, but I believe the branch for 2.8 is
due to be created "soon".

> 
> Regards,
> Sudhanshu
> 
> On Mon, Jul 24, 2017 at 6:08 PM, Eric Garver <e at erig.me> wrote:
> 
> > On Tue, Jul 18, 2017 at 12:42:38PM +0530, Sudhanshu Gupta wrote:
> > > Hi,
> > >
> > > I want to know whether double vlan tagged packets are supported in OVS
> > > release 2.7.1 ?
> >
> > No. Not in the 2.7.x stream.
> >
> > >
> > > If not, which version of OVS supports double vlan tagged packets?
> >
> > The next minor release, 2.8, will have support.
> >
> > >
> > > Thanks,
> > > Sudhanshu
> >
> > > _______________________________________________
> > > discuss mailing list
> > > discuss at openvswitch.org
> > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> >

From mw7301 at hotmail.com  Thu Jul 27 13:33:23 2017
From: mw7301 at hotmail.com (Michael Williams)
Date: Thu, 27 Jul 2017 13:33:23 +0000
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
Message-ID: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>

We have OvS running on a wireless router with 4 wired Ethernet ports. We can apply rules on the wired ports but when we try to apply rules on the wireless port the rules don't work between multiple wireless devices. Is there a way within OvS to treat the wireless interface like multiple virtual ports so that when a wireless device connects we can apply rules to govern behavior between the wireless devices like we can with the wired devices?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/59c2e985/attachment.html>

From sudhanshugupta1991 at gmail.com  Thu Jul 27 08:55:46 2017
From: sudhanshugupta1991 at gmail.com (Sudhanshu Gupta)
Date: Thu, 27 Jul 2017 14:25:46 +0530
Subject: [ovs-discuss] 802.1ad (QinQ) Support
In-Reply-To: <20170724123847.GH29034@dev-rhel7>
References: <CAEjsOQdz54-eerz0G3w7fTyMGk8Mwbwx_RDF3aEuD2pJ5XBg=g@mail.gmail.com>
	<20170724123847.GH29034@dev-rhel7>
Message-ID: <CAEjsOQcquvoX9QhgZat-sAeXhBM6gK2wmXYpwwuGG=aozNGFcw@mail.gmail.com>

Thanks Eric, for replying.

Is there any tentative date for release of OVS 2.8?

Regards,
Sudhanshu

On Mon, Jul 24, 2017 at 6:08 PM, Eric Garver <e at erig.me> wrote:

> On Tue, Jul 18, 2017 at 12:42:38PM +0530, Sudhanshu Gupta wrote:
> > Hi,
> >
> > I want to know whether double vlan tagged packets are supported in OVS
> > release 2.7.1 ?
>
> No. Not in the 2.7.x stream.
>
> >
> > If not, which version of OVS supports double vlan tagged packets?
>
> The next minor release, 2.8, will have support.
>
> >
> > Thanks,
> > Sudhanshu
>
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/afa0c013/attachment.html>

From blp at ovn.org  Thu Jul 27 15:30:18 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 27 Jul 2017 08:30:18 -0700
Subject: [ovs-discuss] openvswitch-2.5.0 ovs-vsctl slow
In-Reply-To: <878376745.633212.1501010644009@mail.yahoo.com>
References: <878376745.633212.1501010644009.ref@mail.yahoo.com>
	<878376745.633212.1501010644009@mail.yahoo.com>
Message-ID: <20170727153018.GB6175@ovn.org>

On Tue, Jul 25, 2017 at 07:24:04PM +0000, MY-OVS DISCUSS via discuss wrote:
> Is there a way to set/remove/clear port's trunks using another command
> other than ovs-vsctl?ovs-vsctl is really slow in executing these
> operations, especially when there are more number of ports.  Currently
> we use ovs-vsctl add port foo1 trunks 123.

You could use a controller.

From mohamed_ibrahem1992 at yahoo.com  Thu Jul 27 15:32:22 2017
From: mohamed_ibrahem1992 at yahoo.com (Mohamed Ibrahem)
Date: Thu, 27 Jul 2017 15:32:22 +0000 (UTC)
Subject: [ovs-discuss] openflow with openwrt
References: <1013977064.627572.1501169542771.ref@mail.yahoo.com>
Message-ID: <1013977064.627572.1501169542771@mail.yahoo.com>

> hello guys,
> i have a problem with router tplink wr841N , i have installed openwrt to
> install openflow and get the following message when starting the openflow
> /etc/init.d.openflow/ start    
> appears, 
> / sbin / ofup: line1: ofdatapath: not found no need for further
> configuration out-of-band control 
> / sbin / ofup: line4: ofprotocol: not found

can any one help me to solve this problem??

From jpettit at ovn.org  Thu Jul 27 16:10:06 2017
From: jpettit at ovn.org (Justin Pettit)
Date: Thu, 27 Jul 2017 09:10:06 -0700
Subject: [ovs-discuss] openflow with openwrt
In-Reply-To: <1013977064.627572.1501169542771@mail.yahoo.com>
References: <1013977064.627572.1501169542771.ref@mail.yahoo.com>
	<1013977064.627572.1501169542771@mail.yahoo.com>
Message-ID: <9760FDEE-A113-427A-B9B9-B3E4FEF44870@ovn.org>


> On Jul 27, 2017, at 8:32 AM, Mohamed Ibrahem via discuss <ovs-discuss at openvswitch.org> wrote:
> 
>> hello guys,
>> i have a problem with router tplink wr841N , i have installed openwrt to
>> install openflow and get the following message when starting the openflow
>> /etc/init.d.openflow/ start    
>> appears, 
>> / sbin / ofup: line1: ofdatapath: not found no need for further
>> configuration out-of-band control 
>> / sbin / ofup: line4: ofprotocol: not found
> 
> can any one help me to solve this problem??

I don't think you're running Open vSwitch.  I have heard of people running Open vSwitch on OpenWrt, though.

--Justin





From jpettit at ovn.org  Thu Jul 27 16:13:20 2017
From: jpettit at ovn.org (Justin Pettit)
Date: Thu, 27 Jul 2017 09:13:20 -0700
Subject: [ovs-discuss] 802.1ad (QinQ) Support
In-Reply-To: <20170727130011.GA18705@roberto>
References: <CAEjsOQdz54-eerz0G3w7fTyMGk8Mwbwx_RDF3aEuD2pJ5XBg=g@mail.gmail.com>
	<20170724123847.GH29034@dev-rhel7>
	<CAEjsOQcquvoX9QhgZat-sAeXhBM6gK2wmXYpwwuGG=aozNGFcw@mail.gmail.com>
	<20170727130011.GA18705@roberto>
Message-ID: <F97CF92E-E393-4950-B3AC-A9219FBE13BC@ovn.org>


> On Jul 27, 2017, at 6:00 AM, Eric Garver <e at erig.me> wrote:
> 
> On Thu, Jul 27, 2017 at 02:25:46PM +0530, Sudhanshu Gupta wrote:
>> Thanks Eric, for replying.
>> 
>> Is there any tentative date for release of OVS 2.8?
> 
> I don't think there is a set date, but I believe the branch for 2.8 is
> due to be created "soon".

I'm hoping that we branch this week.  The official plan is to release 2.8 in August.

--Justin



From blp at ovn.org  Thu Jul 27 16:55:16 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 27 Jul 2017 09:55:16 -0700
Subject: [ovs-discuss] openflow with openwrt
In-Reply-To: <1013977064.627572.1501169542771@mail.yahoo.com>
References: <1013977064.627572.1501169542771.ref@mail.yahoo.com>
	<1013977064.627572.1501169542771@mail.yahoo.com>
Message-ID: <20170727165516.GE6175@ovn.org>

On Thu, Jul 27, 2017 at 03:32:22PM +0000, Mohamed Ibrahem via discuss wrote:
> > hello guys,
> > i have a problem with router tplink wr841N , i have installed openwrt to
> > install openflow and get the following message when starting the openflow
> > /etc/init.d.openflow/ start    
> > appears, 
> > / sbin / ofup: line1: ofdatapath: not found no need for further
> > configuration out-of-band control 
> > / sbin / ofup: line4: ofprotocol: not found
> 
> can any one help me to solve this problem??

This mailing list is about OVS, but you aren't using OVS.

From blp at ovn.org  Thu Jul 27 16:57:32 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 27 Jul 2017 09:57:32 -0700
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
Message-ID: <20170727165732.GF6175@ovn.org>

On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
> We have OvS running on a wireless router with 4 wired Ethernet
> ports. We can apply rules on the wired ports but when we try to apply
> rules on the wireless port the rules don't work between multiple
> wireless devices. Is there a way within OvS to treat the wireless
> interface like multiple virtual ports so that when a wireless device
> connects we can apply rules to govern behavior between the wireless
> devices like we can with the wired devices?

OVS doesn't distinguish between different kinds of ports, so the
restrictions you're describing don't make sense; OVS doesn't work that
way.  You might be using a vendor's modified version of OVS.  If so,
then you should ask the vendor for assistance.

From dball at vmware.com  Thu Jul 27 17:12:59 2017
From: dball at vmware.com (Darrell Ball)
Date: Thu, 27 Jul 2017 17:12:59 +0000
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <CAPbR-ptLETv+XDQeWfV1CzEAoK5_BxTooc2Q2=C9AuXVqh0RoQ@mail.gmail.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
	<A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
	<CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>
	<5270259E-FA59-4A20-8341-6E0C9C136AA8@vmware.com>
	<CAPbR-ptLETv+XDQeWfV1CzEAoK5_BxTooc2Q2=C9AuXVqh0RoQ@mail.gmail.com>
Message-ID: <818A40D2-9AD0-420D-AF6D-7912EF19FB54@vmware.com>



From: Hui Xiang <xianghuir at gmail.com>
Date: Thursday, July 27, 2017 at 3:18 AM
To: Darrell Ball <dball at vmware.com>
Cc: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require


Blow is the diagram (using OVS-DPDK):

1. For packets coming to vm1 from internet where could have MTU 1500, there could be including some fragmented packets,
    how does the ALC/Security groups handle these fragmented packets? do nothing and pass it next which may pass the packets
    should be dropped or any special handling?

Lets assume the fragments get thru. the physical switch and/or firewall.

Are you using DPDK in GW and using OVS kernel datapath in br-int where you apply ACL/Security groups policy ?

2. For packets egress from vm1, if all internal physical switch support Jumbo Frame, that's fine, but if there are some physical swithes
    just support 1500/2000 MTU, then fragmented packets generated again. The ACL/Security groups face problem as item 1 as well.


For packets that reach the physical switches on the way out, then the decision how to handle them is at the physical switch/router
The packets may be fragmented at this point; depending on the switch; there will be HW firewall policies to contend with, so depends.



[nline image 1]

On Thu, Jul 27, 2017 at 2:49 PM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Wednesday, July 26, 2017 at 9:43 PM
To: Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>>
Cc: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require

Thanks Darrell, comment inline.

On Thu, Jul 27, 2017 at 12:08 PM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: <ovs-discuss-bounces at openvswitch.org<mailto:ovs-discuss-bounces at openvswitch.org>> on behalf of Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Wednesday, July 26, 2017 at 7:47 PM
To: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require

Hi guys,

  Seems OVS-DPDK still missing IP fragmentation support, is there any schedule to have it?
OVS 2.9
I'm  transferring to use OVN, but for those nodes which have external network connection, they may face this problem,
except to configure Jumbo frames, is there any other workaround?

I am not clear on the situation however.
You mention about configuring jumbo frames which means you can avoid the fragments by doing this ?
No, I can't guarantee that, only can do it inside OpenStack, it is limited.
If this is true, then this is the best way to proceed since performance will be better.
What is wrong with jumbo frames ?
It's good but it's limited can't be guaranteed, so I am asking is there any other way without IP fragmentation so far.

It sounds like you want to avoid IP fragmentation; so far so good.
I am not sure I understand the whole picture though.
Maybe you can describe what you see ?; maybe a simple diagram would help ?


BR.
Hui.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/677f9437/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 70199 bytes
Desc: image001.png
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/677f9437/attachment-0001.png>

From mw7301 at hotmail.com  Thu Jul 27 17:28:21 2017
From: mw7301 at hotmail.com (Michael Williams)
Date: Thu, 27 Jul 2017 17:28:21 +0000
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <20170727165732.GF6175@ovn.org>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>,
	<20170727165732.GF6175@ovn.org>
Message-ID: <BLUPR11MB07543F01E2DEE9674D016E51D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>

Hi Ben,


I don't think I explained it properly. Between the wired ports we can apply Openflow rules to limit traffic between computers connected via those wired ports, and that works with standard OvS. On the wireless WiFi side I would like to be able do the same thing and to limit the traffic between WiFi connected devices.


Since WiFi only has one interface and not multiple individual ports like the wired stuff, my rules for dropping traffic between ports won't work. So I was wondering if there was someway with OvS to limit or stop traffic between WiFi connected computers?



________________________________
From: Ben Pfaff <blp at ovn.org>
Sent: Thursday, July 27, 2017 12:57 PM
To: Michael Williams
Cc: ovs-discuss at openvswitch.org
Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports

On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
> We have OvS running on a wireless router with 4 wired Ethernet
> ports. We can apply rules on the wired ports but when we try to apply
> rules on the wireless port the rules don't work between multiple
> wireless devices. Is there a way within OvS to treat the wireless
> interface like multiple virtual ports so that when a wireless device
> connects we can apply rules to govern behavior between the wireless
> devices like we can with the wired devices?

OVS doesn't distinguish between different kinds of ports, so the
restrictions you're describing don't make sense; OVS doesn't work that
way.  You might be using a vendor's modified version of OVS.  If so,
then you should ask the vendor for assistance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/17fd3ddd/attachment.html>

From joo.yongseok at gmail.com  Thu Jul 27 17:29:31 2017
From: joo.yongseok at gmail.com (Joo Yong-Seok)
Date: Thu, 27 Jul 2017 10:29:31 -0700
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
Message-ID: <CAE3xvfaQxOmXZbbj9p9g4sGxs4RAmgFR4kAPzBtu4j6BY9p8gw@mail.gmail.com>

I have tried to add wireless ports to OVS bridge and created GRE tunnel or
some sort of drop/allow rules on top of it.
Everything works for me.

I used Qualcomm's reference platform - which is arm based.

Also, bridge is already "vritual port" if it has multiple wireless
interfaces.

Best regards,

- yongseok

On Thu, Jul 27, 2017 at 6:33 AM, Michael Williams <mw7301 at hotmail.com>
wrote:

> We have OvS running on a wireless router with 4 wired Ethernet ports. We
> can apply rules on the wired ports but when we try to apply rules on the
> wireless port the rules don't work between multiple wireless devices. Is
> there a way within OvS to treat the wireless interface like multiple
> virtual ports so that when a wireless device connects we can apply rules to
> govern behavior between the wireless devices like we can with the wired
> devices?
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/c34e3f20/attachment.html>

From joo.yongseok at gmail.com  Thu Jul 27 17:33:14 2017
From: joo.yongseok at gmail.com (Joo Yong-Seok)
Date: Thu, 27 Jul 2017 10:33:14 -0700
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <BLUPR11MB07543F01E2DEE9674D016E51D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<20170727165732.GF6175@ovn.org>
	<BLUPR11MB07543F01E2DEE9674D016E51D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
Message-ID: <CAE3xvfbC_Q0SbPdcJbF6dmL6vLEXfX+2biOHULO9P87FK5usBg@mail.gmail.com>

When you say, "wifi interface", do you mean wlan interface (which is VAP)
at AP? or low-level wifi interface?
I don't know rate-limit since I've never tried but it works well for
regular OVS rules.

- Drop everything
- Allow ARP
- Allow DHCP
- Allow DNS

I applied the rule in one of ovs bridge and added multiple wifi interface
over GRE tunnel.

At least, I've tried this on top of Linux kernel 4.4 / OVS 2.6 - OPENWRT
package.

Best regards,

On Thu, Jul 27, 2017 at 10:28 AM, Michael Williams <mw7301 at hotmail.com>
wrote:

> Hi Ben,
>
>
> I don't think I explained it properly. Between the wired ports we
> can apply Openflow rules to limit traffic between computers connected via
> those wired ports, and that works with standard OvS. On the wireless WiFi
> side I would like to be able do the same thing and to limit the traffic
> between WiFi connected devices.
>
>
> Since WiFi only has one interface and not multiple individual ports like
> the wired stuff, my rules for dropping traffic between ports won't work. So
> I was wondering if there was someway with OvS to limit or stop
> traffic between WiFi connected computers?
>
>
>
> ------------------------------
> *From:* Ben Pfaff <blp at ovn.org>
> *Sent:* Thursday, July 27, 2017 12:57 PM
> *To:* Michael Williams
> *Cc:* ovs-discuss at openvswitch.org
> *Subject:* Re: [ovs-discuss] Multiple Virtual Wireless Ports
>
> On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
> > We have OvS running on a wireless router with 4 wired Ethernet
> > ports. We can apply rules on the wired ports but when we try to apply
> > rules on the wireless port the rules don't work between multiple
> > wireless devices. Is there a way within OvS to treat the wireless
> > interface like multiple virtual ports so that when a wireless device
> > connects we can apply rules to govern behavior between the wireless
> > devices like we can with the wired devices?
>
> OVS doesn't distinguish between different kinds of ports, so the
> restrictions you're describing don't make sense; OVS doesn't work that
> way.  You might be using a vendor's modified version of OVS.  If so,
> then you should ask the vendor for assistance.
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/eeb419e9/attachment.html>

From blp at ovn.org  Thu Jul 27 17:39:43 2017
From: blp at ovn.org (Ben Pfaff)
Date: Thu, 27 Jul 2017 10:39:43 -0700
Subject: [ovs-discuss] openflow with openwrt
In-Reply-To: <1868194627.713425.1501177012987@mail.yahoo.com>
References: <1868194627.713425.1501177012987.ref@mail.yahoo.com>
	<1868194627.713425.1501177012987@mail.yahoo.com>
Message-ID: <051D282D-5D2A-4BD1-870E-3AF03F470FFF@ovn.org>

On July 27, 2017 10:36:52 AM PDT, Mohamed Ibrahem <mohamed_ibrahem1992 at yahoo.com> wrote:
>no, i am using OVS software on my router and give me this error and i
>can not solve it any more
>--------------------------------------------
>On Thu, 7/27/17, Ben Pfaff <blp at ovn.org> wrote:
>
> Subject: Re: [ovs-discuss] openflow with openwrt
> To: "Mohamed Ibrahem" <mohamed_ibrahem1992 at yahoo.com>
> Cc: ovs-discuss at openvswitch.org
> Date: Thursday, July 27, 2017, 6:55 PM
> 
> On Thu, Jul 27, 2017 at 03:32:22PM +0000,
> Mohamed Ibrahem via discuss wrote:
> > > hello guys,
> > > i have a problem with router tplink
> wr841N , i have installed openwrt to
> >
> > install openflow and get the following message when
> starting the openflow
> > >
> /etc/init.d.openflow/ start? ? 
> > >
> appears, 
> > > / sbin / ofup: line1:
> ofdatapath: not found no need for further
> > > configuration out-of-band control 
> > > / sbin / ofup: line4: ofprotocol: not
> found
> > 
> > can any one
> help me to solve this problem??
> 
> This mailing list is about OVS, but you
> aren't using OVS.
> 
> -----Inline Attachment Follows-----
> 
> 

The commands and output that you quoted are not part of OVS.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/dda8c540/attachment-0001.html>

From mw7301 at hotmail.com  Thu Jul 27 17:59:09 2017
From: mw7301 at hotmail.com (Michael Williams)
Date: Thu, 27 Jul 2017 17:59:09 +0000
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <CAE3xvfbC_Q0SbPdcJbF6dmL6vLEXfX+2biOHULO9P87FK5usBg@mail.gmail.com>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<20170727165732.GF6175@ovn.org>
	<BLUPR11MB07543F01E2DEE9674D016E51D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>,
	<CAE3xvfbC_Q0SbPdcJbF6dmL6vLEXfX+2biOHULO9P87FK5usBg@mail.gmail.com>
Message-ID: <BLUPR11MB07546F9C2E484E47B7AF9BA7D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>

When I WiFi interface I mean WLAN0 and in this particular box we have WLAN0 for the 5 GHz radio.


When you add it to OvS you are just adding it as an individual port to the bridge. But if you have for example 4 computers connect wirelessly its like they are all connecting via that single port unlike if you plugged in 4 computers via the wired ports where each computer would plug into a single individual port.


My problem is I want to be able to control the traffic between the wireless devices using OvS in the same way that I can control the traffic between the wired devices.


When you said added multiple wifi interfaces do you mean that you have multiple radios? Because we only have two and are only using one.


________________________________
From: Joo Yong-Seok <joo.yongseok at gmail.com>
Sent: Thursday, July 27, 2017 1:33 PM
To: Michael Williams
Cc: Ben Pfaff; ovs-discuss at openvswitch.org
Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports

When you say, "wifi interface", do you mean wlan interface (which is VAP) at AP? or low-level wifi interface?
I don't know rate-limit since I've never tried but it works well for regular OVS rules.

- Drop everything
- Allow ARP
- Allow DHCP
- Allow DNS

I applied the rule in one of ovs bridge and added multiple wifi interface over GRE tunnel.

At least, I've tried this on top of Linux kernel 4.4 / OVS 2.6 - OPENWRT package.

Best regards,

On Thu, Jul 27, 2017 at 10:28 AM, Michael Williams <mw7301 at hotmail.com<mailto:mw7301 at hotmail.com>> wrote:

Hi Ben,


I don't think I explained it properly. Between the wired ports we can apply Openflow rules to limit traffic between computers connected via those wired ports, and that works with standard OvS. On the wireless WiFi side I would like to be able do the same thing and to limit the traffic between WiFi connected devices.


Since WiFi only has one interface and not multiple individual ports like the wired stuff, my rules for dropping traffic between ports won't work. So I was wondering if there was someway with OvS to limit or stop traffic between WiFi connected computers?



________________________________
From: Ben Pfaff <blp at ovn.org<mailto:blp at ovn.org>>
Sent: Thursday, July 27, 2017 12:57 PM
To: Michael Williams
Cc: ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>
Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports

On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
> We have OvS running on a wireless router with 4 wired Ethernet
> ports. We can apply rules on the wired ports but when we try to apply
> rules on the wireless port the rules don't work between multiple
> wireless devices. Is there a way within OvS to treat the wireless
> interface like multiple virtual ports so that when a wireless device
> connects we can apply rules to govern behavior between the wireless
> devices like we can with the wired devices?

OVS doesn't distinguish between different kinds of ports, so the
restrictions you're describing don't make sense; OVS doesn't work that
way.  You might be using a vendor's modified version of OVS.  If so,
then you should ask the vendor for assistance.

_______________________________________________
discuss mailing list
discuss at openvswitch.org<mailto:discuss at openvswitch.org>
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/05527092/attachment.html>

From joo.yongseok at gmail.com  Thu Jul 27 18:38:06 2017
From: joo.yongseok at gmail.com (Joo Yong-Seok)
Date: Thu, 27 Jul 2017 11:38:06 -0700
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <BLUPR11MB07546F9C2E484E47B7AF9BA7D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<20170727165732.GF6175@ovn.org>
	<BLUPR11MB07543F01E2DEE9674D016E51D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<CAE3xvfbC_Q0SbPdcJbF6dmL6vLEXfX+2biOHULO9P87FK5usBg@mail.gmail.com>
	<BLUPR11MB07546F9C2E484E47B7AF9BA7D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
Message-ID: <CAE3xvfZVPGQC9MP54DkVTEHxkd-2GPw7YcvkmMUw9sVESAosuA@mail.gmail.com>

You can easily get the wireless STA mac-address from your AP. Then, you can
plumb the rule based on your wifi STA mac-address. There is no such a
"port" concept - inside wifi driver - specially if you are talking about
AP-STA association.

Actually, logical connection is "association". You can retrieve association
table and use the mac-address. Before any kind of packets are delivered to
bridge, association should happen first. From hostapd or some user-space
auth managing application, plumb ovs rule based on client mac - call
ovs-ofctl or other tools to create flows.

Linux and wifi driver doesn't support "port concept" on wifi association.

I hope it will help.

Best regards,

On Thu, Jul 27, 2017 at 10:59 AM, Michael Williams <mw7301 at hotmail.com>
wrote:

> When I WiFi interface I mean WLAN0 and in this particular box we have
> WLAN0 for the 5 GHz radio.
>
>
> When you add it to OvS you are just adding it as an individual port to the
> bridge. But if you have for example 4 computers connect wirelessly its like
> they are all connecting via that single port unlike if you plugged in 4
> computers via the wired ports where each computer would plug into a single
> individual port.
>
>
> My problem is I want to be able to control the traffic between the
> wireless devices using OvS in the same way that I can control the traffic
> between the wired devices.
>
>
> When you said added multiple wifi interfaces do you mean that you have
> multiple radios? Because we only have two and are only using one.
>
>
> ------------------------------
> *From:* Joo Yong-Seok <joo.yongseok at gmail.com>
> *Sent:* Thursday, July 27, 2017 1:33 PM
> *To:* Michael Williams
> *Cc:* Ben Pfaff; ovs-discuss at openvswitch.org
>
> *Subject:* Re: [ovs-discuss] Multiple Virtual Wireless Ports
>
> When you say, "wifi interface", do you mean wlan interface (which is VAP)
> at AP? or low-level wifi interface?
> I don't know rate-limit since I've never tried but it works well for
> regular OVS rules.
>
> - Drop everything
> - Allow ARP
> - Allow DHCP
> - Allow DNS
>
> I applied the rule in one of ovs bridge and added multiple wifi interface
> over GRE tunnel.
>
> At least, I've tried this on top of Linux kernel 4.4 / OVS 2.6 - OPENWRT
> package.
>
> Best regards,
>
> On Thu, Jul 27, 2017 at 10:28 AM, Michael Williams <mw7301 at hotmail.com>
> wrote:
>
>> Hi Ben,
>>
>>
>> I don't think I explained it properly. Between the wired ports we
>> can apply Openflow rules to limit traffic between computers connected via
>> those wired ports, and that works with standard OvS. On the wireless WiFi
>> side I would like to be able do the same thing and to limit the traffic
>> between WiFi connected devices.
>>
>>
>> Since WiFi only has one interface and not multiple individual ports like
>> the wired stuff, my rules for dropping traffic between ports won't work. So
>> I was wondering if there was someway with OvS to limit or stop
>> traffic between WiFi connected computers?
>>
>>
>>
>> ------------------------------
>> *From:* Ben Pfaff <blp at ovn.org>
>> *Sent:* Thursday, July 27, 2017 12:57 PM
>> *To:* Michael Williams
>> *Cc:* ovs-discuss at openvswitch.org
>> *Subject:* Re: [ovs-discuss] Multiple Virtual Wireless Ports
>>
>> On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
>> > We have OvS running on a wireless router with 4 wired Ethernet
>> > ports. We can apply rules on the wired ports but when we try to apply
>> > rules on the wireless port the rules don't work between multiple
>> > wireless devices. Is there a way within OvS to treat the wireless
>> > interface like multiple virtual ports so that when a wireless device
>> > connects we can apply rules to govern behavior between the wireless
>> > devices like we can with the wired devices?
>>
>> OVS doesn't distinguish between different kinds of ports, so the
>> restrictions you're describing don't make sense; OVS doesn't work that
>> way.  You might be using a vendor's modified version of OVS.  If so,
>> then you should ask the vendor for assistance.
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/24f14628/attachment-0001.html>

From blue at veracity.io  Thu Jul 27 18:40:50 2017
From: blue at veracity.io (Blue Lang)
Date: Thu, 27 Jul 2017 14:40:50 -0400
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <BLUPR11MB07546F9C2E484E47B7AF9BA7D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<20170727165732.GF6175@ovn.org>
	<BLUPR11MB07543F01E2DEE9674D016E51D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<CAE3xvfbC_Q0SbPdcJbF6dmL6vLEXfX+2biOHULO9P87FK5usBg@mail.gmail.com>
	<BLUPR11MB07546F9C2E484E47B7AF9BA7D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
Message-ID: <CAKCC41On9c0K=qQdd75sh06-AXhqdMqZhondjoz114LjNxHiqw@mail.gmail.com>

You'd need to get your wifi NIC or WAP to act as a transparent bridge so
the end devices appear as multiple MACs on the WLAN0 interface. Then you
can use (should be able to?) use OF write actions to control the traffic
flow on the wifi guests.

There are quite a few hits on google covering very similar situations to
the one you're asking about here.

Thanks,

On Thu, Jul 27, 2017 at 1:59 PM, Michael Williams <mw7301 at hotmail.com>
wrote:

> When I WiFi interface I mean WLAN0 and in this particular box we have
> WLAN0 for the 5 GHz radio.
>
>
> When you add it to OvS you are just adding it as an individual port to the
> bridge. But if you have for example 4 computers connect wirelessly its like
> they are all connecting via that single port unlike if you plugged in 4
> computers via the wired ports where each computer would plug into a single
> individual port.
>
>
> My problem is I want to be able to control the traffic between the
> wireless devices using OvS in the same way that I can control the traffic
> between the wired devices.
>
>
> When you said added multiple wifi interfaces do you mean that you have
> multiple radios? Because we only have two and are only using one.
>
>
> ------------------------------
> *From:* Joo Yong-Seok <joo.yongseok at gmail.com>
> *Sent:* Thursday, July 27, 2017 1:33 PM
> *To:* Michael Williams
> *Cc:* Ben Pfaff; ovs-discuss at openvswitch.org
>
> *Subject:* Re: [ovs-discuss] Multiple Virtual Wireless Ports
>
> When you say, "wifi interface", do you mean wlan interface (which is VAP)
> at AP? or low-level wifi interface?
> I don't know rate-limit since I've never tried but it works well for
> regular OVS rules.
>
> - Drop everything
> - Allow ARP
> - Allow DHCP
> - Allow DNS
>
> I applied the rule in one of ovs bridge and added multiple wifi interface
> over GRE tunnel.
>
> At least, I've tried this on top of Linux kernel 4.4 / OVS 2.6 - OPENWRT
> package.
>
> Best regards,
>
> On Thu, Jul 27, 2017 at 10:28 AM, Michael Williams <mw7301 at hotmail.com>
> wrote:
>
>> Hi Ben,
>>
>>
>> I don't think I explained it properly. Between the wired ports we
>> can apply Openflow rules to limit traffic between computers connected via
>> those wired ports, and that works with standard OvS. On the wireless WiFi
>> side I would like to be able do the same thing and to limit the traffic
>> between WiFi connected devices.
>>
>>
>> Since WiFi only has one interface and not multiple individual ports like
>> the wired stuff, my rules for dropping traffic between ports won't work. So
>> I was wondering if there was someway with OvS to limit or stop
>> traffic between WiFi connected computers?
>>
>>
>>
>> ------------------------------
>> *From:* Ben Pfaff <blp at ovn.org>
>> *Sent:* Thursday, July 27, 2017 12:57 PM
>> *To:* Michael Williams
>> *Cc:* ovs-discuss at openvswitch.org
>> *Subject:* Re: [ovs-discuss] Multiple Virtual Wireless Ports
>>
>> On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
>> > We have OvS running on a wireless router with 4 wired Ethernet
>> > ports. We can apply rules on the wired ports but when we try to apply
>> > rules on the wireless port the rules don't work between multiple
>> > wireless devices. Is there a way within OvS to treat the wireless
>> > interface like multiple virtual ports so that when a wireless device
>> > connects we can apply rules to govern behavior between the wireless
>> > devices like we can with the wired devices?
>>
>> OVS doesn't distinguish between different kinds of ports, so the
>> restrictions you're describing don't make sense; OVS doesn't work that
>> way.  You might be using a vendor's modified version of OVS.  If so,
>> then you should ask the vendor for assistance.
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>


-- 
Blue Lang
PM *| *Veracity

3423 Piedmont Rd NE

Suite 350

Atlanta, GA  30305
Cell:  (770) 265-1381 <+17702651381>
https://www.linkedin.com/in/bluelang/
blue at veracity.io
www.veracity.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/dbe88d3f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/dbe88d3f/attachment.png>

From blue at veracity.io  Thu Jul 27 18:43:15 2017
From: blue at veracity.io (Blue Lang)
Date: Thu, 27 Jul 2017 14:43:15 -0400
Subject: [ovs-discuss] openflow with openwrt
In-Reply-To: <051D282D-5D2A-4BD1-870E-3AF03F470FFF@ovn.org>
References: <1868194627.713425.1501177012987.ref@mail.yahoo.com>
	<1868194627.713425.1501177012987@mail.yahoo.com>
	<051D282D-5D2A-4BD1-870E-3AF03F470FFF@ovn.org>
Message-ID: <CAKCC41Pej6jyeh3PwMF21V=cG075fmu9U8HAiMkPwmi7fqdjwQ@mail.gmail.com>

To further Ben's point, you should address this question to the OpenWRT
mailing list, not OVS.

https://lists.openwrt.org/cgi-bin/mailman/listinfo

Thanks,

On Thu, Jul 27, 2017 at 1:39 PM, Ben Pfaff <blp at ovn.org> wrote:

> On July 27, 2017 10:36:52 AM PDT, Mohamed Ibrahem <
> mohamed_ibrahem1992 at yahoo.com> wrote:
>>
>> no, i am using OVS software on my router and give me this error and i can not solve it any more
>> ------------------------------
>>
>> On Thu, 7/27/17, Ben Pfaff <blp at ovn.org> wrote:
>>
>>  Subject: Re: [ovs-discuss] openflow with openwrt
>>  To: "Mohamed Ibrahem" <mohamed_ibrahem1992 at yahoo.com>
>>  Cc: ovs-discuss at openvswitch.org
>>  Date: Thursday, July 27, 2017, 6:55 PM
>>
>>  On Thu, Jul 27, 2017 at 03:32:22PM +0000,
>>  Mohamed Ibrahem via discuss wrote:
>>
>>>  hello guys,
>>>>  i have a problem with router tplink
>>>>
>>>  wr841N , i have installed openwrt to
>>
>>>
>>>  install openflow and get the following message when
>>>
>>  starting the openflow
>>
>>>
>>>>  /etc/init.d.openflow/ start
>>
>>>
>>>>  appears,
>>
>>>  / sbin / ofup: line1:
>>>>
>>>  ofdatapath: not found no need for further
>>
>>>  configuration out-of-band control
>>>>  / sbin / ofup: line4: ofprotocol: not
>>>>
>>>  found
>>
>>>
>>>  can any one
>>>
>>  help me to solve this problem??
>>
>>  This mailing list is about OVS, but you
>>  aren't using OVS.
>>
>>  -----Inline Attachment Follows-----
>>
>>
>>
> The commands and output that you quoted are not part of OVS.
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>


-- 
Blue Lang
PM *| *Veracity

3423 Piedmont Rd NE

Suite 350

Atlanta, GA  30305
Cell:  (770) 265-1381 <+17702651381>
https://www.linkedin.com/in/bluelang/
blue at veracity.io
www.veracity.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/a6d96d03/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/a6d96d03/attachment-0001.png>

From xianghuir at gmail.com  Fri Jul 28 01:59:02 2017
From: xianghuir at gmail.com (Hui Xiang)
Date: Fri, 28 Jul 2017 09:59:02 +0800
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <818A40D2-9AD0-420D-AF6D-7912EF19FB54@vmware.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
	<A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
	<CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>
	<5270259E-FA59-4A20-8341-6E0C9C136AA8@vmware.com>
	<CAPbR-ptLETv+XDQeWfV1CzEAoK5_BxTooc2Q2=C9AuXVqh0RoQ@mail.gmail.com>
	<818A40D2-9AD0-420D-AF6D-7912EF19FB54@vmware.com>
Message-ID: <CAPbR-psMmAw6FCHRi1abwOrEtSXe9hXB6j=1P_uCQuO_ApeXEA@mail.gmail.com>

On Fri, Jul 28, 2017 at 1:12 AM, Darrell Ball <dball at vmware.com> wrote:

>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Thursday, July 27, 2017 at 3:18 AM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
>
>
> Blow is the diagram (using OVS-DPDK):
>
>
>
> 1. For packets coming to vm1 from internet where could have MTU 1500,
> there could be including some fragmented packets,
>
>     how does the ALC/Security groups handle these fragmented packets? do
> nothing and pass it next which may pass the packets
>
>     should be dropped or any special handling?
>
>
>
> Lets assume the fragments get thru. the physical switch and/or firewall.
>
>
>
> Are you using DPDK in GW and using OVS kernel datapath in br-int where you
> apply ACL/Security groups policy ?
>
All are using DPDK, the ACL/Security groups policy said is OVS-DPDK
conntrack implementation.
With the case that we should have dropped some packets by creating special
security group rules, but now due to they are fragmented and get thru by
default, this is not what is expected.

>
>
> 2. For packets egress from vm1, if all internal physical switch support
> Jumbo Frame, that's fine, but if there are some physical swithes
>
>     just support 1500/2000 MTU, then fragmented packets generated again.
> The ACL/Security groups face problem as item 1 as well.
>
>
>
>
>
> For packets that reach the physical switches on the way out, then the
> decision how to handle them is at the physical switch/router
>
> The packets may be fragmented at this point; depending on the switch;
> there will be HW firewall policies to contend with, so depends.
>
>
>
Here, again what I mean is the packets are fragmented by the physical
switch/router, and they are switching/routing to a next node where has the
OVS-DPDK set with security group, and OVS-DPDK may let them thru with
ignoring the security group rules.

>
>
>
>
> [image: nline image 1]
>
>
>
> On Thu, Jul 27, 2017 at 2:49 PM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Wednesday, July 26, 2017 at 9:43 PM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
> Thanks Darrell, comment inline.
>
>
>
> On Thu, Jul 27, 2017 at 12:08 PM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *<ovs-discuss-bounces at openvswitch.org> on behalf of Hui Xiang <
> xianghuir at gmail.com>
> *Date: *Wednesday, July 26, 2017 at 7:47 PM
> *To: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *[ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
> Hi guys,
>
>
>
>   Seems OVS-DPDK still missing IP fragmentation support, is there any
> schedule to have it?
>
> OVS 2.9
>
> I'm  transferring to use OVN, but for those nodes which have external
> network connection, they may face this problem,
>
> except to configure Jumbo frames, is there any other workaround?
>
>
>
> I am not clear on the situation however.
>
> You mention about configuring jumbo frames which means you can avoid the
> fragments by doing this ?
>
> No, I can't guarantee that, only can do it inside OpenStack, it is
> limited.
>
> If this is true, then this is the best way to proceed since performance
> will be better.
>
> What is wrong with jumbo frames ?
>
> It's good but it's limited can't be guaranteed, so I am asking is there
> any other way without IP fragmentation so far.
>
>
>
> It sounds like you want to avoid IP fragmentation; so far so good.
>
> I am not sure I understand the whole picture though.
>
> Maybe you can describe what you see ?; maybe a simple diagram would help ?
>
>
>
>
>
> BR.
>
> Hui.
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/84de0a77/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 70199 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/84de0a77/attachment-0001.png>

From dball at vmware.com  Fri Jul 28 02:54:40 2017
From: dball at vmware.com (Darrell Ball)
Date: Fri, 28 Jul 2017 02:54:40 +0000
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <CAPbR-psMmAw6FCHRi1abwOrEtSXe9hXB6j=1P_uCQuO_ApeXEA@mail.gmail.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
	<A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
	<CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>
	<5270259E-FA59-4A20-8341-6E0C9C136AA8@vmware.com>
	<CAPbR-ptLETv+XDQeWfV1CzEAoK5_BxTooc2Q2=C9AuXVqh0RoQ@mail.gmail.com>
	<818A40D2-9AD0-420D-AF6D-7912EF19FB54@vmware.com>
	<CAPbR-psMmAw6FCHRi1abwOrEtSXe9hXB6j=1P_uCQuO_ApeXEA@mail.gmail.com>
Message-ID: <2CFDFBDE-B6E0-4485-B873-E33355A38375@vmware.com>



From: Hui Xiang <xianghuir at gmail.com>
Date: Thursday, July 27, 2017 at 6:59 PM
To: Darrell Ball <dball at vmware.com>
Cc: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require



On Fri, Jul 28, 2017 at 1:12 AM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Thursday, July 27, 2017 at 3:18 AM
To: Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>>
Cc: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require


Blow is the diagram (using OVS-DPDK):

1. For packets coming to vm1 from internet where could have MTU 1500, there could be including some fragmented packets,
    how does the ALC/Security groups handle these fragmented packets? do nothing and pass it next which may pass the packets
    should be dropped or any special handling?

Lets assume the fragments get thru. the physical switch and/or firewall.

Are you using DPDK in GW and using OVS kernel datapath in br-int where you apply ACL/Security groups policy ?
All are using DPDK, the ACL/Security groups policy said is OVS-DPDK conntrack implementation.
With the case that we should have dropped some packets by creating special security group rules, but now due to they are fragmented and get thru by default, this is not what is expected.

I would check your configuration.
The dpdk connection tracker marks fragments as ?invalid? today and your rules should drop ?invalid?.

2. For packets egress from vm1, if all internal physical switch support Jumbo Frame, that's fine, but if there are some physical swithes
    just support 1500/2000 MTU, then fragmented packets generated again. The ACL/Security groups face problem as item 1 as well.


For packets that reach the physical switches on the way out, then the decision how to handle them is at the physical switch/router
The packets may be fragmented at this point; depending on the switch; there will be HW firewall policies to contend with, so depends.

Here, again what I mean is the packets are fragmented by the physical switch/router, and they are switching/routing to a next node where has the OVS-DPDK set with security group, and OVS-DPDK may let them thru with ignoring the security group rules.

Sorry, you lost me a bit here; in point ?2? above you said packets are going from vm1 to internet and are fine until they hit the physical switch
Where you are assuming they are fragmented because the mtu is lower.
If this is not going to the internet but rather another set of nodes running dpdk, then this is another variation of ?1? and hence we don?t
need to discuss it.


[line image 1]

On Thu, Jul 27, 2017 at 2:49 PM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Wednesday, July 26, 2017 at 9:43 PM
To: Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>>
Cc: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require

Thanks Darrell, comment inline.

On Thu, Jul 27, 2017 at 12:08 PM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: <ovs-discuss-bounces at openvswitch.org<mailto:ovs-discuss-bounces at openvswitch.org>> on behalf of Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Wednesday, July 26, 2017 at 7:47 PM
To: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require

Hi guys,

  Seems OVS-DPDK still missing IP fragmentation support, is there any schedule to have it?
OVS 2.9
I'm  transferring to use OVN, but for those nodes which have external network connection, they may face this problem,
except to configure Jumbo frames, is there any other workaround?

I am not clear on the situation however.
You mention about configuring jumbo frames which means you can avoid the fragments by doing this ?
No, I can't guarantee that, only can do it inside OpenStack, it is limited.
If this is true, then this is the best way to proceed since performance will be better.
What is wrong with jumbo frames ?
It's good but it's limited can't be guaranteed, so I am asking is there any other way without IP fragmentation so far.

It sounds like you want to avoid IP fragmentation; so far so good.
I am not sure I understand the whole picture though.
Maybe you can describe what you see ?; maybe a simple diagram would help ?


BR.
Hui.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/38733679/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 70200 bytes
Desc: image001.png
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/38733679/attachment-0001.png>

From xianghuir at gmail.com  Fri Jul 28 03:10:44 2017
From: xianghuir at gmail.com (Hui Xiang)
Date: Fri, 28 Jul 2017 11:10:44 +0800
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <2CFDFBDE-B6E0-4485-B873-E33355A38375@vmware.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
	<A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
	<CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>
	<5270259E-FA59-4A20-8341-6E0C9C136AA8@vmware.com>
	<CAPbR-ptLETv+XDQeWfV1CzEAoK5_BxTooc2Q2=C9AuXVqh0RoQ@mail.gmail.com>
	<818A40D2-9AD0-420D-AF6D-7912EF19FB54@vmware.com>
	<CAPbR-psMmAw6FCHRi1abwOrEtSXe9hXB6j=1P_uCQuO_ApeXEA@mail.gmail.com>
	<2CFDFBDE-B6E0-4485-B873-E33355A38375@vmware.com>
Message-ID: <CAPbR-ptU8DUZoTHkz1bNxXxj8Yzx=r2ALBgvO-8HYjNrAi8ksA@mail.gmail.com>

On Fri, Jul 28, 2017 at 10:54 AM, Darrell Ball <dball at vmware.com> wrote:

>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Thursday, July 27, 2017 at 6:59 PM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
>
>
>
>
> On Fri, Jul 28, 2017 at 1:12 AM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Thursday, July 27, 2017 at 3:18 AM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
>
>
> Blow is the diagram (using OVS-DPDK):
>
>
>
> 1. For packets coming to vm1 from internet where could have MTU 1500,
> there could be including some fragmented packets,
>
>     how does the ALC/Security groups handle these fragmented packets? do
> nothing and pass it next which may pass the packets
>
>     should be dropped or any special handling?
>
>
>
> Lets assume the fragments get thru. the physical switch and/or firewall.
>
>
>
> Are you using DPDK in GW and using OVS kernel datapath in br-int where you
> apply ACL/Security groups policy ?
>
> All are using DPDK, the ACL/Security groups policy said is OVS-DPDK
> conntrack implementation.
>
> With the case that we should have dropped some packets by creating special
> security group rules, but now due to they are fragmented and get thru by
> default, this is not what is expected.
>
>
>
> I would check your configuration.
>
> The dpdk connection tracker marks fragments as ?invalid? today and your
> rules should drop ?invalid?.
>
OK, thanks. here are the two scenarios we are discussing:
1. For packets out from vms, use Jumbo Frame supported physical
switches/routers within OpenStack cloud and enable it in all OVS-DPDK or do
not allow application to send large frames.
2. For packets coming from internet to OVS-DPDK, fragmented packets could
be arrived, they are all dropped due to marks as 'invalid'.
 With above analysis,  if these fragments are marked as 'invalid' and being
dropped, the best way I can think about is to not use security group in
OVS-DPDK if there could be fragments generated.

Please correct me if I misunderstand anything.

>
>
> 2. For packets egress from vm1, if all internal physical switch support
> Jumbo Frame, that's fine, but if there are some physical swithes
>
>     just support 1500/2000 MTU, then fragmented packets generated again.
> The ACL/Security groups face problem as item 1 as well.
>
>
>
>
>
> For packets that reach the physical switches on the way out, then the
> decision how to handle them is at the physical switch/router
>
> The packets may be fragmented at this point; depending on the switch;
> there will be HW firewall policies to contend with, so depends.
>
>
>
> Here, again what I mean is the packets are fragmented by the physical
> switch/router, and they are switching/routing to a next node where has the
> OVS-DPDK set with security group, and OVS-DPDK may let them thru with
> ignoring the security group rules.
>
>
>
> Sorry, you lost me a bit here; in point ?2? above you said packets are
> going from vm1 to internet and are fine until they hit the physical switch
>
> Where you are assuming they are fragmented because the mtu is lower.
>
> If this is not going to the internet but rather another set of nodes
> running dpdk, then this is another variation of ?1? and hence we don?t
>
> need to discuss it.
>
>
>
>
>
> [image: line image 1]
>
>
>
> On Thu, Jul 27, 2017 at 2:49 PM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Wednesday, July 26, 2017 at 9:43 PM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
> Thanks Darrell, comment inline.
>
>
>
> On Thu, Jul 27, 2017 at 12:08 PM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *<ovs-discuss-bounces at openvswitch.org> on behalf of Hui Xiang <
> xianghuir at gmail.com>
> *Date: *Wednesday, July 26, 2017 at 7:47 PM
> *To: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *[ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
> Hi guys,
>
>
>
>   Seems OVS-DPDK still missing IP fragmentation support, is there any
> schedule to have it?
>
> OVS 2.9
>
> I'm  transferring to use OVN, but for those nodes which have external
> network connection, they may face this problem,
>
> except to configure Jumbo frames, is there any other workaround?
>
>
>
> I am not clear on the situation however.
>
> You mention about configuring jumbo frames which means you can avoid the
> fragments by doing this ?
>
> No, I can't guarantee that, only can do it inside OpenStack, it is
> limited.
>
> If this is true, then this is the best way to proceed since performance
> will be better.
>
> What is wrong with jumbo frames ?
>
> It's good but it's limited can't be guaranteed, so I am asking is there
> any other way without IP fragmentation so far.
>
>
>
> It sounds like you want to avoid IP fragmentation; so far so good.
>
> I am not sure I understand the whole picture though.
>
> Maybe you can describe what you see ?; maybe a simple diagram would help ?
>
>
>
>
>
> BR.
>
> Hui.
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/0add827b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 70200 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/0add827b/attachment-0001.png>

From dball at vmware.com  Fri Jul 28 04:52:36 2017
From: dball at vmware.com (Darrell Ball)
Date: Fri, 28 Jul 2017 04:52:36 +0000
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <CAPbR-ptU8DUZoTHkz1bNxXxj8Yzx=r2ALBgvO-8HYjNrAi8ksA@mail.gmail.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
	<A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
	<CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>
	<5270259E-FA59-4A20-8341-6E0C9C136AA8@vmware.com>
	<CAPbR-ptLETv+XDQeWfV1CzEAoK5_BxTooc2Q2=C9AuXVqh0RoQ@mail.gmail.com>
	<818A40D2-9AD0-420D-AF6D-7912EF19FB54@vmware.com>
	<CAPbR-psMmAw6FCHRi1abwOrEtSXe9hXB6j=1P_uCQuO_ApeXEA@mail.gmail.com>
	<2CFDFBDE-B6E0-4485-B873-E33355A38375@vmware.com>
	<CAPbR-ptU8DUZoTHkz1bNxXxj8Yzx=r2ALBgvO-8HYjNrAi8ksA@mail.gmail.com>
Message-ID: <B811A757-A7E2-42E9-8A7C-835AC37857C1@vmware.com>



From: Hui Xiang <xianghuir at gmail.com>
Date: Thursday, July 27, 2017 at 8:10 PM
To: Darrell Ball <dball at vmware.com>
Cc: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require



On Fri, Jul 28, 2017 at 10:54 AM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Thursday, July 27, 2017 at 6:59 PM
To: Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>>
Cc: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require



On Fri, Jul 28, 2017 at 1:12 AM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Thursday, July 27, 2017 at 3:18 AM
To: Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>>
Cc: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require


Blow is the diagram (using OVS-DPDK):

1. For packets coming to vm1 from internet where could have MTU 1500, there could be including some fragmented packets,
    how does the ALC/Security groups handle these fragmented packets? do nothing and pass it next which may pass the packets
    should be dropped or any special handling?

Lets assume the fragments get thru. the physical switch and/or firewall.

Are you using DPDK in GW and using OVS kernel datapath in br-int where you apply ACL/Security groups policy ?
All are using DPDK, the ACL/Security groups policy said is OVS-DPDK conntrack implementation.
With the case that we should have dropped some packets by creating special security group rules, but now due to they are fragmented and get thru by default, this is not what is expected.

I would check your configuration.
The dpdk connection tracker marks fragments as ?invalid? today and your rules should drop ?invalid?.
OK, thanks. here are the two scenarios we are discussing:

1.      For packets out from vms, use Jumbo Frame supported physical switches/routers within OpenStack cloud and enable it in all OVS-DPDK or do not allow application to send large frames.

Try to use jumbo frames for performance reasons.

On going out, if you get fragmentation done in HW at the physical switches, then

1)      If it could go back into one of your dpdk networks, then encourage using smaller packets

2)      If it goes somewhere else, then it does not matter, keep bigger packets
Are you sure the physical switches do not support jumbo frames?

Maybe it is just a config. change fix there.


2. For packets coming from internet to OVS-DPDK, fragmented packets could be arrived, they are all dropped due to marks as 'invalid'.
 With above analysis,  if these fragments are marked as 'invalid' and being dropped, the best way I can think about is to not use security group in OVS-DPDK if there could be fragments generated.

If you already trust what gets to GW because you have a HW firewall, yes
This assumes internally generated is always safe.

Otherwise, you want to keep security groups and ?encourage? no fragments coming in, if you can
?Encourage? can be done by dropping and triggering checking why the fragments got generated in the first place
Fragments may also indicate an exploit attempt, in which case, dropping is good.


Please correct me if I misunderstand anything.

2. For packets egress from vm1, if all internal physical switch support Jumbo Frame, that's fine, but if there are some physical swithes
    just support 1500/2000 MTU, then fragmented packets generated again. The ACL/Security groups face problem as item 1 as well.


For packets that reach the physical switches on the way out, then the decision how to handle them is at the physical switch/router
The packets may be fragmented at this point; depending on the switch; there will be HW firewall policies to contend with, so depends.

Here, again what I mean is the packets are fragmented by the physical switch/router, and they are switching/routing to a next node where has the OVS-DPDK set with security group, and OVS-DPDK may let them thru with ignoring the security group rules.

Sorry, you lost me a bit here; in point ?2? above you said packets are going from vm1 to internet and are fine until they hit the physical switch
Where you are assuming they are fragmented because the mtu is lower.
If this is not going to the internet but rather another set of nodes running dpdk, then this is another variation of ?1? and hence we don?t
need to discuss it.


[ine image 1]

On Thu, Jul 27, 2017 at 2:49 PM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Wednesday, July 26, 2017 at 9:43 PM
To: Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>>
Cc: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: Re: [ovs-discuss] OVS-DPDK IP fragmentation require

Thanks Darrell, comment inline.

On Thu, Jul 27, 2017 at 12:08 PM, Darrell Ball <dball at vmware.com<mailto:dball at vmware.com>> wrote:


From: <ovs-discuss-bounces at openvswitch.org<mailto:ovs-discuss-bounces at openvswitch.org>> on behalf of Hui Xiang <xianghuir at gmail.com<mailto:xianghuir at gmail.com>>
Date: Wednesday, July 26, 2017 at 7:47 PM
To: "ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>" <ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>>
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require

Hi guys,

  Seems OVS-DPDK still missing IP fragmentation support, is there any schedule to have it?
OVS 2.9
I'm  transferring to use OVN, but for those nodes which have external network connection, they may face this problem,
except to configure Jumbo frames, is there any other workaround?

I am not clear on the situation however.
You mention about configuring jumbo frames which means you can avoid the fragments by doing this ?
No, I can't guarantee that, only can do it inside OpenStack, it is limited.
If this is true, then this is the best way to proceed since performance will be better.
What is wrong with jumbo frames ?
It's good but it's limited can't be guaranteed, so I am asking is there any other way without IP fragmentation so far.

It sounds like you want to avoid IP fragmentation; so far so good.
I am not sure I understand the whole picture though.
Maybe you can describe what you see ?; maybe a simple diagram would help ?


BR.
Hui.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/c10f331d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 70201 bytes
Desc: image001.png
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/c10f331d/attachment-0001.png>

From xianghuir at gmail.com  Fri Jul 28 06:31:42 2017
From: xianghuir at gmail.com (Hui Xiang)
Date: Fri, 28 Jul 2017 14:31:42 +0800
Subject: [ovs-discuss] OVS-DPDK IP fragmentation require
In-Reply-To: <B811A757-A7E2-42E9-8A7C-835AC37857C1@vmware.com>
References: <CAPbR-puJyScMqfq30F5K-B9+1i_B2rOddQERnm1oYJxstRDV-w@mail.gmail.com>
	<A638080A-657C-4BFE-945B-5E4B00A284D8@vmware.com>
	<CAPbR-puumEJ54W8WidgHGd+fv3=29CCxqFUAD_3XyheEOE=Y-w@mail.gmail.com>
	<5270259E-FA59-4A20-8341-6E0C9C136AA8@vmware.com>
	<CAPbR-ptLETv+XDQeWfV1CzEAoK5_BxTooc2Q2=C9AuXVqh0RoQ@mail.gmail.com>
	<818A40D2-9AD0-420D-AF6D-7912EF19FB54@vmware.com>
	<CAPbR-psMmAw6FCHRi1abwOrEtSXe9hXB6j=1P_uCQuO_ApeXEA@mail.gmail.com>
	<2CFDFBDE-B6E0-4485-B873-E33355A38375@vmware.com>
	<CAPbR-ptU8DUZoTHkz1bNxXxj8Yzx=r2ALBgvO-8HYjNrAi8ksA@mail.gmail.com>
	<B811A757-A7E2-42E9-8A7C-835AC37857C1@vmware.com>
Message-ID: <CAPbR-ptJW43pDNRo5HBMy+Y6NbxU=vN8jw41ZWAbytuVuevR3w@mail.gmail.com>

On Fri, Jul 28, 2017 at 12:52 PM, Darrell Ball <dball at vmware.com> wrote:

>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Thursday, July 27, 2017 at 8:10 PM
>
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
>
>
>
>
> On Fri, Jul 28, 2017 at 10:54 AM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Thursday, July 27, 2017 at 6:59 PM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
>
>
>
>
> On Fri, Jul 28, 2017 at 1:12 AM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Thursday, July 27, 2017 at 3:18 AM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
>
>
> Blow is the diagram (using OVS-DPDK):
>
>
>
> 1. For packets coming to vm1 from internet where could have MTU 1500,
> there could be including some fragmented packets,
>
>     how does the ALC/Security groups handle these fragmented packets? do
> nothing and pass it next which may pass the packets
>
>     should be dropped or any special handling?
>
>
>
> Lets assume the fragments get thru. the physical switch and/or firewall.
>
>
>
> Are you using DPDK in GW and using OVS kernel datapath in br-int where you
> apply ACL/Security groups policy ?
>
> All are using DPDK, the ACL/Security groups policy said is OVS-DPDK
> conntrack implementation.
>
> With the case that we should have dropped some packets by creating special
> security group rules, but now due to they are fragmented and get thru by
> default, this is not what is expected.
>
>
>
> I would check your configuration.
>
> The dpdk connection tracker marks fragments as ?invalid? today and your
> rules should drop ?invalid?.
>
> OK, thanks. here are the two scenarios we are discussing:
>
> 1.      For packets out from vms, use Jumbo Frame supported physical
> switches/routers within OpenStack cloud and enable it in all OVS-DPDK or do
> not allow application to send large frames.
>
>
>
> Try to use jumbo frames for performance reasons.
>
>
>
> On going out, if you get fragmentation done in HW at the physical
> switches, then
>
> 1)      If it could go back into one of your dpdk networks, then
> encourage using smaller packets
>
> 2)      If it goes somewhere else, then it does not matter, keep bigger
> packets
>
> Are you sure the physical switches do not support jumbo frames?
>
> Maybe it is just a config. change fix there.
>
>
>
Few physical switches in my lab probably just support max MTU 2000..

>
>
> 2. For packets coming from internet to OVS-DPDK, fragmented packets could
> be arrived, they are all dropped due to marks as 'invalid'.
>
>  With above analysis,  if these fragments are marked as 'invalid' and
> being dropped, the best way I can think about is to not use security group
> in OVS-DPDK if there could be fragments generated.
>
>
>
> If you already trust what gets to GW because you have a HW firewall, yes
>
> This assumes internally generated is always safe.
>
>
>
> Otherwise, you want to keep security groups and ?encourage? no fragments
> coming in, if you can
>
> ?Encourage? can be done by dropping and triggering checking why the
> fragments got generated in the first place
>
> Fragments may also indicate an exploit attempt, in which case, dropping is
> good.
>
Thanks Darrell, yep these are the solutions so far.

>
>
>
>
> Please correct me if I misunderstand anything.
>
>
>
> 2. For packets egress from vm1, if all internal physical switch support
> Jumbo Frame, that's fine, but if there are some physical swithes
>
>     just support 1500/2000 MTU, then fragmented packets generated again.
> The ACL/Security groups face problem as item 1 as well.
>
>
>
>
>
> For packets that reach the physical switches on the way out, then the
> decision how to handle them is at the physical switch/router
>
> The packets may be fragmented at this point; depending on the switch;
> there will be HW firewall policies to contend with, so depends.
>
>
>
> Here, again what I mean is the packets are fragmented by the physical
> switch/router, and they are switching/routing to a next node where has the
> OVS-DPDK set with security group, and OVS-DPDK may let them thru with
> ignoring the security group rules.
>
>
>
> Sorry, you lost me a bit here; in point ?2? above you said packets are
> going from vm1 to internet and are fine until they hit the physical switch
>
> Where you are assuming they are fragmented because the mtu is lower.
>
> If this is not going to the internet but rather another set of nodes
> running dpdk, then this is another variation of ?1? and hence we don?t
>
> need to discuss it.
>
>
>
>
>
> [image: ine image 1]
>
>
>
> On Thu, Jul 27, 2017 at 2:49 PM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *Hui Xiang <xianghuir at gmail.com>
> *Date: *Wednesday, July 26, 2017 at 9:43 PM
> *To: *Darrell Ball <dball at vmware.com>
> *Cc: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *Re: [ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
> Thanks Darrell, comment inline.
>
>
>
> On Thu, Jul 27, 2017 at 12:08 PM, Darrell Ball <dball at vmware.com> wrote:
>
>
>
>
>
> *From: *<ovs-discuss-bounces at openvswitch.org> on behalf of Hui Xiang <
> xianghuir at gmail.com>
> *Date: *Wednesday, July 26, 2017 at 7:47 PM
> *To: *"ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Subject: *[ovs-discuss] OVS-DPDK IP fragmentation require
>
>
>
> Hi guys,
>
>
>
>   Seems OVS-DPDK still missing IP fragmentation support, is there any
> schedule to have it?
>
> OVS 2.9
>
> I'm  transferring to use OVN, but for those nodes which have external
> network connection, they may face this problem,
>
> except to configure Jumbo frames, is there any other workaround?
>
>
>
> I am not clear on the situation however.
>
> You mention about configuring jumbo frames which means you can avoid the
> fragments by doing this ?
>
> No, I can't guarantee that, only can do it inside OpenStack, it is
> limited.
>
> If this is true, then this is the best way to proceed since performance
> will be better.
>
> What is wrong with jumbo frames ?
>
> It's good but it's limited can't be guaranteed, so I am asking is there
> any other way without IP fragmentation so far.
>
>
>
> It sounds like you want to avoid IP fragmentation; so far so good.
>
> I am not sure I understand the whole picture though.
>
> Maybe you can describe what you see ?; maybe a simple diagram would help ?
>
>
>
>
>
> BR.
>
> Hui.
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/e3a8a561/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 70201 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/e3a8a561/attachment-0001.png>

From mw7301 at hotmail.com  Fri Jul 28 11:44:22 2017
From: mw7301 at hotmail.com (Michael Williams)
Date: Fri, 28 Jul 2017 11:44:22 +0000
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <CAKCC41On9c0K=qQdd75sh06-AXhqdMqZhondjoz114LjNxHiqw@mail.gmail.com>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<20170727165732.GF6175@ovn.org>
	<BLUPR11MB07543F01E2DEE9674D016E51D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<CAE3xvfbC_Q0SbPdcJbF6dmL6vLEXfX+2biOHULO9P87FK5usBg@mail.gmail.com>
	<BLUPR11MB07546F9C2E484E47B7AF9BA7D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>,
	<CAKCC41On9c0K=qQdd75sh06-AXhqdMqZhondjoz114LjNxHiqw@mail.gmail.com>
Message-ID: <BLUPR11MB0754AC097972D75A781C93BED0BF0@BLUPR11MB0754.namprd11.prod.outlook.com>

Someone just reminded me that just because you add OpenvSwitch to a Wifi access point does not make it a SDN device. What you've really created is a hybrid device where where OvS  may control part of it but other facilities control other parts of it.When I was thinking about this problem last night obviously the wireless devices were not going thru the datapath of OvS so there was no way that it was going to be able manage that traffic.


If the router supports it, a solution to the problem is to enable wireless isolation within OpenWRT. Hybrid device, hybrid solution. Thanks for the help.


________________________________
From: Blue Lang <blue at veracity.io>
Sent: Thursday, July 27, 2017 2:40 PM
To: Michael Williams
Cc: Joo Yong-Seok; ovs-discuss at openvswitch.org
Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports

You'd need to get your wifi NIC or WAP to act as a transparent bridge so the end devices appear as multiple MACs on the WLAN0 interface. Then you can use (should be able to?) use OF write actions to control the traffic flow on the wifi guests.

There are quite a few hits on google covering very similar situations to the one you're asking about here.

Thanks,

On Thu, Jul 27, 2017 at 1:59 PM, Michael Williams <mw7301 at hotmail.com<mailto:mw7301 at hotmail.com>> wrote:

When I WiFi interface I mean WLAN0 and in this particular box we have WLAN0 for the 5 GHz radio.


When you add it to OvS you are just adding it as an individual port to the bridge. But if you have for example 4 computers connect wirelessly its like they are all connecting via that single port unlike if you plugged in 4 computers via the wired ports where each computer would plug into a single individual port.


My problem is I want to be able to control the traffic between the wireless devices using OvS in the same way that I can control the traffic between the wired devices.


When you said added multiple wifi interfaces do you mean that you have multiple radios? Because we only have two and are only using one.


________________________________
From: Joo Yong-Seok <joo.yongseok at gmail.com<mailto:joo.yongseok at gmail.com>>
Sent: Thursday, July 27, 2017 1:33 PM
To: Michael Williams
Cc: Ben Pfaff; ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>

Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports

When you say, "wifi interface", do you mean wlan interface (which is VAP) at AP? or low-level wifi interface?
I don't know rate-limit since I've never tried but it works well for regular OVS rules.

- Drop everything
- Allow ARP
- Allow DHCP
- Allow DNS

I applied the rule in one of ovs bridge and added multiple wifi interface over GRE tunnel.

At least, I've tried this on top of Linux kernel 4.4 / OVS 2.6 - OPENWRT package.

Best regards,

On Thu, Jul 27, 2017 at 10:28 AM, Michael Williams <mw7301 at hotmail.com<mailto:mw7301 at hotmail.com>> wrote:

Hi Ben,


I don't think I explained it properly. Between the wired ports we can apply Openflow rules to limit traffic between computers connected via those wired ports, and that works with standard OvS. On the wireless WiFi side I would like to be able do the same thing and to limit the traffic between WiFi connected devices.


Since WiFi only has one interface and not multiple individual ports like the wired stuff, my rules for dropping traffic between ports won't work. So I was wondering if there was someway with OvS to limit or stop traffic between WiFi connected computers?



________________________________
From: Ben Pfaff <blp at ovn.org<mailto:blp at ovn.org>>
Sent: Thursday, July 27, 2017 12:57 PM
To: Michael Williams
Cc: ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>
Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports

On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
> We have OvS running on a wireless router with 4 wired Ethernet
> ports. We can apply rules on the wired ports but when we try to apply
> rules on the wireless port the rules don't work between multiple
> wireless devices. Is there a way within OvS to treat the wireless
> interface like multiple virtual ports so that when a wireless device
> connects we can apply rules to govern behavior between the wireless
> devices like we can with the wired devices?

OVS doesn't distinguish between different kinds of ports, so the
restrictions you're describing don't make sense; OVS doesn't work that
way.  You might be using a vendor's modified version of OVS.  If so,
then you should ask the vendor for assistance.

_______________________________________________
discuss mailing list
discuss at openvswitch.org<mailto:discuss at openvswitch.org>
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss



_______________________________________________
discuss mailing list
discuss at openvswitch.org<mailto:discuss at openvswitch.org>
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss




--
Blue Lang
PM | Veracity

3423 Piedmont Rd NE

Suite 350

Atlanta, GA  30305

Cell:  (770) 265-1381<tel:+17702651381>
https://www.linkedin.com/in/bluelang/
blue at veracity.io<mailto:blue at veracity.io>
www.veracity.io<http://www.veracity.io>
[cid:7F6FF7CF-4327-4C3B-BD13-9C258997225D]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/18b09155/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: Veracity-horizontal-logo-tiny_sig.png
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/18b09155/attachment-0001.png>

From mw7301 at hotmail.com  Fri Jul 28 11:55:12 2017
From: mw7301 at hotmail.com (Michael Williams)
Date: Fri, 28 Jul 2017 11:55:12 +0000
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <CAKCC41On9c0K=qQdd75sh06-AXhqdMqZhondjoz114LjNxHiqw@mail.gmail.com>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<20170727165732.GF6175@ovn.org>
	<BLUPR11MB07543F01E2DEE9674D016E51D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<CAE3xvfbC_Q0SbPdcJbF6dmL6vLEXfX+2biOHULO9P87FK5usBg@mail.gmail.com>
	<BLUPR11MB07546F9C2E484E47B7AF9BA7D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>,
	<CAKCC41On9c0K=qQdd75sh06-AXhqdMqZhondjoz114LjNxHiqw@mail.gmail.com>
Message-ID: <BLUPR11MB075411BBA0CED7EA8965EDCAD0BF0@BLUPR11MB0754.namprd11.prod.outlook.com>

Solution I used credited here;

https://wiki.helsinki.fi/display/WiFiSDN/Software-Defined+Wi-Fi+Networks+with+Wireless+Isolation




________________________________
From: Blue Lang <blue at veracity.io>
Sent: Thursday, July 27, 2017 2:40 PM
To: Michael Williams
Cc: Joo Yong-Seok; ovs-discuss at openvswitch.org
Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports

You'd need to get your wifi NIC or WAP to act as a transparent bridge so the end devices appear as multiple MACs on the WLAN0 interface. Then you can use (should be able to?) use OF write actions to control the traffic flow on the wifi guests.

There are quite a few hits on google covering very similar situations to the one you're asking about here.

Thanks,

On Thu, Jul 27, 2017 at 1:59 PM, Michael Williams <mw7301 at hotmail.com<mailto:mw7301 at hotmail.com>> wrote:

When I WiFi interface I mean WLAN0 and in this particular box we have WLAN0 for the 5 GHz radio.


When you add it to OvS you are just adding it as an individual port to the bridge. But if you have for example 4 computers connect wirelessly its like they are all connecting via that single port unlike if you plugged in 4 computers via the wired ports where each computer would plug into a single individual port.


My problem is I want to be able to control the traffic between the wireless devices using OvS in the same way that I can control the traffic between the wired devices.


When you said added multiple wifi interfaces do you mean that you have multiple radios? Because we only have two and are only using one.


________________________________
From: Joo Yong-Seok <joo.yongseok at gmail.com<mailto:joo.yongseok at gmail.com>>
Sent: Thursday, July 27, 2017 1:33 PM
To: Michael Williams
Cc: Ben Pfaff; ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>

Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports

When you say, "wifi interface", do you mean wlan interface (which is VAP) at AP? or low-level wifi interface?
I don't know rate-limit since I've never tried but it works well for regular OVS rules.

- Drop everything
- Allow ARP
- Allow DHCP
- Allow DNS

I applied the rule in one of ovs bridge and added multiple wifi interface over GRE tunnel.

At least, I've tried this on top of Linux kernel 4.4 / OVS 2.6 - OPENWRT package.

Best regards,

On Thu, Jul 27, 2017 at 10:28 AM, Michael Williams <mw7301 at hotmail.com<mailto:mw7301 at hotmail.com>> wrote:

Hi Ben,


I don't think I explained it properly. Between the wired ports we can apply Openflow rules to limit traffic between computers connected via those wired ports, and that works with standard OvS. On the wireless WiFi side I would like to be able do the same thing and to limit the traffic between WiFi connected devices.


Since WiFi only has one interface and not multiple individual ports like the wired stuff, my rules for dropping traffic between ports won't work. So I was wondering if there was someway with OvS to limit or stop traffic between WiFi connected computers?



________________________________
From: Ben Pfaff <blp at ovn.org<mailto:blp at ovn.org>>
Sent: Thursday, July 27, 2017 12:57 PM
To: Michael Williams
Cc: ovs-discuss at openvswitch.org<mailto:ovs-discuss at openvswitch.org>
Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports

On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
> We have OvS running on a wireless router with 4 wired Ethernet
> ports. We can apply rules on the wired ports but when we try to apply
> rules on the wireless port the rules don't work between multiple
> wireless devices. Is there a way within OvS to treat the wireless
> interface like multiple virtual ports so that when a wireless device
> connects we can apply rules to govern behavior between the wireless
> devices like we can with the wired devices?

OVS doesn't distinguish between different kinds of ports, so the
restrictions you're describing don't make sense; OVS doesn't work that
way.  You might be using a vendor's modified version of OVS.  If so,
then you should ask the vendor for assistance.

_______________________________________________
discuss mailing list
discuss at openvswitch.org<mailto:discuss at openvswitch.org>
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss



_______________________________________________
discuss mailing list
discuss at openvswitch.org<mailto:discuss at openvswitch.org>
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss




--
Blue Lang
PM | Veracity

3423 Piedmont Rd NE

Suite 350

Atlanta, GA  30305

Cell:  (770) 265-1381<tel:+17702651381>
https://www.linkedin.com/in/bluelang/
blue at veracity.io<mailto:blue at veracity.io>
www.veracity.io<http://www.veracity.io>
[cid:7F6FF7CF-4327-4C3B-BD13-9C258997225D]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/d663edd0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Veracity-horizontal-logo-tiny_sig.png
Type: image/png
Size: 5372 bytes
Desc: Veracity-horizontal-logo-tiny_sig.png
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/d663edd0/attachment-0001.png>

From ray at oneunified.net  Fri Jul 28 11:59:21 2017
From: ray at oneunified.net (Raymond Burkholder)
Date: Fri, 28 Jul 2017 08:59:21 -0300
Subject: [ovs-discuss] Multiple Virtual Wireless Ports
In-Reply-To: <BLUPR11MB0754AC097972D75A781C93BED0BF0@BLUPR11MB0754.namprd11.prod.outlook.com>
References: <BLUPR11MB0754AF961E8E3E9086DD456ED0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<20170727165732.GF6175@ovn.org>
	<BLUPR11MB07543F01E2DEE9674D016E51D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<CAE3xvfbC_Q0SbPdcJbF6dmL6vLEXfX+2biOHULO9P87FK5usBg@mail.gmail.com>
	<BLUPR11MB07546F9C2E484E47B7AF9BA7D0BE0@BLUPR11MB0754.namprd11.prod.outlook.com>
	<CAKCC41On9c0K=qQdd75sh06-AXhqdMqZhondjoz114LjNxHiqw@mail.gmail.com>
	<BLUPR11MB0754AC097972D75A781C93BED0BF0@BLUPR11MB0754.namprd11.prod.outlook.com>
Message-ID: <98ADFC7F-50D6-4AE1-9237-26F954A2D582@oneunified.net>

See below...

On 28 Jul 2017, at 08:44, Michael Williams <mw7301 at hotmail.com> wrote:
> 
> Someone just reminded me that just because you add OpenvSwitch to a Wifi access point does not make it a SDN device. What you've really created is a hybrid device where where OvS  may control part of it but other facilities control other parts of it.When I was thinking about this problem last night obviously the wireless devices were not going thru the datapath of OvS so there was no way that it was going to be able manage that traffic.  
> 

Maybe I can supply a slightly different meaning for use with OVS.  I wrote a blog entry regarding integrating wireless and OVS:

http://blog.raymond.burkholder.net/index.php?/archives/762-Using-Quilt-to-Patch-a-Debian-Package-hostapd.html

So, in a nutshell, hostapd can handle the authentication and related wireless protocols.  The traffic is then handed off to the OVS bridge.  Using openvswitch-switch or by using open flow or by using ovs-ofctl or related commands, traffic can then be managed in whatever mechanism you would like.

I haven?t tested it yet, but Michael Williams has just sent a link, and I believe the mechanism behind that link is that traffic from a wireless client will have to come in on the wireless link, hit the OVS bridge, where it can be manipulated by rules, and then will be transmitted back out the wireless link to another client (if the rules are built to allow that).  

Bottom line, client to client traffic doesn?t bypass the wireless network interface, it has to come to the interface, be processed then transmitted back out.

So I think you can get the control you desire.


> If the router supports it, a solution to the problem is to enable wireless isolation within OpenWRT. Hybrid device, hybrid solution. Thanks for the help.
> 
> 
> From: Blue Lang <blue at veracity.io <mailto:blue at veracity.io>>
> Sent: Thursday, July 27, 2017 2:40 PM
> To: Michael Williams
> Cc: Joo Yong-Seok; ovs-discuss at openvswitch.org <mailto:ovs-discuss at openvswitch.org>
> Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports
>  
> You'd need to get your wifi NIC or WAP to act as a transparent bridge so the end devices appear as multiple MACs on the WLAN0 interface. Then you can use (should be able to?) use OF write actions to control the traffic flow on the wifi guests.
> 
> There are quite a few hits on google covering very similar situations to the one you're asking about here.
> 
> Thanks,
> 
> On Thu, Jul 27, 2017 at 1:59 PM, Michael Williams <mw7301 at hotmail.com <mailto:mw7301 at hotmail.com>> wrote:
> When I WiFi interface I mean WLAN0 and in this particular box we have WLAN0 for the 5 GHz radio.  
> 
> When you add it to OvS you are just adding it as an individual port to the bridge. But if you have for example 4 computers connect wirelessly its like they are all connecting via that single port unlike if you plugged in 4 computers via the wired ports where each computer would plug into a single individual port. 
> 
> My problem is I want to be able to control the traffic between the wireless devices using OvS in the same way that I can control the traffic between the wired devices. 
> 
> When you said added multiple wifi interfaces do you mean that you have multiple radios? Because we only have two and are only using one.
> 
> 
> From: Joo Yong-Seok <joo.yongseok at gmail.com <mailto:joo.yongseok at gmail.com>>
> Sent: Thursday, July 27, 2017 1:33 PM
> To: Michael Williams
> Cc: Ben Pfaff; ovs-discuss at openvswitch.org <mailto:ovs-discuss at openvswitch.org>
> 
> Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports
>  
> When you say, "wifi interface", do you mean wlan interface (which is VAP) at AP? or low-level wifi interface?
> I don't know rate-limit since I've never tried but it works well for regular OVS rules.
> 
> - Drop everything
> - Allow ARP
> - Allow DHCP
> - Allow DNS
> 
> I applied the rule in one of ovs bridge and added multiple wifi interface over GRE tunnel.
> 
> At least, I've tried this on top of Linux kernel 4.4 / OVS 2.6 - OPENWRT package.
> 
> Best regards,
> 
> On Thu, Jul 27, 2017 at 10:28 AM, Michael Williams <mw7301 at hotmail.com <mailto:mw7301 at hotmail.com>> wrote:
> Hi Ben,
> 
> I don't think I explained it properly. Between the wired ports we can apply Openflow rules to limit traffic between computers connected via those wired ports, and that works with standard OvS. On the wireless WiFi side I would like to be able do the same thing and to limit the traffic between WiFi connected devices. 
> 
> Since WiFi only has one interface and not multiple individual ports like the wired stuff, my rules for dropping traffic between ports won't work. So I was wondering if there was someway with OvS to limit or stop traffic between WiFi connected computers? 
> 
> 
> 
> From: Ben Pfaff <blp at ovn.org <mailto:blp at ovn.org>>
> Sent: Thursday, July 27, 2017 12:57 PM
> To: Michael Williams
> Cc: ovs-discuss at openvswitch.org <mailto:ovs-discuss at openvswitch.org>
> Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports
>  
> On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
> > We have OvS running on a wireless router with 4 wired Ethernet
> > ports. We can apply rules on the wired ports but when we try to apply
> > rules on the wireless port the rules don't work between multiple
> > wireless devices. Is there a way within OvS to treat the wireless
> > interface like multiple virtual ports so that when a wireless device
> > connects we can apply rules to govern behavior between the wireless
> > devices like we can with the wired devices?
> 
> OVS doesn't distinguish between different kinds of ports, so the
> restrictions you're describing don't make sense; OVS doesn't work that
> way.  You might be using a vendor's modified version of OVS.  If so,
> then you should ask the vendor for assistance.
> 
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org <mailto:discuss at openvswitch.org>
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss <https://mail.openvswitch.org/mailman/listinfo/ovs-discuss>
> 
> 
> 
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org <mailto:discuss at openvswitch.org>
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss <https://mail.openvswitch.org/mailman/listinfo/ovs-discuss>
> 
> 
> 
> 
> -- 
> Blue Lang
> PM | Veracity 
> 3423 Piedmont Rd NE
> Suite 350
> Atlanta, GA  30305
> Cell:  (770) 265-1381 <tel:+17702651381>
> https://www.linkedin.com/in/bluelang/
>  <https://www.linkedin.com/in/bluelang/>
> blue at veracity.io <mailto:blue at veracity.io>
> www.veracity.io <http://www.veracity.io/>
> <Veracity-horizontal-logo-tiny_sig.png>
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content by MailScanner <http://www.mailscanner.info/>, and is 
> believed to be clean. _______________________________________________
> discuss mailing list
> discuss at openvswitch.org <mailto:discuss at openvswitch.org>
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss <https://mail.openvswitch.org/mailman/listinfo/ovs-discuss>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170728/13657a81/attachment-0001.html>

From shaw.leon at gmail.com  Sun Jul 30 06:30:59 2017
From: shaw.leon at gmail.com (Xiao Liang)
Date: Sun, 30 Jul 2017 14:30:59 +0800
Subject: [ovs-discuss] Using libopenvswitch in C++
Message-ID: <CABAhCOQqE0_sh6trBWjeH0Xanu4epfTc3eSJ-7PQUyawKGpnVw@mail.gmail.com>

Hi,

I've encountered some problems building a controller with
libopenvswitch in C++. Although they can be solved by some hacks, I
want to know if OVS is meant to be used in such case.

1. In include/openvswitch, some headers are wrapped with 'extern "C"'
(e.g. ofpbuf.h), while some are not (e.g. ofp-util.h).
2. The identifier "public" in "struct ofputil_packet_in_private"
conflicts with C++ keyword. Not sure if there're others.
3. Private and public declarations (like the
ofputil_packet_in_private) could be separated to different files. Also
some more APIs (like rconn) could be extracted from lib directory?

Thanks,
Xiao

From roid at mellanox.com  Sun Jul 30 10:03:51 2017
From: roid at mellanox.com (Roi Dayan)
Date: Sun, 30 Jul 2017 10:03:51 +0000
Subject: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4
 cards
In-Reply-To: <CAMHvpbOKEb7u=xd203x9QdDqQwS_KokY+BMQJ3GcwRy5uwWuxQ@mail.gmail.com>
References: <CAMHvpbOedpsZGppruLkky4igQchRxEn__OQaZaxMTZyf4xy2mw@mail.gmail.com>
	<59b67ab6-46e8-b5aa-ddce-01296a318e60@mellanox.com>
	<CAMHvpbNoBp6wYozJj=DfNp=PYUVGwus_oSZDUR39XNSG6Ka95A@mail.gmail.com>
	<CAMHvpbN4v_qP+H4BzmHgkWvPNsheRzEChQ61f++SU8YO5fpGxg@mail.gmail.com>
	<57cf824f-040d-2dd4-100d-71c3c1121c25@mellanox.com>
	<CAMHvpbN+EN4nHgjdi4ETHfR11J4Re9cdL9hzmjV1cSU9xjH56A@mail.gmail.com>
	<51c3d412-536c-587b-4da4-d3c9137063fa@mellanox.com>
	<CAMHvpbOBKgy34x_xFHkSbaahw_pa3S8wym7Ai=BkpUuyziD=tg@mail.gmail.com>
	<CAMHvpbOKEb7u=xd203x9QdDqQwS_KokY+BMQJ3GcwRy5uwWuxQ@mail.gmail.com>
Message-ID: <HE1PR0501MB22529F3FE51333EEA79AB755B5BD0@HE1PR0501MB2252.eurprd05.prod.outlook.com>

Thanks for the info.



From: Sugu Deepthy [mailto:deepthysugesh at gmail.com]
Sent: Thursday, July 27, 2017 12:58 PM
To: Roi Dayan <roid at mellanox.com>
Cc: ovs-discuss at openvswitch.org
Subject: Re: [ovs-discuss] Issue with offloading OVS flows into Mellanox-4 cards


Hi Roi,
Thank you for the help,
Upgraded the firmware to 14.20 and used latest kernel(4.10) in VM.
Now its working correctly. I can forward packets between VM and physical ports in the NIC. The oflloaded flows are showing in the OVS.

Few suggestions while preparing the installation document for hardware offload.
1) Must need to provide minimum kernel version to use this feature.
2) The default MLNX firmware is not supporting the hardware offload for some reason. Must specify what version of firmware and supported NICs
3) Even though I use the ethernet NIC, I have to install the IB verbs src in the VM for attaching the VF to the DPDK. Not sure why this is a prerequisite

Once again thank for the suggestions to make it working. :)

On Mon, Jul 24, 2017 at 9:05 AM, Sugu Deepthy <deepthysugesh at gmail.com<mailto:deepthysugesh at gmail.com>> wrote:


On Mon, Jul 24, 2017 at 5:46 AM, Roi Dayan <roid at mellanox.com<mailto:roid at mellanox.com>> wrote:
<snip..>


[Sugu] I upgraded the system and now I dont see this error anymore.
Instead I see this

[ 1103.216355] mlx5_3:wait_for_async_commands:722:(pid 3097): done with
all pending requests
[ 1115.954770] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
state(0x4), syndrome (0x368b01)
[ 1115.954902] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid 3477):
QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
state(0x4), syndrome (0x368b01)

I am getting this error back to back for every command(2 entry for each
command as I have 2 VFs, may be?)
starting from unbind, devlink, ethtool and starting the VM.
And inside the VM the VFs are not bound to any driver either. Is there
any wrong with the NIC?


looks like the syndrome you get is caused by querying a counter while
the HCA is not yes configured properly.
can you verify you are using the latest firmware?
can you verify the steps you do? did you enable sriov and moved to
switchdev mode?
[Sugu] Ok. SR-IOV is enabled on the board. and the device is moved to
switchdev mode though it throws the error that shown above.

The firmware version of the card is
# ethtool -i ens786f0
driver: mlx5_core
version: 3.0-1 (January 2015)
firmware-version: 14.17.2032
expansion-rom-version:
bus-info: 0000:07:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: yes

Do you think this version firmware cannot support the offload??
Will try to install the latest firmware and keep you posted.







        I verfied that the ports named eth1, eth2, eth3 and et4 are
        created for
        my vfs, when
        I ran the commands 'devlink dev eswitch set pci/0000:07:00.0 mode
        switchdev' and
        'devlink dev eswitch set pci/0000:07:00.1 mode switchdev'

        The detailed error in dmesg are given below,
        [ 1245.941287] mlx5_core 0000:07:00.0: mlx5_cmd_check:697:(pid
        3107):
        QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
        state(0x4), syndrome (0x368b01)
        [ 1245.941478] mlx5_core 0000:07:00.1: mlx5_cmd_check:697:(pid
        3107):
        QUERY_VPORT_COUNTER(0x770) op_mod(0x0) failed, status bad system
        state(0x4), syndrome (0x368b01)

        Please note I couldn't run the "inline-mode transport" command
        as its
        not supported.


    maybe you need newer iproute package. try to install latest upstream.

[Sugu]
I am using latest Ubuntu release


No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu Artful Aardvark (development branch)
Release:        17.10
Codename:       artful

and my kernel is
4.11.0-10-generic #15-Ubuntu SMP Thu Jun 29 15:03:41 UTC 2017 x86_64
x86_64 x86_64 GNU/Linux

And still it need to install the newer iproute package additonally? Is
that the requirement to use the hardware offload in OVS?
And my iproute version is
ip -V
ip utility, iproute2-ss161212
Can you share which version of iproute you use for the testing?

I'm using latest upstream. I'm not sure if all needed patches are in
Ubuntu distro.
my versions looks like this: ip utility, iproute2-ss170501

if you have devlink and you can change mode to switchdev without an
error then it's ok to start going.
[Sugu] Ok. Thank you for confirming.






                We still need to work on docs for this feature but for now I
                documented it a little here:
                https://github.com/roidayan/ovs/wiki<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Croid%40mellanox.com%7C4754115f3a0741791a3708d4d4d5ecf4%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636367462643441348&sdata=SeTNJhrB9BJqE0FSSRqzH%2F%2BKYOnknLIzcP3tb5coUnI%3D&reserved=0>
        <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Croid%40mellanox.com%7C2bbfa311e8124ec5ded508d4d212e423%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636364425969048836&sdata=C1Hc08dwe3cjYKIgUyNeCbHI%2FnuZlITuPhPpdyZYyME%3D&reserved=0>

        <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Croid%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668&sdata=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0
        <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Froidayan%2Fovs%2Fwiki&data=02%7C01%7Croid%40mellanox.com%7C56f73b8b334b4413dd3608d4c84feee7%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636353693008610668&sdata=3orv%2FK9Diwoj5pMQAuBmRHF5QRuxNlwmZgOa3f1AaTE%3D&reserved=0>>

            As suggested in the wiki,



                Thanks,
                Roi




                    _______________________________________________
                    discuss mailing list
                    discuss at openvswitch.org<mailto:discuss at openvswitch.org>
        <mailto:discuss at openvswitch.org<mailto:discuss at openvswitch.org>> <mailto:discuss at openvswitch.org<mailto:discuss at openvswitch.org>
        <mailto:discuss at openvswitch.org<mailto:discuss at openvswitch.org>>>

        https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0
        <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0>

        <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0
        <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-discuss&data=02%7C01%7Croid%40mellanox.com%7Cb226a368b9814cdc87ce08d4c5530730%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636350407766292115&sdata=9mMWoehygP7%2BmftGsOuyynyaHnYx%2FKQzka7gedr1%2FUE%3D&reserved=0>>





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170730/376ea01d/attachment-0001.html>

From ben at skyportsystems.com  Sun Jul 30 15:33:41 2017
From: ben at skyportsystems.com (Ben Warren)
Date: Sun, 30 Jul 2017 08:33:41 -0700
Subject: [ovs-discuss] Using libopenvswitch in C++
In-Reply-To: <CABAhCOQqE0_sh6trBWjeH0Xanu4epfTc3eSJ-7PQUyawKGpnVw@mail.gmail.com>
References: <CABAhCOQqE0_sh6trBWjeH0Xanu4epfTc3eSJ-7PQUyawKGpnVw@mail.gmail.com>
Message-ID: <1EC2A8FD-2673-408C-BE74-37CD075835AC@skyportsystems.com>

Hello Xiao,

> On Jul 29, 2017, at 11:30 PM, Xiao Liang <shaw.leon at gmail.com> wrote:
> 
> Hi,
> 
> I've encountered some problems building a controller with
> libopenvswitch in C++. Although they can be solved by some hacks, I
> want to know if OVS is meant to be used in such case.
> 
I don?t think there are very many consumers of libopenvswitch.  It was only added a year and a half ago, and is rarely mentioned in discussions.  The exportability of OVS is definitely geared towards C (and, in my case golang), so it?s more likely the case that people simply weren?t thinking about C++ at the time.
> 1. In include/openvswitch, some headers are wrapped with 'extern "C"'
> (e.g. ofpbuf.h), while some are not (e.g. ofp-util.h).
> 2. The identifier "public" in "struct ofputil_packet_in_private"
> conflicts with C++ keyword. Not sure if there're others.
> 3. Private and public declarations (like the
> ofputil_packet_in_private) could be separated to different files. Also
> some more APIs (like rconn) could be extracted from lib directory?
> 
I expect that the maintainers would accept patches to make the code more C++ friendly, as long as you don?t break the C/golang support.  I can test the latter.
> Thanks,
> Xiao
> 

regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3866 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170730/28690be0/attachment.p7s>

From blp at ovn.org  Mon Jul 31 02:56:00 2017
From: blp at ovn.org (Ben Pfaff)
Date: Sun, 30 Jul 2017 19:56:00 -0700
Subject: [ovs-discuss] Using libopenvswitch in C++
In-Reply-To: <1EC2A8FD-2673-408C-BE74-37CD075835AC@skyportsystems.com>
References: <CABAhCOQqE0_sh6trBWjeH0Xanu4epfTc3eSJ-7PQUyawKGpnVw@mail.gmail.com>
	<1EC2A8FD-2673-408C-BE74-37CD075835AC@skyportsystems.com>
Message-ID: <20170731025600.GA6175@ovn.org>

On Sun, Jul 30, 2017 at 08:33:41AM -0700, Ben Warren via discuss wrote:
> Hello Xiao,
> 
> > On Jul 29, 2017, at 11:30 PM, Xiao Liang <shaw.leon at gmail.com> wrote:
> > 
> > Hi,
> > 
> > I've encountered some problems building a controller with
> > libopenvswitch in C++. Although they can be solved by some hacks, I
> > want to know if OVS is meant to be used in such case.
> > 
> I don?t think there are very many consumers of libopenvswitch.  It was only added a year and a half ago, and is rarely mentioned in discussions.  The exportability of OVS is definitely geared towards C (and, in my case golang), so it?s more likely the case that people simply weren?t thinking about C++ at the time.
> > 1. In include/openvswitch, some headers are wrapped with 'extern "C"'
> > (e.g. ofpbuf.h), while some are not (e.g. ofp-util.h).
> > 2. The identifier "public" in "struct ofputil_packet_in_private"
> > conflicts with C++ keyword. Not sure if there're others.
> > 3. Private and public declarations (like the
> > ofputil_packet_in_private) could be separated to different files. Also
> > some more APIs (like rconn) could be extracted from lib directory?
> > 
> I expect that the maintainers would accept patches to make the code more C++ friendly, as long as you don?t break the C/golang support.  I can test the latter.

I think that Open vSwitch can do better here.

I sent out a series, would you mind taking a look?  It starts here:
        https://mail.openvswitch.org/pipermail/ovs-dev/2017-July/336426.html

From ziemowit at pierzycki.com  Mon Jul 31 16:01:28 2017
From: ziemowit at pierzycki.com (Ziemowit Pierzycki)
Date: Mon, 31 Jul 2017 11:01:28 -0500
Subject: [ovs-discuss] Fedora 25+ with OVS kernel trainted?
Message-ID: <CAOiTGHkGE8X0aghXWDg54CexbkZ8oGWHXjUDWbWQUe8MvAb82g@mail.gmail.com>

Hi,

I have a hypervisor with Fedora 25 on a few machines and ever since
upgrading I started getting occasional messages:

[321428.168903] WARNING: CPU: 0 PID: 2279 at net/core/dev.c:2562
skb_warn_bad_offload+0xc4/0x110
[321428.168906] san0: caps=(0x000004009fbb58e9, 0x0000000000000000)
len=6769 data_len=6727 gso_size=1480 gso_type=2 ip_summed=0
[321428.168906] Modules linked in: vhost_net vhost tap tun
ebtable_filter ebtables ip6table_filter ip6_tables nfsv3 nfs_acl nfs
lockd grace fscache fuse cfg80211 openvswitch rfkill nf_conntrack_ipv6
nf_nat_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4
nf_defrag_ipv6 nf_nat nf_conntrack intel_rapl sb_edac edac_core
x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass
crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate
iTCO_wdt ipmi_ssif iTCO_vendor_support intel_uncore mei_me ipmi_si
intel_rapl_perf raid10 joydev i2c_i801 mei lpc_ich ioatdma shpchp wmi
ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad tpm_tis
tpm_tis_core tpm auth_rpcgss sunrpc xfs libcrc32c ast i2c_algo_bit
raid1 drm_kms_helper ixgbe ttm drm crc32c_intel mdio ptp pps_core dca
[321428.168955] CPU: 0 PID: 2279 Comm: ruby-mri Tainted: G        W
   4.11.12-200.fc25.x86_64 #1
[321428.168956] Hardware name: Supermicro SYS-1028U-TNRTP+/X10DRU-i+,
BIOS 1.1 07/22/2015
[321428.168957] Call Trace:
[321428.168962]  dump_stack+0x63/0x86
[321428.168965]  __warn+0xcb/0xf0
[321428.168966]  warn_slowpath_fmt+0x5a/0x80
[321428.168968]  skb_warn_bad_offload+0xc4/0x110
[321428.168970]  __skb_gso_segment+0x190/0x1a0
[321428.168977]  queue_gso_packets+0x62/0x160 [openvswitch]
[321428.168979]  ? wait_for_completion+0x39/0x180
[321428.168982]  ? stop_one_cpu+0x81/0xb0
[321428.168984]  ? sched_ttwu_pending+0xd0/0xd0
[321428.168987]  ? __skb_flow_dissect+0xcc6/0xfb0
[321428.168989]  ? __skb_get_hash+0x8f/0x300
[321428.168992]  ovs_dp_upcall+0x31/0x60 [openvswitch]
[321428.168994]  ovs_dp_process_packet+0x10d/0x130 [openvswitch]
[321428.168997]  ovs_vport_receive+0x76/0xd0 [openvswitch]
[321428.168999]  ? wait_for_completion+0x39/0x180
[321428.169001]  ? ___slab_alloc+0x2ac/0x570
[321428.169003]  ? __alloc_skb+0x87/0x1c0
[321428.169005]  ? stop_one_cpu+0x81/0xb0
[321428.169006]  ? sched_ttwu_pending+0xd0/0xd0
[321428.169007]  ? set_next_entity+0xd9/0x220
[321428.169009]  ? __slab_alloc+0x20/0x40
[321428.169010]  ? __alloc_skb+0x9b/0x1c0
[321428.169013]  internal_dev_xmit+0x28/0x60 [openvswitch]
[321428.169014]  dev_hard_start_xmit+0xa3/0x1f0
[321428.169016]  __dev_queue_xmit+0x592/0x650
[321428.169025]  ? udp_packet+0x50/0xa0 [nf_conntrack]
[321428.169026]  dev_queue_xmit+0x10/0x20
[321428.169029]  ip_finish_output2+0x2a9/0x3a0
[321428.169030]  ip_finish_output+0x1c7/0x270
[321428.169032]  ? ip_finish_output+0x1c7/0x270
[321428.169033]  ip_output+0x76/0xe0
[321428.169035]  ? ip_fragment.constprop.49+0x80/0x80
[321428.169037]  ip_local_out+0x35/0x40
[321428.169038]  ip_send_skb+0x19/0x40
[321428.169040]  udp_send_skb+0x99/0x260
[321428.169042]  udp_sendmsg+0x368/0xa10
[321428.169043]  ? ip_reply_glue_bits+0x50/0x50
[321428.169047]  ? __check_object_size+0x100/0x19d
[321428.169048]  inet_sendmsg+0x31/0xb0
[321428.169050]  sock_sendmsg+0x38/0x50
[321428.169051]  SYSC_sendto+0x101/0x190
[321428.169060]  ? handle_mm_fault+0xd3/0x240
[321428.169062]  ? __do_page_fault+0x266/0x4e0
[321428.169064]  SyS_sendto+0xe/0x10
[321428.169066]  entry_SYSCALL_64_fastpath+0x1a/0xa9
[321428.169067] RIP: 0033:0x7fd138484b23
[321428.169068] RSP: 002b:00007ffd8cabc8d0 EFLAGS: 00000293 ORIG_RAX:
000000000000002c
[321428.169070] RAX: ffffffffffffffda RBX: 00007fd137d2bae0 RCX:
00007fd138484b23
[321428.169070] RDX: 0000000000001a47 RSI: 000000b0ea9c36a0 RDI:
0000000000000007
[321428.169071] RBP: 00007fd137d2bae0 R08: 000000b0e91370e0 R09:
0000000000000010
[321428.169072] R10: 0000000000000000 R11: 0000000000000293 R12:
0000000000000020
[321428.169072] R13: 0000000000000002 R14: 000000b0e91370d0 R15:
0000000000000000
[321428.169074] ---[ end trace 355a022d9ee054ce ]---

I noticed it's happening with Fedora 26 too.  I'm using kernel
4.11.12-200.fc25.x86_64 in this particular example.   I'm using OVS
2.5.0-4.  Am I supposed to turn off GSO everywhere?  I thought it was
supposed to automatic.  Thanks,

Ziemowit

From shivaram.mysore at gmail.com  Mon Jul 31 20:09:07 2017
From: shivaram.mysore at gmail.com (Shivaram Mysore)
Date: Mon, 31 Jul 2017 13:09:07 -0700
Subject: [ovs-discuss] using FQDN for Controller name
Message-ID: <CAJRY+jqcXEQY=wKeozKXX4kMuRN0B=V4RbDRbWcLYA=FPY8_bw@mail.gmail.com>

Hello,

I am trying to use FQDN for controller name - example:

# ovs-vsctl set-controller ovs-br0 ssl:faucet.example.com:6653

Per OVS logs, I see the below errors:

Address family not supported by protocol
connection failed (Address family not supported by protocol)

*Question*: can we not set FQDN as a valid controller name?

Thanks!

/Shivaram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170731/975a893f/attachment.html>

From blp at ovn.org  Mon Jul 31 20:15:53 2017
From: blp at ovn.org (Ben Pfaff)
Date: Mon, 31 Jul 2017 13:15:53 -0700
Subject: [ovs-discuss] using FQDN for Controller name
In-Reply-To: <CAJRY+jqcXEQY=wKeozKXX4kMuRN0B=V4RbDRbWcLYA=FPY8_bw@mail.gmail.com>
References: <CAJRY+jqcXEQY=wKeozKXX4kMuRN0B=V4RbDRbWcLYA=FPY8_bw@mail.gmail.com>
Message-ID: <20170731201553.GI6175@ovn.org>

On Mon, Jul 31, 2017 at 01:09:07PM -0700, Shivaram Mysore wrote:
> Hello,
> 
> I am trying to use FQDN for controller name - example:
> 
> # ovs-vsctl set-controller ovs-br0 ssl:faucet.example.com:6653
> 
> Per OVS logs, I see the below errors:
> 
> Address family not supported by protocol
> connection failed (Address family not supported by protocol)
> 
> *Question*: can we not set FQDN as a valid controller name?

No.  As documented, OVS requires the controller to be set by IP address.

From shivaram.mysore at gmail.com  Mon Jul 31 20:16:36 2017
From: shivaram.mysore at gmail.com (Shivaram Mysore)
Date: Mon, 31 Jul 2017 13:16:36 -0700
Subject: [ovs-discuss] using FQDN for Controller name
In-Reply-To: <20170731201553.GI6175@ovn.org>
References: <CAJRY+jqcXEQY=wKeozKXX4kMuRN0B=V4RbDRbWcLYA=FPY8_bw@mail.gmail.com>
	<20170731201553.GI6175@ovn.org>
Message-ID: <CAJRY+jpgmZw+8r=tqeMZmz5P49-RoLKe-Kdtd_2z7EvzYWJBnA@mail.gmail.com>

Thanks Ben for clarification.  Much appreciated.

On Mon, Jul 31, 2017 at 1:15 PM, Ben Pfaff <blp at ovn.org> wrote:

> On Mon, Jul 31, 2017 at 01:09:07PM -0700, Shivaram Mysore wrote:
> > Hello,
> >
> > I am trying to use FQDN for controller name - example:
> >
> > # ovs-vsctl set-controller ovs-br0 ssl:faucet.example.com:6653
> >
> > Per OVS logs, I see the below errors:
> >
> > Address family not supported by protocol
> > connection failed (Address family not supported by protocol)
> >
> > *Question*: can we not set FQDN as a valid controller name?
>
> No.  As documented, OVS requires the controller to be set by IP address.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170731/89276ef1/attachment-0001.html>

From shivaram.mysore at gmail.com  Mon Jul 31 20:32:12 2017
From: shivaram.mysore at gmail.com (Shivaram Mysore)
Date: Mon, 31 Jul 2017 13:32:12 -0700
Subject: [ovs-discuss] using FQDN for Controller name
In-Reply-To: <CAJRY+jpgmZw+8r=tqeMZmz5P49-RoLKe-Kdtd_2z7EvzYWJBnA@mail.gmail.com>
References: <CAJRY+jqcXEQY=wKeozKXX4kMuRN0B=V4RbDRbWcLYA=FPY8_bw@mail.gmail.com>
	<20170731201553.GI6175@ovn.org>
	<CAJRY+jpgmZw+8r=tqeMZmz5P49-RoLKe-Kdtd_2z7EvzYWJBnA@mail.gmail.com>
Message-ID: <CAJRY+jrRtB-9_90a5GRNjuWjzvh-=pPy6e=rCZLHzC=S9frV9A@mail.gmail.com>

Ben,
Can we request this feature for OVS?  It greatly helps if we use SSL as
connectivity protocol and we need to use it also for identity.

Thanks

On Mon, Jul 31, 2017 at 1:16 PM, Shivaram Mysore <shivaram.mysore at gmail.com>
wrote:

> Thanks Ben for clarification.  Much appreciated.
>
> On Mon, Jul 31, 2017 at 1:15 PM, Ben Pfaff <blp at ovn.org> wrote:
>
>> On Mon, Jul 31, 2017 at 01:09:07PM -0700, Shivaram Mysore wrote:
>> > Hello,
>> >
>> > I am trying to use FQDN for controller name - example:
>> >
>> > # ovs-vsctl set-controller ovs-br0 ssl:faucet.example.com:6653
>> >
>> > Per OVS logs, I see the below errors:
>> >
>> > Address family not supported by protocol
>> > connection failed (Address family not supported by protocol)
>> >
>> > *Question*: can we not set FQDN as a valid controller name?
>>
>> No.  As documented, OVS requires the controller to be set by IP address.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170731/e31eb3e2/attachment.html>

From blp at ovn.org  Mon Jul 31 20:37:20 2017
From: blp at ovn.org (Ben Pfaff)
Date: Mon, 31 Jul 2017 13:37:20 -0700
Subject: [ovs-discuss] using FQDN for Controller name
In-Reply-To: <CAJRY+jpgmZw+8r=tqeMZmz5P49-RoLKe-Kdtd_2z7EvzYWJBnA@mail.gmail.com>
References: <CAJRY+jqcXEQY=wKeozKXX4kMuRN0B=V4RbDRbWcLYA=FPY8_bw@mail.gmail.com>
	<20170731201553.GI6175@ovn.org>
	<CAJRY+jpgmZw+8r=tqeMZmz5P49-RoLKe-Kdtd_2z7EvzYWJBnA@mail.gmail.com>
Message-ID: <20170731203720.GK6175@ovn.org>

This is mostly for historical reasons, by the way.  We'd accept a patch
that adds DNS support.  (It's nontrivial though because it would have to
be asynchronous.)

On Mon, Jul 31, 2017 at 01:16:36PM -0700, Shivaram Mysore wrote:
> Thanks Ben for clarification.  Much appreciated.
> 
> On Mon, Jul 31, 2017 at 1:15 PM, Ben Pfaff <blp at ovn.org> wrote:
> 
> > On Mon, Jul 31, 2017 at 01:09:07PM -0700, Shivaram Mysore wrote:
> > > Hello,
> > >
> > > I am trying to use FQDN for controller name - example:
> > >
> > > # ovs-vsctl set-controller ovs-br0 ssl:faucet.example.com:6653
> > >
> > > Per OVS logs, I see the below errors:
> > >
> > > Address family not supported by protocol
> > > connection failed (Address family not supported by protocol)
> > >
> > > *Question*: can we not set FQDN as a valid controller name?
> >
> > No.  As documented, OVS requires the controller to be set by IP address.
> >