[ovs-discuss] Can't match on CVLAN

Marcos Felipe Schwarz marcos.schwarz at rnp.br
Wed May 17 17:59:58 UTC 2017 

Hi Eric,

I resumed the testing today and found my error. I was applying other-config:vlan-limit=2 to the Bridge table and not to Open_vSwitch table.

That made it work.

Regards,

Marcos Schwarz

----- Original Message -----
From: "Eric Garver" <e at erig.me>
To: "Marcos Felipe Schwarz" <marcos.schwarz at rnp.br>
Cc: ovs-discuss at openvswitch.org
Sent: Tuesday, May 9, 2017 10:42:47 AM
Subject: Re: [ovs-discuss] Can't match on CVLAN

On Tue, May 09, 2017 at 07:33:53AM -0300, Marcos Felipe Schwarz wrote:
> Hi Eric,
> 
> I was aware of the vlan-limit=2 parameter, and tested with "0" also, but got everytime the same result.
> Reading the documentation one explanation would be that the dpdk datapth only supports matching on 1 vlan tag, is this assumption correct?

DPDK/userspace datapath should support 2 VLAN tags. Have you tried it
without DPDK or with the kernel datapath?

Please verify that the frames actually have two tags when they ingress
in_port=1.

Are the frames originating from another server? If so, I've seen some
NICs misbehave with VLAN TX hardware offload and double stacked 0x8100
(they _replace_ the inner tag instead of adding another). You may want
to try disabling txvlan on the sender:
  $ ethtool -K <NIC> tvxlan off

> 
> Regards,
> 
> Marcos Schwarz
> 
> ----- Original Message -----
> From: "Eric Garver" <e at erig.me>
> To: "Marcos Felipe Schwarz" <marcos.schwarz at rnp.br>
> Cc: ovs-discuss at openvswitch.org
> Sent: Monday, May 8, 2017 9:25:34 PM
> Subject: Re: [ovs-discuss] Can't match on CVLAN
> 
> On Mon, May 08, 2017 at 05:10:08PM -0300, Marcos Felipe Schwarz wrote:
> > I confirmed that the problem I reported applies to the the latest commit from yesterday on the master branch.
> 
> I expect you need to set vlan-limit=2. See [0], it affects how many VLAN
> tags are parsed on ingress. This option is new with QinQ support.
> 
> I assume you have vlan-limit=1 as it's the default. When your double
> tagged packet arrives only the outer VLAN is parsed. So after the
> pop_vlan action you're left with zero tags and dl_vlan will never match.
> 
> Your zero and single tagged cases work because you're explicitly pushing
> multiple tags.
> 
> Hope that helps.
> Eric.
> 
> [0] https://github.com/openvswitch/ovs/blob/c847a84c4a11489910319d93ef22dfeef8e1b1f8/vswitchd/vswitch.xml#L363
> 
> > 
> > Thanks,
> > 
> > Marcos Schwarz
> > 
> > ----- Original Message -----
> > From: "Eric Garver" <e at erig.me>
> > To: "Marcos Felipe Schwarz" <marcos.schwarz at rnp.br>
> > Cc: ovs-discuss at openvswitch.org
> > Sent: Sunday, May 7, 2017 10:26:23 AM
> > Subject: Re: [ovs-discuss] Can't match on CVLAN
> > 
> > Hi Marcos,
> > 
> > Thanks for reporting this. I believe it should work (at least with
> > current master branch). I will take a closer tomorrow.
> > 
> > Are your packets double tagged with TPIDs 0x88a8 and 0x8100, or are both
> > tags 0x8100?
> > 
> > Thanks.
> > Eric.
> > 
> > On Fri, May 05, 2017 at 09:05:46PM -0300, Marcos Felipe Schwarz wrote:
> > > Hi,
> > > 
> > > Found some inconsistencies while further troubleshooting the issue,maybe there is a bug.
> > > 
> > > I'm sending the same packet in three ways to OVS at port 1:
> > > 1) Untagged
> > > 2) Tagged with single VLAN 10
> > > 3) Double tagged with CVLAN 10 and SVLAN 3204
> > > 
> > > Then I match and mark each flow with a different metadata, adding tags to 1) and 2) to make them equivalent to 3), send them to the same rule on table 1, and try to match them by the CVLAN on table 2. 1) and 2) work as expected, but the double tagged packet can't match on the CVLAN 10.
> > > 
> > >  cookie=0x0, duration=493.174s, table=0, n_packets=318, n_bytes=25758, in_port=1,vlan_tci=0x0000/0x1fff actions=set_field:0x1->metadata,push_vlan:0x8100,set_field:4106-
> > > >vlan_vid,push_vlan:0x8100,set_field:7300->vlan_vid,goto_table:1
> > >  cookie=0x0, duration=493.167s, table=0, n_packets=318, n_bytes=27030, in_port=1,dl_vlan=10 actions=set_field:0x2->metadata,push_vlan:0x8100,set_field:7300->vlan_vid,go
> > > to_table:1
> > >  cookie=0x0, duration=493.163s, table=0, n_packets=318, n_bytes=28302, in_port=1,dl_vlan=3204 actions=set_field:0x3->metadata,goto_table:1
> > > 
> > >  cookie=0x0, duration=493.158s, table=1, n_packets=954, n_bytes=81090, in_port=1,dl_vlan=3204 actions=pop_vlan,goto_table:2
> > > 
> > >  cookie=0x0, duration=493.153s, table=2, n_packets=318, n_bytes=25758, metadata=0x1,in_port=1,dl_vlan=10 actions=pop_vlan,output:2
> > >  cookie=0x0, duration=493.148s, table=2, n_packets=318, n_bytes=27030, metadata=0x2,in_port=1,dl_vlan=10 actions=pop_vlan,output:2
> > >  cookie=0x0, duration=491.905s, table=2, n_packets=0, n_bytes=0, metadata=0x3,in_port=1,dl_vlan=10 actions=pop_vlan,output:2
> > > 
> > > Regards,
> > > 
> > > Marcos Schwarz
> > > 
> > > ----- Original Message -----
> > > From: "Marcos Felipe Schwarz" <marcos.schwarz at rnp.br>
> > > To: ovs-discuss at openvswitch.org
> > > Sent: Friday, May 5, 2017 8:55:56 PM
> > > Subject: Can't match on CVLAN
> > > 
> > > Sorry for the duplicate post, but it seems I posted on someone elses thread,
> > > 
> > > Hi,
> > > 
> > > I'm trying to work with double tagged packets in OVS. But I can't match on the inner VLAN (CVLAN), even after poping the SVLAN and using a different table.
> > > In this setup I'm receiving on port 1 SVLANs 3204 and 3217 both transporting CVLANs 10 and 20, what I want to achieve is to steer each flow (SVLAN + CVLAN combination) to a different outport.
> > > 
> > > I came up with two set of rules, using two tables.
> > > On table 0 I match on in_port, SVLAN, pop it, save the SVLAN VID to the metadata field then send to table 1.
> > > On table 1 I match on the metadata to restore the information of wich SVLAN this flow is from, mach on in_port and CVLAN, pop the CVLAN and send to the outputport.
> > > Below are the flows I used:
> > > 
> > > ovs-ofctl -O OpenFlow13 add-flow br-oper0 in_port=1,dl_vlan=3204,actions=pop_vlan,set_field:3204->metadata,goto_table:1
> > > ovs-ofctl -O OpenFlow13 add-flow br-oper0 in_port=1,dl_vlan=3217,actions=pop_vlan,set_field:3217->metadata,goto_table:1
> > > 
> > > ovs-ofctl -O OpenFlow13 add-flow br-oper0 table=1,metadata=3204,in_port=1,dl_vlan=10,actions=pop_vlan,output:2
> > > ovs-ofctl -O OpenFlow13 add-flow br-oper0 table=1,metadata=3204,in_port=1,dl_vlan=20,actions=pop_vlan,output:3
> > > ovs-ofctl -O OpenFlow13 add-flow br-oper0 table=1,metadata=3217,in_port=1,dl_vlan=10,actions=pop_vlan,output:4
> > > ovs-ofctl -O OpenFlow13 add-flow br-oper0 table=1,metadata=3217,in_port=1,dl_vlan=20,actions=pop_vlan,output:5
> > > 
> > > But as shown below, no flow is matching the rules from table 1. I created some temporary flows to isolate the issue, and I figured that I can match the CVLAN on table 1.
> > > 
> > > cookie=0x0, duration=3435.754s, table=0, n_packets=788, n_bytes=67476, in_port=1,dl_vlan=3204 actions=pop_vlan,set_field:0xc84->metadata,goto_table:1
> > > cookie=0x0, duration=3435.754s, table=0, n_packets=788, n_bytes=67476, in_port=1,dl_vlan=3217 actions=pop_vlan,set_field:0xc91->metadata,goto_table:1
> > > 
> > > cookie=0x0, duration=3471.941s, table=1, n_packets=0, n_bytes=0, metadata=0xc84,in_port=1,dl_vlan=10 actions=pop_vlan,output:2
> > > cookie=0x0, duration=3471.941s, table=1, n_packets=0, n_bytes=0, metadata=0xc84,in_port=1,dl_vlan=20 actions=pop_vlan,output:2
> > > cookie=0x0, duration=3471.941s, table=1, n_packets=0, n_bytes=0, metadata=0xc91,in_port=1,dl_vlan=10 actions=pop_vlan,output:4
> > > cookie=0x0, duration=3471.941s, table=1, n_packets=0, n_bytes=0, metadata=0xc91,in_port=1,dl_vlan=20 actions=pop_vlan,output:5
> > > 
> > > Temporary Flows:
> > > cookie=0x0, duration=6.097s,    table=1, n_packets=0, n_bytes=0, in_port=1,dl_vlan=10 actions=output:2
> > > cookie=0x0, duration=6.883s,    table=1, n_packets=4, n_bytes=356, metadata=0xc84,in_port=1 actions=output:2
> > > 
> > > All my ports are DPDK, and I'm working with OVS from master branch (april 29th) and DPDK 16.11. But have confirmed this issue with previous versions as 2.7.0 and 2.6.1.
> > > Follows the parameters from my setup.
> > > ovs-vsctl add-br br-oper0 -- set bridge br-oper0 datapath_type=netdev fail-mode=secure
> > > ovs-vsctl add-port br-oper0 dpdk-p0 -- set Interface dpdk-p0 type=dpdk options:dpdk-devargs=0000:00:14.0 mtu_request=9600 ofport=1
> > > ovs-vsctl add-port br-oper0 dpdk-p1 -- set Interface dpdk-p1 type=dpdk options:dpdk-devargs=0000:00:14.1 mtu_request=9600 ofport=2
> > > ovs-vsctl add-port br-oper0 dpdk-p2 -- set Interface dpdk-p2 type=dpdk options:dpdk-devargs=0000:00:14.2 mtu_request=9600 ofport=3
> > > ovs-vsctl add-port br-oper0 dpdk-p3 -- set Interface dpdk-p3 type=dpdk options:dpdk-devargs=0000:00:14.3 mtu_request=9600 ofport=4
> > > ovs-vsctl add-port br-oper0 dpdk-p4 -- set Interface dpdk-p4 type=dpdk options:dpdk-devargs=0000:01:00.0 mtu_request=9600 ofport=5
> > > 
> > > I've also attached a pcap from the host at port 2, just to show that there is traffic with the CVLAN tag reaching there.
> > > 
> > > Please let me know if there is a better way I can achieve this.
> > > 
> > > Regards,
> > > 
> > > Marcos Schwarz
> > > _______________________________________________
> > > discuss mailing list
> > > discuss at openvswitch.org
> > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

More information about the discuss mailing list