[ovs-discuss] Apply some packet manipulation actions on outgoing port traffic

Ben Pfaff blp at ovn.org
Mon Oct 9 21:14:19 UTC 2017


GRE and tunnels are implemented in terms of ports, so if you send a
packet received on a GRE port to a non-tunnel port, it strips the
header.

On Mon, Oct 09, 2017 at 10:45:10PM +0200, Juraj Markotic wrote:
> I will check on about GTP ongoing activities (I saw some actitvities on
> providing capabilities to match on GTP-C/GTP-U packets).
> maybe dumb question, but any pointer on how to remove GRE header (or VXLAN
> for that matter) when switching packet from IN port to OUT port and switch
> out only internal packet/payload ?
> thanks,
> jm
> 
> 
> On Mon, Oct 9, 2017 at 10:13 PM, Ben Pfaff <blp at ovn.org> wrote:
> 
> > OVS doesn't support GTP yet, but I know that there's some ongoing work
> > on it.
> >
> > GRE and VXLAN should be fine.
> >
> > If you need GTP support, maybe the best thing to do would be to help out
> > the folks who are working on it.
> >
> > On Mon, Oct 09, 2017 at 09:35:42PM +0200, Juraj Markotic wrote:
> > > Hello,
> > > thanks for feedback.
> > > I know OVS can truncate payload and that in can modify mac/IPs in header
> > > (i.e. like doing NAT).
> > > I also know OVS can deencapsulate GRE (of VXLAN) when packet is arriving
> > on
> > > tunnel OVS interface (done automatically).
> > > But I was not aware that OVS can remove tunnel headers when switching
> > > incoming GTP/GRE/VXLAN header and extract inside packet (with totally new
> > > src/dst ip) and send it out.
> > > Can you share some OVS cli example for such ?
> > > we have network packet broker (NPB) with OVS, so if NPB is delivering
> > > tunnel packets, it would be great if we could remove tunnel headers
> > before
> > > delivering it to the (monitoring) tool on outgoing port.
> > >
> > > thanks,
> > > jm
> > >
> > > On Mon, Oct 9, 2017 at 6:31 PM, Ben Pfaff <blp at ovn.org> wrote:
> > >
> > > > On Sun, Oct 08, 2017 at 11:19:17PM +0200, Juraj Markotic wrote:
> > > > > we would need some functionality on manipulating packets when packet
> > is
> > > > > exiting outgoing OVS port.
> > > > > I.e. some actions could be: change/anonymize mac/IPs for src/dst, or
> > > > remove
> > > > > some tunnel header (vxlan, gtp, gre), truncate the payload etc.
> > > >
> > > > OVS has actions for modifying headers and it can decapsulate tunnels
> > and
> > > > truncate payloads.
> > > >
> > > > > So, one option can be to write some code than can be attached to OVS
> > to
> > > > > packet exiting out port (i.e. some lua scripts for manipulation).
> > > >
> > > > Lua isn't needed.  You can use OpenFlow.
> > > >
> >


More information about the discuss mailing list