[ovs-discuss] OVN vm on vlan network using geneve tunnel for external traffic

Anil Venkata anilvenkata at redhat.com
Wed Apr 11 14:14:25 UTC 2018


vm created on a vlan tenant network is using geneve tunnel(between compute
and gateway nodes) to reach external network. Because of this, we need to
consider tunnelling overhead while assigning MTU for vlan network. Can we
improve OVN to avoid tunnelling in this case.

I have captured ovn logical flows and corresponding physical flows in this
case for understanding.

Created a vm on net2(a vlan tenant network), from this vm pinged 8.8.8.8
and noticed packet leaving the compute through tunnel port.
Same tested with ovn-trace command(i.e vm ip as source and 8.8.8.8 as dest
ip)

sudo ovn-trace --db=tcp:172.16.2.8:6642
neutron-16fa5757-a44e-472a-a2f8-997107b378c7
'inport == "8c11682c-5112-4810-84bd-61a85d52cf63" && eth.src ==
fa:16:3e:b7:b0:82 && eth.dst == fa:16:3e:8c:02:5d && ip4.src ==
172.16.2.106 && ip4.dst == 8.8.8.8 && ip.ttl == 64 && icmp4.type==8'


Within the compute node, packet leaving the vlan network and reaching the
router ingress pipeline through logical patch port.

egress(dp="net2", inport="8c1168", outport="b8ad7d")
----------------------------------------------------
 9. ls_out_port_sec_l2 (ovn-northd.c:4080): outport == "b8ad7d", priority
50, uuid c70c0020
    output;
    /* output to "b8ad7d", type "patch" */

 cookie=0xc70c0020, duration=191601.944s, table=49, n_packets=304,
n_bytes=29792, idle_age=0, hard_age=65534, priority=50,reg15=0x4,metadata=0x3
actions=resubmit(,64)

 cookie=0x0, duration=191599.487s, table=65, n_packets=305, n_bytes=29834,
idle_age=0, hard_age=65534, priority=100,reg15=0x4,metadata=0x3
actions=clone(ct_clear,load:0->NXM_NX_REG11[],load:0->NXM_
NX_REG12[],load:0->NXM_NX_REG13[],load:0x6->NXM_NX_REG11[],load:0x7->NXM_NX_
REG12[],load:0x2->OXM_OF_METADATA[],load:0x2->NXM_NX_
REG14[],load:0->NXM_NX_REG10[],load:0->NXM_NX_REG15[],load:
0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[
],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_
NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:
0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],load:0->NXM_OF_IN_
PORT[],resubmit(,8))


Router ingress pipeline is run in the compute. This ingress pipeline is
sending packet to controller though tunnel(bundle action), as outport is a
distributed port.

ingress(dp="r1", inport="lrp-b8ad7d")
-------------------------------------
 7. lr_in_ip_routing (ovn-northd.c:4208): ip4.dst == 0.0.0.0/0, priority 1,
uuid 5d9f11b5
    ip.ttl--;
    reg0 = 10.0.0.1;
    reg1 = 10.0.0.101;
    eth.src = fa:16:3e:49:bb:60;
    outport = "lrp-f74de5";
    flags.loopback = 1;
    next;
 cookie=0x5d9f11b5, duration=171682.987s, table=15, n_packets=285,
n_bytes=27930, idle_age=0, hard_age=65534, priority=1,ip,metadata=0x2
actions=dec_ttl(),load:0xa000001->NXM_NX_XXREG0[96..
127],load:0xa000065->NXM_NX_XXREG0[64..95],mod_dl_src:fa:
16:3e:49:bb:60,load:0x3->NXM_NX_REG15[],load:0x1->NXM_NX_
REG10[0],resubmit(,16)

 9. lr_in_gw_redirect (ovn-northd.c:5911): outport == "lrp-f74de5",
priority 50, uuid bf45f06a
    outport = "cr-lrp-f74de5";
 cookie=0xbf45f06a, duration=171682.987s, table=17, n_packets=285,
n_bytes=27930, idle_age=0, hard_age=65534, priority=50,reg15=0x3,metadata=0x2
actions=load:0x4->NXM_NX_REG15[],resubmit(,18)
 cookie=0x0, duration=171682.987s, table=32, n_packets=285, n_bytes=27930,
idle_age=0, hard_age=65534, priority=100,reg15=0x4,metadata=0x2
actions=load:0x2->NXM_NX_TUN_ID[0..23],set_field:0x4->tun_
metadata0,move:NXM_NX_REG14[0..14]->NXM_NX_TUN_METADATA0[16.
.30],bundle(eth_src,0,active_backup,ofport,slaves:3,4)

Thanks
Anil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180411/27511dc6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ovs_ofctl_dump_flows
Type: application/octet-stream
Size: 127898 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180411/27511dc6/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ovn_trace_redirect_vlan
Type: application/octet-stream
Size: 3668 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180411/27511dc6/attachment-0005.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lflow_list_for_router_r1
Type: application/octet-stream
Size: 32896 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180411/27511dc6/attachment-0006.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lflow_list_for_switch_net2
Type: application/octet-stream
Size: 32559 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180411/27511dc6/attachment-0007.obj>


More information about the discuss mailing list