[ovs-discuss] How to match the VLAN VID of frames tunneled to a VXLAN port?

Alan Kayahan hsykay at gmail.com
Sat Nov 3 05:45:08 UTC 2018


Hello,

I am trying to build a simplified version of the "sample L2
transparent network service chaining implementation" described in
section 6 of this document
https://www.opennetworking.org/wp-content/uploads/2014/10/L4-L7_Service_Function_Chaining_Solution_Architecture.pdf.

My simplifications:
1) 3 OVS bridges on 3 nodes
2) Just a single flow and a single chain to steer without bypassing any service.
3) No 5-tuple matching, just in_port
4) VXLAN remoteIPs are hardcoded, key=flow, and attached as a port to the bridge

Problem: Matching the VLAN field inbound to a VXLAN port doesn't work.

 cookie=0x0, duration=15.549s, table=0, n_packets=0, n_bytes=0,
priority=10,tun_id=0x32,in_port="VXLAN-02_01",dl_vlan=100,dl_type=0x8100
actions=pop_vlan,output:"Host-eth0"

If I remove the VLAN match as following, the host receives the
ethernet frames with the VLAN tag that was pushed at the ingress on
the first bridge.
cookie=0x0, duration=15.549s, table=0, n_packets=0, n_bytes=0,
priority=10,tun_id=0x32,in_port="VXLAN-02_01",
actions=output:"Host-eth0"

So the VXLAN tunneling works fine, however matching on the VLAN does
not work as suggested in the document. For instance for the flow1 at
SWA, the action is to push VLAN tag 100, set tunnel ID to 50 and
tunnel it to SWB. Then the match field for flow1 at SWB is the in_port
and VLAN100, which doesn't seem to work for me. Should there be a
decapsulate_vxlan action there? What am I missing?

Regards,
Alan


More information about the discuss mailing list