[ovs-discuss] How to match the VLAN VID of frames tunneled to a VXLAN port?

Alan Kayahan hsykay at gmail.com
Sun Nov 4 11:32:52 UTC 2018


Your response made me doubt the simple things so I tried some
combinations. Removed the match dl_type=0x8100 from the rule and it
worked. Following is how the rule looks like now.

cookie=0x0, duration=20.297s, table=0, n_packets=7, n_bytes=614,
priority=10,tun_id=0x32,in_port="VXLAN-02_01",dl_vlan=100
actions=pop_vlan,output:"Host-eth0"

dl_type had always been a habitual OF precondition for me for VLAN
operations. Enjoy your weekend Ben!

Alan
On Sun, Nov 4, 2018 at 6:06 AM Ben Pfaff <blp at ovn.org> wrote:
>
> Hmm, VLAN match should work fine for that case.  I'm surprised that
> there are problems.
>
> On Sun, Nov 04, 2018 at 05:37:05AM +0100, Alan Kayahan wrote:
> > Thanks for the response Ben.
> > If I am understanding the document correctly, the packets coming in
> > from the host (classified as Flow1 on page 29) in Switch A are tagged
> > with VLAN100, then tunneled to O3 (SwitchB's IP address) with a VNI ID
> > 50. So there is only 1 VLAN field and that is the inner (the VLAN
> > field of the frame encapsulated in the VXLAN tunnel), which I need to
> > match on.
> >
> > Alan
> > On Sat, Nov 3, 2018 at 4:25 PM Ben Pfaff <blp at ovn.org> wrote:
> > >
> > > On Sat, Nov 03, 2018 at 06:45:08AM +0100, Alan Kayahan wrote:
> > > > Hello,
> > > >
> > > > I am trying to build a simplified version of the "sample L2
> > > > transparent network service chaining implementation" described in
> > > > section 6 of this document
> > > > https://www.opennetworking.org/wp-content/uploads/2014/10/L4-L7_Service_Function_Chaining_Solution_Architecture.pdf.
> > > >
> > > > My simplifications:
> > > > 1) 3 OVS bridges on 3 nodes
> > > > 2) Just a single flow and a single chain to steer without bypassing any service.
> > > > 3) No 5-tuple matching, just in_port
> > > > 4) VXLAN remoteIPs are hardcoded, key=flow, and attached as a port to the bridge
> > > >
> > > > Problem: Matching the VLAN field inbound to a VXLAN port doesn't work.
> > >
> > > Do you expect the VLAN field to match the inner or outer VLAN?  It will
> > > actually match the inner VLAN?


More information about the discuss mailing list