[ovs-discuss] How to match the VLAN VID of frames tunneled to a VXLAN port?

Ben Pfaff blp at ovn.org
Sun Nov 4 15:27:47 UTC 2018 

Oh.  It makes logical sense to match on dl_type=0x8100 for VLAN match
but it isn't how OpenFlow (or Open vSwitch) works.  Glad you got it
working.

On Sun, Nov 04, 2018 at 12:32:52PM +0100, Alan Kayahan wrote:
> Your response made me doubt the simple things so I tried some
> combinations. Removed the match dl_type=0x8100 from the rule and it
> worked. Following is how the rule looks like now.
> 
> cookie=0x0, duration=20.297s, table=0, n_packets=7, n_bytes=614,
> priority=10,tun_id=0x32,in_port="VXLAN-02_01",dl_vlan=100
> actions=pop_vlan,output:"Host-eth0"
> 
> dl_type had always been a habitual OF precondition for me for VLAN
> operations. Enjoy your weekend Ben!
> 
> Alan
> On Sun, Nov 4, 2018 at 6:06 AM Ben Pfaff <blp at ovn.org> wrote:
> >
> > Hmm, VLAN match should work fine for that case.  I'm surprised that
> > there are problems.
> >
> > On Sun, Nov 04, 2018 at 05:37:05AM +0100, Alan Kayahan wrote:
> > > Thanks for the response Ben.
> > > If I am understanding the document correctly, the packets coming in
> > > from the host (classified as Flow1 on page 29) in Switch A are tagged
> > > with VLAN100, then tunneled to O3 (SwitchB's IP address) with a VNI ID
> > > 50. So there is only 1 VLAN field and that is the inner (the VLAN
> > > field of the frame encapsulated in the VXLAN tunnel), which I need to
> > > match on.
> > >
> > > Alan
> > > On Sat, Nov 3, 2018 at 4:25 PM Ben Pfaff <blp at ovn.org> wrote:
> > > >
> > > > On Sat, Nov 03, 2018 at 06:45:08AM +0100, Alan Kayahan wrote:
> > > > > Hello,
> > > > >
> > > > > I am trying to build a simplified version of the "sample L2
> > > > > transparent network service chaining implementation" described in
> > > > > section 6 of this document
> > > > > https://www.opennetworking.org/wp-content/uploads/2014/10/L4-L7_Service_Function_Chaining_Solution_Architecture.pdf.
> > > > >
> > > > > My simplifications:
> > > > > 1) 3 OVS bridges on 3 nodes
> > > > > 2) Just a single flow and a single chain to steer without bypassing any service.
> > > > > 3) No 5-tuple matching, just in_port
> > > > > 4) VXLAN remoteIPs are hardcoded, key=flow, and attached as a port to the bridge
> > > > >
> > > > > Problem: Matching the VLAN field inbound to a VXLAN port doesn't work.
> > > >
> > > > Do you expect the VLAN field to match the inner or outer VLAN?  It will
> > > > actually match the inner VLAN?

More information about the discuss mailing list