[ovs-discuss] VLAN mode=dot1q-tunnel and tags in OVS

Sim Paul simpaul48 at gmail.com
Thu Nov 15 23:49:53 UTC 2018


I have set up a network topology that has no route outside my host.
i.e It's a completely private network.
I have two ovs bridges connected to each other via a patch
link. The patch link is simply a couple of OVS Patch Ports.
Host is running Oracle Linux 7.5.
Each of the two ovs bridges has a Virtual Machine(running Oracle Linux 7.5)
connected to it.
Each VM has two VLAN interfaces (VLAN 24(eth0.24) and VLAN 36(eth0.36))
and each of these VLAN interfaces further have a sub-interface (eth0.24.120
and eth0.36.120).
Here is a diagram to explain this better:
https://github.com/Vanalytics/public_html/blob/master/ovs-topology.png

Packets from VM1 to VM 2 should ideally traverse 4 interfaces:
OL7.5-1st-NIC --> patch-to-ovsbr2 --> patch-to-ovsbr1 --> OL7.5-2nd-NIC
But two of these are simply patch ports and not real interfaces, which
means once they are setup,
packets get forwarded from OL7.5-1st-NIC --> OL7.5-2nd-NIC  directly inside
the kernel.

At this time,
Table Open_vSwitch, other:config: vlan_limit=1 (default),
"vlan_mode" and "tag" are cleared for all four interfaces.

Now,  if i set
1. tag=10 on all 4 interfaces, &
2. vlan_mode=dot1q-tunnel for all 4 interfaces,
VM1 VLANs can ping their respective VLANs in VM2.
These ping packets in tcpdump , do NOT have tag 10 but I do see the VLAN
tags.

tcpdump -i OL7.5-1st-NIC -nn -e vlan
ethertype 802.1Q (0x8100), length 106: vlan 36, p 0, ethertype 802.1Q, vlan
120, p 0, ethertype IPv4, 192.168.3.21 > 192.168.3.20: ICMP echo request,
id 6604, seq 1, length 64

Secondly, if i keep everything as above
1. (i.e. tag=10 & vlan_mode=dot1q-tunnel for all 4 interfaces), &
2. set vlan-limit to 2 or 0,
VM1 VLANs CANNOT ping their respective VLANs in VM2.
tcpdump now shows only vlan 36 but tag with vlan 120 is not present in the
destination port.

My concerns are:
1. Shouldn't setting vlan-limit=0, tag=10 push tag=10 on all packets
leaving VM1 and i should see tag=10 in tcpdump.
2. Does setting vlan-limit=0 mean i can push unlimited tags on the packet ?
How can i test this ?

Thanks,
--Simran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20181115/8e20dabc/attachment.html>


More information about the discuss mailing list