[ovs-discuss] VLAN mode=dot1q-tunnel and tags in OVS

[Eric Garver]

On Fri, Nov 16, 2018 at 11:46:22AM -0800, Sim Paul wrote:
> On Fri, Nov 16, 2018 at 6:00 AM Eric Garver <eric at garver.life> wrote:
> 
> > On Thu, Nov 15, 2018 at 03:49:53PM -0800, Sim Paul wrote:
> > [..]
> > > My concerns are:
> > > 1. Shouldn't setting vlan-limit=0, tag=10 push tag=10 on all packets
> > > leaving VM1 and i should see tag=10 in tcpdump.
> > > 2. Does setting vlan-limit=0 mean i can push unlimited tags on the
> > packet ?
> > > How can i test this ?
> >
> > No. That's not what it means. You can't push more than the datapath
> > supports.
> >
> > See "vlan-limit" in the ovs-vswitchd.conf man page:
> >
> >
> Ok. That means , currently the "maximum" number of VLAN tags supported are 2
> which is what the OpenvSwitch userspace currently supports.

Correct.

> I am still trying to understand the test case behavior that i pasted in my
> previous email.
> In my first test case when vlan-limit=1, the ping worked because
> only the outside VLAN tag (36) was inspected ??
> But in second case when i set vlan-limit=2, ping stopped working because
> both tags 36 and 120 were inspected ?
> 
> Shouldn't the ping work even in second test case ?

I'm not sure. Your configuration is a big odd. dot1q-tunnel should only
be configured at the ends, but it sounds like you've added it to the
patch ports as well.

> Pardon my ignorance about vlan tag matching inside the kernel here, but
> can someone explain how the packet matching would occur if packet has >= 2
> tags.

If packet has 2 tags, then both tags are parsed and dl_type is the
Ethertype of the payload (e.g. 0x0800 for IP).

If packet has > 2 tags, then only the first two tags are parsed as VLANs
and dl_type is the VLAN TPID of the third VLAN tag (e.g. 0x8100).

> If another tag is forced onto the packet, would that third tag be
> dropped or would it replace an existing tag ?

It won't let you push another VLAN if the flow already has two.