[ovs-discuss] VXLAN over VLAN decapsulation

John Hurley john.hurley at netronome.com
Wed Oct 3 16:23:16 UTC 2018


Hi,

I've observed a bit of an anomaly when decapsulating VXLAN traffic
that is inside a VLAN (using Open vSwitch version 2.10.90).

I create a VXLAN port on a bridge and added a rule to match this
tunnel and egress to a different port:

ovs-vsctl add-port br0 vx2 -- set interface vx2 type=vxlan
option:remote_ip=10.0.0.2 option:key=123 option:csum=true
ofport_request=100
ovs-ofctl add-flow -OOpenFlow13 br0 in_port=100,tcp,actions=1

I configure a VLAN port on the host and assign it the IP end point
address of the tunnel. e.g.

ip link add link eth1 name eth1.20 type vlan id 20
ip address add 10.0.0.1 dev eth1.20

The following scenarios occur when sending in traffic:

1. vxlan traffic over vlan id 20 - matches and decapsulated
2. vxlan traffic with no outer vlan - matches and decapsulated
3. vxlan traffic over vlan id 21 - does not match

However, if I add and up another vlan port with id 21 (while making no
other changes to IP addresses etc.) I see (3) now matching and
decapsulating.

Is this behaviour intended?
It seems like there should be tighter coupling between the incoming
port/VLAN and the tunnel endpoint IP?
If this behaviour is not harmful, it might be sufficient to just document it.

For reference, this is the kernel rule installed in all tests (note:
includes no reference to outer VLAN):

recirc_id(0),tunnel(tun_id=0x7b,src=10.0.0.2,dst=10.0.0.1,flags(-df-csum+key)),in_port(3),eth(),eth_type(0x0800),ipv4(proto=6,frag=no),packets:60,
bytes:7546, used:0.000s, flags:SFPR., actions:2

Thanks,
John


More information about the discuss mailing list