On 29/01/2016 15:14, "Ben Pfaff" <[email protected]> wrote:
>On Fri, Jan 29, 2016 at 12:02:04PM +0000, [email protected] wrote: >> Hi OVS Folk, >> >> I checked out OVS 2.5 branch code from git hub and building ovs 2.5 >>with DPDK 2.2.0 on Centos OS 7, kernel 3.18.22 and its building >>successfully with below commands: >> >> ./configure --with-dpdk=/home../DPDK/x86_64-ivshmem-linuxapp-gcc >> >> But I am not able to see Firewall (conntrack) related commands support. >>As shown below: >> >> [root@Potasium ovs-branch-2.5]# ./utilities/ovs-ofctl add-flow br0 >>table=1,in_port=2,ip,ct_state=+new,action=1 >> OFPT_ERROR (xid=0x6): OFPBMC_BAD_MASK >> NXT_FLOW_MOD (xid=0x6): >> (***truncated to 64 bytes from 80***) >> 00000000 01 04 00 50 00 00 00 06-00 00 23 20 00 00 00 0d |...P......# >>....| >> 00000010 00 00 00 00 00 00 00 00-01 00 00 00 00 00 80 00 >>|................| >> 00000020 ff ff ff ff ff ff 00 00-00 18 00 00 00 00 00 00 >>|................| >> 00000030 00 00 00 02 00 02 00 00-06 02 08 00 00 01 d3 08 >>|................| >> >> I am getting above highlighted error and no flow is getting added. I >>used many options as specified in ovs-ofctl man page. >> >> Then I found below command to configure OVS with linux. >> ./configure --with-dpdk=$DPDK_BUILD --with-linux=/lib/modules/`uname >>-r`/build >> >> It's building successfully but facing same issues while adding flows >>with ovs-ofctl command using ct_state flags or ct. >> >> [root@Potasium ovs-branch-2.5]# ./ovs-branch-2.5/utilities/ovs-ofctl >>add-flow br0 in_port=1,tcp,ct_state=+trk-new,actions=ct,output:2 >> OFPT_ERROR (xid=0x4): OFPBMC_BAD_MASK >> NXT_FLOW_MOD (xid=0x4): >> (***truncated to 64 bytes from 112***) >> 00000000 01 04 00 70 00 00 00 04-00 00 23 20 00 00 00 0d |...p......# >>....| >> 00000010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 80 00 >>|................| >> 00000020 ff ff ff ff ff ff 00 00-00 1d 00 00 00 00 00 00 >>|................| >> 00000030 00 00 00 02 00 01 00 00-06 02 08 00 00 00 0c 01 >>|................| >> >> So, my questions are: >> How to confirm whether conntrack is built and running with OVS + DPDK? >>I can see the netlink_conntrack.o file in /lib dir. >> Is Conntrack running in user mode with OVS and dpdk? >> Am I using the right commands of connection tracker? > >The FAQ has feature support information: > >### Q: Are all features available with all datapaths? > >A: Open vSwitch supports different datapaths on different platforms. Each > datapath has a different feature set: the following tables try to >summarize > the status. > > Supported datapaths: > > * *Linux upstream*: The datapath implemented by the kernel module >shipped > with Linux upstream. Since features have been >gradually > introduced into the kernel, the table mentions the >first > Linux release whose OVS module supports the >feature. > > * *Linux OVS tree*: The datapath implemented by the Linux kernel module > distributed with the OVS source tree. Some >features of > this module rely on functionality not available in >older > kernels: in this case the minumum Linux version >(against > which the feature can be compiled) is listed. > > * *Userspace*: Also known as DPDK, dpif-netdev or dummy datapath. It >is the > only datapath that works on NetBSD and FreeBSD. > > * *Hyper-V*: Also known as the Windows datapath. > > The following table lists the datapath supported features from > an Open vSwitch user's perspective. > >Feature | Linux upstream | Linux OVS tree | Userspace | >Hyper-V | >----------------------|:--------------:|:--------------:|:---------:|:---- >---:| >Connection tracking | 4.3 | 3.10 | NO | >NO | You can find a first version of the userspace connection tracker here: http://openvswitch.org/pipermail/dev/2015-November/062228.html I still need to handle some feedback and send out a v2, I hope I can do it soon _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
