Many thanks Ben.
Sent: Friday, August 19, 2016 at 1:22 PM
From: "Ben Pfaff" <b...@ovn.org>
To: "james hopper" <jameshop...@email.com>
Cc: "OVS Discussion" <discuss@openvswitch.org>
Subject: Re: [ovs-discuss] Vlan Tagged packets switching issue
From: "Ben Pfaff" <b...@ovn.org>
To: "james hopper" <jameshop...@email.com>
Cc: "OVS Discussion" <discuss@openvswitch.org>
Subject: Re: [ovs-discuss] Vlan Tagged packets switching issue
You might be experiencing some kind of kernel bug.
The FAQ has a section on VLANs. Here's part of it.
### Q: VLANs don't work.
A: Many drivers in Linux kernels before version 3.3 had VLAN-related
bugs. If you are having problems with VLANs that you suspect to be
driver related, then you have several options:
- Upgrade to Linux 3.3 or later.
- Build and install a fixed version of the particular driver
that is causing trouble, if one is available.
- Use a NIC whose driver does not have VLAN problems.
- Use "VLAN splinters", a feature in Open vSwitch 1.4 upto 2.5
that works around bugs in kernel drivers. To enable VLAN
splinters on interface eth0, use the command:
ovs-vsctl set interface eth0 other-config:enable-vlan-splinters=true
For VLAN splinters to be effective, Open vSwitch must know
which VLANs are in use. See the "VLAN splinters" section in
the Interface table in ovs-vswitchd.conf.db(5) for details on
how Open vSwitch infers in-use VLANs.
VLAN splinters increase memory use and reduce performance, so
use them only if needed.
- Apply the "vlan workaround" patch from the XenServer kernel
patch queue, build Open vSwitch against this patched kernel,
and then use ovs-vlan-bug-workaround(8) to enable the VLAN
workaround for each interface whose driver is buggy.
(This is a nontrivial exercise, so this option is included
only for completeness.)
It is not always easy to tell whether a Linux kernel driver has
buggy VLAN support. The ovs-vlan-test(8) and ovs-test(8) utilities
can help you test. See their manpages for details. Of the two
utilities, ovs-test(8) is newer and more thorough, but
ovs-vlan-test(8) may be easier to use.
### Q: VLANs still don't work. I've tested the driver so I know that it's OK.
A: Do you have VLANs enabled on the physical switch that OVS is
attached to? Make sure that the port is configured to trunk the
VLAN or VLANs that you are using with OVS.
### Q: Outgoing VLAN-tagged traffic goes through OVS to my physical switch
and to its destination host, but OVS seems to drop incoming return
traffic.
A: It's possible that you have the VLAN configured on your physical
switch as the "native" VLAN. In this mode, the switch treats
incoming packets either tagged with the native VLAN or untagged as
part of the native VLAN. It may also send outgoing packets in the
native VLAN without a VLAN tag.
If this is the case, you have two choices:
- Change the physical switch port configuration to tag packets
it forwards to OVS with the native VLAN instead of forwarding
them untagged.
- Change the OVS configuration for the physical port to a
native VLAN mode. For example, the following sets up a
bridge with port eth0 in "native-tagged" mode in VLAN 9:
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0 tag=9 vlan_mode=native-tagged
In this situation, "native-untagged" mode will probably work
equally well. Refer to the documentation for the Port table
in ovs-vswitchd.conf.db(5) for more information.
On Fri, Aug 19, 2016 at 10:18:57PM +0200, james hopper wrote:
> It is only exchanging untagged packets.
>
> Sent: Friday, August 19, 2016 at 1:13 PM
> From: "Ben Pfaff" <b...@ovn.org>
> To: "james hopper" <jameshop...@email.com>
> Cc: "OVS Discussion" <discuss@openvswitch.org>
> Subject: Re: [ovs-discuss] Vlan Tagged packets switching issue
> The flows you specified should forward every packet from port 1 to port
> 2 and vice versa. What behavior do you actually see?
>
> On Fri, Aug 19, 2016 at 10:08:01PM +0200, james hopper wrote:
> > Would priority matter if any one of the combination is the only combination?
> I
> > tried after setting priority but it is still not working.
> >
> > ovs-ofctl add-flow br0 "table=0, priority=65535, in_port=1, actions=output:2"
> > ovs-ofctl add-flow br0 "table=0, priority=65535, in_port=2, actions=output:1"
> > Sent: Friday, August 19, 2016 at 12:52 PM
> > From: "Ben Pfaff" <b...@ovn.org>
> > To: "james hopper" <jameshop...@email.com>
> > Cc: "OVS Discussion" <discuss@openvswitch.org>
> > Subject: Re: [ovs-discuss] Vlan Tagged packets switching issue
> > On Fri, Aug 19, 2016 at 09:33:28PM +0200, james hopper wrote:
> > > Thanks Ben for your response. As mentioned, I have tried matching on
> dl_vlan
> > > previously. Furthermore, vlan_tci=0 is perfectly matching the untagged
> > incoming
> > > packets. I am able to switch Native vlan traffic from vlan 10 (untagged
> > > traffic). But the tagged traffic does not match vlan_tci=0x1000/0x1000
> rule.
> > > Here is what I have tried so far.
> > >
> > > Packets are tagged with vlan_id = 20
> > >
> > > ovs-ofctl add-flow br0 "table=0, in_port=1, actions=output:2"
> > > ovs-ofctl add-flow br0 "table=0, in_port=2, actions=output:1"
> > >
> > > ovs-ofctl add-flow br0 "table=0, in_port=1, dl_vlan=20, actions=output:2"
> > > ovs-ofctl add-flow br0 "table=0, in_port=2, dl_vlan=20, actions=output:1"
> > >
> > > ovs-ofctl add-flow br0 "table=0, in_port=1, vlan_tci=0x1000/0x1000, actions
> =
> > > output:2"
> > > ovs-ofctl add-flow br0 "table=0, in_port=2, vlan_tci=0x1000/0x1000, actions
> =
> > > output:1"
> > >
> > > ovs-ofctl add-flow br0 "table=0, in_port=1, dl_type=0x8100, actions=
> output:2"
> > > ovs-ofctl add-flow br0 "table=0, in_port=2, dl_type=0x8100, actions=
> output:1"
> > >
> > > just to check if the rules are being triggered, I also tried dropping the
> > > packets on OVS.
> > > ovs-ofctl add-flow br0 "table=0, dl_type=0x8100, actions=drop"
> > > ovs-ofctl add-flow br0 "table=0, vlan_tci=0x1000/0x1000, actions=drop"
> > > ovs-ofctl add-flow br0 "table=0, dl_vlan=20, actions=drop"
> >
> > None of your flows specify a priority. That's probably the problem.
The FAQ has a section on VLANs. Here's part of it.
### Q: VLANs don't work.
A: Many drivers in Linux kernels before version 3.3 had VLAN-related
bugs. If you are having problems with VLANs that you suspect to be
driver related, then you have several options:
- Upgrade to Linux 3.3 or later.
- Build and install a fixed version of the particular driver
that is causing trouble, if one is available.
- Use a NIC whose driver does not have VLAN problems.
- Use "VLAN splinters", a feature in Open vSwitch 1.4 upto 2.5
that works around bugs in kernel drivers. To enable VLAN
splinters on interface eth0, use the command:
ovs-vsctl set interface eth0 other-config:enable-vlan-splinters=true
For VLAN splinters to be effective, Open vSwitch must know
which VLANs are in use. See the "VLAN splinters" section in
the Interface table in ovs-vswitchd.conf.db(5) for details on
how Open vSwitch infers in-use VLANs.
VLAN splinters increase memory use and reduce performance, so
use them only if needed.
- Apply the "vlan workaround" patch from the XenServer kernel
patch queue, build Open vSwitch against this patched kernel,
and then use ovs-vlan-bug-workaround(8) to enable the VLAN
workaround for each interface whose driver is buggy.
(This is a nontrivial exercise, so this option is included
only for completeness.)
It is not always easy to tell whether a Linux kernel driver has
buggy VLAN support. The ovs-vlan-test(8) and ovs-test(8) utilities
can help you test. See their manpages for details. Of the two
utilities, ovs-test(8) is newer and more thorough, but
ovs-vlan-test(8) may be easier to use.
### Q: VLANs still don't work. I've tested the driver so I know that it's OK.
A: Do you have VLANs enabled on the physical switch that OVS is
attached to? Make sure that the port is configured to trunk the
VLAN or VLANs that you are using with OVS.
### Q: Outgoing VLAN-tagged traffic goes through OVS to my physical switch
and to its destination host, but OVS seems to drop incoming return
traffic.
A: It's possible that you have the VLAN configured on your physical
switch as the "native" VLAN. In this mode, the switch treats
incoming packets either tagged with the native VLAN or untagged as
part of the native VLAN. It may also send outgoing packets in the
native VLAN without a VLAN tag.
If this is the case, you have two choices:
- Change the physical switch port configuration to tag packets
it forwards to OVS with the native VLAN instead of forwarding
them untagged.
- Change the OVS configuration for the physical port to a
native VLAN mode. For example, the following sets up a
bridge with port eth0 in "native-tagged" mode in VLAN 9:
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0 tag=9 vlan_mode=native-tagged
In this situation, "native-untagged" mode will probably work
equally well. Refer to the documentation for the Port table
in ovs-vswitchd.conf.db(5) for more information.
On Fri, Aug 19, 2016 at 10:18:57PM +0200, james hopper wrote:
> It is only exchanging untagged packets.
>
> Sent: Friday, August 19, 2016 at 1:13 PM
> From: "Ben Pfaff" <b...@ovn.org>
> To: "james hopper" <jameshop...@email.com>
> Cc: "OVS Discussion" <discuss@openvswitch.org>
> Subject: Re: [ovs-discuss] Vlan Tagged packets switching issue
> The flows you specified should forward every packet from port 1 to port
> 2 and vice versa. What behavior do you actually see?
>
> On Fri, Aug 19, 2016 at 10:08:01PM +0200, james hopper wrote:
> > Would priority matter if any one of the combination is the only combination?
> I
> > tried after setting priority but it is still not working.
> >
> > ovs-ofctl add-flow br0 "table=0, priority=65535, in_port=1, actions=output:2"
> > ovs-ofctl add-flow br0 "table=0, priority=65535, in_port=2, actions=output:1"
> > Sent: Friday, August 19, 2016 at 12:52 PM
> > From: "Ben Pfaff" <b...@ovn.org>
> > To: "james hopper" <jameshop...@email.com>
> > Cc: "OVS Discussion" <discuss@openvswitch.org>
> > Subject: Re: [ovs-discuss] Vlan Tagged packets switching issue
> > On Fri, Aug 19, 2016 at 09:33:28PM +0200, james hopper wrote:
> > > Thanks Ben for your response. As mentioned, I have tried matching on
> dl_vlan
> > > previously. Furthermore, vlan_tci=0 is perfectly matching the untagged
> > incoming
> > > packets. I am able to switch Native vlan traffic from vlan 10 (untagged
> > > traffic). But the tagged traffic does not match vlan_tci=0x1000/0x1000
> rule.
> > > Here is what I have tried so far.
> > >
> > > Packets are tagged with vlan_id = 20
> > >
> > > ovs-ofctl add-flow br0 "table=0, in_port=1, actions=output:2"
> > > ovs-ofctl add-flow br0 "table=0, in_port=2, actions=output:1"
> > >
> > > ovs-ofctl add-flow br0 "table=0, in_port=1, dl_vlan=20, actions=output:2"
> > > ovs-ofctl add-flow br0 "table=0, in_port=2, dl_vlan=20, actions=output:1"
> > >
> > > ovs-ofctl add-flow br0 "table=0, in_port=1, vlan_tci=0x1000/0x1000, actions
> =
> > > output:2"
> > > ovs-ofctl add-flow br0 "table=0, in_port=2, vlan_tci=0x1000/0x1000, actions
> =
> > > output:1"
> > >
> > > ovs-ofctl add-flow br0 "table=0, in_port=1, dl_type=0x8100, actions=
> output:2"
> > > ovs-ofctl add-flow br0 "table=0, in_port=2, dl_type=0x8100, actions=
> output:1"
> > >
> > > just to check if the rules are being triggered, I also tried dropping the
> > > packets on OVS.
> > > ovs-ofctl add-flow br0 "table=0, dl_type=0x8100, actions=drop"
> > > ovs-ofctl add-flow br0 "table=0, vlan_tci=0x1000/0x1000, actions=drop"
> > > ovs-ofctl add-flow br0 "table=0, dl_vlan=20, actions=drop"
> >
> > None of your flows specify a priority. That's probably the problem.
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
