Hi, Found some inconsistencies while further troubleshooting the issue,maybe there is a bug.
I'm sending the same packet in three ways to OVS at port 1: 1) Untagged 2) Tagged with single VLAN 10 3) Double tagged with CVLAN 10 and SVLAN 3204 Then I match and mark each flow with a different metadata, adding tags to 1) and 2) to make them equivalent to 3), send them to the same rule on table 1, and try to match them by the CVLAN on table 2. 1) and 2) work as expected, but the double tagged packet can't match on the CVLAN 10. cookie=0x0, duration=493.174s, table=0, n_packets=318, n_bytes=25758, in_port=1,vlan_tci=0x0000/0x1fff actions=set_field:0x1->metadata,push_vlan:0x8100,set_field:4106- >vlan_vid,push_vlan:0x8100,set_field:7300->vlan_vid,goto_table:1 cookie=0x0, duration=493.167s, table=0, n_packets=318, n_bytes=27030, in_port=1,dl_vlan=10 actions=set_field:0x2->metadata,push_vlan:0x8100,set_field:7300->vlan_vid,go to_table:1 cookie=0x0, duration=493.163s, table=0, n_packets=318, n_bytes=28302, in_port=1,dl_vlan=3204 actions=set_field:0x3->metadata,goto_table:1 cookie=0x0, duration=493.158s, table=1, n_packets=954, n_bytes=81090, in_port=1,dl_vlan=3204 actions=pop_vlan,goto_table:2 cookie=0x0, duration=493.153s, table=2, n_packets=318, n_bytes=25758, metadata=0x1,in_port=1,dl_vlan=10 actions=pop_vlan,output:2 cookie=0x0, duration=493.148s, table=2, n_packets=318, n_bytes=27030, metadata=0x2,in_port=1,dl_vlan=10 actions=pop_vlan,output:2 cookie=0x0, duration=491.905s, table=2, n_packets=0, n_bytes=0, metadata=0x3,in_port=1,dl_vlan=10 actions=pop_vlan,output:2 Regards, Marcos Schwarz ----- Original Message ----- From: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br> To: disc...@openvswitch.org Sent: Friday, May 5, 2017 7:24:09 PM Subject: Can't match inner vlan Hi, I'm trying to work with double tagged packets in OVS. But I can't match on the inner VLAN (CVLAN), even after poping the SVLAN and using a different table. In this setup I'm receiving on port 1 SVLANs 3204 and 3217 both transporting CVLANs 10 and 20, what I want to achieve is to steer each flow (SVLAN + CVLAN combination) to a different outport. I came up with two set of rules, using two tables. On table 0 I match on in_port, SVLAN, pop it, save the SVLAN VID to the metadata field then send to table 1. On table 1 I match on the metadata to restore the information of wich SVLAN this flow is from, mach on in_port and CVLAN, pop the CVLAN and send to the outputport. Below are the flows I used: ovs-ofctl -O OpenFlow13 add-flow br-oper0 in_port=1,dl_vlan=3204,actions=pop_vlan,set_field:3204->metadata,goto_table:1 ovs-ofctl -O OpenFlow13 add-flow br-oper0 in_port=1,dl_vlan=3217,actions=pop_vlan,set_field:3217->metadata,goto_table:1 ovs-ofctl -O OpenFlow13 add-flow br-oper0 table=1,metadata=3204,in_port=1,dl_vlan=10,actions=pop_vlan,output:2 ovs-ofctl -O OpenFlow13 add-flow br-oper0 table=1,metadata=3204,in_port=1,dl_vlan=20,actions=pop_vlan,output:3 ovs-ofctl -O OpenFlow13 add-flow br-oper0 table=1,metadata=3217,in_port=1,dl_vlan=10,actions=pop_vlan,output:4 ovs-ofctl -O OpenFlow13 add-flow br-oper0 table=1,metadata=3217,in_port=1,dl_vlan=20,actions=pop_vlan,output:5 But as shown below, no flow is matching the rules from table 1. I created some temporary flows to isolate the issue, and I figured that I can match the CVLAN on table 1. cookie=0x0, duration=3435.754s, table=0, n_packets=788, n_bytes=67476, in_port=1,dl_vlan=3204 actions=pop_vlan,set_field:0xc84->metadata,goto_table:1 cookie=0x0, duration=3435.754s, table=0, n_packets=788, n_bytes=67476, in_port=1,dl_vlan=3217 actions=pop_vlan,set_field:0xc91->metadata,goto_table:1 cookie=0x0, duration=3471.941s, table=1, n_packets=0, n_bytes=0, metadata=0xc84,in_port=1,dl_vlan=10 actions=pop_vlan,output:2 cookie=0x0, duration=3471.941s, table=1, n_packets=0, n_bytes=0, metadata=0xc84,in_port=1,dl_vlan=20 actions=pop_vlan,output:2 cookie=0x0, duration=3471.941s, table=1, n_packets=0, n_bytes=0, metadata=0xc91,in_port=1,dl_vlan=10 actions=pop_vlan,output:4 cookie=0x0, duration=3471.941s, table=1, n_packets=0, n_bytes=0, metadata=0xc91,in_port=1,dl_vlan=20 actions=pop_vlan,output:5 Temporary Flows: cookie=0x0, duration=6.097s, table=1, n_packets=0, n_bytes=0, in_port=1,dl_vlan=10 actions=output:2 cookie=0x0, duration=6.883s, table=1, n_packets=4, n_bytes=356, metadata=0xc84,in_port=1 actions=output:2 All my ports are DPDK, and I'm working with OVS from master branch (april 29th) and DPDK 16.11. But have confirmed this issue with previous versions as 2.7.0 and 2.6.1. Follows the parameters from my setup. ovs-vsctl add-br br-oper0 -- set bridge br-oper0 datapath_type=netdev fail-mode=secure ovs-vsctl add-port br-oper0 dpdk-p0 -- set Interface dpdk-p0 type=dpdk options:dpdk-devargs=0000:00:14.0 mtu_request=9600 ofport=1 ovs-vsctl add-port br-oper0 dpdk-p1 -- set Interface dpdk-p1 type=dpdk options:dpdk-devargs=0000:00:14.1 mtu_request=9600 ofport=2 ovs-vsctl add-port br-oper0 dpdk-p2 -- set Interface dpdk-p2 type=dpdk options:dpdk-devargs=0000:00:14.2 mtu_request=9600 ofport=3 ovs-vsctl add-port br-oper0 dpdk-p3 -- set Interface dpdk-p3 type=dpdk options:dpdk-devargs=0000:00:14.3 mtu_request=9600 ofport=4 ovs-vsctl add-port br-oper0 dpdk-p4 -- set Interface dpdk-p4 type=dpdk options:dpdk-devargs=0000:01:00.0 mtu_request=9600 ofport=5 I've also attached a pcap from the host at port 2, just to show that there is traffic with the CVLAN tag reaching there. Please let me know if there is a better way I can achieve this. Regards, Marcos Schwarz _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
