On 24 Oct 2023, at 8:47, chuanyun Xiao wrote:
> I use the VM to ping an external IP address and telnet same ip To observe
> the tc rules of bond0。
>
> [root@gateway02 ~]# tc filter show egress dev bond0
> filter block 18 protocol ip pref 2 flower chain 0
> filter block 18 protocol ip pref 2 flower chain 0 handle 0x1
> dst_mac e8:eb:d3:3a:d5:e8
> src_mac 88:2a:5e:a9:30:ad
> eth_type ipv4
> ip_flags nofrag
> in_hw in_hw_count 2
> action order 1: skbedit ptype host pipe
> index 1 ref 1 bind 1
> used_hw_stats delayed
>
> action order 2: mirred (Ingress Redirect to device br-ex) stolen
> index 2 ref 1 bind 1
> cookie 269afd7f074e8f0f9376cf88d44bb2e7
> no_percpu
> used_hw_stats delayed
>
> filter block 18 protocol ip pref 2 flower chain 0 handle 0x2
> dst_mac ae:86:86:ab:a6:08
> src_mac 88:2a:5e:a9:30:ad
> eth_type ipv4
> ip_proto tcp
> ip_tos 0/0x3
> ip_ttl 58
> dst_ip 10.199.100.20
> src_ip 10.79.254.16/9
> ip_flags nofrag
> ct_state -trk-inv
> in_hw in_hw_count 2
> action order 1: tunnel_key set
> src_ip 0.0.0.0
> dst_ip 172.31.2.22
> key_id 5
> dst_port 6081
> geneve_opts 0102:80:00010005
> csum
> ttl 64 pipe
> index 2 ref 1 bind 1
> no_percpu
> used_hw_stats delayed
>
> action order 2: pedit action pipe keys 4
> index 3 ref 1 bind 1
> key #0 at eth+4: val 0000aebf mask ffff0000
> key #1 at eth+8: val bf9ebc20 mask 00000000
> key #2 at eth+0: val 00001991 mask 00000000
> key #3 at eth+4: val 00200000 mask 0000ffff
> used_hw_stats delayed
>
> action order 3: pedit action pipe keys 1
> index 4 ref 1 bind 1
> key #0 at ipv4+8: val 38000000 mask 00ffffff
> used_hw_stats delayed
>
> action order 4: csum (iph, tcp) action pipe
> index 2 ref 1 bind 1
> no_percpu
> used_hw_stats delayed
>
> action order 5: mirred (Egress Redirect to device genev_sys_6081)
> stolen
> index 4 ref 1 bind 1
> cookie 65a40a0b9e4d542b353344b28762f37d
> no_percpu
> used_hw_stats delayed
>
> filter block 18 protocol ip pref 2 flower chain 0 handle 0x3
> dst_mac ae:86:86:ab:a6:08
> src_mac 88:2a:5e:a9:30:ad
> eth_type ipv4
> ip_proto icmp
> ip_tos 0/0x3
> ip_ttl 58
> dst_ip 10.199.100.20
> src_ip 10.79.254.16/9
> icmp_type 0/254
> ip_flags nofrag
> ct_state -trk-inv
> not_in_hw
> action order 1: tunnel_key set
> src_ip 0.0.0.0
> dst_ip 172.31.2.22
> key_id 5
> dst_port 6081
> geneve_opts 0102:80:00010005
> csum
> ttl 64 pipe
> index 4 ref 1 bind 1
> no_percpu
>
> action order 2: pedit action pipe keys 4
> index 7 ref 1 bind 1
> key #0 at eth+4: val 0000aebf mask ffff0000
> key #1 at eth+8: val bf9ebc20 mask 00000000
> key #2 at eth+0: val 00001991 mask 00000000
> key #3 at eth+4: val 00200000 mask 0000ffff
>
> action order 3: pedit action pipe keys 1
> index 8 ref 1 bind 1
> key #0 at ipv4+8: val 38000000 mask 00ffffff
>
> action order 4: csum (iph) action pipe
> index 4 ref 1 bind 1
> no_percpu
>
> action order 5: mirred (Egress Redirect to device genev_sys_6081)
> stolen
> index 6 ref 1 bind 1
> cookie bf012388974ae42e806cbd87282c5b92
> no_percpu
>
>
> I use ConnectX-6 Dx OFED:5.9-0.5.5 firmware-version: 22.38.1002
> (MT_0000000359)
>
>
> Can you help me find out what is the difference between these two tc rules
> that causes ICMP to fail to hardware offload? What is the final solution?
> I can provide more information if needed,Thank you!
I do not see anything that stands out other than using ICMP vs TCP. I guess
your next step would be to ask Nvidia why their CX6 is not offloading this flow.
//Eelco
>
> Eelco Chaudron <echau...@redhat.com> 于2023年10月24日周二 14:34写道:
>
>>
>>
>> On 24 Oct 2023, at 7:02, chuanyun Xiao via discuss wrote:
>>
>>> I use the VM to ping an external IP address and view tc rules on the
>>> centralized gateway
>>>
>>> filter block 18 protocol ip pref 2 flower chain 0 handle 0x2
>>> dst_mac ae:86:86:ab:a6:08
>>> src_mac 88:2a:5e:a9:30:ad
>>> eth_type ipv4
>>> ip_proto icmp
>>> ip_tos 0/0x3
>>> ip_ttl 58
>>> dst_ip 10.199.100.20
>>> src_ip 10.79.254.16/9
>>> icmp_type 0/254
>>> ip_flags nofrag
>>> ct_state -trk-inv
>>> not_in_hw
>>> action order 1: tunnel_key set
>>> src_ip 0.0.0.0
>>> dst_ip 172.31.2.22
>>> key_id 5
>>> dst_port 6081
>>> geneve_opts 0102:80:00010005
>>> csum
>>> ttl 64 pipe
>>> index 2 ref 1 bind 1
>>> no_percpu
>>>
>>> action order 2: pedit action pipe keys 4
>>> index 3 ref 1 bind 1
>>> key #0 at eth+4: val 0000aebf mask ffff0000
>>> key #1 at eth+8: val bf9ebc20 mask 00000000
>>> key #2 at eth+0: val 00001991 mask 00000000
>>> key #3 at eth+4: val 00200000 mask 0000ffff
>>>
>>> action order 3: pedit action pipe keys 1
>>> index 4 ref 1 bind 1
>>> key #0 at ipv4+8: val 38000000 mask 00ffffff
>>>
>>> action order 4: csum (iph) action pipe
>>> index 2 ref 1 bind 1
>>> no_percpu
>>>
>>> action order 5: mirred (Egress Redirect to device genev_sys_6081)
>>> stolen
>>> index 4 ref 1 bind 1
>>> cookie bf012388974ae42e806cbd87282c5b92
>>> no_percpu
>>>
>>> The TC rule is not_in_hw。 ip_proto TCP or UDP is in_hw。
>>>
>>>
>>> [root@gateway02 ~]# ovs-appctl dpctl/dump-flows -m
>>> ufid:74a18009-31cd-4d5e-b958-4614cfc09409,
>>>
>> recirc_id(0),dp_hash(0/0),skb_priority(0/0),tunnel(tun_id=0x1,src=172.31.2.22,dst=172.31.7.24,ttl=0/0,tp_dst=6081,geneve({class=0x102,type=0x80,len=4,0x10005/0x7fffffff}),flags(+key)),in_port(genev_sys_6081),skb_mark(0/0),ct_state(0/0x30),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),packet_type(ns=0/0,id=0/0),eth(src=ae:68:68:78:2c:8a,dst=ae:1e:1e:fe:14:5f),eth_type(0x0800),ipv4(src=
>>>
>> 10.199.100.16/255.255.255.240,dst=10.0.0.0/255.128.0.0,proto=1,tos=0/0,ttl=63,frag=no
>> ),icmp(type=8/0xf8,code=0/0),
>>> packets:0, bytes:0, used:never, dp:tc,
>>>
>> actions:set(eth(src=ae:86:86:ab:a6:08,dst=88:2a:5e:a9:30:ad)),set(ipv4(ttl=62)),bond0
>>> ufid:81f41145-4897-4f0a-bc53-3117f646b4cc,
>>>
>> recirc_id(0),dp_hash(0/0),skb_priority(0/0),tunnel(tun_id=0x1,src=172.31.2.22,dst=172.31.7.24,ttl=0/0,tp_dst=6081,geneve({class=0x102,type=0x80,len=4,0x10005/0x7fffffff}),flags(+key)),in_port(genev_sys_6081),skb_mark(0/0),ct_state(0/0x30),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),packet_type(ns=0/0,id=0/0),eth(src=ae:68:68:78:2c:8a,dst=ae:1e:1e:fe:14:5f),eth_type(0x0800),ipv4(src=
>>>
>> 10.199.100.16/255.255.255.240,dst=10.0.0.0/255.128.0.0,proto=6,tos=0/0,ttl=63,frag=no
>> ),tcp(src=0/0,dst=0/0),
>>> packets:2, bytes:132, used:1.110s, offloaded:yes, dp:tc,
>>>
>> actions:set(eth(src=ae:86:86:ab:a6:08,dst=88:2a:5e:a9:30:ad)),set(ipv4(ttl=62)),bond0
>>> ufid:7ffd9a26-0f8f-4e07-88cf-7693e7b24bd4,
>>>
>> recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(bond0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),packet_type(ns=0/0,id=0/0),eth(src=88:2a:5e:a9:30:ad,dst=e8:eb:d3:3a:d5:e8),eth_type(0x0800),ipv4(src=
>>> 0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no),
>>> packets:133315, bytes:12479861, used:1.110s, offloaded:yes, dp:tc,
>>> actions:br-ex
>>> ufid:882301bf-2ee4-4a97-87bd-6c80925b2c28,
>>>
>> recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(bond0),skb_mark(0/0),ct_state(0/0x30),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),packet_type(ns=0/0,id=0/0),eth(src=88:2a:5e:a9:30:ad,dst=ae:86:86:ab:a6:08),eth_type(0x0800),ipv4(src=
>>> 10.0.0.0/255.128.0.0,dst=10.199.100.20,proto=1,tos=0/0x3,ttl=58,frag=no
>> ),icmp(type=0/0xfe,code=0/0),
>>> packets:0, bytes:0, used:never, dp:tc,
>>>
>> actions:set(tunnel(tun_id=0x5,dst=172.31.2.22,ttl=64,tp_dst=6081,geneve({class=0x102,type=0x80,len=4,0x10005}),flags(csum|key))),set(eth(src=ae:bf:bf:9e:bc:20,dst=00:00:19:91:00:20)),set(ipv4(ttl=56)),genev_sys_6081
>>> ufid:02e435a6-c803-4a06-b97b-3dce5f36c633,
>>>
>> recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(bond0),skb_mark(0/0),ct_state(0/0x30),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),packet_type(ns=0/0,id=0/0),eth(src=88:2a:5e:a9:30:ad,dst=ae:86:86:ab:a6:08),eth_type(0x0800),ipv4(src=
>>> 10.0.0.0/255.128.0.0,dst=10.199.100.20,proto=6,tos=0/0x3,ttl=58,frag=no
>> ),tcp(src=0/0,dst=0/0),
>>> packets:2, bytes:140, used:1.110s, offloaded:yes, dp:tc,
>>>
>> actions:set(tunnel(tun_id=0x5,dst=172.31.2.22,ttl=64,tp_dst=6081,geneve({class=0x102,type=0x80,len=4,0x10005}),flags(csum|key))),set(eth(src=ae:bf:bf:9e:bc:20,dst=00:00:19:91:00:20)),set(ipv4(ttl=56)),genev_sys_6081
>>> ufid:ba6a5e73-ca18-43fb-b133-ec96520a329b,
>>>
>> recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(bond0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),packet_type(ns=0/0,id=0/0),eth(src=88:2a:5e:a9:30:f6,dst=01:80:c2:00:00:0e),eth_type(0x88cc),
>>> packets:0, bytes:0, used:never, offloaded:yes, dp:tc, actions:drop
>>> ufid:40df4ad6-ba18-4589-a9c3-98b2ba4ad384,
>>>
>> recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(br-ex),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),packet_type(ns=0/0,id=0/0),eth(src=e8:eb:d3:3a:d5:e8,dst=88:2a:5e:a9:30:ad),eth_type(0x0800),ipv4(src=
>>> 0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no),
>>> packets:72860, bytes:7469155, used:1.110s, offloaded:yes, dp:tc,
>>> actions:bond0
>>> ufid:bc1182f6-0cd0-4d2d-9eea-8a4df1ab3cc3,
>>>
>> recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(bond0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=88:2a:5e:a9:30:f6,dst=01:80:c2:00:00:00),eth_type(0/0xffff),
>>> packets:161022, bytes:19161618, used:1.934s, dp:ovs, actions:drop
>>>
>>>
>>> system is a AlmaLinux release 8.7 with kernel 4.18.0, OVS 3.2.0 and OVN
>>> 23.03.1.
>>>
>>> How can I make ICMP flow hardware offload?
>>
>> As the rule is in TC it’s the NIC driver deciding if the flow can be
>> offloaded or not. If you compare the tc rule for TCP and ICMP is there any
>> difference that stands out that could permit the hardware from offloading
>> it?
>>
>> //Eelco
>>
>>> _______________________________________________
>>> discuss mailing list
>>> disc...@openvswitch.org
>>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
