Thanks Darrell. I checked the OVS tree kernel module, it indeed does not drop
empty payload TCP packets.
Jing
From: Darrell Ball
Sent: Friday, May 3, 2019 3:34 PM
To: Zhang, Jing C. (Nokia - CA/Ottawa)
Cc: Han Zhou ; ovs-discuss@openvswitch.org
Subject: Re: FW: [ovs-discuss] OVS 2.9.0 native f
Thanks for reconfirming Jing
Darrell
On Fri, May 3, 2019 at 3:02 PM Zhang, Jing C. (Nokia - CA/Ottawa) <
jing.c.zh...@nokia.com> wrote:
> The thing is, I don’t see empty TCP packet drops on DPDK computes, I
> nevertheless applied the patch HAN mentioned on DPDK computes, no
> difference.
>
>
>
>
The thing is, I don’t see empty TCP packet drops on DPDK computes, I
nevertheless applied the patch HAN mentioned on DPDK computes, no difference.
The issues we see is on OVS computes.
Jing
From: Darrell Ball
Sent: Friday, May 03, 2019 3:34 PM
To: Zhang, Jing C. (Nokia - CA/Ottawa)
Cc: Han Zh
On Fri, May 3, 2019 at 10:44 AM Zhang, Jing C. (Nokia - CA/Ottawa) <
jing.c.zh...@nokia.com> wrote:
>
>1. The hybrid firewall refers to Linux bridge based firewall. To debug
>the issue, we switch the neutron OVS agent to use native firewall.
>
>
>
> [securitygroup]
>
> #firewall_driver=ipt
Sorry, I overlooked your questions on dpdk computes. DPDK itself is find, VMs
are up and running.
Jing
From: Darrell Ball
Sent: Friday, May 3, 2019 11:55 AM
To: Zhang, Jing C. (Nokia - CA/Ottawa)
Cc: Han Zhou ; ovs-discuss@openvswitch.org
Subject: Re: FW: [ovs-discuss] OVS 2.9.0 native firewal
1. The hybrid firewall refers to Linux bridge based firewall. To debug the
issue, we switch the neutron OVS agent to use native firewall.
[securitygroup]
#firewall_driver=iptables_hybrid
firewall_driver=openvswitch
# ovs-ofctl dump-flows br-int | grep ct_state
cookie=0xddb977285e2ba9b6, durat
couple corrections inline
On Fri, May 3, 2019 at 8:52 AM Darrell Ball wrote:
>
>
> On Fri, May 3, 2019 at 8:29 AM Zhang, Jing C. (Nokia - CA/Ottawa) <
> jing.c.zh...@nokia.com> wrote:
>
>>
>>1. This issue is with native OVS firewall where the data flows are
>>subject to conntrack rules,
On Fri, May 3, 2019 at 8:29 AM Zhang, Jing C. (Nokia - CA/Ottawa) <
jing.c.zh...@nokia.com> wrote:
>
>1. This issue is with native OVS firewall where the data flows are
>subject to conntrack rules, there is no issue for hybrid firewall
>
>
1/ Does 'native OVS firewall' mean either kernel d
1. This issue is with native OVS firewall where the data flows are subject
to conntrack rules, there is no issue for hybrid firewall
1. Below is from DPDK compute:
# ovs-vsctl --no-wait get Open_vSwitch . other_config
# ovs-vsctl -- list bridge br-int | grep datapath
datapath_id :
and jtbc, ovs-dpdk uses the userspace datapath
On Fri, May 3, 2019 at 8:24 AM Darrell Ball wrote:
> The node you are displaying below is running kernel datapath
>
> fyi: The fix Han pointed you to is for userspace datapath/conntrack
>
>
>
> On Fri, May 3, 2019 at 8:14 AM Zhang, Jing C. (Nokia -
The node you are displaying below is running kernel datapath
fyi: The fix Han pointed you to is for userspace datapath/conntrack
On Fri, May 3, 2019 at 8:14 AM Zhang, Jing C. (Nokia - CA/Ottawa) <
jing.c.zh...@nokia.com> wrote:
> We have both OVS and OVS-dpdk computes.
>
>
>
> Below is from OV
We have both OVS and OVS-dpdk computes.
Below is from OVS compute:
# ovs-vsctl --no-wait get Open_vSwitch . other_config
{}
# ovs-vsctl -- list bridge br-int | grep datapath
datapath_id : "aaf62aaf3546"
datapath_type : system
datapath_version: ""
From: Darrell Ball
Sent: F
What do the following commands yield ?
sudo ovs-vsctl -- get bridge datapath_type
sudo ovs-vsctl --no-wait get Open_vSwitch . other_config
>
> *From: * on behalf of Han Zhou <
> zhou...@gmail.com>
> *Date: *Thursday, May 2, 2019 at 7:12 PM
> *To: *"Zhang, Jing C. (Nokia - CA/Ottawa)"
> *Cc:
13 matches
Mail list logo