Re: [ovs-discuss] port mirroring on veth peer device

[Ben Pfaff]

There's at least one mirroring bug fix in 2.5.1, for this commit:

From: Ben Pfaff 
Date: Thu, 15 Sep 2016 11:43:46 -0700
Subject: [PATCH] ofproto-dpif-xlate: Fix treatment of mirrors across patch
 port.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When the bridges on both sides of a patch port included mirrors, the
translation code incorrectly conflated them instead of treating them as
independent.

Reported-by: Zoltán Balogh 
Reported-by: Sugesh Chandran 
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022689.html
Signed-off-by: Ben Pfaff 
Tested-by: Zoltán Balogh 
Signed-off-by: Ben Pfaff 
---
 ofproto/ofproto-dpif-xlate.c | 28 +---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index 0f4703f..61b5c81 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -2975,7 +2975,6 @@ compose_output_action__(struct xlate_ctx *ctx, ofp_port_t 
ofp_port,
 
 ofpbuf_use_stub(&ctx->stack, new_stack, sizeof new_stack);
 ofpbuf_use_stub(&ctx->action_set, actset_stub, sizeof actset_stub);
-ctx->xbridge = peer->xbridge;
 flow->in_port.ofp_port = peer->ofp_port;
 flow->metadata = htonll(0);
 memset(&flow->tunnel, 0, sizeof flow->tunnel);
@@ -2984,6 +2983,26 @@ compose_output_action__(struct xlate_ctx *ctx, 
ofp_port_t ofp_port,
 ctx->conntracked = false;
 clear_conntrack(flow);
 
+/* When the patch port points to a different bridge, then the mirrors
+ * for that bridge clearly apply independently to the packet, so we
+ * reset the mirror bitmap to zero and then restore it after the packet
+ * returns.
+ *
+ * When the patch port points to the same bridge, this is more of a
+ * design decision: can mirrors be re-applied to the packet after it
+ * re-enters the bridge, or should we treat that as doubly mirroring a
+ * single packet?  The former may be cleaner, since it respects the
+ * model in which a patch port is like a physical cable plugged from
+ * one switch port to another, but the latter may be less surprising to
+ * users.  We take the latter choice, for now at least.  (To use the
+ * former choice, hard-code 'independent_mirrors' to "true".) */
+mirror_mask_t old_mirrors = ctx->mirrors;
+bool independent_mirrors = peer->xbridge != ctx->xbridge;
+if (independent_mirrors) {
+ctx->mirrors = 0;
+}
+ctx->xbridge = peer->xbridge;
+
 /* The bridge is now known so obtain its table version. */
 ctx->tables_version
 = ofproto_dpif_get_tables_version(ctx->xbridge->ofproto);
@@ -3007,10 +3026,10 @@ compose_output_action__(struct xlate_ctx *ctx, 
ofp_port_t ofp_port,
  * the learning action look at the packet, then drop it. */
 struct flow old_base_flow = ctx->base_flow;
 size_t old_size = ctx->odp_actions->size;
-mirror_mask_t old_mirrors = ctx->mirrors;
+mirror_mask_t old_mirrors2 = ctx->mirrors;
 
 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true);
-ctx->mirrors = old_mirrors;
+ctx->mirrors = old_mirrors2;
 ctx->base_flow = old_base_flow;
 ctx->odp_actions->size = old_size;
 
@@ -3023,6 +3042,9 @@ compose_output_action__(struct xlate_ctx *ctx, ofp_port_t 
ofp_port,
 }
 }
 
+if (independent_mirrors) {
+ctx->mirrors = old_mirrors;
+}
 ctx->xin->flow = old_flow;
 ctx->xbridge = xport->xbridge;
 ofpbuf_uninit(&ctx->action_set);
-- 
2.1.3



On Thu, Nov 03, 2016 at 10:42:09PM +0800, Hui Xiang wrote:
> Thanks Ben.
> 
> I am using ovs_version: "2.5.0" , searched below same question/deployment
> but have not found the answer.
> 
> [ovs-discuss] port mirroring on openvswitch
> http://openvswitch.org/pipermail/discuss/2013-October/011413.html
> [ovs-discuss] problem in mirroring interfaces' traffic (just egress packets
> is mirrored)
> http://openvswitch.org/pipermail/discuss/2015-December/019665.html
> 
> Could you show me what kind of mirror bug it might affect?
> 
> BR.
> Hui.
> 
> On Thu, Nov 3, 2016 at 10:11 PM, Ben Pfaff  wrote:
> 
> > On Thu, Nov 03, 2016 at 05:24:38PM +0800, Hui Xiang wrote:
> > >   Does port mirroring works on veth device which is connected on another
> > > linux bridge?
> >
> > It should.  veth devices aren't special to Open vSwitch.
> >
> > You didn't mention w

Re: [ovs-discuss] port mirroring on veth peer device

[Ben Pfaff]

On Thu, Nov 03, 2016 at 05:24:38PM +0800, Hui Xiang wrote:
>   Does port mirroring works on veth device which is connected on another
> linux bridge?

It should.  veth devices aren't special to Open vSwitch.

You didn't mention what version of OVS you're using.  There have been
bug fixes in mirroring over the last 6 months, so if you're not using an
up-to-date version you might consider upgrading.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OFPET_FLOW_MOD_FAILED

[Ben Pfaff]

I don't see how this is connected to Open vSwitch.  Do you have a
question related to Open vSwitch?

On Thu, Nov 03, 2016 at 05:14:38AM -0400, Ajinkya D Kadam wrote:
> HI All,
> 
> I am doing a simple experiment to add a default table miss flow entry to a
> hardware OpenFlow Switch. Below are the details of the tools I  am using
> 
> Controller : RYU
> OpenFlow Switch : FortiCore 3700E
> OF_version : 1.3
> 
> I am using the example code (example_switch_13.py) available in ryu/app.
> 
> 
> *ERROR :*
> 
> loading app ryu/ryu/app/example_switch_13.py
> loading app ryu.controller.ofp_handler
> instantiating app ryu/ryu/app/example_switch_13.py of ExampleSwitch13
> instantiating app ryu.controller.ofp_handler of OFPHandler
> BRICK ExampleSwitch13
>   CONSUMES EventOFPPacketIn
>   CONSUMES EventOFPSwitchFeatures
> BRICK ofp_event
>   PROVIDES EventOFPPacketIn TO {'ExampleSwitch13': set(['main'])}
>   PROVIDES EventOFPSwitchFeatures TO {'ExampleSwitch13': set(['config'])}
>   CONSUMES EventOFPSwitchFeatures
>   CONSUMES EventOFPErrorMsg
>   CONSUMES EventOFPEchoRequest
>   CONSUMES EventOFPEchoReply
>   CONSUMES EventOFPHello
>   CONSUMES EventOFPPortStatus
>   CONSUMES EventOFPPortDescStatsReply
> connected socket: 0x7fddad9259d0> address:('10.2.1.35', 25656)
> hello ev 
> move onto config mode
> EVENT ofp_event->ExampleSwitch13 EventOFPSwitchFeatures
> switch features ev version=0x4,msg_type=0x6,msg_len=0x20,xid=0xa5440ccd,
> OFPSwitchFeatures(auxiliary_id=0,capabilities=5,datapath_
> id=158796421868064,n_buffers=0,n_tables=1)
> 
> 
> This is the port :   4294967293
> Buffer Id is :  65535
> 
> 
> 
> Actions :  [OFPActionOutput(len=16,max_len=65535,port=6633,type=0)]
> 
> 
> Instructions :  [OFPInstructionActions(actions=[OFPActionOutput(len=
> 16,max_len=65535,port=6633,type=0)],type=4)]
> 
> 
> modification  :  version=None,msg_type=None,msg_len=None,xid=None,
> OFPFlowMod(buffer_id=65535,command=0,cookie=0,cookie_
> mask=0,flags=0,hard_timeout=0,idle_timeout=0,instructions=[
> OFPInstructionActions(actions=[OFPActionOutput(len=16,max_
> len=65535,port=6633,type=0)],type=4)],match=OFPMatch(oxm_
> fields={}),out_group=0,out_port=0,priority=0,table_id=0)
> 
> move onto main mode
> EventOFPErrorMsg received.
> version=0x4, msg_type=0x1, msg_len=0x4c, xid=0xa5440ccf
>  `-- msg_type: OFPT_ERROR(1)
> OFPErrorMsg(type=0x5, code=0x0, data=b'\x04\x0e\x00\x50\xa5\
> x44\x0c\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
> x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
> x00\x00\x01\x00\x04\x00\x00\x00\x00\x00\x04\x00\x18\x00\x00\x00\x00')
>  |-- type: OFPET_FLOW_MOD_FAILED(5)
>  |-- code: OFPFMFC_UNKNOWN(0)
>  `-- data: version=0x4, msg_type=0xe, msg_len=0x50, xid=0xa5440ccf
>  `-- msg_type: OFPT_FLOW_MOD(14)
> 
> 
> 
> Modified Application Script is attached. I have printed out the values of
> the variables however I am not able to figure out whats going wrong when I
> am sending the* flow_mod. *
> 
> Can someone please suggest me how i can resolve this error ?
> 
> Thanks in advance.

> # Copyright (C) 2016 Nippon Telegraph and Telephone Corporation.
> #
> # Licensed under the Apache License, Version 2.0 (the "License");
> # you may not use this file except in compliance with the License.
> # You may obtain a copy of the License at
> #
> #http://www.apache.org/licenses/LICENSE-2.0
> #
> # Unless required by applicable law or agreed to in writing, software
> # distributed under the License is distributed on an "AS IS" BASIS,
> # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> # implied.
> # See the License for the specific language governing permissions and
> # limitations under the License.
> 
> from ryu.base import app_manager
> from ryu.controller import ofp_event
> from ryu.controller.handler import CONFIG_DISPATCHER, MAIN_DISPATCHER
> from ryu.controller.handler import set_ev_cls
> from ryu.ofproto import ofproto_v1_3
> from ryu.lib.packet import packet
> from ryu.lib.packet import ethernet
> 
> 
> class ExampleSwitch13(app_manager.RyuApp):
> OFP_VERSIONS = [ofproto_v1_3.OFP_VERSION]
> 
> def __init__(self, *args, **kwargs):
> super(ExampleSwitch13, self).__init__(*args, **kwargs)
> # initialize mac address table.
> self.mac_to_port = {}
> 
> @set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER)
> def switch_features_handler(self, ev):
> datapath = ev.msg.datapath
> ofproto = datapath.ofproto
> parser = datapath.ofproto_parser
> 
>   print
>   print
>   print "This is the port :  ", str(ofproto.OFPP_CONTROLLER)
>   print "Buffer Id is : ", ofproto.OFPCML_NO_BUFFER   
>   print
>   print
> 
> # install the table-miss flow entry.
> match = parser.OFPMatch()
> actions = [parser.OFPActionOutput(6633,
>   ofproto.OFPCML_NO_BUFFER)]
>   
>   print
>   

Re: [ovs-discuss] Selinux error openvswitch

[Ben Pfaff]

On Wed, Nov 02, 2016 at 10:02:27AM -0300, Rony C.T. wrote:
> [root@cloud openvswitch-2.6.0]# rpmbuild -bb rhel/openvswitch.spec
> error: Failed build dependencies:
> selinux-policy-devel is needed by openvswitch-2.6.0-1.x86_64
> 
> 
> HELP :(

Install the build dependencies.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Interface type OVS supports

[Ben Pfaff]

On Tue, Oct 25, 2016 at 08:12:10PM +1000, 陈昊 wrote:
> I tried to attach Android mobile data interface (rmnet0) to OVS datapath
> However, there was an error that said rmnet0 is invalid argument. I check
> the interface rmnet0 whose encapsulation type is UNSPEC.
> 
> Does anyone have the idea to solve it?

Open vSwitch only works with Ethernet interfaces.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] "protected mode" for openvswitch ports (layer 2 forwarding) ?

[Ben Pfaff]

Whether a port is a "protected port" appears to be just an extra boolean
true/false setting for each individual port, so I'd probably start by
adding a new boolean column to the Port table (or perhaps a new
other-config key-value, since this seems to be a fairly rarely used
feature).

On Thu, Oct 27, 2016 at 04:25:04PM +0300, Ben Kelly wrote:
> Thanks Ben,
> 
> I'm considering going down the patch route - though I must admit I
> haven't had a lot of experience with OVS. To steer in the right
> direction, where would a feature like this be configured/manipulated?
> in ovs-vsctl? ovs-ofctl has a mod-port command, but I'm not really
> aware of port specific configuration in ovs-vsctl? Should I be asking
> this on the dev mailing list instead?
> 
> Cheers,
> Ben
> 
> On Thu, Oct 27, 2016 at 1:09 AM, Ben Pfaff  wrote:
> > On Wed, Oct 26, 2016 at 12:45:48PM +0300, Ben Kelly wrote:
> >> Hi,
> >>
> >> I've been searching for ways to implement something like "protected
> >> mode" for ovs without much luck so far. Hoping someone on the discuss
> >> mailing list might have some suggestions.
> >>
> >> Protected mode is available on some broadcom switch ASIC, and cisco
> >> switches also have this as a configurable option
> >> (http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_011101.html).
> >>
> >> Basically, I would like to nominate a set of ports in my ovs bridge to
> >> have layer 2 forwarding between them disabled. A "protected" port will
> >> not forward frames to another protected port, however forwarding
> >> occurs as normal between protected <-> non-protected ports and
> >> vice-versa.
> >>
> >> My underlying requirement is that I need to use OpenvSwitch for 802.1q
> >> and associate layer 3 addressing with internal ovs ports, however I'd
> >> like to disable layer 2 forwarding between physical ports.
> >>
> >> I've looked at things such as "ovs-ofctl mod-port [phys port] noflood"
> >> etc. but this seems to be an all-or-nothing approach with regards to
> >> forwarding between ports.
> >>
> >> I'd appreciate any suggestions!
> >
> > You could implement this with an OpenFlow controller.
> >
> > You could submit patches to add such a feature to base OVS.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Preserve register/metadata info across OVS bridges?

[Ben Pfaff]

On Fri, Oct 28, 2016 at 04:31:35PM -0700, Ray Li wrote:
> Is there a way to preserve register/metadata values when I output a packet
> through a patch port to another OVS bridge?

OVS doesn't provide a way to do that in general.  A few pieces of
metadata are preserved, though, such as pkt_mark.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS2.6 OFPBAC_BAD_TYPE Error

[Ben Pfaff]

On Sun, Oct 30, 2016 at 01:50:44PM -0700, Kevin Lin wrote:
> Hi,
> 
> We're trying to upgrade to OVS2.6 from OVS2.5, but we're getting an error
> in the logs in ovs-vswitchd:
> 
> 2016-10-30T00:23:19Z|01208|vconn|DBG|unix: received: OFPT_FLOW_MOD (OF1.3)
> (xid=0x45): ADD table:22 priority=1001,tcp,metadata=0x1,nw_src=10.
> 14.11.2,nw_dst=10.14.11.2,tp_src=7077 actions=resubmit(,23)
> 2016-10-30T00:23:19Z|01209|vconn|DBG|unix: received: OFPT_FLOW_MOD (OF1.3)
> (xid=0x46): ADD table:22 priority=1001,udp,metadata=0x1,nw_src=10.
> 181.3.12,nw_dst=10.14.11.2,tp_src=7077 actions=resubmit(,23)
> 2016-10-30T00:23:19Z|01210|vconn|DBG|unix: received: OFPT_FLOW_MOD (OF1.3)
> (xid=0x47): ADD table:50 priority=0,metadata=0x1 actions=resubmit(
> ,51)
> 2016-10-30T00:23:19Z|01211|vconn|DBG|unix: received: OFPT_FLOW_MOD (OF1.3)
> (xid=0x48): ADD table:52 priority=1001,tcp,metadata=0x1,nw_src=10.
> 14.11.2,nw_dst=10.181.3.12,tp_dst=7077 actions=resubmit(,53)
> 2016-10-30T00:23:19Z|01212|vconn|DBG|unix: received: OFPT_FLOW_MOD (OF1.3)
> (xid=0x49): ADD table:22 priority=1001,icmp,metadata=0x1,nw_src=10
> .211.166.114,nw_dst=10.14.11.2 actions=resubmit(,23)
> 2016-10-30T00:23:19Z|01213|vconn|DBG|unix: received: OFPT_FLOW_MOD (OF1.3)
> (xid=0x4a): ADD table:22 priority=1001,udp,metadata=0x1,nw_src=10.
> 211.166.114,nw_dst=10.14.11.2,tp_dst=7077 actions=resubmit(,23)
> 2016-10-30T00:23:19Z|01214|vconn|DBG|unix: received: OFPT_FLOW_MOD (OF1.3)
> (xid=0x4b): ADD table:28 priority=50,metadata=0x1,dl_dst=02:00:0a:
> b5:03:0c actions=set_field:0x4->reg15,resubmit(,32)
> 2016-10-30T00:23:19Z|01215|vconn|DBG|unix: received: OFPT_FLOW_MOD (OF1.3)
> (xid=0x4c): ADD table:53 priority=100,ipv6,reg0=0x4/0x4,metadata=0
> x1 actions=ct(table=54,zone=NXM_NX_REG13[0..15],nat)
> 2016-10-30T00:23:19Z|01216|connmgr|INFO|br-int<->unix: sending
> OFPBAC_BAD_TYPE error reply to OFPT_FLOW_MOD message
> 2016-10-30T00:23:19Z|01217|vconn|DBG|unix: sent (Success): OFPT_ERROR
> (OF1.3) (xid=0x4c): OFPBAC_BAD_TYPE
> OFPT_FLOW_MOD (OF1.3) (xid=0x4c):
> (***truncated to 64 bytes from 136***)
>   04 0e 00 88 00 00 00 4c-00 00 00 00 00 00 00 00 |...L|
> 0010  00 00 00 00 00 00 00 00-35 00 00 00 00 00 00 64 |5..d|
> 0020  ff ff ff ff ff ff ff ff-ff ff ff ff 00 00 00 00 ||
> 0030  00 01 00 22 80 00 0a 02-86 dd 00 01 01 08 00 00 |..."|
> 
> The network still seems fine though.
> We're using OVN to create an overlay network for containers between
> machines.
> 
> This is on Ubuntu 16.04 instances:
> $ uname -a
> Linux ip-172-31-7-97 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC
> 2016 x86_64 x86_64 x86_64 GNU/Linux
> 
> Interestingly, when we compile and install the kernel module from
> /releases/openvswitch-2.6.0.tar.gz, the error no longer appears.

Probably the kernel you're using doesn't support either 'ct' or 'nat' on
ct.  Installing the newer kernel module is the right solution.

I've sent out a patch that should make OVS log more detail.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Help me about OVS SSL configuring

[Ben Pfaff]

On Wed, Oct 26, 2016 at 02:05:50PM +0800, Jeson Zhang wrote:
> I resently wanted to configure OVS for SSL. But I was puzzled by the
> tutorial from
> http://openvswitch.org/support/dist-docs/INSTALL.SSL.md.html:

You mean "recently", not "resently".  You should probably look up the
word "resent" and what it means, because it makes your statement appear
rude.

> 1.  Is the command "ovs-pki init" run in OVS host or Controller host?
> Need I run it on OF Controller host and copy the cacert.pem file to
> OVS host?

You should run it where you want to maintain the PKI.  This might be a
machine of its own, but if not then it makes more sense to do it on the
controller.

> 2.  which host is the command "ovs-pki req+sign ctl controller" run in
> OVS host or Controller host? Does it run on OVS host and copy the
> ctl-privkey.pem and to Contoller?  (here, run it on PKI structure and
> copy files to Controller)

It runs where you ran "ovs-pki init".

> 3. in the section of "SWITCH KEY GENGERATION WITH A SWITCH PKI", (but
> here, run it on PKI structure and copy files to OVS, so i don't know
> whitch host is the "PKI structure")

It runs where you ran "ovs-pki init".
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Bundle properties in ADD/CONTROL msgs

[Ben Pfaff]

On Tue, Oct 25, 2016 at 07:41:28AM +, Andrej Leitner wrote:
> In specification for OF bundles (extension #230 for v1.3) there is the field 
> struct onf_bundle_prop_header properties[0] in message BUNDLE_CONTROL.
> 
> This field is present also in the second BUNDLE_ADD_MESSAGE however commented 
> out. Does somebody know what does it mean?
> 
> Is this field optional (zero or more) in both messages?

This (in either form) normally indicates that BUNDLE_CONTROL and
BUNDLE_ADD_MESSAGE are followed by a variable number of
onf_bundle_prop_header structures.  I haven't looked at these specific
cases.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] "protected mode" for openvswitch ports (layer 2 forwarding) ?

[Ben Pfaff]

On Wed, Oct 26, 2016 at 12:45:48PM +0300, Ben Kelly wrote:
> Hi,
> 
> I've been searching for ways to implement something like "protected
> mode" for ovs without much luck so far. Hoping someone on the discuss
> mailing list might have some suggestions.
> 
> Protected mode is available on some broadcom switch ASIC, and cisco
> switches also have this as a configurable option
> (http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_011101.html).
> 
> Basically, I would like to nominate a set of ports in my ovs bridge to
> have layer 2 forwarding between them disabled. A "protected" port will
> not forward frames to another protected port, however forwarding
> occurs as normal between protected <-> non-protected ports and
> vice-versa.
> 
> My underlying requirement is that I need to use OpenvSwitch for 802.1q
> and associate layer 3 addressing with internal ovs ports, however I'd
> like to disable layer 2 forwarding between physical ports.
> 
> I've looked at things such as "ovs-ofctl mod-port [phys port] noflood"
> etc. but this seems to be an all-or-nothing approach with regards to
> forwarding between ports.
> 
> I'd appreciate any suggestions!

You could implement this with an OpenFlow controller.

You could submit patches to add such a feature to base OVS.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Tuple Space Search implementation in the MegaFlow Cache

[Ben Pfaff]

On Mon, Oct 24, 2016 at 04:55:52PM -0400, thibaut stimpfling wrote:
> I am looking for implementation details of the Tuple Space Search
> algorithm in the MegaFlow Cache. More specifically, I am interested in
> how ranges are handled by the tuple space search lookup algorithm. Is
> each range converted into (a) prefix(es) ?

Yes.

In more detail, OVS itself doesn't handle ranges at all.  Instead,
whatever feeds flows to it must break ranges into multiple flows that
use prefix matching.

> Are ranges converted into Nesting IDs/Nesting Levels, as described in
> the paper "Packet classification using tuple space search” ? 

No.

I've read that paper a couple of times and I've always failed to
understand that part of it.  I'd very much appreciate it if someone
would explain it to me.

> If so, which data structure are you using to find the nesting Id /
> nesting level associated with a packet header field ?
> 
> Can you point me to any documentation that could answer this question ?

Did you read our NSDI paper?  It's all about the OVS classifier.
https://www.usenix.org/node/188961
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] packet buffering on OVS

[Ben Pfaff]

On Fri, Oct 21, 2016 at 01:08:17AM -0400, Yikai Lin wrote:
> 1. What is the latest implementation regarding the packet buffering
> behavior in OVS?

We removed it.  OVS 2.6 and later no longer supports packet buffering.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Ｑｕｅｓｔｉｏｎ ａｂｏｕｔ to set the miss_send_len

[Ben Pfaff]

I mean that the OpenFlow 1.0 message is the way to change miss_send_len.
If you need to change it, use that message.  If your controller does not
support that message, add support.  It is a very simple message so any
controller should be able to easily support it.

On Thu, Oct 20, 2016 at 12:22:14AM +, Naoyuki NS Shimizu wrote:
> 
> Thank you for your reply.
> 
> Do you mean that I can't change the value of miss_send_len?
> 
> Can I change it by the other way? For example, by rewriting config file or 
> changing code and rebuilding.
> 
> 
> 
> -作成者: Ben Pfaff  -
> 
> 
> 宛先: Naoyuki NS Shimizu/R/RICOH@RICOH
> 送信元: Ben Pfaff 
> 日付: 2016/10/20 12:06AM
> Cc: discuss@openvswitch.org
> 件名: Re: [ovs-discuss] Ｑｕｅｓｔｉｏｎ　ａｂｏｕｔ　to set the miss_send_len
> 
> 
> On Wed, Oct 19, 2016 at 12:30:54AM +, Naoyuki NS Shimizu wrote:
> > I'd like to change the value of miss_send_len.
> > 
> > I use trema as Openflow v1.0 controller and trema ｉｓ not implemented 
> > SetConfig messege.
> > 
> > So I can't send SetConfig messege from Openflow v1.0 controller.
> > 
> > Please tell me the other way.
> 
> That is the way.
> 
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Ｑｕｅｓｔｉｏｎ ａｂｏｕｔ to set the miss_send_len

[Ben Pfaff]

On Wed, Oct 19, 2016 at 12:30:54AM +, Naoyuki NS Shimizu wrote:
> I'd like to change the value of miss_send_len.
> 
> I use trema as Openflow v1.0 controller and trema ｉｓ not implemented 
> SetConfig messege.
> 
> So I can't send SetConfig messege from Openflow v1.0 controller.
> 
> Please tell me the other way.

That is the way.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Static CAM table

[Ben Pfaff]

OVS can't really influence whether a VM sends a reply.

On Tue, Oct 18, 2016 at 12:02:16PM -0700, Tom Gajewski wrote:
> More strangeness: when pinging from within VM behind port 13 I observe
> even the reply coming back into VM yet ping reports no reply 100%
> loss. This is with dl_dst:so:me:ma:cc flow. Why would that flow cause
> that, how is that even possible if I'm seeing ICMP replies inside VM?
> Again, all works fine without that static flow mapping, it just
> becomes impossible to reach VM after mac-table ages out -- because of
> the no-flood on the port, but as long as mac-table is populated all is
> good...
> 
> On Tue, Oct 18, 2016 at 11:41 AM, Tom Gajewski
>  wrote:
> > That's the requirement, that's why I started this topic. I've
> > demonstrated that port 13 works perfectly fine with no-flood as long
> > as the mac-table of openvswitch is populated with its MAC, I still
> > don't understand why we can't adding a static entry here, seems silly.
> > But I've pretty much accomplished that with the dl_dst flow however
> > not all the way The goal is static mac-table and static arp. I
> > have it working to the point where I see ICMP echo request make it to
> > the VM behind port 13 just not back.
> >
> > On Tue, Oct 18, 2016 at 11:29 AM, Ben Pfaff  wrote:
> >> On Tue, Oct 18, 2016 at 10:51:33AM -0700, Tom Gajewski wrote:
> >>> Yes of course I've opened up the switch again after flushing ;]
> >>> Basically I have:
> >>>
> >>>  cookie=0x0, duration=61132.153s, table=0, n_packets=112313104,
> >>> n_bytes=18199375313, idle_age=0, priority=0 actions=NORMAL
> >>>  cookie=0x0, duration=61107.945s, table=0, n_packets=7122,
> >>> n_bytes=467057, idle_age=1576, dl_dst=so:me:ma:cc actions=output:13
> >>>
> >>> That's all, port 13 is set to no-flood of course. The above breaks
> >>> return traffic out of port 13 -- even if there is an entry for
> >>> so:me:ma:cc in the mac-table -- but the flow is working since I see
> >>> ICMP requests coming in to the VM behind port 13 so this isn't an arp
> >>> issue -- VM inside port 13 even knows the MAC of the ICMP requester, I
> >>> checked.
> >>
> >> Why is port 13 no-flood?  Then broadcast and multicast packets won't go
> >> to it.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Static CAM table

[Ben Pfaff]

On Tue, Oct 18, 2016 at 10:51:33AM -0700, Tom Gajewski wrote:
> Yes of course I've opened up the switch again after flushing ;]
> Basically I have:
> 
>  cookie=0x0, duration=61132.153s, table=0, n_packets=112313104,
> n_bytes=18199375313, idle_age=0, priority=0 actions=NORMAL
>  cookie=0x0, duration=61107.945s, table=0, n_packets=7122,
> n_bytes=467057, idle_age=1576, dl_dst=so:me:ma:cc actions=output:13
> 
> That's all, port 13 is set to no-flood of course. The above breaks
> return traffic out of port 13 -- even if there is an entry for
> so:me:ma:cc in the mac-table -- but the flow is working since I see
> ICMP requests coming in to the VM behind port 13 so this isn't an arp
> issue -- VM inside port 13 even knows the MAC of the ICMP requester, I
> checked.

Why is port 13 no-flood?  Then broadcast and multicast packets won't go
to it.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Static CAM table

[Ben Pfaff]

I would generally expect that to work.

Maybe you should show us more of your flow table.

On Mon, Oct 17, 2016 at 10:14:16AM -0700, Tom Gajewski wrote:
> My bad, that was obviously suppose to include the MAC in question. So
> one more time, in an attempt to set a static MAC table entry:
> 
> Table entry:
> 
> 13   744  so:me:ma:cc
> 
> Flow:
> 
> ovs-ofctl add-flow mybridge dl_dst=so:me:ma:cc,actions=output:13
> 
> I guess what I'm asking is, what should a static flow that says "MAC
> so:me:ma:cc lives on port 13" look like? Again, goal is to have a
> static table entry like behavior accomplished with this flow.
> 
> Cheers,
> 
> --Tom
> 
> On Mon, Oct 17, 2016 at 9:12 AM, Ben Pfaff  wrote:
> > On Mon, Oct 17, 2016 at 02:45:06AM -0700, Tom Gajewski wrote:
> >> Hi all,
> >>
> >> It is my understanding that one cannot modify the cam (well I guess in
> >> openvswitch land the mac table ;] ) directly. As I'm trying to set up
> >> static entries. Do I need to use flows to accomplish this, is there no
> >> other way to just modify this table??
> >>
> >> As for flows, I did try to add some copying an outdated entry from the
> >> mac table that read
> >>
> >> 13   744  so:me:ma:cc
> >>
> >> like this -->
> >>
> >> ovs-ofctl add-flow mybridge dl_dst=,actions=output:13
> >>
> >> but that just seemed to do nothing, in fact in breaks connectivity to
> >> that destination completely even if that MAC is in the table. So if I
> >> do have to use flows to do this could someone tell me where I'm being
> >> stupid?
> >
> > There's no direct way to modify the MAC-learning table.
> >
> > I don't know a reason why the flow that you've showed us would cause
> > such big problems.  The command does omit the MAC address, but that
> > would only cause an error from ovs-ofctl, so I guess that the actual
> > command included the MAC.
> >
> > Maybe you should show us more of your flow table.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Is there an ovs-ofctl ACTION to evaluate the packet again?

[Ben Pfaff]

On Mon, Oct 17, 2016 at 06:09:29PM +0200, Richard Mayers wrote:
> Is there a that when a packet MATCHES a rule as an ACTION it checks
> the remaining rules but this one that matched. I just want to have a
> rule that modifies certain packets but then the remaining rules still
> apply.

There's no way to do that, in the sense of matching a rule in a table
with priority lower than whichever one is currently executing.

You can arrange your rules into multiple tables and execute the rules
from tables in sequence using the "resubmit" action.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Static CAM table

[Ben Pfaff]

On Mon, Oct 17, 2016 at 02:45:06AM -0700, Tom Gajewski wrote:
> Hi all,
> 
> It is my understanding that one cannot modify the cam (well I guess in
> openvswitch land the mac table ;] ) directly. As I'm trying to set up
> static entries. Do I need to use flows to accomplish this, is there no
> other way to just modify this table??
> 
> As for flows, I did try to add some copying an outdated entry from the
> mac table that read
> 
> 13   744  so:me:ma:cc
> 
> like this -->
> 
> ovs-ofctl add-flow mybridge dl_dst=,actions=output:13
> 
> but that just seemed to do nothing, in fact in breaks connectivity to
> that destination completely even if that MAC is in the table. So if I
> do have to use flows to do this could someone tell me where I'm being
> stupid?

There's no direct way to modify the MAC-learning table.

I don't know a reason why the flow that you've showed us would cause
such big problems.  The command does omit the MAC address, but that
would only cause an error from ovs-ofctl, so I guess that the actual
command included the MAC.

Maybe you should show us more of your flow table.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Help for removing unwanted configuration from ovs

[Ben Pfaff]

ovs-vsctl is how one deletes ports.

If you don't know which ports to delete, you need to ask on an OpenStack
mailing list.  Actually that's the answer to most of your questions--why
haven't you done it yet?

On Thu, Oct 13, 2016 at 02:14:45PM -0400, Gaurav Goyal wrote:
> Actually i am not sure which are bad port and needs to be deleted.
> 
> As per my configuration, i am using
> 
> [root@OSKVM1 nova]# grep -v "^#"
> /etc/neutron/plugins/ml2/openvswitch_agent.ini|grep -v ^$
> [ovs]
> local_ip = 10.24.0.4
> bridge_mappings = external:br-ex
> [agent]
> tunnel_types = gre
> l2_population = False
> [securitygroup]
> [root@OSKVM1 nova]#
> 
> [root@OSKVM1 nova]# grep -v "^#" /etc/neutron/plugins/ml2/ml2_conf.ini|grep
> -v ^$
> [ml2]
> type_drivers = flat,vlan,vxlan,gre
> tenant_network_types = gre
> mechanism_drivers = openvswitch
> [ml2_type_flat]
> flat_networks = external
> [ml2_type_vlan]
> [ml2_type_gre]
> tunnel_id_ranges = 1:1000
> [ml2_type_vxlan]
> [ml2_type_geneve]
> [securitygroup]
> 
> 
> Considering this which ports or bridges must be removed
> 
> On Thu, Oct 13, 2016 at 2:11 PM, Ben Pfaff  wrote:
> 
> > On Thu, Oct 13, 2016 at 01:44:01PM -0400, Gaurav Goyal wrote:
> > > I am using openvswitch.
> > > Initially i had done some wrong configuration using vxlan.
> > >
> > > Now i am using gre for tunneling. But i could still see vxlan ports in
> > > ovs-vsctl show output.
> > >
> > > Is there any option can can read current configuration files and remove
> > the
> > > non required configuration from ovs-vsctl .
> >
> > To delete a port, use "ovs-vsctl del-port".
> >
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Time a packet spends in the switch

[Ben Pfaff]

On Thu, Oct 13, 2016 at 12:27:38PM -0400, Danish Sattar wrote:
> I'm trying to find out the time a packet spends in the switch only. Time
> difference between packet in and out.
> 
> I thought analyzing the time in learning-switch.c would be give me some
> info but that didn't work.

Most packets don't ever go to userspace so you'll have to instrument the
kernel module, probably the ovs_dp_process_packet() function in
datapath/datapath.h.  I don't know the best way to do this.

You might be able to approximate this with the Linux "perf" tool.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Help for removing unwanted configuration from ovs

[Ben Pfaff]

On Thu, Oct 13, 2016 at 01:44:01PM -0400, Gaurav Goyal wrote:
> I am using openvswitch.
> Initially i had done some wrong configuration using vxlan.
> 
> Now i am using gre for tunneling. But i could still see vxlan ports in
> ovs-vsctl show output.
> 
> Is there any option can can read current configuration files and remove the
> non required configuration from ovs-vsctl .

To delete a port, use "ovs-vsctl del-port".
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Fwd: Help for replacing linux bridging with OpenVswitch

[Ben Pfaff]

From an OVS perspective, yes.

From an OpenStack perspective, you'd be better off asking on an
OpenStack mailing list.

On Thu, Oct 13, 2016 at 09:54:04AM -0400, Gaurav Goyal wrote:
> Awaiting your response please!
> 
> Can i use management interface as tunneling interface?
> 
> 
> Regards
> Gaurav Goyal
> 
> On Thu, Oct 13, 2016 at 6:52 AM, Gaurav Goyal 
> wrote:
> 
> > Dear Team,
> >
> > I am working on liberty version of openstack environment.
> >
> > As per generic liberty openstack guide, i was using linux bridging with
> > vxlan, but want to move to ovs.
> >
> > I need your help to configure my platform as per OVS requirement.
> >
> > My architecture is
> >
> > Node 1 - controller + network + compute1
> > Node 2 --> compute2
> >
> > As a classic installation guide , using 2 interfaces on each node
> > p5p1 -- management
> > p5p2 -- unnumbered (external)
> >
> >
> > Please help me to configure ml1_conf.ini and openvswitch_agent.ini file.
> >
> > I do not find standard doc on openstack page.
> >
> > Here is my configuration setup following kilo guide
> >
> >1. [root@OSKVM1 ~]# grep -v "^#" 
> > /etc/neutron/plugins/ml2/ml2_conf.ini|grep
> >-v ^$
> >2. [ml2]
> >3. type_drivers = flat,vlan,vxlan
> >4. tenant_network_types = vxlan
> >5. mechanism_drivers = openvswitch,l2population
> >6. extension_drivers = port_security
> >7. [ml2_type_flat]
> >8. flat_networks = public
> >9. [ml2_type_vlan]
> >10. [ml2_type_gre]
> >11. [ml2_type_vxlan]
> >12. vni_ranges = 1:1000
> >13. [ml2_type_geneve]
> >14. [securitygroup]
> >15. [root@OSKVM1 ~]# grep -v "^#" 
> > /etc/neutron/plugins/ml2/openvswitch_agent.ini|grep
> >-v ^$
> >16. [ovs]
> >17. integration_bridge = br-int
> >18. tunnel_bridge = br-tun
> >19. local_ip = 10.24.0.4
> >20. [agent]
> >21. tunnel_types = vxlan
> >22. [securitygroup]
> >23. [root@OSKVM1 ~]# grep -v "^#" /etc/neutron/dhcp_agent.ini|grep -v
> >^$
> >24. [DEFAULT]
> >25. interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
> >26. dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
> >27. enable_isolated_metadata = True
> >28. dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
> >29. [AGENT]
> >30. [root@OSKVM1 ~]# history|grep ovs-vsctl add
> >31. grep: add: No such file or directory
> >32. [root@OSKVM1 ~]# history|grep ovs-vsctl
> >33.   846  ovs-vsctl show
> >34.   922  ovs-vsctl show
> >35.   924   ovs-vsctl-show
> >36.   925   ovs-vsctl show
> >37.   931  ovs-vsctl show
> >38.   933  ovs-vsctl add-br br-ex
> >39.   934  ovs-vsctl add-port br-ex p5p2
> >40.   935  ovs-vsctl show
> >
> >
> > [root@OSKVM1 neutron]# ovs-vsctl show
> > 602ca311-4ebe-4773-8d58-00d1a0161294
> >
> > Bridge br-ex
> >
> > Port br-ex
> >
> > Interface br-ex
> >
> > type: internal
> >
> > Port "p5p2"
> >
> > Interface "p5p2"
> >
> > Bridge br-int
> >
> > fail_mode: secure
> >
> > Port patch-tun
> >
> > Interface patch-tun
> >
> > type: patch
> >
> > options: {peer=patch-int}
> >
> > Port br-int
> >
> > Interface br-int
> >
> > type: internal
> >
> > Port "tap33501010-4d"
> >
> > Interface "tap33501010-4d"
> >
> > type: internal
> >
> > Bridge br-tun
> >
> > fail_mode: secure
> >
> > Port "vxlan-0a180005"
> >
> > Interface "vxlan-0a180005"
> >
> > type: vxlan
> >
> > options: {df_default="true", in_key=flow,
> > local_ip="10.24.0.4", out_key=flow, remote_ip="10.24.0.5"}
> >
> > Port br-tun
> >
> > Interface br-tun
> >
> > type: internal
> >
> > Port patch-int
> >
> > Interface patch-int
> >
> > type: patch
> >
> > options: {peer=patch-tun}
> >
> > ovs_version: "2.5.0"
> >
> >
> >
> > [root@OSKVM1 neutron]# ovs-vsctl list-ports br-ex
> >
> > p5p2
> >
> > [root@OSKVM1 neutron]# ovs-vsctl list-ports br-int
> >
> > patch-tun
> >
> > tap33501010-4d
> >
> > [root@OSKVM1 neutron]# ifconfig -a
> >
> > br-ex: flags=4098  mtu 1500
> >
> > ether a0:36:9f:87:f7:d5  txqueuelen 0  (Ethernet)
> >
> > RX packets 0  bytes 0 (0.0 B)
> >
> > RX errors 0  dropped 12573  overruns 0  frame 0
> >
> > TX packets 0  bytes 0 (0.0 B)
> >
> > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> >
> >
> > br-int: flags=4098  mtu 1500
> >
> > ether f2:fd:fb:5c:96:43  txqueuelen 0  (Ethernet)
> >
> > RX packets 0  bytes 0 (0.0 B)
> >
> > RX errors 0  dropped 8  overruns 0  frame 0
> >
> > TX packets 0  bytes 0 (0.0 B)
> >
> > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> >
> >
> > br-tun: flags=4098  mtu 1500
> >
> > 

Re: [ovs-discuss] OpenFlow 1.3+

[Ben Pfaff]

On Wed, Oct 12, 2016 at 03:41:45PM -0700, Jarno Rajahalme wrote:
> 
> > On Oct 12, 2016, at 2:57 PM, Jarno Rajahalme  wrote:
> > 
> >> 
> >> On Oct 12, 2016, at 9:10 AM, Ben Pfaff  wrote:
> >> 
> >> On Wed, Oct 12, 2016 at 01:27:46PM +, Andrej Leitner wrote:
> >>> - what does it mean OpenFlow 1.3+ in notes here 
> >>> http://openvswitch.org/releases/NEWS-2.6.0?
> >> 
> >> OpenFlow 1.3 and later.
> >> 
> >>> - there are bundles mentioned in connection with OF 1.3+, is it possible 
> >>> to communicate with OVS
> >>> 
> >>> in OFP v1.3 but use some features from higher versions (e.g. bundles)?
> >> 
> >> OVS implements the EXT-230 extension to OpenFlow 1.3 described here,
> >> which adds bundle support to OpenFlow 1.3:
> >> https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-extensions-1.3.x-package.zip
> >> 
> >>> - if ovs with OF v1.4 and v1.5 should support bundles, why I am still 
> >>> getting for capabilities
> >>> 
> >>> in FeaturesReply value of 4F (100) which means bundles are not 
> >>> supported (used ovs 2.4/5/6)?
> >> 
> >> Perhaps we forgot to update the feature bits?  Jarno, can you take a
> >> look?
> >> 
> > 
> > The capabilities bit OFPC_BUNDLES is an OpenFlow 1.5 feature we have not 
> > yet implemented. Same goes for the OF 1.5 bundles capabilities request and 
> > bundle properties. I’ll add the OFPC_BUNDLES today, but I feel the rest is 
> > not yet important.
> > 
> >  Jarno
> 
> While looking at this I’m wondering if we support the OpenFlow 1.4 flow 
> monitoring yet? OPENFLOW-1.1+.md says Simon is working on it.

It appears that the support is incomplete.  There is, at least, no test,
and the encoding and decoding functions in ofp-util.c seem to only
support OF1.0.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OpenFlow 1.3+

[Ben Pfaff]

On Wed, Oct 12, 2016 at 01:27:46PM +, Andrej Leitner wrote:
> - what does it mean OpenFlow 1.3+ in notes here 
> http://openvswitch.org/releases/NEWS-2.6.0?

OpenFlow 1.3 and later.

> - there are bundles mentioned in connection with OF 1.3+, is it possible to 
> communicate with OVS
> 
>   in OFP v1.3 but use some features from higher versions (e.g. bundles)?

OVS implements the EXT-230 extension to OpenFlow 1.3 described here,
which adds bundle support to OpenFlow 1.3:
https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-extensions-1.3.x-package.zip

> - if ovs with OF v1.4 and v1.5 should support bundles, why I am still getting 
> for capabilities
> 
>   in FeaturesReply value of 4F (100) which means bundles are not 
> supported (used ovs 2.4/5/6)?

Perhaps we forgot to update the feature bits?  Jarno, can you take a
look?

Thanks,

Ben.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs and tc's ingress qdisc

[Ben Pfaff]

On Wed, Oct 12, 2016 at 03:51:33PM +0200, Wolfgang Bumiller wrote:
> On October 5, 2016 at 6:55 PM Ben Pfaff  wrote:
> > I don't know what you're trying to deal with.  The autogenerated code
> > provides a C view of all of the features that the underlying database
> > does.  If you need something else, then it probably means extending the
> > database schema, at which point the autogenerated code will give a view
> > of whatever you add to the schema.
> 
> I was just worried that the schema would be involved in interface/rpc
> code which could potentially break tools built with the old schema.
> (Considering it comes with a checksum)
> But I don't see another option.
> 
> Would you generally prefer an additional boolean flag for a change like
> this or perhaps add -1 special value for the ingress_policing_rate.
> A quick glance at the existing schema didn't point out many existing
> special values other than a semi intuitive active_timeout where 0 means
> default and -1 means disabled. In the case of ingress_policing_rate 0
> would mean disabled and -1 would mean untouched.

Yes, we're very concerned about schema backward compatibility.  Adding
special interpretations, or adding columns, doesn't break this kind of
backward compatibility.

I have two thoughts here.

One would be to use -1, as you say.  These columns currently have a
constraint "minInteger": 0, which prevents -1 from being used.  That
could prevent downgrading from a newer to an older schema if the -1
value were actually in use.  That is probably a minor concern.

The other possibility I'm thinking of is to add an ingress_qos column
to the Port table, which would resemble the qos column except that it
would be used on ingress.  Then we could define a collection of ingress
qdiscs like those used for egress, one of which would be a "noop"
qdisc.  This is more future proof and does not have downgrade issues,
although it is a little more work.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ln: failed to create symbolic link ‘cacert.pem’: File exists

[Ben Pfaff]

On Wed, Oct 12, 2016 at 04:10:39PM +0200, Ashish Kurian wrote:
> I tried to locate the file and it existed and I removed it. Still after
> that process, I get the same error when trying to install a new package
> using apt-get. I get the following error when trying to install a new
> package using apt-get
> 
> Setting up openvswitch-controller (2.0.1+git20140120-0ubuntu2) ...
> ln: failed to create symbolic link ‘cacert.pem’: File exists
> dpkg: error processing package openvswitch-controller (--configure):
>  subprocess installed post-installation script returned error exit status 1
> Errors were encountered while processing:
>  openvswitch-controller
> E: Sub-process /usr/bin/dpkg returned an error code (1)

2.0 was released in 2013.  We don't maintain it anymore.  Please use a
newer version.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ln: failed to create symbolic link ‘cacert.pem’: File exists

[Ben Pfaff]

On Tue, Oct 11, 2016 at 04:54:00PM +0200, Ashish Kurian wrote:
> I am getting the error in subject when giving the command sudo dpkg
> --configure -a
> 
> Because of this, I cannot install any other packages. Please help me on how
> I can fix this.

Is there a file named cacert.pem in /etc/openvswitch-testcontroller?

But probably the easiest way to fix it is to uninstall the
openvswitch-testcontroller package.  It isn't good for much.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] remote syslog on ovs

[Ben Pfaff]

On Mon, Oct 10, 2016 at 03:53:06PM +0200, Jannis Ohms wrote:
> I am currently trying to configure remote logging.
> I want to  forward my log to a remote syslog server.
> I have seen that it is possible to configure syslog as a log target using
> ovs-apctl. But where can i specify a remote syslog server?

--syslog-target.  See ovs-vswitchd(8).
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Specifying range for bridge port trunks

[Ben Pfaff]

Sounds good.

You should read CONTRIBUTING.md and CodingStyle.md.

On Thu, Oct 06, 2016 at 09:48:06PM +0200, Łukasz Rząsik wrote:
> Hi,
> 
> I wanted to start contributing to the project.
> If no one else is already working on that, I will try to implement it and
> submit a patch as a start.
> 
> BR,
> Lucas
> 
> 2016-10-04 3:19 GMT+02:00 Ben Pfaff :
> 
> > This can occupy a lot of space.
> >
> > If you want to support ranges, you can submit a patch.
> >
> > On Mon, Oct 03, 2016 at 10:29:53PM +, my_ovs_disc...@yahoo.com wrote:
> > > Thanks Ben for the response.
> > > I see that whenever an ovs-vsctl command is issued it seems to go into
> > conf.db in JSON format as follows.
> > > 
> > 
> > ---
> > >
> > > OVSDB JSON 350 adea54d6f5617de72668fbac82f4ba47f5aa9459
> > > {"_date":1475533349806,"Port":{"a2a185d4-c018-481c-9c41-
> > a96998df77b7":{"trunks":["set",[2,3,4,5,6,7,8,9,10,11,12,13,
> > 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,
> > 34,35,36,37,38,39,4094]]}},"_comment":"ovs-vsctl
> > > : /bin/ovs-vsctl add port 123456789012345 trunks
> > 39","Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{
> > "next_cfg":63}}}
> > > OVSDB JSON 95 c2c2528b873474056ff64640cf5186a9ba1dbadb
> > > {"_date":1475533349814,"Open_vSwitch":{"a0d40d36-fae6-4862-
> > 90cf-586bded25ae3":{"cur_cfg":63}}}
> > > OVSDB JSON 353 ccbb33817b428a65406d93070f3dc3c85f5181b5
> > > {"_date":1475533349837,"Port":{"a2a185d4-c018-481c-9c41-
> > a96998df77b7":{"trunks":["set",[2,3,4,5,6,7,8,9,10,11,12,13,
> > 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,
> > 34,35,36,37,38,39,40,4094]]}},"_comment":"ovs-vs
> > > ctl: /bin/ovs-vsctl add port 123456789012345 trunks
> > 40","Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{
> > "next_cfg":64}}}
> > > OVSDB JSON 95 642d4c5ea430d66ca1ce4bd18747cb06d2f9227b
> > > {"_date":1475533349845,"Open_vSwitch":{"a0d40d36-fae6-4862-
> > 90cf-586bded25ae3":{"cur_cfg":64}}}
> > > OVSDB JSON 356 72c1435d0ce4e8393aa0a95da6238ca81b78142c
> > > {"_date":1475533349889,"Port":{"a2a185d4-c018-481c-9c41-
> > a96998df77b7":{"trunks":["set",[2,3,4,5,6,7,8,9,10,11,12,13,
> > 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,
> > 34,35,36,37,38,39,40,41,4094]]}},"_comment":"ovs
> > > -vsctl: /bin/ovs-vsctl add port 123456789012345 trunks
> > 41","Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{
> > "next_cfg":65}}}
> > > OVSDB JSON 95 618d1e741f0fbf7e373afb6245b7f2a882123d56
> > > {"_date":1475533349897,"Open_vSwitch":{"a0d40d36-fae6-4862-
> > 90cf-586bded25ae3":{"cur_cfg":65}}}
> > > OVSDB JSON 359 c05800747de4d9e5a9559ac2230e94826106f27f
> > > {"_date":1475533349924,"Port":{"a2a185d4-c018-481c-9c41-
> > a96998df77b7":{"trunks":["set",[2,3,4,5,6,7,8,9,10,11,12,13,
> > 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,
> > 34,35,36,37,38,39,40,41,42,4094]]}},"_comment":"
> > > ovs-vsctl: /bin/ovs-vsctl add port 123456789012345 trunks
> > 42","Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{
> > "next_cfg":66}}}
> > > OVSDB JSON 95 e501f33c436fdc44cbb73c5bf40d8527473b7895
> > > {"_date":1475533349945,"Open_vSwitch":{"a0d40d36-fae6-4862-
> > 90cf-586bded25ae3":{"cur_cfg":66}}}
> > > 
> > 
> > -
> > > For each trunk we add, this whole text is getting appended into conf.db
> > and this is per port. This seems to occupy lot of space onfile system.
> > > Is there a way to avoid this and keep only one instance of the config?
> > > -Thanks
> > >
> > >
> > > Sent from Yahoo Mail. Get the app
> > >
> > >   From: Ben Pfaff 
> > &

Re: [ovs-discuss] Source file name for flow search function in Open vSwitch

[Ben Pfaff]

On Wed, Oct 05, 2016 at 03:05:50PM -0400, Danish Sattar wrote:
> I would much appreciate it, if someone can point me to the name and
> location of the flow search function in Open vSwitch source files. If there
> are more detailed documentation of the source code somewhere, can someone
> please provide the link as well.

classifier.[ch]

You can read our NSDI 2015 paper for more information:
http://openvswitch.org/support/papers/nsdi2015.pdf
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs and tc's ingress qdisc

[Ben Pfaff]

On Mon, Oct 03, 2016 at 04:49:57PM +0200, Wolfgang Bumiller wrote:
> > On September 30, 2016 at 5:15 PM Ben Pfaff  wrote:
> > 
> > 
> > On Fri, Sep 30, 2016 at 02:33:21PM +0200, Wolfgang Bumiller wrote:
> > > I've noticed openvswitch apparently blindly deletes the ingress qdisc
> > > of bridge ports even if no ingress policing is configured.
> > > This also prevents the use of this qdisc for purposes other than the
> > > in OVS implemented ingress policing (eg. handling fw-marks, bpf based
> > > filters, or early port/address/mac filtering can be convenient at this
> > > stage). Reading the source code didn't reveal any option to prevent
> > > the qdisc from staying completely unmanaged, which would be the
> > > simplest solution here.
> > > 
> > > What are your thoughts on this?
> > 
> > This is analogous to the situation OVS had for egress qdiscs, which I
> > summarized in this email:
> > http://openvswitch.org/pipermail/discuss/2015-May/017687.html
> > 
> > We solved this in OVS 2.6 with commit 6cf888b821c:
> > 
> > https://github.com/openvswitch/ovs/commit/6cf888b821cffb75c5723ee76b7103e54b8fa2b5
> > 
> > Probably, some similar scheme would work for ingress qdiscs.  Your
> > thoughts?
> 
> Makes sense, but the ingress policing currently doesn't go through a
> tc-ops layer.

The resolution there was simply to add a way to prevent OVS from messing
with the qdisc.  The resolution here could be the same: add a way to
prevent OVS from messing with the ingress qdisc.  (It's regrettable that
it works this way: we should have had enough insight from the beginning
so that OVS only messed with either qdisc if actually invited to do so.
However, we did what we did and backward compatibility remains
important.)

> I have, however, noticed a related patch on the devel list which
> looks like there's some ongoing work in that area:
> http://openvswitch.org/pipermail/dev/2016-September/079948.html
> I wonder how this interacts with the current code, since when
> iface_configure_qos() gets called it causes the ingress qdisc to be
> deleted and recreated directly (netdev-linux.c,
> netdev_linux_set_policing()).
> It looks like this would currently conflict?

I don't think that it makes sense to conflate the ingress and egress
qdiscs the way this patch does:
http://openvswitch.org/pipermail/dev/2016-October/080261.html

> Basically, iface_configure_qos() currently directly uses
> `iface->cfg->ingress_policing_rate/burst` (from an ovsrec_interface,
> which is autogenerated, which is why I mentioned the autogenerated
> code initially, as I haven't found an obvious way to deal with this
> yet), 

I don't know what you're trying to deal with.  The autogenerated code
provides a C view of all of the features that the underlying database
does.  If you need something else, then it probably means extending the
database schema, at which point the autogenerated code will give a view
of whatever you add to the schema.

> and sends it off to netdev_linux_set_policing() which
> deletes+recreates the ingress qdisc, potentially replacing the ingress
> qdisc which the above patch allows me to create.
> 
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Support for in/out interfaces in IPFIX

[Ben Pfaff]

On Wed, Sep 21, 2016 at 10:46:04AM +0200, Ben de Graaff wrote:
> I'm currently working on traffic analysis for detecting various security
> events on a network and finding flow paths throughout the network. Part
> of this work includes tracking/visualizing network flows on a
> per-host/per-port basis.
> 
> 
> For this I'm currently working with OVS since it supports OpenFlow (used
> to orchestrate the network), sFlow, and IPFIX, which is working wonderfully.
> 
> One caveat however is that, while IPFIX supports useful features such as
> caching flows and limiting the amount of packet parsing I have to do, it
> does not include the in/out port the flow was seen on.
> 
> On the other hand sFlow *does* include that information (and even the
> OpenFlow port!), but doesn't have the caching feature and requires
> parsing headers at the collector.
> Since we're also experimenting with high sampling rates, I feel it would
> be best if we could avoid that.
> 
> 
> So my question is, is there a specific reason that the IPFIX
> implementation does not include e.g. ingressInterface and
> egressInterface? Could this be added?
> And are there any plans to augment the default IPFIX template, or
> perhaps even allow the user to select from e.g. various detail levels?

I'm surprised that it's not included in IPFIX.  I don't know of a reason
why it's not included.  I haven't heard of anyone say that they're
working on it.  We'd be open to accepting a patch to implement this
feature, if you have one.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Connect two open vswitch

[Ben Pfaff]

On Tue, Oct 04, 2016 at 08:08:37PM +0200, Tomasz Łukojko wrote:
> I want to ask its some purpose to connect two ovs ? Its like stack with
> physical switch? Its more redundant and safty after crush one ? For me
> usefull will be when i connect two ovs switch with different sites then
> will be like one bridge ? But when one crush the secound one and host will
> still work ? Or i am wrong?

Usually you'd connect them because each one is hosting VMs that want to
talk to VMs on the other one.

> I try connect two ovs on separate laptopa by eth0 port like:
> Add-port br0 eth0 -- set interface eth0 type=path option:peer=eth1
> 
> Add-port br1 eth1 --set interface eth1 type=path option:peer=eth0

That won't work, even if you correct the spelling of "patch", because
patch ports only work within a single OVS instance.

You might want to use tunnels, but it's hard to tell since you don't
seem to know what your goal is.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Specifying range for bridge port trunks

[Ben Pfaff]

This can occupy a lot of space.

If you want to support ranges, you can submit a patch.

On Mon, Oct 03, 2016 at 10:29:53PM +, my_ovs_disc...@yahoo.com wrote:
> Thanks Ben for the response.
> I see that whenever an ovs-vsctl command is issued it seems to go into 
> conf.db in JSON format as follows.
> ---
> 
> OVSDB JSON 350 adea54d6f5617de72668fbac82f4ba47f5aa9459
> {"_date":1475533349806,"Port":{"a2a185d4-c018-481c-9c41-a96998df77b7":{"trunks":["set",[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,4094]]}},"_comment":"ovs-vsctl
> : /bin/ovs-vsctl add port 123456789012345 trunks 
> 39","Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{"next_cfg":63}}}
> OVSDB JSON 95 c2c2528b873474056ff64640cf5186a9ba1dbadb
> {"_date":1475533349814,"Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{"cur_cfg":63}}}
> OVSDB JSON 353 ccbb33817b428a65406d93070f3dc3c85f5181b5
> {"_date":1475533349837,"Port":{"a2a185d4-c018-481c-9c41-a96998df77b7":{"trunks":["set",[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,4094]]}},"_comment":"ovs-vs
> ctl: /bin/ovs-vsctl add port 123456789012345 trunks 
> 40","Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{"next_cfg":64}}}
> OVSDB JSON 95 642d4c5ea430d66ca1ce4bd18747cb06d2f9227b
> {"_date":1475533349845,"Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{"cur_cfg":64}}}
> OVSDB JSON 356 72c1435d0ce4e8393aa0a95da6238ca81b78142c
> {"_date":1475533349889,"Port":{"a2a185d4-c018-481c-9c41-a96998df77b7":{"trunks":["set",[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,4094]]}},"_comment":"ovs
> -vsctl: /bin/ovs-vsctl add port 123456789012345 trunks 
> 41","Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{"next_cfg":65}}}
> OVSDB JSON 95 618d1e741f0fbf7e373afb6245b7f2a882123d56
> {"_date":1475533349897,"Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{"cur_cfg":65}}}
> OVSDB JSON 359 c05800747de4d9e5a9559ac2230e94826106f27f
> {"_date":1475533349924,"Port":{"a2a185d4-c018-481c-9c41-a96998df77b7":{"trunks":["set",[2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,4094]]}},"_comment":"
> ovs-vsctl: /bin/ovs-vsctl add port 123456789012345 trunks 
> 42","Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{"next_cfg":66}}}
> OVSDB JSON 95 e501f33c436fdc44cbb73c5bf40d8527473b7895
> {"_date":1475533349945,"Open_vSwitch":{"a0d40d36-fae6-4862-90cf-586bded25ae3":{"cur_cfg":66}}}
> -
> For each trunk we add, this whole text is getting appended into conf.db and 
> this is per port. This seems to occupy lot of space onfile system.
> Is there a way to avoid this and keep only one instance of the config?
> -Thanks
> 
> 
> Sent from Yahoo Mail. Get the app
> 
>   From: Ben Pfaff 
>  To: my_ovs_disc...@yahoo.com 
> Cc: "discuss@openvswitch.org" 
>  Sent: Monday, October 3, 2016 2:29 PM
>  Subject: Re: [ovs-discuss] Specifying range for bridge port trunks
>
> On Mon, Oct 03, 2016 at 09:23:59PM +, my_ovs_disc...@yahoo.com wrote:
> > Hi, We are using openvswitch-2.5.0
> > Is there a way to specify a range for trunks under bridge port, like
> > vsctl add port port1 trunks 100-250
> > It could be for add/set.
> > In the conf.db, these trunks seem to be getting stored as individual 
> > strings like 100,101,102, ... 250 and it seems to expect the command also 
> > likevsctl add port port1 trunks 100,101,102,103...150
> > If I have to specify such ranges for multiple ports, the conf.db seems to 
> > occupy a lot of space and this format also seems little difficult to 
> > specify 100s of integers.
> > As I am not that familiar with OVS yet, am I missing something? Is there a 
> > way to specify ranges and also minimize the conf.db space by storing the 
> > ranges?
> 
> OVS doesn't support ranges here.  You can submit a patch to add a new
> feature, if you like.
> 
> 
>
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Specifying range for bridge port trunks

[Ben Pfaff]

On Mon, Oct 03, 2016 at 09:23:59PM +, my_ovs_disc...@yahoo.com wrote:
> Hi, We are using openvswitch-2.5.0
> Is there a way to specify a range for trunks under bridge port, like
> vsctl add port port1 trunks 100-250
> It could be for add/set.
> In the conf.db, these trunks seem to be getting stored as individual strings 
> like 100,101,102, ... 250 and it seems to expect the command also likevsctl 
> add port port1 trunks 100,101,102,103...150
> If I have to specify such ranges for multiple ports, the conf.db seems to 
> occupy a lot of space and this format also seems little difficult to specify 
> 100s of integers.
> As I am not that familiar with OVS yet, am I missing something? Is there a 
> way to specify ranges and also minimize the conf.db space by storing the 
> ranges?

OVS doesn't support ranges here.  You can submit a patch to add a new
feature, if you like.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] L3 gre tunnel setup question

[Ben Pfaff]

On Wed, Sep 28, 2016 at 10:03:44AM +0200, Roberto Gil wrote:
> Scenario: I am trying to setup a L3 gre tunnel between two linux boxes with
> OVS. I am using l3/vpn branch, which seems to have the patches to support
> this funcionality.

I've never heard of this fork of OVS.  Perhaps you are running into a
bug in the fork.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] [openvswitch 2.6.0] testsuite: 7 8 111 113 119 121 125 381 761 1859 1860 1861 1862 1863 1864 1868 1870 2247 failed

[Ben Pfaff]

Hmm, now that I try it I see that even "valgrind true" reports the
memory error in question, so it's not a problem with OVS.  I'll have to
keep looking for that test.

On Fri, Sep 30, 2016 at 09:23:55PM +0100, Stuart Cardall wrote:
> I noticed after running:
> 
> make check-valgrind TESTSUITEFLAGS=761
> 
> & before the test starts it shows:
> 
> musl libc (x86_64)
> 
> Version 1.1.15
> 
> Dynamic Program Loader
> 
> Usage: /lib/ld-musl-x86_64.so.1 [options] [--] pathname [args]
> 
> so perhaps this last error is due to how ldd is called (& is why
> valgrind shows '???' for
> 
> /lib/ld-musl-x86_64.so.1)
> 
> Stuart.
> 
> 
> On 09/30/2016 06:26 PM, Ben Pfaff wrote:
> > On Fri, Sep 30, 2016 at 03:07:17AM +0100, Stuart Cardall wrote:
> >> The patches improved the failures to 11:
> >>
> >> _testsuite: 7 8 761 1859 1860 1861 1862 1863 1864 1868 1870 failed:_
> >>
> >> 7: vsctl-bashcomp - basic verification FAILED
> >> (completion.at:352)
> >> 8: vsctl-bashcomp - argument completionFAILED
> >> (completion.at:454)
> >> 761: tunnel - Geneve option present  FAILED (tunnel.at:639)
> >> 1859: insert monitored table, insert excluded table   FAILED
> >> (ovsdb-server.at:1072)
> >> 1860: insert monitored table, update excluded table   FAILED
> >> (ovsdb-server.at:1072)
> >> 1861: update monitored table, insert excluded table   FAILED
> >> (ovsdb-server.at:1072)
> >> 1862: update monitored table, update excluded table   FAILED
> >> (ovsdb-server.at:1072)
> >> 1863: delete monitored table, insert excluded table   FAILED
> >> (ovsdb-server.at:1072)
> >> 1864: delete monitored table, update excluded table   FAILED
> >> (ovsdb-server.at:1072)
> >> 1868: ovsdb-server/set-sync-exclude-tablesFAILED
> >> (ovsdb-server.at:1151)
> >> 1870: ovsdb-server/disconnect-active-server   FAILED
> >> (ovsdb-server.at:1253)
> > The failures for the ovsdb-server tests are because of the POSIX
> > noncompliant version of "diff" that Alpine includes by default.  Install
> > a POSIX-compliant diff (e.g. "apk add diffutils") to fix the problem.
> >
> > The failure of test 761 seems to be a memory error.  Running under
> > valgrind, with "make check-valgrind TESTSUITEFLAGS=761", I get a useless
> > backtrace though:
> >
> > ==29841== Invalid free() / delete / delete[] / realloc()
> > ==29841==at 0x4C92A6E: free (vg_replace_malloc.c:530)
> > ==29841==by 0x405717F: ??? (in /lib/ld-musl-x86_64.so.1)
> > ==29841==  Address 0x4e9a180 is in a rw- mapped file 
> > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so segment
> >
> > What does it take to get useful valgrind results on Alpine?
> >
> > Thanks,
> >
> > Ben.
> 
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] [openvswitch 2.6.0] testsuite: 7 8 111 113 119 121 125 381 761 1859 1860 1861 1862 1863 1864 1868 1870 2247 failed

[Ben Pfaff]

On Fri, Sep 30, 2016 at 03:07:17AM +0100, Stuart Cardall wrote:
> The patches improved the failures to 11:
> 
> _testsuite: 7 8 761 1859 1860 1861 1862 1863 1864 1868 1870 failed:_
> 
> 7: vsctl-bashcomp - basic verification FAILED
> (completion.at:352)
> 8: vsctl-bashcomp - argument completionFAILED
> (completion.at:454)
> 761: tunnel - Geneve option present  FAILED (tunnel.at:639)
> 1859: insert monitored table, insert excluded table   FAILED
> (ovsdb-server.at:1072)
> 1860: insert monitored table, update excluded table   FAILED
> (ovsdb-server.at:1072)
> 1861: update monitored table, insert excluded table   FAILED
> (ovsdb-server.at:1072)
> 1862: update monitored table, update excluded table   FAILED
> (ovsdb-server.at:1072)
> 1863: delete monitored table, insert excluded table   FAILED
> (ovsdb-server.at:1072)
> 1864: delete monitored table, update excluded table   FAILED
> (ovsdb-server.at:1072)
> 1868: ovsdb-server/set-sync-exclude-tablesFAILED
> (ovsdb-server.at:1151)
> 1870: ovsdb-server/disconnect-active-server   FAILED
> (ovsdb-server.at:1253)

The failures for the ovsdb-server tests are because of the POSIX
noncompliant version of "diff" that Alpine includes by default.  Install
a POSIX-compliant diff (e.g. "apk add diffutils") to fix the problem.

The failure of test 761 seems to be a memory error.  Running under
valgrind, with "make check-valgrind TESTSUITEFLAGS=761", I get a useless
backtrace though:

==29841== Invalid free() / delete / delete[] / realloc()
==29841==at 0x4C92A6E: free (vg_replace_malloc.c:530)
==29841==by 0x405717F: ??? (in /lib/ld-musl-x86_64.so.1)
==29841==  Address 0x4e9a180 is in a rw- mapped file 
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so segment

What does it take to get useful valgrind results on Alpine?

Thanks,

Ben.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Regarding IP Options Field

[Ben Pfaff]

The FAQ says:

### Q: How do I add support for a new field or header?

A: Add new members for your field to "struct flow" in lib/flow.h, and
   add new enumerations for your new field to "enum mf_field_id" in
   lib/meta-flow.h, following the existing pattern.  Also, add support
   to miniflow_extract() in lib/flow.c for extracting your new field
   from a packet into struct miniflow, and to nx_put_raw() in
   lib/nx-match.c to output your new field in OXM matches.  Then
   recompile and fix all of the new warnings, implementing new
   functionality for the new field or header as needed.  (If you
   configure with --enable-Werror, as described in [INSTALL.md], then
   it is impossible to miss any warnings.)

   If you want kernel datapath support for your new field, you also
   need to modify the kernel module for the operating systems you are
   interested in.  This isn't mandatory, since fields understood only
   by userspace work too (with a performance penalty), so it's
   reasonable to start development without it.  If you implement
   kernel module support for Linux, then the Linux kernel "netdev"
   mailing list is the place to submit that support first; please read
   up on the Linux kernel development process separately.  The Windows
   datapath kernel module support, on the other hand, is maintained
   within the OVS tree, so patches for that can go directly to
   ovs-dev.

On Fri, Sep 30, 2016 at 06:12:48AM +, Pynbiang Hadem wrote:
> Thanks Ben,
> Can you pls indicate the main files in openvswitch, which we need to 
> incorporate the required changes for achieving the same?.
> ThanksHadem 
> 
> On Thursday, 29 September 2016 8:28 PM, Ben Pfaff  wrote:
>  
> 
>  On Thu, Sep 29, 2016 at 11:50:10AM +, Pynbiang Hadem wrote:
> > Dear All,I want to use the ipv4 "options" field.  Kindly suggest how
> > to incorporate features in openvswitch to set values for ip_options
> > field using the set_field action.  ThanksHadem
> 
> One natural way to do it would be to add a field for each IP option of
> interest.
> 
> 
>
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Request: Debugging/troubleshooting OVN+Docker

[Ben Pfaff]

On Thu, Sep 29, 2016 at 11:56:14PM -0600, Scott Lowe wrote:
> Please see my response below.
> 
> 
> > On Sep 29, 2016, at 11:27 PM, Ben Pfaff  wrote:
> > 
> > On Thu, Sep 29, 2016 at 10:19:18PM -0600, Scott Lowe wrote:
> >> Hi all, I was wondering if someone here could help me debug/troubleshoot 
> >> an OVN+Docker environment that I've built for a demo in late October. I 
> >> have three Ubuntu 14.04 nodes running Docker 1.11.2 and OVN 2.6 (built 
> >> from source, including the kernel module). I've followed the instructions 
> >> from INSTALL.Docker.md, and everything *seems* to work. However, I have no 
> >> connectivity between two Docker containers attached to the same Docker 
> >> network and running on two different hosts.
> >> 
> >> Where should I start to help figure out why connectivity isn't working? I 
> >> see the logical switch in OVN (using `ovn-nbctl ls-list`), the logical 
> >> ports (using `ovn-nbctl lsp-list`), and see the correct addresses on those 
> >> ports (using `ovn-nbctl lsp-get-addresses`). What I *don't* see is any 
> >> tunnel ports in `ovs-vsctl show`. I've verified the STT and Geneve kernel 
> >> modules are loaded.
> >> 
> >> Any suggestions on what else to check?
> > 
> > Off the top of my head, here are some possible reasons "ovs-vsctl show"
> > might not show any tunnel ports on a given chassis:
> > 
> >* ovn-controller isn't running.
> > 
> >* ovn-controller can't connect to the southbound database, to read
> >  or write the Chassis table.  The ovn-controller log should
> >  indicate this.
> > 
> >* ovn-controller can't connect to the ovs-vswitchd database, to add
> >  ports to the integration bridge.  The ovn-controller log should
> >  indicate that.
> > 
> >* ovn-controller doesn't know what bridge is the integration bridge,
> >  or it has been told the wrong bridge.  From memory, I believe that
> >  it gets this configuration from the Open_vSwitch table in the
> >  ovs-vswitchd database.
> > 
> >* The ovn-controllers don't know what IP address or tunneling
> >  protocol to advertise, so they can't tell this chassis how to
> >  connect to them.  From memory, I believe that ovn-controller gets
> >  this configuration from the Open_vSwitch table in the ovs-vswitchd
> >  database.
> > 
> > (The kernel modules don't actually matter for this purpose.  They'd only
> > come into play once the tunnel ports were added to the ovs-vswitchd
> > database.)
> 
> 
> Thanks Ben. After sending the message, I took a closer look at the logs (what 
> I should have done before contacting the ML). The "system-id" attribute was 
> missing from the external_ids portion of the Open_vSwitch table. When I added 
> that, everything snapped into place.

Glad to hear it.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs and tc's ingress qdisc

[Ben Pfaff]

On Fri, Sep 30, 2016 at 02:33:21PM +0200, Wolfgang Bumiller wrote:
> I've noticed openvswitch apparently blindly deletes the ingress qdisc
> of bridge ports even if no ingress policing is configured.
> This also prevents the use of this qdisc for purposes other than the
> in OVS implemented ingress policing (eg. handling fw-marks, bpf based
> filters, or early port/address/mac filtering can be convenient at this
> stage). Reading the source code didn't reveal any option to prevent
> the qdisc from staying completely unmanaged, which would be the
> simplest solution here.
> 
> What are your thoughts on this?

This is analogous to the situation OVS had for egress qdiscs, which I
summarized in this email:
http://openvswitch.org/pipermail/discuss/2015-May/017687.html

We solved this in OVS 2.6 with commit 6cf888b821c:

https://github.com/openvswitch/ovs/commit/6cf888b821cffb75c5723ee76b7103e54b8fa2b5

Probably, some similar scheme would work for ingress qdiscs.  Your
thoughts?

> Much of the configuration variable handling code seems auto generated
> and I'm unsure whether there's a good/simple way to distinguish
> explicitly defined values from defaults. And considering all OVS does
> for ingress policing is setting up 'tc' it seems it would make sense
> to allow users to handle tc themselves, too.

There's generated code but it's not really relevant for this particular
issue.  The question is really the interpretation of the database
contents rather than what code does that interpretation.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Request: Debugging/troubleshooting OVN+Docker

[Ben Pfaff]

On Thu, Sep 29, 2016 at 10:19:18PM -0600, Scott Lowe wrote:
> Hi all, I was wondering if someone here could help me debug/troubleshoot an 
> OVN+Docker environment that I've built for a demo in late October. I have 
> three Ubuntu 14.04 nodes running Docker 1.11.2 and OVN 2.6 (built from 
> source, including the kernel module). I've followed the instructions from 
> INSTALL.Docker.md, and everything *seems* to work. However, I have no 
> connectivity between two Docker containers attached to the same Docker 
> network and running on two different hosts.
> 
> Where should I start to help figure out why connectivity isn't working? I see 
> the logical switch in OVN (using `ovn-nbctl ls-list`), the logical ports 
> (using `ovn-nbctl lsp-list`), and see the correct addresses on those ports 
> (using `ovn-nbctl lsp-get-addresses`). What I *don't* see is any tunnel ports 
> in `ovs-vsctl show`. I've verified the STT and Geneve kernel modules are 
> loaded.
> 
> Any suggestions on what else to check?

Off the top of my head, here are some possible reasons "ovs-vsctl show"
might not show any tunnel ports on a given chassis:

* ovn-controller isn't running.

* ovn-controller can't connect to the southbound database, to read
  or write the Chassis table.  The ovn-controller log should
  indicate this.

* ovn-controller can't connect to the ovs-vswitchd database, to add
  ports to the integration bridge.  The ovn-controller log should
  indicate that.

* ovn-controller doesn't know what bridge is the integration bridge,
  or it has been told the wrong bridge.  From memory, I believe that
  it gets this configuration from the Open_vSwitch table in the
  ovs-vswitchd database.

* The ovn-controllers don't know what IP address or tunneling
  protocol to advertise, so they can't tell this chassis how to
  connect to them.  From memory, I believe that ovn-controller gets
  this configuration from the Open_vSwitch table in the ovs-vswitchd
  database.

(The kernel modules don't actually matter for this purpose.  They'd only
come into play once the tunnel ports were added to the ovs-vswitchd
database.)
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS Installation error

[Ben Pfaff]

Please don't drop the mailing list.  This is your second warning: after
this I will stop replying.

Joe gave you the answer.

On Thu, Sep 29, 2016 at 10:57:47PM -0500, Anas Saeed wrote:
> First if you could send me the answer and help me install that would be
> great as I have been stuck on this for two days and need to do some
> research work using OVS.
> 
> On Thu, Sep 29, 2016 at 10:34 PM, Ben Pfaff  wrote:
> 
> > On Thu, Sep 29, 2016 at 03:54:44PM -0700, Joe Stringer wrote:
> > > On 29 September 2016 at 14:51, Ben Pfaff  wrote:
> > > > Please don't drop the mailing list.
> > > >
> > > > This is some kind of problem with your kernel configuration.  It's not
> > > > OVS-specific, you'd have the same problem installing any other kernel
> > > > module.
> > > >
> > > > I don't know how to help, perhaps someone else can suggest something.
> > >
> > > The error is non-fatal: The module still gets installed and you can use
> > it.
> > >
> > > Jesse provided some more insight last time this was reported:
> > > https://www.mail-archive.com/discuss@openvswitch.org/msg18285.html
> >
> > Should we add a FAQ?
> >
> 
> 
> 
> -- 
> Regards,
> Anas Saeed
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS Installation error

[Ben Pfaff]

On Thu, Sep 29, 2016 at 03:54:44PM -0700, Joe Stringer wrote:
> On 29 September 2016 at 14:51, Ben Pfaff  wrote:
> > Please don't drop the mailing list.
> >
> > This is some kind of problem with your kernel configuration.  It's not
> > OVS-specific, you'd have the same problem installing any other kernel
> > module.
> >
> > I don't know how to help, perhaps someone else can suggest something.
> 
> The error is non-fatal: The module still gets installed and you can use it.
> 
> Jesse provided some more insight last time this was reported:
> https://www.mail-archive.com/discuss@openvswitch.org/msg18285.html

Should we add a FAQ?
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS Installation error

[Ben Pfaff]

Please don't drop the mailing list.

This is some kind of problem with your kernel configuration.  It's not
OVS-specific, you'd have the same problem installing any other kernel
module.

I don't know how to help, perhaps someone else can suggest something.

On Thu, Sep 29, 2016 at 01:49:52PM -0500, Anas Saeed wrote:
> The command was make modules_install ( after ./configure and make).
> Also in the attached file (which is a script for management of OVS which my
> friend sent me if you run _ovs_make_and_install. You get the same error.
> On Sep 29, 2016 1:33 PM, "Ben Pfaff"  wrote:
> 
> > On Thu, Sep 29, 2016 at 11:13:41AM -0500, Anas Saeed wrote:
> > > While making OVS ( after configuration) I get the following error.
> > >
> > > At main.c:222:
> > > - SSL error:02001002:system library:fopen:No such file or directory:
> > > bss_file.c:175
> > > - SSL error:2006D080:BIO routines:BIO_new_file:no such file:
> > bss_file.c:178
> > > sign-file: certs/signing_key.pem: No such file or directory
> > > At main.c:222:
> >
> > ...
> >
> > What command did you run that produced these messages?
> >


___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] [openvswitch 2.6.0] testsuite: 7 8 111 113 119 121 125 381 761 1859 1860 1861 1862 1863 1864 1868 1870 2247 failed

[Ben Pfaff]

On Wed, Sep 28, 2016 at 08:44:28PM +0100, Stuart Cardall wrote:
> I'm the Package Maintainer for ovs in Alpine Linux. The attached test
> failures are most probably related to the use of Musl C (& not Glibc).
> 
> If I can help test the errors please let me know.

Some of these were pretty easy to diagnose and fix in the testsuite.
They were bugs in the tests, not in OVS itself.  You should already have
received the proposed patches by email.  Please verify that they
eliminate the test failures, if you can.

It's too bad you didn't include testsuite.log; it has some additional
useful information.

It's hard to guess why only two of the bash completion tests failed.
Are you using bash?  What version?  Did the other completion tests pass
or get skipped?  (This would be in testsuite.log.)

It's hard for me to guess why the other tests failed.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS Installation error

[Ben Pfaff]

On Thu, Sep 29, 2016 at 11:13:41AM -0500, Anas Saeed wrote:
> While making OVS ( after configuration) I get the following error.
> 
> At main.c:222:
> - SSL error:02001002:system library:fopen:No such file or directory:
> bss_file.c:175
> - SSL error:2006D080:BIO routines:BIO_new_file:no such file: bss_file.c:178
> sign-file: certs/signing_key.pem: No such file or directory
> At main.c:222:

...

What command did you run that produced these messages?
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS 2.6.90 & ODL Beryllium

[Ben Pfaff]

On Thu, Sep 29, 2016 at 01:54:22PM +0100, Richard Renwick wrote:
> I have upgraded a vSwitch to v2.6.90 of OVS which brings with it new
> functionality - specifically the nat and ct actions in this case.  Do
> I have to do anything with OVS to allow these new features to be used
> by the NBI in ODL?

No.  You have to do something with ODL.  We don't know what, because
we're not ODL users or developers.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Regarding IP Options Field

[Ben Pfaff]

On Thu, Sep 29, 2016 at 11:50:10AM +, Pynbiang Hadem wrote:
> Dear All,I want to use the ipv4 "options" field.  Kindly suggest how
> to incorporate features in openvswitch to set values for ip_options
> field using the set_field action.  ThanksHadem

One natural way to do it would be to add a field for each IP option of
interest.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Open vSwitch 2.6.0 and 2.5.1 Available

[Ben Pfaff]

On Wed, Sep 28, 2016 at 11:36:01AM +0100, Markos Chandras wrote:
> On 09/28/2016 08:01 AM, Justin Pettit wrote:
> > The Open vSwitch team is pleased to announce the release of Open vSwitch 
> > 2.6.0:
> > [...]
> > In addition to the 2.6.0 release, we've also released 2.5.1:
> > 
> > http://openvswitch.org/releases/openvswitch-2.5.1.tar.gz
> > 
> 
> Hi,
> 
> I can't see the new 2 release tags on github. Any chance you can push them?

Done now.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Question regarding adding flow already residing in the requested table

[Ben Pfaff]

When one flow replaces another, traffic follows the old flow or the new
one.

On Tue, Sep 27, 2016 at 12:31:34PM +0200, Andreas Gilbert wrote:
> Hi Ben
> 
> Thank you, exactly what i expected
> So the traffic will not take another matching flow by adding the same flow
> twice..
> 
> BR
> Andreas
> 
> 2016-09-26 17:02 GMT+02:00 Ben Pfaff :
> 
> > On Mon, Sep 26, 2016 at 10:07:11AM +0200, Andreas Gilbert wrote:
> > > From OpenFlow Specification 1.3:
> > >
> > > "If a flow entry with identical match fields and priority already resides
> > > in the requested table,
> > > then that entry, including its duration, must be cleared from the table,
> > > and the new flow entry added."
> > >
> > > What does this mean for a traffic (stream) currently using such a flow ?
> > > Will the flow be unavailable for short time during clear/insert, or is
> > this
> > > done atomically
> > > (so may the traffic will use another suitable flow in the table) ?
> > > For a test, add same flow every x seconds during a stream transfer...
> > >
> > > In general: when there is a flow table update,
> > > the incoming traffic will be processed in parallel or will be halted
> > until
> > > table modification is finished ?
> >
> > OVS makes atomic changes to the flow table.
> >
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Question regarding adding flow already residing in the requested table

[Ben Pfaff]

On Mon, Sep 26, 2016 at 10:07:11AM +0200, Andreas Gilbert wrote:
> From OpenFlow Specification 1.3:
> 
> "If a flow entry with identical match fields and priority already resides
> in the requested table,
> then that entry, including its duration, must be cleared from the table,
> and the new flow entry added."
> 
> What does this mean for a traffic (stream) currently using such a flow ?
> Will the flow be unavailable for short time during clear/insert, or is this
> done atomically
> (so may the traffic will use another suitable flow in the table) ?
> For a test, add same flow every x seconds during a stream transfer...
> 
> In general: when there is a flow table update,
> the incoming traffic will be processed in parallel or will be halted until
> table modification is finished ?

OVS makes atomic changes to the flow table.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] an automated rig for testing ovsdb upgrades

[Ben Pfaff]

On Sat, Sep 24, 2016 at 04:59:40PM -0400, Flavio Fernandes wrote:
> As mentioned in the last OVN meeting [1], I've completed my first round in
> creating an automated way of checking if OVS+OVN config will survive the
> schema changes between any 2 OVS builds.

That's really great!  We'll need that as we progress from 2.6 to 2.7 and
beyond.  Thank you for working on it.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)

[Ben Pfaff]

Looks better to me.

On Fri, Sep 23, 2016 at 09:21:19AM +0200, Ashish Kurian wrote:
> Dear Developers,
> 
> So how should I fix the change. Should I use the following command?
> 
> sudo ovsdb-server --remote=punix:*/var/run/openvswitch/db.sock*
> --remote=db:Open_vSwitch,Open_vSwitch,manager_options
> --private-key=db:Open_vSwitch,SSL,private_key
> --certificate=db:Open_vSwitch,SSL,certificate
> --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --pidfile --detach
> 
> sudo ovs-vsctl --no-wait init
> 
> sudo ovs-vswitchd --pidfile --detach
> 
> 
> Best Regards,
> Ashish Kurian
> 
> On Thu, Sep 22, 2016 at 5:00 PM, Ben Pfaff  wrote:
> 
> > On Thu, Sep 22, 2016 at 10:21:04AM +0200, Ashish Kurian wrote:
> > > After I installed OVS 2.5 on my machine and reboot it, I get this error
> > > when I try to start OVS. I could fix this by doing the following steps
> > > after every reboot, but I want to know if I can fix this permanently.
> > >
> > > sudo ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock
> > > --remote=db:Open_vSwitch,Open_vSwitch,manager_options
> > > --private-key=db:Open_vSwitch,SSL,private_key
> > > --certificate=db:Open_vSwitch,SSL,certificate
> > > --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --pidfile --detach
> > >
> > > sudo ovs-vsctl --no-wait init
> > >
> > > sudo ovs-vswitchd --pidfile --detach
> >
> > It looks like you configured OVS to use /var/run/openvswitch/db.sock but
> > you started ovsdb-server to use a different socket name.
> >
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)

[Ben Pfaff]

On Thu, Sep 22, 2016 at 10:21:04AM +0200, Ashish Kurian wrote:
> After I installed OVS 2.5 on my machine and reboot it, I get this error
> when I try to start OVS. I could fix this by doing the following steps
> after every reboot, but I want to know if I can fix this permanently.
> 
> sudo ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock
> --remote=db:Open_vSwitch,Open_vSwitch,manager_options
> --private-key=db:Open_vSwitch,SSL,private_key
> --certificate=db:Open_vSwitch,SSL,certificate
> --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --pidfile --detach
> 
> sudo ovs-vsctl --no-wait init
> 
> sudo ovs-vswitchd --pidfile --detach

It looks like you configured OVS to use /var/run/openvswitch/db.sock but
you started ovsdb-server to use a different socket name.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Other actions using learn rules?

[Ben Pfaff]

On Wed, Sep 21, 2016 at 05:20:28PM -0700, Ray Li wrote:
> Is there anyway to specify other action types for a learn rule? For example
> 
> learn(,normal) or
> learn(,resubmit(,10))

The FAQ says:

### Q: The "learn" action can't learn the action I want, can you improve it?

A: By itself, the "learn" action can only put two kinds of actions
   into the flows that it creates: "load" and "output" actions.  If
   "learn" is used in isolation, these are severe limits.

   However, "learn" is not meant to be used in isolation.  It is a
   primitive meant to be used together with other Open vSwitch
   features to accomplish a task.  Its existing features are enough to
   accomplish most tasks.

   Here is an outline of a typical pipeline structure that allows for
   versatile behavior using "learn":

 - Flows in table A contain a "learn" action, that populates flows
   in table L, that use a "load" action to populate register R
   with information about what was learned.

 - Flows in table B contain two sequential resubmit actions: one
   to table L and another one to table B+1.

 - Flows in table B+1 match on register R and act differently
   depending on what the flows in table L loaded into it.

   This approach can be used to implement many "learn"-based features.
   For example:

 - Resubmit to a table selected based on learned information, e.g. see:
   http://openvswitch.org/pipermail/discuss/2016-June/021694.html

 - MAC learning in the middle of a pipeline, as described in
   [Tutorial.md].

 - TCP state based firewalling, by learning outgoing connections
   based on SYN packets and matching them up with incoming
   packets.

 - At least some of the features described in T. A. Hoff,
   "Extending Open vSwitch to Facilitate Creation of Stateful SDN
   Applications".
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Multiple sFlow instances in Open vSwitch

[Ben Pfaff]

On Tue, Sep 20, 2016 at 08:06:19PM +0200, Syed Faraz Ali wrote:
> Is there a way to configure multiple sFlow instances running on the OVS?
> I configured an instance below:
> 
> *ovs-vsctl -- --id=@sflow create sflow agent=eth0 target=\"192.168.1.1:6343
> \" header=128 sampling=1 polling=1 -- set bridge
> s1 sflow=@sflow*
> 
> However, the instance gets overwritten if i configure another instance
> (though with a different IP and port).
> 
> Multiple sFlow instances are not supported by OVS?

Each bridge can have one sFlow instance.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs-vswitchd is sucking every cycle (100% CPU usage).

[Ben Pfaff]

On Fri, Sep 16, 2016 at 12:06:00AM +0200, John Chludzinski wrote:
> I created a bond-port (and enabled LACP):
> 
> ~# ovs-vsctl add-br b1
> ~# ovs-vsctl add-bond b1 bd1 enp8s0 enp0s26u1u3u1
> ~# ovs-vsctl set port bd1 lacp=active
> 
> On a CISCO router I connected interfaces: enp8s0 & enp0s26u1u3u1
> to ports 2 & 3.
> 
> On the CISCO routes I enabled LACP on ports 2 & 3.
> 
> Then I ran 'top' and ovs-vswitchd was sucking every cycle (100% CPU usage).

We've had a few reports of this kind with Cisco gear.  I think that we
need someone with that gear to track it down; it's not really possible
to do it without the box available.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Roadmap for DPDK usespace NAT

[Ben Pfaff]

We do not generally add new features in a release branch.  So any new
features will appear on master, then in 2.7 or later, but not on 2.6.

On Mon, Sep 19, 2016 at 10:21:11AM +0800, 张东亚 wrote:
> Hi Ben,
> 
> So that means the only thing we can know is NAT for DPDK is not
> implemented, can we expect it be released with first 2.6 release?
> 
> I tried to googling, however does not find some existing patch for the
> feature.
> 
> 2016-09-19 0:23 GMT+08:00 Ben Pfaff :
> 
> > On Sun, Sep 18, 2016 at 08:24:57PM +0800, 张东亚 wrote:
> > > From ovs 2.6 branch NEWS file, it have stated the following sentence:
> > >
> > > Basic connection tracking for the userspace datapath (no ALG,
> > > fragmentation or NAT support yet)
> > >
> > > I am wonder what's the developmenent schedule for userspace NAT based on
> > > DPDK, will it be released with first OVS 2.6 release?
> >
> > We only add items to NEWS after they're implemented.
> >
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Does ovs send FlowRemoved message to controller?

[Ben Pfaff]

On Mon, Sep 19, 2016 at 10:39:28PM +0800, Zhao Jun wrote:
> I installed a flow rule with idle_time=60, and I want to receive FlowRemoved 
> message from ovs, but I did not.
> So I want to ask if the ovs sends FlowRemoved message to controller by 
> default? If not, which command can enable this?

OVS conforms to the OpenFlow specifications in this area.

Probably, you did not set the "send_flow_removed" flag when you added
the flows.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Roadmap for DPDK usespace NAT

[Ben Pfaff]

On Sun, Sep 18, 2016 at 08:24:57PM +0800, 张东亚 wrote:
> From ovs 2.6 branch NEWS file, it have stated the following sentence:
> 
> Basic connection tracking for the userspace datapath (no ALG,
> fragmentation or NAT support yet)
> 
> I am wonder what's the developmenent schedule for userspace NAT based on
> DPDK, will it be released with first OVS 2.6 release?

We only add items to NEWS after they're implemented.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Weird problem with openvswitch module

[Ben Pfaff]

On Fri, Sep 16, 2016 at 11:26:07AM +0100, Markos Chandras wrote:
> Well it's been a while but I was wondering if you managed to find the
> root for this problem.

I've never heard of this problem and it doesn't make much sense.
Probably, you should investigate it yourself.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Failed to add port

[Ben Pfaff]

On Fri, Sep 16, 2016 at 10:00:33AM +, Randolph Hill wrote:
> I would like to understand the following error when adding a port
> 
> 
> 
> root@Ipnu-Nesia:/var/log/openvswitch# ovs-vsctl add-port ovsbr0 eno1
> ovs-vsctl: Error detected while setting up 'eno1'.  See ovs-vswitchd log for 
> details.
> 
> 
> Here is the error message from the log file
> 
> 
> 
> 2016-09-16T09:56:25.566Z|00061|dpif|WARN|system@ovs-system: failed to add 
> eno1 as port: Device or resource busy

It's probably not available because it's in use for some other purpose,
e.g. part of a Linux bridge.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] mirror ports on multiple bridges - egress problem

[Ben Pfaff]

Thanks for testing!

I applied this to master, branch-2.6, and branch-2.5, adding Sugesh as
reporter.

On Fri, Sep 16, 2016 at 08:34:55AM +, Zoltán Balogh wrote:
> 
> Hi Ben,
> 
> I tested your patch on latest master commit. 
> $ git rev-parse HEAD
> 258b27d35a8aad8231f8c5308b0d5232dc966915
> 
> Mirroring works fine in my setup. The patch fixed the reported mirroring 
> issue.
> Could you please add Sugesh Chandran as reporter to the commit log too? 
> We were working together when the bug was detected.
> 
> Reported-by: Sugesh Chandran 
> 
> Best regards,
> Zoltán
> 
> 
> -Original Message-
> From: Ben Pfaff [mailto:b...@ovn.org] 
> Sent: Thursday, September 15, 2016 8:44 PM
> To: Zoltán Balogh 
> Cc: discuss@openvswitch.org
> Subject: Re: [ovs-discuss] mirror ports on multiple bridges - egress problem
> 
> On Thu, Sep 15, 2016 at 11:05:58AM -0700, Ben Pfaff wrote:
> > On Thu, Sep 15, 2016 at 07:52:03AM +, Zoltán Balogh wrote:
> > > It seems that for each datapath flow rule, there can be only one mirror 
> > > port. 
> > > I presume the chosen port could depend on the processing order of output 
> > > ports 
> > > when the datapath flow is constructed.
> > > Is this a planned limitation or a bug?
> > 
> > It should be possible for a packet to be mirrored multiple times,
> > whether on ingress or egress, so this sounds like a bug.  Let me see if
> > I can figure anything out.
> > 
> > From your output it looks like you're working from recent master.  Is
> > that correct?
> 
> Would you please test this proposed fix?  I have not tested it myself,
> except to see that it compiles.
> 
> --8<--cut here-->8--
> 
> From: Ben Pfaff 
> Date: Thu, 15 Sep 2016 11:43:46 -0700
> Subject: [PATCH] ofproto-dpif-xlate: Fix treatment of mirrors across patch
>  ports.
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 8bit
> 
> When the bridges on both sides of a patch port included mirrors, the
> translation code incorrectly conflated them instead of treating them as
> independent.
> 
> Reported-by: Zoltán Balogh 
> Reported-at: 
> http://openvswitch.org/pipermail/discuss/2016-September/022689.html
> Signed-off-by: Ben Pfaff 
> ---
>  ofproto/ofproto-dpif-xlate.c | 28 +---
>  1 file changed, 25 insertions(+), 3 deletions(-)
> 
> diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
> index 6854da3..358edd6 100644
> --- a/ofproto/ofproto-dpif-xlate.c
> +++ b/ofproto/ofproto-dpif-xlate.c
> @@ -2894,7 +2894,6 @@ compose_output_action__(struct xlate_ctx *ctx, 
> ofp_port_t ofp_port,
>  
>  ofpbuf_use_stub(&ctx->stack, new_stack, sizeof new_stack);
>  ofpbuf_use_stub(&ctx->action_set, actset_stub, sizeof actset_stub);
> -ctx->xbridge = peer->xbridge;
>  flow->in_port.ofp_port = peer->ofp_port;
>  flow->metadata = htonll(0);
>  memset(&flow->tunnel, 0, sizeof flow->tunnel);
> @@ -2903,6 +2902,26 @@ compose_output_action__(struct xlate_ctx *ctx, 
> ofp_port_t ofp_port,
>  ctx->conntracked = false;
>  clear_conntrack(flow);
>  
> +/* When the patch port points to a different bridge, then the mirrors
> + * for that bridge clearly apply independently to the packet, so we
> + * reset the mirror bitmap to zero and then restore it after the 
> packet
> + * returns.
> + *
> + * When the patch port points to the same bridge, this is more of a
> + * design decision: can mirrors be re-applied to the packet after it
> + * re-enters the bridge, or should we treat that as doubly mirroring 
> a
> + * single packet?  The former may be cleaner, since it respects the
> + * model in which a patch port is like a physical cable plugged from
> + * one switch port to another, but the latter may be less surprising 
> to
> + * users.  We take the latter choice, for now at least.  (To use the
> + * former choice, hard-code 'independent_mirrors' to "true".) */
> +mirror_mask_t old_mirrors = ctx->mirrors;
> +bool independent_mirrors = peer->xbridge != ctx->xbridge;
> +if (independent_mirrors) {
> +ctx->mirrors = 0;
> +}
> +ctx->xbridge = peer->xbridge;
> +
>  /* The bridge is now known so obtain its table version. */
>  ctx->xin->tables_version
>  = ofproto_dpif_get_tables_version(ctx-&

Re: [ovs-discuss] Using OVSDB to configure flow rules

[Ben Pfaff]

On Fri, Sep 16, 2016 at 04:31:24AM +, Purnendu Ghosh wrote:
> Is it possible to use the OVSDB interface to configure flow rules?

No.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] vswitchd restart and bond interfaces

[Ben Pfaff]

On Fri, Sep 16, 2016 at 12:02:57AM +, my_ovs_disc...@yahoo.com wrote:
> Hi,
> I am seeing this strange behavior of slaves getting disabled on bond 
> interfaces upon restart of vswitchd.This bond is static LAG, no LACP. 
> 
> openvswitch-2.5.0 on Centos-6.2 based Linux
> 
> This is the sequence I tried:
>
>- kill (vswitchd's pid)
>- kill (ovsdb-server's pid)   
> 
>- rm -f /usr/local/etc/openvswitch/conf.db
>- rm -f /usr/local/var/run/openvswitch/db.sock
>- ovsdb-tool create /usr/local/etc/openvswitch/conf.db 
> /etc/vswitch.ovsschema
>- ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock 
> --remote=db:Open_vSwitch,Open_vSwitch,manager_options --pidfile
>- ovs-vsctl --no-wait emer-reset
>- ovs-vsctl --no-wait init
>- ovs-vswitchd --pidfile
>- ovs-vsctl add-br br0
>- ovs-vsctl set bridge br0 datapath_type=netdev
>- ovs-vsctl set Bridge br0 mcast_snooping_enable=true
>- ovs-vsctl set Bridge br0 other_config:mcast-snooping-table-size=8192
>- ovs-vsctl --may-exist add-bond br0 bond0 port1 port2 
> bond_mode=balance-slb -- set port bond0 vlan_mode=trunk
> 
> In case of regular bootup, only steps 1 and 2 won't be there.
> For regular fresh bootup case, I see
> ovs-appctl bond/show
>  bond0 
> bond_mode: balance-slb
> bond may use recirculation: no, Recirc-ID : -1
> bond-hash-basis: 0
> updelay: 0 ms
> downdelay: 0 ms
> next rebalance: 8524 ms
> lacp_status: off
> active slave mac: 00:00:00:00:00:00(port1)
> 
> slave port1: enabled
>     active slave
>     may_enable: true
> 
> slave port2: enabled
>     may_enable: true
> 
> But, if I follow steps 1-14, then I see that bond members are in disabled 
> state:
> ovs-appctl bond/show
>  bond0 
> bond_mode: balance-slb
> bond may use recirculation: no, Recirc-ID : -1
> bond-hash-basis: 0
> updelay: 0 ms
> downdelay: 0 ms
> next rebalance: 6582 ms
> lacp_status: off
> active slave mac: 00:00:00:00:00:00(port2)
> 
> slave port1: disabled
>     may_enable: false
> 
> slave port2: disabled
>     may_enable: false
> 
> Is there something that I am missing during restart?

I can't reproduce this problem in my own testing, from a VM, just now.

It's really weird that, in the case where there is an active slave, it
shows its MAC as all-zeros.  Do port2 actually have an all-zeros MAC?  I
assume not.  There might be something weird even in the "working" case.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] mirror ports on multiple bridges - egress problem

[Ben Pfaff]

On Thu, Sep 15, 2016 at 11:05:58AM -0700, Ben Pfaff wrote:
> On Thu, Sep 15, 2016 at 07:52:03AM +, Zoltán Balogh wrote:
> > It seems that for each datapath flow rule, there can be only one mirror 
> > port. 
> > I presume the chosen port could depend on the processing order of output 
> > ports 
> > when the datapath flow is constructed.
> > Is this a planned limitation or a bug?
> 
> It should be possible for a packet to be mirrored multiple times,
> whether on ingress or egress, so this sounds like a bug.  Let me see if
> I can figure anything out.
> 
> From your output it looks like you're working from recent master.  Is
> that correct?

Would you please test this proposed fix?  I have not tested it myself,
except to see that it compiles.

--8<------cut here-->8--

From: Ben Pfaff 
Date: Thu, 15 Sep 2016 11:43:46 -0700
Subject: [PATCH] ofproto-dpif-xlate: Fix treatment of mirrors across patch
 ports.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When the bridges on both sides of a patch port included mirrors, the
translation code incorrectly conflated them instead of treating them as
independent.

Reported-by: Zoltán Balogh 
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022689.html
Signed-off-by: Ben Pfaff 
---
 ofproto/ofproto-dpif-xlate.c | 28 +---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index 6854da3..358edd6 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -2894,7 +2894,6 @@ compose_output_action__(struct xlate_ctx *ctx, ofp_port_t 
ofp_port,
 
 ofpbuf_use_stub(&ctx->stack, new_stack, sizeof new_stack);
 ofpbuf_use_stub(&ctx->action_set, actset_stub, sizeof actset_stub);
-ctx->xbridge = peer->xbridge;
 flow->in_port.ofp_port = peer->ofp_port;
 flow->metadata = htonll(0);
 memset(&flow->tunnel, 0, sizeof flow->tunnel);
@@ -2903,6 +2902,26 @@ compose_output_action__(struct xlate_ctx *ctx, 
ofp_port_t ofp_port,
 ctx->conntracked = false;
 clear_conntrack(flow);
 
+/* When the patch port points to a different bridge, then the mirrors
+ * for that bridge clearly apply independently to the packet, so we
+ * reset the mirror bitmap to zero and then restore it after the packet
+ * returns.
+ *
+ * When the patch port points to the same bridge, this is more of a
+ * design decision: can mirrors be re-applied to the packet after it
+ * re-enters the bridge, or should we treat that as doubly mirroring a
+ * single packet?  The former may be cleaner, since it respects the
+ * model in which a patch port is like a physical cable plugged from
+ * one switch port to another, but the latter may be less surprising to
+ * users.  We take the latter choice, for now at least.  (To use the
+ * former choice, hard-code 'independent_mirrors' to "true".) */
+mirror_mask_t old_mirrors = ctx->mirrors;
+bool independent_mirrors = peer->xbridge != ctx->xbridge;
+if (independent_mirrors) {
+ctx->mirrors = 0;
+}
+ctx->xbridge = peer->xbridge;
+
 /* The bridge is now known so obtain its table version. */
 ctx->xin->tables_version
 = ofproto_dpif_get_tables_version(ctx->xbridge->ofproto);
@@ -2921,10 +2940,10 @@ compose_output_action__(struct xlate_ctx *ctx, 
ofp_port_t ofp_port,
  * the learning action look at the packet, then drop it. */
 struct flow old_base_flow = ctx->base_flow;
 size_t old_size = ctx->odp_actions->size;
-mirror_mask_t old_mirrors = ctx->mirrors;
+mirror_mask_t old_mirrors2 = ctx->mirrors;
 
 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true);
-ctx->mirrors = old_mirrors;
+ctx->mirrors = old_mirrors2;
 ctx->base_flow = old_base_flow;
 ctx->odp_actions->size = old_size;
 
@@ -2933,6 +2952,9 @@ compose_output_action__(struct xlate_ctx *ctx, ofp_port_t 
ofp_port,
 }
 }
 
+if (independent_mirrors) {
+ctx->mirrors = old_mirrors;
+}
 ctx->xin->flow = old_flow;
 ctx->xbridge = xport->xbridge;
 ofpbuf_uninit(&ctx->action_set);
-- 
2.1.3

___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] mirror ports on multiple bridges - egress problem

[Ben Pfaff]

On Thu, Sep 15, 2016 at 07:52:03AM +, Zoltán Balogh wrote:
> It seems that for each datapath flow rule, there can be only one mirror port. 
> I presume the chosen port could depend on the processing order of output 
> ports 
> when the datapath flow is constructed.
> Is this a planned limitation or a bug?

It should be possible for a packet to be mirrored multiple times,
whether on ingress or egress, so this sounds like a bug.  Let me see if
I can figure anything out.

From your output it looks like you're working from recent master.  Is
that correct?
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] bug: cannot create /etc/openvswitch/system-id.conf: Directory nonexistent

[Ben Pfaff]

On Tue, Sep 13, 2016 at 12:30:13PM -0400, Flavio Fernandes wrote:
> Dear OVS gurus,
> 
> While tweaking the dbdir param in OVS build, I hit an issue [bug] that 
> affects how OVS start
> scripts handle the creation of file system-id.conf.
> 
> The issue is that ovs-ctl script is assuming that the directory [etcdir] 
> would have been
> created as part of dbdir [dbdir], but in this case, that is just not true.
> 
> I took a stab at fixing it here [patchWorks], mostly by taking a crash course 
> on automake [am]
> and changes that Ben did for dbdir [dbdiradd], back in 2012.
> 
> So, I would like very much to hear from you if that is the proper approach.

It makes sense.  I applied your patch.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] native ovs for windows?

[Ben Pfaff]

On Wed, Sep 14, 2016 at 02:27:12PM +0300, Itamar Ofek wrote:
> Currently OVS under windows is based on hyper-v,
> Has anybody tried to implement OVS as a native windows driver?

I've heard some discussion, but I don't know of anyone working on it.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Id shown for openvswitch in odl

[Ben Pfaff]

On Mon, Sep 12, 2016 at 04:04:14PM +0530, madhu wrote:
> I have openvswitch in compute and controller node. Both are controlled by
> opendaylight controller.
> 
> In ODL these switches are shown in DLUX gui as *openflow:217997698421066
> *and***openflow:274949178594639.
> 
> *How does ODL assigns the openvswitches these name *openflow:217997698421066
> *and *openflow:274949178594639 ?
> 
> *Can someone explain how these names are generated.

Open vSwitch doesn't control what ODL does.  I'd ask on an ODL mailing
list.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ingress_policing_rate rule taking too long to kick in

[Ben Pfaff]

OVS just configures the kernel QoS implementation.  If there's a delay,
it comes from the kernel and OVS has no influence over it.

On Sun, Sep 11, 2016 at 03:16:25PM -0300, Frederico wrote:
> No luck. I have tried different burst amounts. Ranging from 0 to 1024
> and in every attempt it still takes some 5 to 10 seconds until I see
> any effect. Also, the documentation doesn't say anything about any
> delay regarding ingress policies.
> 
> 2016-09-11 1:01 GMT-03:00 Ben Pfaff :
> > On Sat, Sep 10, 2016 at 03:14:37PM -0300, Frederico wrote:
> >> I am successfully applying the following speed limiting rules:
> >>
> >> ovs-vsctl set interface s0-eth1 ingress_policing_rate=1024
> >> ovs-vsctl set interface s0-eth1 ingress_policing_burst=0
> >>
> >> However, it takes some seconds (between 5 and 10, usually) until I see
> >> any practical effect on s0-eth1. Are those rules supposed to take all
> >> this time to kick in?
> >
> > I think your burst size is poorly chosen.  Try 80% of 1024, or about
> > 800.  See the documentation for more information.
> 
> 
> 
> -- 
> Thanks,
> Frederico Schardong
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Datapath is not compiled

[Ben Pfaff]

On Sun, Sep 11, 2016 at 12:59:32AM -0700, Justin Pettit wrote:
> 
> > On Sep 10, 2016, at 10:48 PM, Nomad Esst  wrote:
> > 
> > Hi
> > 
> > I'm trying to compile OVS from source in FreeBSD 10.3 AMD64 but it seems 
> > that datapath is not compiled when I try to compile the source code. I have 
> > made some modifications in datapath source code but these sources are not 
> > compiled during compilation of OVS. Should I add some options while I'm 
> > configuring or what ?
> 
> I assume you're referring to the kernel datapath; we only have support for 
> Linux and Hyper-V kernels.  FreeBSD uses the userspace datapath, as described 
> in INSTALL.NetBSD.md:
> 
>   https://github.com/openvswitch/ovs/blob/master/INSTALL.NetBSD.md

Daniele (CCed) ported the Linux datapath to FreeBSD a number of years
ago.  I don't know whether he ever released it.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ingress_policing_rate rule taking too long to kick in

[Ben Pfaff]

On Sat, Sep 10, 2016 at 03:14:37PM -0300, Frederico wrote:
> I am successfully applying the following speed limiting rules:
> 
> ovs-vsctl set interface s0-eth1 ingress_policing_rate=1024
> ovs-vsctl set interface s0-eth1 ingress_policing_burst=0
> 
> However, it takes some seconds (between 5 and 10, usually) until I see
> any practical effect on s0-eth1. Are those rules supposed to take all
> this time to kick in?

I think your burst size is poorly chosen.  Try 80% of 1024, or about
800.  See the documentation for more information.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] openvswitch - What is the use of NICIRA extensions

[Ben Pfaff]

This is kind of like asking "in what scenarios may one use a variable"
in a programming language.

You can use registers to store values that later tables match.

On Fri, Sep 09, 2016 at 10:09:40PM +0530, madhu wrote:
> Hi Ben,
> 
> Thanks for the reply.
> 
> To be precise we are trying to implement Service Function Chaining.
> 
> The flows included in the below mail are in the compute node openvswitch
> controlled by opendaylight controller.
> 
> If my understanding is correct  load:0x2->NXM_NX_REG0[] stores hexadecimal
> value 2 in the NXM register.
> 
> What I am not able to understand is in what scenarios one may use NXM
> register to store values.
> 
> Any explanation about the use of NXM registers will be helpfull.
> 
> Thanks,
> Madhu Chakravarthy.
> 
> On 09-09-2016 21:20, Ben Pfaff wrote:
> >On Fri, Sep 09, 2016 at 05:54:41PM +0530, madhu wrote:
> >>I am trying to understand the open flow rules written to the openvswitch.
> >>
> >>I am using openvswitch with openflow version 1.3. In that I see flow rules
> >>like below
> >>
> >>cookie=0x0, duration=133278.833s, table=0, n_packets=37283,
> >>n_bytes=15219696, tun_id=0x5a,in_port=1
> >>actions=load:0x2->NXM_NX_REG0[],goto_table:20
> >>cookie=0x0, duration=133156.937s, table=0, n_packets=47834, n_bytes=4333742,
> >>tun_id=0x65,in_port=1 actions=load:0x2->NXM_NX_REG0[],goto_table:20
> >>cookie=0x0, duration=133285.759s, table=0, n_packets=1673, n_bytes=647400,
> >>tun_id=0x61,in_port=1 actions=load:0x2->NXM_NX_REG0[],goto_table:20
> >>
> >>What is the use of load:0x2->NXM_NX_REG0[] and where to use this action.
> >ovs-ofctl(8) explains OpenFlow actions.
> >
> >It's hard to guess what this is for without context.  What added the
> >actions to the flow table?
> >
> 
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] openvswitch - What is the use of NICIRA extensions

[Ben Pfaff]

On Fri, Sep 09, 2016 at 05:54:41PM +0530, madhu wrote:
> I am trying to understand the open flow rules written to the openvswitch.
> 
> I am using openvswitch with openflow version 1.3. In that I see flow rules
> like below
> 
> cookie=0x0, duration=133278.833s, table=0, n_packets=37283,
> n_bytes=15219696, tun_id=0x5a,in_port=1
> actions=load:0x2->NXM_NX_REG0[],goto_table:20
> cookie=0x0, duration=133156.937s, table=0, n_packets=47834, n_bytes=4333742,
> tun_id=0x65,in_port=1 actions=load:0x2->NXM_NX_REG0[],goto_table:20
> cookie=0x0, duration=133285.759s, table=0, n_packets=1673, n_bytes=647400,
> tun_id=0x61,in_port=1 actions=load:0x2->NXM_NX_REG0[],goto_table:20
> 
> What is the use of load:0x2->NXM_NX_REG0[] and where to use this action.

ovs-ofctl(8) explains OpenFlow actions.

It's hard to guess what this is for without context.  What added the
actions to the flow table?
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] applying a patch

[Ben Pfaff]

On Thu, Sep 08, 2016 at 01:21:46PM +0200, Ashish Kurian wrote:
> Dear Team,
> 
> I have installed the ovs through debian packages by following
> install.debian.md and the install was successful.
> 
> Then I applied the ovs gtp u patch manually using the patch command. Now I
> need to build new debian files using the updated source files.
> 
> So I went into the directory of openvswitch-2.5.0 >> checked the build
> dependencies >> fakeroot debian/rules binary.
> 
> the output of that command is "dh binary --with autoreconf,python2
> --paralell".
> 
> Can you explain why this would have happened? Is this the method to
> successfully install the patch?

Did you read INSTALL.Debian.md?  It says:

   (There are a few pitfalls in the Debian packaging building system
   so that, occasionally, you may find that in a tree that you have
   using for a while, the build command above exits immediately
   without actually building anything.  To fix the problem, run

   `fakeroot debian/rules clean`

   or start over from a fresh copy of the source tree.)
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS 2.5.0 support on Ubuntu 16

[Ben Pfaff]

On Wed, Sep 07, 2016 at 10:59:34AM +0200, Ashish Kurian wrote:
> I just wanted to know if the tar ball release of OVS 2.5.0 is supported on
> ubuntu 16

Sure.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] definition of ³struck ovsrec_bridge²

[Ben Pfaff]

At build time, it's generated into lib/vswitch-idl.h.

On Wed, Sep 07, 2016 at 02:04:22AM +, Kai Ma (kaima) wrote:
> Dear all,
> 
> Where to find the definition of ³struck ovsrec_bridge²?
> 
> Thanks
> Kai 
> 
> On 9/6/16, 6:20 PM, "discuss on behalf of discuss-requ...@openvswitch.org"
>  discuss-requ...@openvswitch.org> wrote:
> 
> >Send discuss mailing list submissions to
> > discuss@openvswitch.org
> >
> >To subscribe or unsubscribe via the World Wide Web, visit
> > http://openvswitch.org/mailman/listinfo/discuss
> >or, via email, send a message with subject or body 'help' to
> > discuss-requ...@openvswitch.org
> >
> >You can reach the person managing the list at
> > discuss-ow...@openvswitch.org
> >
> >When replying, please edit your Subject line so it is more specific
> >than "Re: Contents of discuss digest..."
> >
> >
> >Today's Topics:
> >
> >   1. Implementing a custom packet scheduler (Sergio Gutierrez)
> >   2. Re: Implementing a custom packet scheduler (Ben Pfaff)
> >   3. Re: Allow fdb to be overwritten / Getting carp to work with
> >  ovs (Fredrik Dahlberg)
> >   4. Multiqueue with dpdk ports (Kapil Adhikesavalu)
> >   5. Missing configuration files linux kernel (Silvia Fichera)
> >
> >
> >--
> >
> >Message: 1
> >Date: Mon, 5 Sep 2016 16:44:09 -0300
> >From: Sergio Gutierrez 
> >To: discuss@openvswitch.org
> >Subject: [ovs-discuss] Implementing a custom packet scheduler
> >Message-ID:
> > 
> >Content-Type: text/plain; charset="utf-8"
> >
> >Hello all.
> >
> >I am new to Openvswitch coding and development. I am interested in
> >implementing a custom mechanism for packet scheduling. Thus, I would like
> >to know what would be the right starting point to study the code in order
> >to implement that.
> >
> >Thanks in advance for any help.
> >
> >Best regards.
> >
> >-- 
> >Sergio Gutiérrez
> >-- next part --
> >An HTML attachment was scrubbed...
> >URL: 
> ><http://openvswitch.org/pipermail/discuss/attachments/20160905/2981f07f/at
> >tachment-0001.html>
> >
> >--
> >
> >Message: 2
> >Date: Mon, 5 Sep 2016 15:48:49 -0700
> >From: Ben Pfaff 
> >To: Sergio Gutierrez 
> >Cc: discuss@openvswitch.org
> >Subject: Re: [ovs-discuss] Implementing a custom packet scheduler
> >Message-ID: <20160905224849.gc16...@ovn.org>
> >Content-Type: text/plain; charset=us-ascii
> >
> >On Mon, Sep 05, 2016 at 04:44:09PM -0300, Sergio Gutierrez wrote:
> >> I am new to Openvswitch coding and development. I am interested in
> >> implementing a custom mechanism for packet scheduling. Thus, I would
> >>like
> >> to know what would be the right starting point to study the code in
> >>order
> >> to implement that.
> >
> >If you want it to work with the Linux kernel datapath, then you should
> >create a Linux kernel qdisc that implements the policy that you want.
> >
> >
> >--
> >
> >Message: 3
> >Date: Tue, 6 Sep 2016 11:50:13 +0200
> >From: Fredrik Dahlberg 
> >To: Ben Pfaff 
> >Cc: discuss@openvswitch.org
> >Subject: Re: [ovs-discuss] Allow fdb to be overwritten / Getting carp
> > to work with ovs
> >Message-ID:
> > 
> >Content-Type: text/plain; charset="utf-8"
> >
> >On Mon, Sep 5, 2016 at 5:33 AM Ben Pfaff  wrote:
> >
> >> On Sun, Sep 04, 2016 at 07:12:43PM +, Fredrik Dahlberg wrote:
> >> > I am trying to get carp to work with ovs(2.5.0, ubuntu 16.04).
> >> >
> >> > Carp is set up with the same mac address on the carp interfaces,
> >>trying
> >> to
> >> > determine who is master like this:
> >> > 20:55:56.326841 00:00:5e:00:01:19 (oui Unknown) > 01:00:5e:00:00:12
> >>(oui
> >> > Unknown), ethertype IPv4 (0x0800), length 70: 192.168.43.2 >
> >> vrrp.mcast.net:
> >> > CARPv2-advertise 36: vhid=25 advbase=1 advskew=50 authlen=7
> >> > counter=4581652178833997382
> >> > 20:55:56.382550 00:00:5e:00:01:19 (oui Unknown) > 01:00:5e:00:00:12
> >>(oui
> >> > Unknown), ethertype IPv4 (0x0800), length 70: 192.168.43.4 >
> >> vrrp.mcast.net:
> >> > CARPv2-advertise 36: vhid=2

Re: [ovs-discuss] ovs-vsctl: Error detected while setting up 'br0'. See ovs-vswitchd log for details.

[Ben Pfaff]

Yes.

On Wed, Sep 07, 2016 at 09:18:51AM +0200, Ashish Kurian wrote:
> Dear Ben,
> 
> You mean the debian packages?
> 
> Best Regards,
> Ashish Kurian
> 
> On Tue, Sep 6, 2016 at 11:44 PM, Ben Pfaff  wrote:
> 
> > Perhaps you should install from packages.  Then you won't have to deal
> > with all these issues that confuse you.
> >
> > On Tue, Sep 06, 2016 at 11:05:28PM +0200, Ashish Kurian wrote:
> > > Dear all,
> > >
> > > I tried a fresh install of ubuntu 16 and did the ovs installation from
> > the
> > > scratch again. Everything went fine without any errors. But adding a
> > bridge
> > > is giving errors. Then when I tried to locate the log file also, such a
> > > file is not existing. I am attaching the screenshots of the terminal
> > > screens.
> > >
> > > please let me advice on how I can locate the log file.
> > >
> > >
> > > Best Regards,
> > > Ashish Kurian
> > >
> > > On Tue, Sep 6, 2016 at 9:36 PM, Ben Pfaff  wrote:
> > >
> > > > On Tue, Sep 06, 2016 at 08:57:30PM +0200, Ashish Kurian wrote:
> > > > > Dear All,
> > > > >
> > > > > When I give the command ¨sudo ovsdb-tool create
> > > > > /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema¨
> > during
> > > > the
> > > > > installation, I am getting the following error.
> > > > >
> > > > > ovsdb-tool: I/O error: /usr/local/etc/openvswitch/conf.db: create
> > failed
> > > > > (File exists)
> > > > >
> > > > > I tried uninstalling ovs using the command sudo make uninstall and
> > also
> > > > > tried sudo rm -rf delete options in the usr/local/var/log/ directory
> > and
> > > > > still getting the above error.
> > > >
> > > > If you want to create a new database, but one already exists in its
> > > > place, you need to delete the old one first (using "rm").
> > > >
> >
> >
> >
> >
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Select Group still does not work

[Ben Pfaff]

All ICMP packets between two destinations will go through the same
bucket.

On Wed, Sep 07, 2016 at 07:53:31AM +0800, AY wrote:
> I run ICMP traffic ,
> I monitor the traffic with TCPdump .
> 
> On Tuesday, 6 September 2016, Ben Pfaff  wrote:
> 
> > Please don't drop the mailing list.
> >
> > What kind of traffic are you running through the group?
> >
> > On Tue, Sep 06, 2016 at 08:43:16AM +0800, AY wrote:
> > > With OVS 2.3 The above commands work very well
> > >
> > > Here it is my configuration :
> > >
> > >
> > >
> > >
> > > ovs-vsctl set bridge s2 protocols=OpenFlow13
> > > ovs-vsctl set bridge s3 protocols=OpenFlow13
> > > ovs-vsctl set bridge s4 protocols=OpenFlow13
> > > vs-vsctl set bridge s5 protocols=OpenFlow13
> > >
> > > ovs-ofctl -O OpenFlow13 add-group s1
> > > group_id=1,type=select,selection_method=hash,bucket=
> > output:1,bucket=output:2,bucket=output:3
> > > ovs-ofctl -O OpenFlow13 add-flow s1 in_port=4,actions=group:1
> > > ovs-ofctl -O OpenFlow13 add-flow s1
> > > eth_type=0x0800,ip_dst=10.0.0.1,actions=output:4
> > > ovs-ofctl -O OpenFlow13 add-flow s1
> > > eth_type=0x0806,ip_dst=10.0.0.1,actions=output:4
> > >
> > >
> > >  ovs-ofctl -O OpenFlow13 add-flow s2 in_port=1,actions=output:2
> > >  ovs-ofctl -O OpenFlow13 add-flow s2 in_port=2,actions=output:1
> > >  ovs-ofctl -O OpenFlow13 add-flow s3 in_port=1,actions=output:2
> > >  ovs-ofctl -O OpenFlow13 add-flow s3 in_port=2,actions=output:1
> > >  ovs-ofctl -O OpenFlow13 add-flow s4 in_port=1,actions=output:2
> > >  ovs-ofctl -O OpenFlow13 add-flow s4 in_port=2,actions=output:1
> > >  ovs-ofctl -O OpenFlow13 add-flow s5
> > > eth_type=0x0800,ip_dst=10.0.0.2,actions=output:4
> > >  ovs-ofctl -O OpenFlow13 add-flow s5
> > > eth_type=0x0806,ip_dst=10.0.0.2,actions=output:4
> > >  ovs-ofctl -O OpenFlow13 add-flow s5
> > > eth_type=0x0800,ip_dst=10.0.0.1,actions=output:1
> > >  ovs-ofctl -O OpenFlow13 add-flow s5
> > > eth_type=0x0806,ip_dst=10.0.0.1,actions=output:1
> > >
> > > My topology is attached
> > >
> > > On 6 September 2016 at 01:49, Ben Pfaff >
> > wrote:
> > >
> > > > On Sun, Sep 04, 2016 at 04:44:55PM +0800, AY wrote:
> > > > > I have tried this configuration with ovs 2.3 and ovs 2.5 :
> > > > > ovs-ofctl -O OpenFlow13 add-group s1
> > > > > group_id=5566,type=select,bucket=weight:33,actions=
> > > > output:1,bucket=weight:33,actions=output:2,bucket=
> > > > weight:34,actions=output:3
> > > > >
> > > > > ovs-ofctl -O OpenFlow13 add-flow s1 in_port=4,actions=group:5566
> > > > >
> > > > > with OVS 2.3 it worked well .
> > > > > In ovs 2.5 it does not work. all the traffic directed to port 1?
> > > > >  Why ?
> > > >
> > > > Select groups work fine for other users (we have a recent report that
> > > > the split among buckets is not perfect, but that's far from "all
> > traffic
> > > > to port 1"), so it's hard to guess why you have a problem.  What does
> > > > your traffic look like?  Is it actually passing through the group?
> > > >
> >
> >
> >
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs-vsctl: Error detected while setting up 'br0'. See ovs-vswitchd log for details.

[Ben Pfaff]

Perhaps you should install from packages.  Then you won't have to deal
with all these issues that confuse you.

On Tue, Sep 06, 2016 at 11:05:28PM +0200, Ashish Kurian wrote:
> Dear all,
> 
> I tried a fresh install of ubuntu 16 and did the ovs installation from the
> scratch again. Everything went fine without any errors. But adding a bridge
> is giving errors. Then when I tried to locate the log file also, such a
> file is not existing. I am attaching the screenshots of the terminal
> screens.
> 
> please let me advice on how I can locate the log file.
> 
> 
> Best Regards,
> Ashish Kurian
> 
> On Tue, Sep 6, 2016 at 9:36 PM, Ben Pfaff  wrote:
> 
> > On Tue, Sep 06, 2016 at 08:57:30PM +0200, Ashish Kurian wrote:
> > > Dear All,
> > >
> > > When I give the command ¨sudo ovsdb-tool create
> > > /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema¨ during
> > the
> > > installation, I am getting the following error.
> > >
> > > ovsdb-tool: I/O error: /usr/local/etc/openvswitch/conf.db: create failed
> > > (File exists)
> > >
> > > I tried uninstalling ovs using the command sudo make uninstall and also
> > > tried sudo rm -rf delete options in the usr/local/var/log/ directory and
> > > still getting the above error.
> >
> > If you want to create a new database, but one already exists in its
> > place, you need to delete the old one first (using "rm").
> >



___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs-vsctl: Error detected while setting up 'br0'. See ovs-vswitchd log for details.

[Ben Pfaff]

On Tue, Sep 06, 2016 at 08:57:30PM +0200, Ashish Kurian wrote:
> Dear All,
> 
> When I give the command ¨sudo ovsdb-tool create
> /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema¨ during the
> installation, I am getting the following error.
> 
> ovsdb-tool: I/O error: /usr/local/etc/openvswitch/conf.db: create failed
> (File exists)
> 
> I tried uninstalling ovs using the command sudo make uninstall and also
> tried sudo rm -rf delete options in the usr/local/var/log/ directory and
> still getting the above error.

If you want to create a new database, but one already exists in its
place, you need to delete the old one first (using "rm").
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs can not forward

[Ben Pfaff]

On Tue, Sep 06, 2016 at 05:20:21PM +0800, 张晨 wrote:
> BTW, i met something strange, and i don't know whether it is related
> to the above problem. So i will list it as follows: When "ovs-vsctl
> add-port br1 eth1" is configured, an error "ovs-vsctl: Error detected
> while setting up 'eth1'. See ovs-vswitchd log for details" occurs" .
> However, it works and i could find the eth1 on br1 with cmd "ovs-vsctl
> show".

What's in the log?
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Maximum MPLS labels (FLOW_MAX_MPLS_LABELS)

[Ben Pfaff]

On Tue, Sep 06, 2016 at 02:41:19PM +, ma...@lamehost.it wrote:
> September 6, 2016 4:33 PM, "Ben Pfaff"  wrote:
> 
> > On Mon, Sep 05, 2016 at 02:20:18PM +, ma...@lamehost.it wrote:
> > 
> >> I would like to know if there are plans to augment
> >> FLOW_MAX_MPLS_LABELS (and all the data structures that depend on it)
> >> to larger values.
> > 
> > This is the first inquiry I've heard.
> 
> I am sorry to hear that i am the only one interested in this feature.
> As per your experience is it a very complex goal to achieve?

It's probably just a matter of changing FLOW_MAX_MPLS_LABELS and
adjusting a few assertions.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Allow fdb to be overwritten / Getting carp to work with ovs

[Ben Pfaff]

On Tue, Sep 06, 2016 at 11:50:13AM +0200, Fredrik Dahlberg wrote:
> On Mon, Sep 5, 2016 at 5:33 AM Ben Pfaff  wrote:
> 
> > On Sun, Sep 04, 2016 at 07:12:43PM +, Fredrik Dahlberg wrote:
> > > I am trying to get carp to work with ovs(2.5.0, ubuntu 16.04).
> > >
> > > Carp is set up with the same mac address on the carp interfaces, trying
> > to
> > > determine who is master like this:
> > > 20:55:56.326841 00:00:5e:00:01:19 (oui Unknown) > 01:00:5e:00:00:12 (oui
> > > Unknown), ethertype IPv4 (0x0800), length 70: 192.168.43.2 >
> > vrrp.mcast.net:
> > > CARPv2-advertise 36: vhid=25 advbase=1 advskew=50 authlen=7
> > > counter=4581652178833997382
> > > 20:55:56.382550 00:00:5e:00:01:19 (oui Unknown) > 01:00:5e:00:00:12 (oui
> > > Unknown), ethertype IPv4 (0x0800), length 70: 192.168.43.4 >
> > vrrp.mcast.net:
> > > CARPv2-advertise 36: vhid=25 advbase=1 advskew=100 authlen=7
> > > counter=11630556296063315122
> > > (The difference in advskew here shows they are different sources.)
> > >
> > > However, ovs won't let any frames through if they arrive on the "wrong"
> > > port according to the fdb. When sniffing on the bridge I can only see
> > > packets from the source that started first. This easily leads to a
> > > situation where I end up with multiple carp masters, and even if it
> > didn't,
> > > we have to wait for the entry in the fdb to time out before the new
> > master
> > > is visible to the network.
> > >
> > > Any suggestions on how to solve this? Any way to allow frames on the
> > > "wrong" port to update the fdb?
> >
> > I don't understand what you mean by the "wrong" port.  Open vSwitch
> > implements a conventional MAC learning algorithm.  What's carp trying to
> > do, and why doesn't it work with MAC learning?
> >
> 
> As far as I have learned, normally a switch will behave like this: If it
> receives a packet on a certain port, it will learn that the source mac
> address resides on that port, and send packets destined for that mac out
> only on that port. If it receives a packet from the same mac address on a
> different port, it will update what it has learned and start sending out
> packets destined for that mac address on the new port. Ovs however, at
> least in my installation, will not update the mac address table when it
> receives a packet from a mac address it has already learn, instead dropping
> that packet.
> 
> Since carp uses the same mac address on different hosts, I can't get it to
> work over ovs. The host that starts announcing itself first will get
> learned by ovs, and the other one will just have it's packets dropped,
> leading to a situation where one of them can't see the other. One solution
> would be if it was possible to make ovs behave more like a normal switch
> and update the mac addresses instead of dropping the packets.

OVS should learn changes in MAC address locations in the same way as any
other switch.

How frequently does carp move MAC addresses?  If it's moving a single
MAC address multiple times per second, OVS might have some trouble with
that; it's never been a use case that we've looked into.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] ovs-vsctl: Error detected while setting up 'br0'. See ovs-vswitchd log for details.

[Ben Pfaff]

On Tue, Sep 06, 2016 at 04:32:09PM +0200, Ashish Kurian wrote:
> Some where I also read that I have to install openvswitch-datapath-source
> and openvswitch-brcompat. Also in another forum read that I have to update
> the database schema. Can you advice if these are necessary and if so, how
> to update the database schema?

INSTALL.md explains how to upgrade the database schema, if you need to
do so manually.

However, ovs-ctl will do so automatically when necessary.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Maximum MPLS labels (FLOW_MAX_MPLS_LABELS)

[Ben Pfaff]

On Mon, Sep 05, 2016 at 02:20:18PM +, ma...@lamehost.it wrote:
> I would like to know if there are plans to augment
> FLOW_MAX_MPLS_LABELS (and all the data structures that depend on it)
> to larger values.

This is the first inquiry I've heard.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Select Group still does not work

[Ben Pfaff]

Please don't drop the mailing list.

What kind of traffic are you running through the group?

On Tue, Sep 06, 2016 at 08:43:16AM +0800, AY wrote:
> With OVS 2.3 The above commands work very well
> 
> Here it is my configuration :
> 
> 
> 
> 
> ovs-vsctl set bridge s2 protocols=OpenFlow13
> ovs-vsctl set bridge s3 protocols=OpenFlow13
> ovs-vsctl set bridge s4 protocols=OpenFlow13
> vs-vsctl set bridge s5 protocols=OpenFlow13
> 
> ovs-ofctl -O OpenFlow13 add-group s1
> group_id=1,type=select,selection_method=hash,bucket=output:1,bucket=output:2,bucket=output:3
> ovs-ofctl -O OpenFlow13 add-flow s1 in_port=4,actions=group:1
> ovs-ofctl -O OpenFlow13 add-flow s1
> eth_type=0x0800,ip_dst=10.0.0.1,actions=output:4
> ovs-ofctl -O OpenFlow13 add-flow s1
> eth_type=0x0806,ip_dst=10.0.0.1,actions=output:4
> 
> 
>  ovs-ofctl -O OpenFlow13 add-flow s2 in_port=1,actions=output:2
>  ovs-ofctl -O OpenFlow13 add-flow s2 in_port=2,actions=output:1
>  ovs-ofctl -O OpenFlow13 add-flow s3 in_port=1,actions=output:2
>  ovs-ofctl -O OpenFlow13 add-flow s3 in_port=2,actions=output:1
>  ovs-ofctl -O OpenFlow13 add-flow s4 in_port=1,actions=output:2
>  ovs-ofctl -O OpenFlow13 add-flow s4 in_port=2,actions=output:1
>  ovs-ofctl -O OpenFlow13 add-flow s5
> eth_type=0x0800,ip_dst=10.0.0.2,actions=output:4
>  ovs-ofctl -O OpenFlow13 add-flow s5
> eth_type=0x0806,ip_dst=10.0.0.2,actions=output:4
>  ovs-ofctl -O OpenFlow13 add-flow s5
> eth_type=0x0800,ip_dst=10.0.0.1,actions=output:1
>  ovs-ofctl -O OpenFlow13 add-flow s5
> eth_type=0x0806,ip_dst=10.0.0.1,actions=output:1
> 
> My topology is attached
> 
> On 6 September 2016 at 01:49, Ben Pfaff  wrote:
> 
> > On Sun, Sep 04, 2016 at 04:44:55PM +0800, AY wrote:
> > > I have tried this configuration with ovs 2.3 and ovs 2.5 :
> > > ovs-ofctl -O OpenFlow13 add-group s1
> > > group_id=5566,type=select,bucket=weight:33,actions=
> > output:1,bucket=weight:33,actions=output:2,bucket=
> > weight:34,actions=output:3
> > >
> > > ovs-ofctl -O OpenFlow13 add-flow s1 in_port=4,actions=group:5566
> > >
> > > with OVS 2.3 it worked well .
> > > In ovs 2.5 it does not work. all the traffic directed to port 1?
> > >  Why ?
> >
> > Select groups work fine for other users (we have a recent report that
> > the split among buckets is not perfect, but that's far from "all traffic
> > to port 1"), so it's hard to guess why you have a problem.  What does
> > your traffic look like?  Is it actually passing through the group?
> >


___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Implementing a custom packet scheduler

[Ben Pfaff]

On Mon, Sep 05, 2016 at 04:44:09PM -0300, Sergio Gutierrez wrote:
> I am new to Openvswitch coding and development. I am interested in
> implementing a custom mechanism for packet scheduling. Thus, I would like
> to know what would be the right starting point to study the code in order
> to implement that.

If you want it to work with the Linux kernel datapath, then you should
create a Linux kernel qdisc that implements the policy that you want.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Select Group still does not work

[Ben Pfaff]

On Sun, Sep 04, 2016 at 04:44:55PM +0800, AY wrote:
> I have tried this configuration with ovs 2.3 and ovs 2.5 :
> ovs-ofctl -O OpenFlow13 add-group s1
> group_id=5566,type=select,bucket=weight:33,actions=output:1,bucket=weight:33,actions=output:2,bucket=weight:34,actions=output:3
> 
> ovs-ofctl -O OpenFlow13 add-flow s1 in_port=4,actions=group:5566
> 
> with OVS 2.3 it worked well .
> In ovs 2.5 it does not work. all the traffic directed to port 1?
>  Why ?

Select groups work fine for other users (we have a recent report that
the split among buckets is not perfect, but that's far from "all traffic
to port 1"), so it's hard to guess why you have a problem.  What does
your traffic look like?  Is it actually passing through the group?
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Allow fdb to be overwritten / Getting carp to work with ovs

[Ben Pfaff]

On Sun, Sep 04, 2016 at 07:12:43PM +, Fredrik Dahlberg wrote:
> I am trying to get carp to work with ovs(2.5.0, ubuntu 16.04).
> 
> Carp is set up with the same mac address on the carp interfaces, trying to
> determine who is master like this:
> 20:55:56.326841 00:00:5e:00:01:19 (oui Unknown) > 01:00:5e:00:00:12 (oui
> Unknown), ethertype IPv4 (0x0800), length 70: 192.168.43.2 > vrrp.mcast.net:
> CARPv2-advertise 36: vhid=25 advbase=1 advskew=50 authlen=7
> counter=4581652178833997382
> 20:55:56.382550 00:00:5e:00:01:19 (oui Unknown) > 01:00:5e:00:00:12 (oui
> Unknown), ethertype IPv4 (0x0800), length 70: 192.168.43.4 > vrrp.mcast.net:
> CARPv2-advertise 36: vhid=25 advbase=1 advskew=100 authlen=7
> counter=11630556296063315122
> (The difference in advskew here shows they are different sources.)
> 
> However, ovs won't let any frames through if they arrive on the "wrong"
> port according to the fdb. When sniffing on the bridge I can only see
> packets from the source that started first. This easily leads to a
> situation where I end up with multiple carp masters, and even if it didn't,
> we have to wait for the entry in the fdb to time out before the new master
> is visible to the network.
> 
> Any suggestions on how to solve this? Any way to allow frames on the
> "wrong" port to update the fdb?

I don't understand what you mean by the "wrong" port.  Open vSwitch
implements a conventional MAC learning algorithm.  What's carp trying to
do, and why doesn't it work with MAC learning?
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Hash quality in select group with weighted buckets‏

[Ben Pfaff]

I don't see how this changes my answer.  It's still interesting.

If you find that some changes improve the accuracy of the split, please
report your results.

On Thu, Sep 01, 2016 at 11:53:37AM +0200, ibrahim menem wrote:
> Hi Ben,
> 
> I did more tests, using different subsets of fields(nw_src, nw_dst, nw_proto, 
> tcp_src, tcp_dst) 
> and against different traffic patterns with smaller IP ranges and varying 
> mainly on src ports.
> 
> The tests yield similar or slightly worse results.
> 
> Is it possible that I'm doing something wrong or it is the hash quality?
> 
> 
> > Date: Tue, 30 Aug 2016 08:05:15 -0700
> > From: b...@ovn.org
> > To: ibrahim...@hotmail.com
> > CC: discuss@openvswitch.org
> > Subject: Re: [ovs-discuss] Hash quality in select group with weighted 
> > buckets‏
> > 
> > On Tue, Aug 30, 2016 at 12:05:20PM +0200, ibrahim menem wrote:
> > > I'm testing "weighted select groups" behaviour on ovs2.5 stable, I'm 
> > > using this command:
> > > 
> > > ovs-ofctl -O OpenFlow15 add-group ovs0 "group_id=1,type=select,
> > > selection_method=hash,fields(nw_src,nw_dst,tcp_src,tcp_dst),
> > > bucket=bucket_id=1,actions=output:11,weight=$1,
> > > bucket=bucket_id=2,actions=output:12,weight=$2" 
> > > 
> > > $1 and $2 correspond to the weights column below:
> > > 
> > > Weights   Measured  Deviation 
> > > 
> > > 50/50  50/50 0
> > > 40/60  34/66 6  
> > > 30/70  22/78 8 
> > > 20/80  13/87 7 
> > > 10/90  5.6/94.4  4.4 
> > > 50/950 97/3  2 
> > > 
> > > 
> > > Traffic pattern (using pktgen_dpdk and only tcp packets):
> > > 
> > > dst.ip  2.0.0.1  ->  2.255.255.255  
> > > src.ip  1.0.0.1  ->  1.255.255.255
> > > dst.port1->  65000
> > > src.port1->  65000
> > > pkt.size1500
> > > 
> > > 
> > > I
> > >  believed that given enough traffic diversity, weights would be closer 
> > > to the configured ones! I tested against narrower and more realistic 
> > > traffic patterns but still having similar results, any suggestions? 
> > 
> > It's interesting.
> > 
> > If you find that some changes improve the accuracy of the split, please
> > report your results.
> 
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Error while adding a port to the bridge

[Ben Pfaff]

If you run "ifconfig eth0", does it exist?

On Thu, Sep 01, 2016 at 09:23:07AM +0200, Ashish Kurian wrote:
> Dear Members,
> 
> When I use the command "sudo ovs-vsctl show " it is shown as a port on the
> bridge br0 but with the message "error: "could not open network device eth0
> (No such device)""
> 
> I followed all the installation instructions properly and completely. Am I
> missing something? Now I am trying to install ubuntu 14.04.5 on my virtual
> machine and test the commands. Do you think this could be an issue with the
> latest version of the Ubuntu?
> 
> Thanks and regards,
> Ashish Kurian
> 
> Best Regards,
> Ashish Kurian
> 
> On Wed, Aug 31, 2016 at 6:14 PM, Ben Pfaff  wrote:
> 
> > On Wed, Aug 31, 2016 at 02:53:00PM +0200, Ashish Kurian wrote:
> > > I am getting an error when I am trying to add a port to the bridge that I
> > > created. The following is the error.
> > >
> > > ovs-vsctl: Error detected while setting up 'eth0'.  See ovs-vswitchd log
> > > for details.
> > >
> > > when I use the command ovs-vsctl show , I get the following
> > >
> > > Interface "eth0"
> > > error: "could not open network device eth0 (No such
> > device)"
> > >
> > > Please advice me on how to fix this error.
> >
> > Does eth0 exist?
> >
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Error while adding a port to the bridge

[Ben Pfaff]

On Wed, Aug 31, 2016 at 02:53:00PM +0200, Ashish Kurian wrote:
> I am getting an error when I am trying to add a port to the bridge that I
> created. The following is the error.
> 
> ovs-vsctl: Error detected while setting up 'eth0'.  See ovs-vswitchd log
> for details.
> 
> when I use the command ovs-vsctl show , I get the following
> 
> Interface "eth0"
> error: "could not open network device eth0 (No such device)"
> 
> Please advice me on how to fix this error.

Does eth0 exist?
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Indicate 2 or more nw_src= ranges in one rule

[Ben Pfaff]

On Tue, Aug 30, 2016 at 05:21:06PM -0600, Sterdnot Shaken wrote:
> Is there any way to indicate more then one ip subnet in a single rule? Say
> I wanted a rule to match any source from both 10.0.0.0/24 and 192.168.0.0/24
> ip ranges... Can that be done in one rule?

No.  Use two rules.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS - How to add stdio.h library to datapath

[Ben Pfaff]

On Tue, Aug 30, 2016 at 03:08:22PM +1000, Dzuy Pham wrote:
> I'm looking to add some features to the datapath.c module in ovs and was
> wondering how I can add the stdio.h library to it and successfully compile
> it.

You can't.  The Linux kernel doesn't support .
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Active-Backup Bond options

[Ben Pfaff]

On Tue, Aug 30, 2016 at 10:42:34AM +, Michael Schobel-Thoma wrote:
> I´m currently configuring my virtual infrastructure with OVS. I try to
> connect 2 network interfaces (one with 10G and one with 1G) to different
> switches and bond them in active-backup mode, to get a failover
> functionality.
> 
>  
> 
> Is there an option to specify the master, or the active interface in
> active-backup mode? I want to set my 10G interface as active and the 1G as
> backup.

It doesn't look like OVS has that feature, but it sounds useful and I
expect that we'd accept an implementation, if you provide one.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss