[ovs-discuss] OVS 2.3.2 hung - no arp with lacp bond

[Varun]

Hello

I observed an issue with OVS 2.3.2 on CentOS 6.6 KVM , kernel
2.6.32-504.el6,   with 25 tenant VMs where it stopped responding to ARPs
all of a sudden. There are 2 OVS bonds in balance-tcp mode in this
configuration.  OVS service was restarted to resolve this state .

Below logs were repeated many times over

2016-10-01T12:37:32.480Z|1786606|poll_loop|INFO|wakeup due to 0-ms timeout
at *lib/seq.c*:179 (97% CPU usage)

2016-10-01T23:59:02.480Z|1810465|poll_loop|INFO|wakeup due to 0-ms timeout
at *ofproto/ofproto-dpif.c*:1503 (99% CPU usage)

2016-10-02T00:33:32.481Z|1811683|poll_loop|INFO|wakeup due to [POLLIN] on
fd 10 (<->/var/run/openvswitch/db.sock) at *lib/stream-fd-unix.c*:124 (97%
CPU usage)

Is this related to revalidator thread  or probably due to high traffic
volume ?   Having said that , there has no increase in traffic volume to
the tenant VMs in the days leading up to the OVS hung state or after.
Hypervisor cpu and memory usage has been at normal levels as well.

Has anyone else observed similar issues ? Any insight or comments would be
really appreciated.

thanks.
--
vkd
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] (no subject)

[devendra rawat]

I am trying to bring up my ethernet device interface in ovs-DPDK
I have created and added my non PCI vdev as dpdk0 device on bridge br0.

# ovs-vsctl --no-wait set Open_vSwitch . other_config:dpdk-extra=--
vdev=my_eth_dev

# ovs-vsctl --no-wait add-br br0 -- set bridge br0 datapath_type=netdev

# ovs-vsctl --no-wait add-port br0 dpdk0 -- set Interface dpdk0 type=dpdk

my interface is coming up well, I can see my interface br0 using ifconfig.
I need to validate the RX and TX paths.

I am able to receive traffic on br0 from an external packet generator and
my pings are also going out throught br0.
But my 10G interface stops receiving traffic if RX rate goes beyond 100Mbps.
can it be a setting issue because my DPDK testpmd application gives me line
rate ?

Can I add a flow entry so that br0 sends back the traffic it receives from
packet generator ?
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] [ovsdb] OVS DB connection refused by using ovsdb-client

[Justin Pettit]

> On Nov 16, 2016, at 11:35 PM, zhi  wrote:
> 
> Hi, all.
> 
> I install the OVS 2.6.0 by following the document[1]. Everything goes okay 
> but I meet a problem when I am using " ovsdb-client ".
> 
> I try to use " ovsdb-client dump " command to get information from OVS DB and 
> output is okay.
> 
>  I meet an exception when I try to use " ovsdb-client dump tcp:127.0.0.1:6640 
> ".  Result shows below:
> 
> root@devstack:~/openvswitch-2.6.0# ovsdb-client dump tcp:127.0.0.1:6640
> ovsdb-client: failed to connect to "tcp:127.0.0.1:6640" (Connection refused)
> 
> I think that OVS DB doesn't listen port 6640. 
> 
> How do I ensure if OVS DB listen port 6640? 
> 
> If OVS DB doesn't listen port 6640, what should I do? 

Those instructions don't look they tell ovsdb-server to listen to a TCP socket. 
 It looks like it's setting up a unix domain socket to 
"/usr/local/var/run/openvswitch/db.sock".  Depending on how you built 
ovsdb-client, the default path it uses may just work.  If it doesn't, you'll 
likely need to tell it by adding "unix:/usr/local/var/run/openvswitch/db.sock" 
to the command.

--Justin




___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] How is theQueueing in OVS implemented

[Justin Pettit]

> On Nov 17, 2016, at 3:53 AM, Jannis Ohms  wrote:
> 
> OF 1.0  standardised  queues for QoS.  How are they implemented in the 
> vswitchd  ?

QoS is currently supported for the Linux kernel datapath and DPDK.  They make 
use of underlying QoS support of the platform.  For example, on the Linux 
kernel datapath, the tc subsystem is used.

> Is there some architecture documentation which could help me find the right 
> part of the code ?

There's some discussion in the ovs-vswitchd.conf.db man page of the various QoS 
types supported on each platform.  If you want gory details, you can look at 
some of the comments in places like "lib/netdev-linux.c".

--Justin


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN external network access in Openstack

[Russell Bryant]

On Thu, Nov 17, 2016 at 9:44 AM, Michael Kashin  wrote:

> I'm using stable/newton, not master. Is master networking-ovn backwards
> compatible with newton version of Neutron or do I need to get ocata Neutron
> as well?
>

It may work, but that combination is not tested and will probably break
eventually.  I recommend using Ocata Neutron as well.

-- 
Russell Bryant
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] Strange flows in bridge/dump-flows

[Ali Volkan Atli]

When I connect my (ryu) controller to OvS (with DPDK) while all data-ports are 
down, I always see the strange flows in bridge/dump-flows below. Then when 
b8:af:67:84:90:d7 tries to send an arp packet, OvS floods it. Could someone 
please explain why (or who) adds these flows into OvS? Thanks in advance..

- Volkan

ovs-appctl bridge/dump-flows br0

duration=12s, n_packets=0, n_bytes=0, 
priority=180008,tcp,nw_src=192.168.3.17,tp_src=6633,actions=NORMAL
duration=12s, n_packets=0, n_bytes=0, 
priority=180007,tcp,nw_dst=192.168.3.17,tp_dst=6633,actions=NORMAL
duration=12s, n_packets=0, n_bytes=0, 
priority=180006,arp,arp_spa=192.168.3.17,arp_op=1,actions=NORMAL
duration=12s, n_packets=0, n_bytes=0, 
priority=180005,arp,arp_tpa=192.168.3.17,arp_op=2,actions=NORMAL
duration=12s, n_packets=0, n_bytes=0, 
priority=180004,arp,dl_src=b8:af:67:84:90:d7,arp_op=1,actions=NORMAL
duration=10s, n_packets=0, n_bytes=0, 
priority=180002,arp,dl_src=00:1b:21:84:d1:a0,arp_op=1,actions=NORMAL
duration=12s, n_packets=0, n_bytes=0, 
priority=180003,arp,dl_dst=b8:af:67:84:90:d7,arp_op=2,actions=NORMAL
duration=10s, n_packets=0, n_bytes=0, 
priority=180001,arp,dl_dst=00:1b:21:84:d1:a0,arp_op=2,actions=NORMAL
duration=10s, n_packets=0, n_bytes=0, 
priority=18,udp,in_port=LOCAL,dl_src=00:1b:21:84:d1:a0,tp_src=68,tp_dst=67,actions=NORMAL
table_id=254, duration=12s, n_packets=0, n_bytes=0, 
priority=2,recirc_id=0,actions=drop
table_id=254, duration=12s, n_packets=0, n_bytes=0, 
priority=0,reg0=0x1,actions=controller(reason=)
table_id=254, duration=12s, n_packets=0, n_bytes=0, 
priority=0,reg0=0x2,actions=drop
table_id=254, duration=12s, n_packets=0, n_bytes=0, 
priority=0,reg0=0x3,actions=drop

argela@anah:~/loop_workspace/ovs-master$ ovs-ofctl dump-flows br0
NXST_FLOW reply (xid=0x4):

Configuration steps are below.

pkill -9 ovs
rm -rf /usr/local/var/run/openvswitch
rm -rf /usr/local/etc/openvswitch/
rm -f /usr/local/etc/openvswitch/conf.db
mkdir -p /usr/local/etc/openvswitch
mkdir -p /usr/local/var/run/openvswitch
ovsdb-tool create /usr/local/etc/openvswitch/conf.db 
/usr/local/share/openvswitch/vswitch.ovsschema
ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock 
--remote=db:Open_vSwitch,Open_vSwitch,manager_options --pidfile --detach
ovs-vsctl --no-wait init
ovs-vsctl --no-wait set Open_vSwitch . other_config:dpdk-init=true
ovs-vswitchd unix:/usr/local/var/run/openvswitch/db.sock --pidfile

ovs-vsctl add-br br0 -- set bridge br0 datapath_type=netdev
ovs-vsctl set-controller br0 tcp:192.168.3.17:6633

ovs-vsctl add-port br0 dpdk0 -- set Interface dpdk0 type=dpdk
ovs-vsctl add-port br0 dpdk1 -- set Interface dpdk1 type=dpdk
ovs-vsctl add-port br0 dpdk2 -- set Interface dpdk2 type=dpdk
ovs-vsctl add-port br0 dpdk3 -- set Interface dpdk3 type=dpdk
ovs-vsctl add-port br0 dpdk4 -- set Interface dpdk4 type=dpdk
ovs-vsctl add-port br0 dpdk5 -- set Interface dpdk5 type=dpdk
ovs-vsctl add-port br0 dpdk6 -- set Interface dpdk6 type=dpdk
ovs-vsctl add-port br0 dpdk7 -- set Interface dpdk7 type=dpdk
ovs-vsctl add-port br0 dpdk8 -- set Interface dpdk8 type=dpdk
ovs-vsctl add-port br0 dpdk9 -- set Interface dpdk9 type=dpdk
ovs-vsctl add-port br0 dpdk10 -- set Interface dpdk10 type=dpdk
ovs-vsctl add-port br0 dpdk11 -- set Interface dpdk11 type=dpdk
ovs-vsctl add-port br0 dpdk12 -- set Interface dpdk12 type=dpdk
ovs-vsctl add-port br0 dpdk13 -- set Interface dpdk13 type=dpdk
ovs-vsctl add-port br0 dpdk14 -- set Interface dpdk14 type=dpdk
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] combining Geneve and VXLAN tunnels

[Gerhard Stenzel]

Hi,
I have a setup with three machines with an OVS switch each. 1 and 2 are 
connected via VXLAN tunnel, 2 and 3 are connected via Geneve tunnel. The OVSs 
have each an IP address assigned. ping from 1 to 2 works and ping from 2 to 3 
works.
But trying to ping from 1 to 3 or 3 to 1 does not work, because the packet 
coming via the Geneve tunnel from 3 is sent to Geneve port instead of to the 
VXLAN port on 1.

tcpdump on 2 looks like this:

IP 192.168.124.68.hp-device-disc > 192.168.124.132.6081: UDP, length 50
IP 192.168.124.132.37695 > 192.168.124.111.6081: UDP, length 50
IP 192.168.124.111 > 192.168.124.132: ICMP 192.168.124.111 udp port 6081 
unreachable, length 86

Is this working as expected or is this a bug?

Thanks in advance, Gerhard



___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN external network access in Openstack

[Michael Kashin]

I'm using stable/newton, not master. Is master networking-ovn backwards
compatible with newton version of Neutron or do I need to get ocata Neutron
as well?


On 17 November 2016 at 14:09, Joel Wirāmu Pauling  wrote:

> Why not just use ECMP for the gateway pool?
>
> On 17 November 2016 at 08:47, Russell Bryant  wrote:
>
>>
>>
>> On Wed, Nov 16, 2016 at 12:38 PM, Michael Kashin 
>> wrote:
>>
>>> Greetings,
>>>
>>> I'm integration RDO (Packstack) Openstack with OVN and facing a problem
>>> connecting DVR to external networks. My setup consists of a couple of
>>> virtual networks and a router interconnecting them.  On each compute node
>>> I've create a "br-ex" and created a mapping 
>>> "ovn-bridge-mappings=extnet:br-ex".
>>> I've also created a neutron network with "--provider:physical_network
>>> extnet" and assigned this network as a gateway to my router. I can see that
>>> OVN northDB creates a new LS with two ports as expected:
>>>
>>>  switch 151ac068-ee99-4324-b785-40709b2e2061
>>> (neutron-b4786af5-cf70-4fc2-8f36-e9d540165d37)
>>>
>>> port provnet-b4786af5-cf70-4fc2-8f36-e9d540165d37
>>>
>>> addresses: ["unknown"]
>>>
>>> port fb73ca73-488f-40aa-89e1-e8e312de7a77
>>>
>>> addresses: ["fa:16:3e:1d:75:66 169.254.0.50"]
>>>
>>> However, I can't see any link between my DVR and this LS. Am I expected
>>> to create a DVR-to-extLS patch manually?
>>>
>> What version of networking-ovn are you using?  To do this, you need
>> networking-ovn from master (ocata).
>>
>>> Can you also clarify one more thing. I've seen the setting for L3
>>> gateway scheduling which, I assume, should place that external router IP
>>> (169.254.0.50 in my case) on a particular compute node. Is there any
>>> document that describes what happens during GW scheduling?
>>>
>> Right now scheduling is primitive.  It uses a "least loaded" scheduling
>> policy to distribute gateways among the available chassis.  There are some
>> obvious enhancements that need to be made.
>>
>> 1) We need to be able to specify only a subset of hosts that should be
>> used as gateways.
>>
>> 2) We need some HA capabilities to handle when a host handling a gateway
>> goes down.
>>
>> --
>> Russell Bryant
>>
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] Shall i create kthread in OVS ?

[Naveen M]

Hi all,

As per our requirement we need one separate kernel thread.

1. Can we create kthread in datapath.c file?

2. If we create kernel thread is this will cause any issue in performance
or anything?

Can you please guide me on this.

Thanks,


*With Warm Regards,*
*Naveen M*
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN external network access in Openstack

[Joel Wirāmu Pauling]

Why not just use ECMP for the gateway pool?

On 17 November 2016 at 08:47, Russell Bryant  wrote:

>
>
> On Wed, Nov 16, 2016 at 12:38 PM, Michael Kashin 
> wrote:
>
>> Greetings,
>>
>> I'm integration RDO (Packstack) Openstack with OVN and facing a problem
>> connecting DVR to external networks. My setup consists of a couple of
>> virtual networks and a router interconnecting them.  On each compute node
>> I've create a "br-ex" and created a mapping 
>> "ovn-bridge-mappings=extnet:br-ex".
>> I've also created a neutron network with "--provider:physical_network
>> extnet" and assigned this network as a gateway to my router. I can see that
>> OVN northDB creates a new LS with two ports as expected:
>>
>>  switch 151ac068-ee99-4324-b785-40709b2e2061
>> (neutron-b4786af5-cf70-4fc2-8f36-e9d540165d37)
>>
>> port provnet-b4786af5-cf70-4fc2-8f36-e9d540165d37
>>
>> addresses: ["unknown"]
>>
>> port fb73ca73-488f-40aa-89e1-e8e312de7a77
>>
>> addresses: ["fa:16:3e:1d:75:66 169.254.0.50"]
>>
>> However, I can't see any link between my DVR and this LS. Am I expected
>> to create a DVR-to-extLS patch manually?
>>
> What version of networking-ovn are you using?  To do this, you need
> networking-ovn from master (ocata).
>
>> Can you also clarify one more thing. I've seen the setting for L3 gateway
>> scheduling which, I assume, should place that external router IP
>> (169.254.0.50 in my case) on a particular compute node. Is there any
>> document that describes what happens during GW scheduling?
>>
> Right now scheduling is primitive.  It uses a "least loaded" scheduling
> policy to distribute gateways among the available chassis.  There are some
> obvious enhancements that need to be made.
>
> 1) We need to be able to specify only a subset of hosts that should be
> used as gateways.
>
> 2) We need some HA capabilities to handle when a host handling a gateway
> goes down.
>
> --
> Russell Bryant
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)

[O'Reilly, Darragh]

Maybe you need to generate the links with update-rc.d
 http://www.tin.org/bin/man.cgi?section=8=update-rc.d


From: Ashish Kurian [mailto:ashish...@gmail.com] 
Sent: 17 November 2016 13:38
To: O'Reilly, Darragh 
Cc: disc...@openvswitch.org
Subject: Re: [ovs-discuss] ovs-vsctl: unix:/var/run/openvswitch/db.sock: 
database connection failed (No such file or directory)

Dear Darragh,
I do not think it is symlinked. And I do not have any file with *switch* in 
etc/rc3.d


Best Regards,
Ashish Kurian

On Thu, Nov 17, 2016 at 2:31 PM, O'Reilly, Darragh  
wrote:
Is it symlinked to like:
 
$ ls -l /etc/rc3.d/*switch*
lrwxrwxrwx 1 root root 28 Aug  3 17:06 /etc/rc3.d/S03openvswitch-switch -> 
../init.d/openvswitch-switch
 
 
From: ovs-discuss-boun...@openvswitch.org 
[mailto:ovs-discuss-boun...@openvswitch.org] On Behalf Of Ashish Kurian
Sent: 17 November 2016 13:14
To: disc...@openvswitch.org
Subject: [ovs-discuss] ovs-vsctl: unix:/var/run/openvswitch/db.sock: database 
connection failed (No such file or directory)
 
Dear Members,
I have installed and tested OVS. But after reboot, I get the error in the 
subject when I run the commands - sudo ovs-vsctl show
I have already added the openvswitch-switch.init to the directory 
/etc.init.d/openvswitch-switch but it is not getting executed on start up
If I run the commands manually by sudo /etc/init.d/openvswitch-switch start , 
everything works fine. Please help me with this issue if any one is aware of a 
fix


Best Regards,
Ashish Kurian

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN external network access in Openstack

[Russell Bryant]

On Wed, Nov 16, 2016 at 12:38 PM, Michael Kashin  wrote:

> Greetings,
>
> I'm integration RDO (Packstack) Openstack with OVN and facing a problem
> connecting DVR to external networks. My setup consists of a couple of
> virtual networks and a router interconnecting them.  On each compute node
> I've create a "br-ex" and created a mapping 
> "ovn-bridge-mappings=extnet:br-ex".
> I've also created a neutron network with "--provider:physical_network
> extnet" and assigned this network as a gateway to my router. I can see that
> OVN northDB creates a new LS with two ports as expected:
>
>  switch 151ac068-ee99-4324-b785-40709b2e2061 (neutron-b4786af5-cf70-4fc2-
> 8f36-e9d540165d37)
>
> port provnet-b4786af5-cf70-4fc2-8f36-e9d540165d37
>
> addresses: ["unknown"]
>
> port fb73ca73-488f-40aa-89e1-e8e312de7a77
>
> addresses: ["fa:16:3e:1d:75:66 169.254.0.50"]
>
> However, I can't see any link between my DVR and this LS. Am I expected to
> create a DVR-to-extLS patch manually?
>
What version of networking-ovn are you using?  To do this, you need
networking-ovn from master (ocata).

> Can you also clarify one more thing. I've seen the setting for L3 gateway
> scheduling which, I assume, should place that external router IP
> (169.254.0.50 in my case) on a particular compute node. Is there any
> document that describes what happens during GW scheduling?
>
Right now scheduling is primitive.  It uses a "least loaded" scheduling
policy to distribute gateways among the available chassis.  There are some
obvious enhancements that need to be made.

1) We need to be able to specify only a subset of hosts that should be used
as gateways.

2) We need some HA capabilities to handle when a host handling a gateway
goes down.

-- 
Russell Bryant
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)

[Ashish Kurian]

Dear Darragh,

I do not think it is symlinked. And I do not have any file with *switch* in
etc/rc3.d


Best Regards,
Ashish Kurian

On Thu, Nov 17, 2016 at 2:31 PM, O'Reilly, Darragh 
wrote:

> Is it symlinked to like:
>
>
>
> $ ls -l /etc/rc3.d/*switch*
>
> lrwxrwxrwx 1 root root 28 Aug  3 17:06 /etc/rc3.d/S03openvswitch-switch
> -> ../init.d/openvswitch-switch
>
>
>
>
>
> *From:* ovs-discuss-boun...@openvswitch.org [mailto:ovs-discuss-bounces@
> openvswitch.org] *On Behalf Of *Ashish Kurian
> *Sent:* 17 November 2016 13:14
> *To:* disc...@openvswitch.org
> *Subject:* [ovs-discuss] ovs-vsctl: unix:/var/run/openvswitch/db.sock:
> database connection failed (No such file or directory)
>
>
>
> Dear Members,
>
> I have installed and tested OVS. But after reboot, I get the error in the
> subject when I run the commands - sudo ovs-vsctl show
>
> I have already added the openvswitch-switch.init to the directory
> /etc.init.d/openvswitch-switch but it is not getting executed on start up
>
> If I run the commands manually by sudo /etc/init.d/openvswitch-switch
> start , everything works fine. Please help me with this issue if any one is
> aware of a fix
>
>
> Best Regards,
> Ashish Kurian
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] dpdk virtual device(vdev) device support in ovs.

[devendra rawat]

> I am going to implement the support for my non-pci DPDK vdev ethernet
> device in openvswitch. A head start will be really appreciated.
>
> So far what I have understood is that I will need to add a new "struct
> netdev_class" for my device in lib/netdev-dpdk.c
>
> just like
>
> static const struct netdev_class dpdk_class =
> NETDEV_DPDK_CLASS(
> "dpdk",
> netdev_dpdk_construct,
> netdev_dpdk_destruct,
> netdev_dpdk_set_config,
> netdev_dpdk_set_tx_multiq,
> netdev_dpdk_eth_send,
> netdev_dpdk_get_carrier,
> netdev_dpdk_get_stats,
> netdev_dpdk_get_features,
> netdev_dpdk_get_status,
> netdev_dpdk_reconfigure,
> netdev_dpdk_rxq_recv);
>
> will this be sufficient or I will need to change something else also ?
>
> *[Sugesh] Yes, this will take care of adding a new netdev type(in this
> case DPDK vdev). Also the config/control plane has to be changed to manage
> new type.*
>
> *I am really wondering a new netdev is really needed for vdev.*
>
> *vdev is just another type of DPDK eth port. It should be handled
> implicitly either in DPDK or OVS-DPDK init code. This is kind of similar to
> how different vendor NICs are supported under one DPDK type interface. *
>
> *  Have you considered the option to change/append the existing OVS-DPDK
> init implementation to support vdev?*
>
> *Adding a new netdev will make the code less maintainable and I would
> consider it as last option.*
>
> [Devendra] Yes, as you said new netdev is really not needed. I just need
to make sure that my vdev is initialized properly, ovs-DPDK will
automatically designate it as dpdk0 port.

I just used dpdk-extra to initialize my device and then added it as dpdk0
port to bridge.

# ovs-vsctl --no-wait set Open_vSwitch .
other_config:dpdk-extra=--vdev=my_eth_dev

# ovs-vsctl --no-wait add-br br0 -- set bridge br0 datapath_type=netdev

# ovs-vsctl --no-wait add-port br0 dpdk0 -- set Interface dpdk0 type=dpdk

Thanks and Regards,
Devendra
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Replacing IPsec-GRE tunnel ports

[Bolesław Tokarski]

Hi,

Thank you very much for the answer.

>
> > I am yet to come across a good guide on how to set up an OVS IPsec-GRE
> > tunnel port alternative. Most guides are either for site-to-site IPsec
> > tunnels, or for OVS GRE tunnels.
>
> Such guides in details wold be on strongSwan, racoon, OpenSwan or
> libreswan project sites.


Well, I did see a number of guides on setting up tunnels, not so much on
putting the traffic forward to an OVS port. I saw what ends up in
ipsec.conf, but I believe the traffic going the the ipsec tunnel ends up on
a Unix socket and gets directed to ovs-monitor-ipsec or so... I might fully
get the image, though.


> However, if you are interested you can take a
> peek at this link -
> https://www.mail-archive.com/dev@openvswitch.org/msg46915.html - and
> extract what the ovs-monitor-ipsec daemon would set in ipsec.conf and
> ipsec.secrets file.
>

I saw the patch on the mailing list before. I am experiencing some issues
with racoon, it does not seem to handle SA expiry too well. I had a number
of situations where I needed to recreate the OVS ports for it to catch up.
How's StrongSwan doing? I guess you're using it in production?


> If you are ok to skip this particular OVS 2.7 version, then I plan to
> reintroduce ovs-monitor-ipsec daemon in the next one. It was abruptly
> removed because it was decided that ovs-monitor-ipsec can't have a
> hard coded bit of skb_mark because it interferes with OpenFlow
> skb_mark match.
>

Good to hear that. The ovs-monitor-ipsec daemon was quite easy to use and I
even preferred to add OpenSUSE support to it than to set the tunnels up
manually, which sounds bizarre, but hey - it worked.

Best regards,
Bolesław Tokarski
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss