[ovs-discuss] Openvswitch flow(or rule) to implement CAPTIVE-PORTAL (or HTTP redirect)
Hello, Is there any good example for openvswitch flow/rules for captive-portal? Which means, - We should perform DNAT (with captive-portal web server IP) for outbound HTTP traffic - When responses are back, we should do proper NAT again. The issue, is, http packets' DIP from client, it's not fixed. It can be google, yahoo, facebook and anything. But, all of http packet should be redirected to specific web-server and response should be received on client side properly. Thanks in advance. Best regards, - yongseok ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] On OVNDB-HA using pacemaker two issues discussed
I am learning OVNDB-HA using pacemaker, I feel this is a good design. At the same time I have two questions and would like to discuss: 1, we have two resources, one is the master node of the OVNDB, one is VIP. Pacemaker resource constraints are dependencies, not symbiotic, so we must consider who depends on who. http://clusterlabs.org/doc/en-US/Pacemaker/1.1-pcs/html/Pacemaker_Explained/s-resource-colocation.html If the master node OVNDB dependence VIP, VIP or VIP network down, OVNDB master node will follow the VIP migration, But the OVNDB process of the master node is dead and there is no migration. If the VIP is dependent on the OVNDB master process, When the OVNDB master process down, all will migrate. And VIP or VIP network down Indicating that the node is down, all will migration. Is it better to configure the resource constraints ? pcs constraint order ovndb_servers-master then VirtualIP pcs constraint colocation add VirtualIP with master ovndb_servers-master score=INFINITY 2, OVN nodes in a total of three processes, the South to the database, north to the database, northd process. But only in the OCF script to start and monitor the database process, there is no northd process. How to ensure high reliability northd process? My idea is OCF script at the same time start and monitor northd process, because I think these three processes is together. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] Bridge does not specify output ; ignoring? (OVS-DPDK Ubuntu)
> The mirror-related errors in the log. ovs-tcpdump creates a mirror.
Are there any other errors in the logs? (with a view to figuring out why
traffic isn't reaching the VMs). Feel free to attach them if you're unsure.
Can you provide some more detail with regards to your setup?
OVS release/commit, DPDK release, QEMU version etc.
>
> On Tue, Dec 06, 2016 at 03:05:32PM -0500, Lax Clarke wrote:
> > Pardon? What's caused by ovs-tcpdump??
> >
> > On Tue, Dec 6, 2016 at 2:17 PM, Ben Pfaff wrote:
> >
> > > Oh, it's probably caused by ovs-tcpdump, now that I think about it.
> > >
> > > On Tue, Dec 06, 2016 at 01:20:19PM -0500, Lax Clarke wrote:
> > > > I do not think we did.
> > > >
> > > > Only config we did:
> > > >
> > > > # Subscribers DPDK-based Bridge
> > > > ovs-vsctl add-br flat-br-0 -- set bridge flat-br-0
> > > > datapath_type=netdev ovs-vsctl add-port flat-br-0 dpdk0 -- set
> > > > Interface dpdk0 type=dpdk ovs-vsctl add-port flat-br-0
> > > > stack-1-pts-1-subscribers-1 -- set Interface
> > > > stack-1-pts-1-subscribers-1 type=dpdkvhostuser
> > > >
> > > > # Internet DPDK-based Bridge
> > > > ovs-vsctl add-br flat-br-1 -- set bridge flat-br-1
> > > > datapath_type=netdev ovs-vsctl add-port flat-br-1 dpdk1 -- set
> > > > Interface dpdk1 type=dpdk ovs-vsctl add-port flat-br-1
> > > > stack-1-pts-1-internet-1 -- set Interface
> > > > stack-1-pts-1-internet-1 type=dpdkvhostuser
> > > >
> > > > # Bring it up (not sure if needed) ip link set dev flat-br-0 up ip
> > > > link set dev flat-br-1 up
> > > >
> > > > # Enable multi-queue on host side, 4 queues ovs-vsctl set
> > > > interface dpdk0 options:n_rxq=2 ovs-vsctl set interface dpdk1
> > > > options:n_rxq=2
How are you launching the VMs (i.e. QEMU, libvirt)?
What parameters are you using to launch & setup multi-queue for the VM
interfaces?
Thanks
Ian
> > > >
> > > > # Give mode CPU Cores to ovs-vswitchd PMD threads ovs-vsctl set
> > > > Open_vSwitch . other_config:pmd-cpu-mask=
> > > >
> > > >
> > > > On Tue, Dec 6, 2016 at 12:37 PM, Ben Pfaff wrote:
> > > >
> > > > > On Tue, Dec 06, 2016 at 12:20:35PM -0500, Lax Clarke wrote:
> > > > > > I'm having trouble with 2 OVS bridges I've configured (sitting
> > > > > > on
> > > top of
> > > > > > OVS-DPDK):
> > > > > >
> > > > > > 2e18698f-9583-4c59-972c-72c2c32cfc7d
> > > > > > Bridge "flat-br-1"
> > > > > > Port "stack-1-pts-1-internet-1"
> > > > > > Interface "stack-1-pts-1-internet-1"
> > > > > > type: dpdkvhostuser
> > > > > > Port "flat-br-1"
> > > > > > Interface "flat-br-1"
> > > > > > type: internal
> > > > > > Port "dpdk1"
> > > > > > Interface "dpdk1"
> > > > > > type: dpdk
> > > > > > options: {n_rxq="2"}
> > > > > > Bridge "flat-br-0"
> > > > > > Port "flat-br-0"
> > > > > > Interface "flat-br-0"
> > > > > > type: internal
> > > > > > Port "stack-1-pts-1-subscribers-1"
> > > > > > Interface "stack-1-pts-1-subscribers-1"
> > > > > > type: dpdkvhostuser
> > > > > > Port "dpdk0"
> > > > > > Interface "dpdk0"
> > > > > > type: dpdk
> > > > > > options: {n_rxq="2"}
> > > > > > ovs_version: "2.6.0"
> > > > > >
> > > > > >
> > > > > > I have these OF rules (nothing special):
> > > > > > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows
> > > > > > flat-br-0 NXST_FLOW reply (xid=0x4):
> > > > > > cookie=0x0, duration=231.086s, table=0, n_packets=9853,
> > > n_bytes=591180,
> > > > > > idle_age=1, priority=0 actions=NORMAL
> > > > > > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows
> > > > > > flat-br-1 NXST_FLOW reply (xid=0x4):
> > > > > > cookie=0x0, duration=234.638s, table=0, n_packets=9984,
> > > n_bytes=599040,
> > > > > > idle_age=2, priority=0 actions=NORMAL
> > > > > >
> > > > > > The traffic is reaching the bridges themselves (i.e.,
> > > > > > ovs-tcpdump on bridges shows the traffic), but not reaching the
> endpoints (VMs).
> > > > >
> > > > > OK...
> > > > >
> > > > > > The error I see in ovs switch log says:
> > > > > > 2016-12-06T17:14:41.170Z|00092|bridge|ERR|bridge flat-br-0:
> > > > > > mirror
> > > > > > m_flat-br-0 does not specify output; ignoring
> > > > > > 2016-12-06T17:14:41.170Z|00093|bridge|ERR|bridge flat-br-0:
> > > > > > mirror
> > > > > > m_flat-br-0 does not specify output; ignoring
> > > > > > 2016-12-06T17:14:41.170Z|00094|bridge|ERR|bridge flat-br-0:
> > > > > > mirror
> > > > > > m_flat-br-0 does not specify output; ignoring
> > > > > > 2016-12-06T17:14:41.171Z|00095|bridge|ERR|bridge flat-br-1:
> > > > > > mirror
> > > > > > m_flat-br-1 does not specify output; ignoring
> > > > > > 2016-12-06T17:14:41.171Z|00096|bridge|ERR|bridge flat-br-1:
> > > > > > mirror
> > > > > > m_flat-br-1 does not specify output; ignoring
> > > > > > 2016-12-06T17:14:41.171Z|00097|bridge|ERR|bridg
Re: [ovs-discuss] Bridge does not specify output ; ignoring? (OVS-DPDK Ubuntu)
The mirror-related errors in the log. ovs-tcpdump creates a mirror.
On Tue, Dec 06, 2016 at 03:05:32PM -0500, Lax Clarke wrote:
> Pardon? What's caused by ovs-tcpdump??
>
> On Tue, Dec 6, 2016 at 2:17 PM, Ben Pfaff wrote:
>
> > Oh, it's probably caused by ovs-tcpdump, now that I think about it.
> >
> > On Tue, Dec 06, 2016 at 01:20:19PM -0500, Lax Clarke wrote:
> > > I do not think we did.
> > >
> > > Only config we did:
> > >
> > > # Subscribers DPDK-based Bridge
> > > ovs-vsctl add-br flat-br-0 -- set bridge flat-br-0 datapath_type=netdev
> > > ovs-vsctl add-port flat-br-0 dpdk0 -- set Interface dpdk0 type=dpdk
> > > ovs-vsctl add-port flat-br-0 stack-1-pts-1-subscribers-1 -- set Interface
> > > stack-1-pts-1-subscribers-1 type=dpdkvhostuser
> > >
> > > # Internet DPDK-based Bridge
> > > ovs-vsctl add-br flat-br-1 -- set bridge flat-br-1 datapath_type=netdev
> > > ovs-vsctl add-port flat-br-1 dpdk1 -- set Interface dpdk1 type=dpdk
> > > ovs-vsctl add-port flat-br-1 stack-1-pts-1-internet-1 -- set Interface
> > > stack-1-pts-1-internet-1 type=dpdkvhostuser
> > >
> > > # Bring it up (not sure if needed)
> > > ip link set dev flat-br-0 up
> > > ip link set dev flat-br-1 up
> > >
> > > # Enable multi-queue on host side, 4 queues
> > > ovs-vsctl set interface dpdk0 options:n_rxq=2
> > > ovs-vsctl set interface dpdk1 options:n_rxq=2
> > >
> > > # Give mode CPU Cores to ovs-vswitchd PMD threads
> > > ovs-vsctl set Open_vSwitch . other_config:pmd-cpu-mask=
> > >
> > >
> > > On Tue, Dec 6, 2016 at 12:37 PM, Ben Pfaff wrote:
> > >
> > > > On Tue, Dec 06, 2016 at 12:20:35PM -0500, Lax Clarke wrote:
> > > > > I'm having trouble with 2 OVS bridges I've configured (sitting on
> > top of
> > > > > OVS-DPDK):
> > > > >
> > > > > 2e18698f-9583-4c59-972c-72c2c32cfc7d
> > > > > Bridge "flat-br-1"
> > > > > Port "stack-1-pts-1-internet-1"
> > > > > Interface "stack-1-pts-1-internet-1"
> > > > > type: dpdkvhostuser
> > > > > Port "flat-br-1"
> > > > > Interface "flat-br-1"
> > > > > type: internal
> > > > > Port "dpdk1"
> > > > > Interface "dpdk1"
> > > > > type: dpdk
> > > > > options: {n_rxq="2"}
> > > > > Bridge "flat-br-0"
> > > > > Port "flat-br-0"
> > > > > Interface "flat-br-0"
> > > > > type: internal
> > > > > Port "stack-1-pts-1-subscribers-1"
> > > > > Interface "stack-1-pts-1-subscribers-1"
> > > > > type: dpdkvhostuser
> > > > > Port "dpdk0"
> > > > > Interface "dpdk0"
> > > > > type: dpdk
> > > > > options: {n_rxq="2"}
> > > > > ovs_version: "2.6.0"
> > > > >
> > > > >
> > > > > I have these OF rules (nothing special):
> > > > > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-0
> > > > > NXST_FLOW reply (xid=0x4):
> > > > > cookie=0x0, duration=231.086s, table=0, n_packets=9853,
> > n_bytes=591180,
> > > > > idle_age=1, priority=0 actions=NORMAL
> > > > > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-1
> > > > > NXST_FLOW reply (xid=0x4):
> > > > > cookie=0x0, duration=234.638s, table=0, n_packets=9984,
> > n_bytes=599040,
> > > > > idle_age=2, priority=0 actions=NORMAL
> > > > >
> > > > > The traffic is reaching the bridges themselves (i.e., ovs-tcpdump on
> > > > > bridges shows the traffic), but not reaching the endpoints (VMs).
> > > >
> > > > OK...
> > > >
> > > > > The error I see in ovs switch log says:
> > > > > 2016-12-06T17:14:41.170Z|00092|bridge|ERR|bridge flat-br-0: mirror
> > > > > m_flat-br-0 does not specify output; ignoring
> > > > > 2016-12-06T17:14:41.170Z|00093|bridge|ERR|bridge flat-br-0: mirror
> > > > > m_flat-br-0 does not specify output; ignoring
> > > > > 2016-12-06T17:14:41.170Z|00094|bridge|ERR|bridge flat-br-0: mirror
> > > > > m_flat-br-0 does not specify output; ignoring
> > > > > 2016-12-06T17:14:41.171Z|00095|bridge|ERR|bridge flat-br-1: mirror
> > > > > m_flat-br-1 does not specify output; ignoring
> > > > > 2016-12-06T17:14:41.171Z|00096|bridge|ERR|bridge flat-br-1: mirror
> > > > > m_flat-br-1 does not specify output; ignoring
> > > > > 2016-12-06T17:14:41.171Z|00097|bridge|ERR|bridge flat-br-1: mirror
> > > > > m_flat-br-1 does not specify output; ignoring
> > > > >
> > > > > What does this mean?
> > > > > I browsed code here
> > > > > https://github.com/osrg/openvswitch/blob/master/
> > vswitchd/bridge.c#L3641
> > > > > It seems to suggest that I need either an output port or an output
> > vlan.
> > > >
> > > > How did you configure mirroring?
> > > >
> >
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] Bridge does not specify output ; ignoring? (OVS-DPDK Ubuntu)
Pardon? What's caused by ovs-tcpdump??
On Tue, Dec 6, 2016 at 2:17 PM, Ben Pfaff wrote:
> Oh, it's probably caused by ovs-tcpdump, now that I think about it.
>
> On Tue, Dec 06, 2016 at 01:20:19PM -0500, Lax Clarke wrote:
> > I do not think we did.
> >
> > Only config we did:
> >
> > # Subscribers DPDK-based Bridge
> > ovs-vsctl add-br flat-br-0 -- set bridge flat-br-0 datapath_type=netdev
> > ovs-vsctl add-port flat-br-0 dpdk0 -- set Interface dpdk0 type=dpdk
> > ovs-vsctl add-port flat-br-0 stack-1-pts-1-subscribers-1 -- set Interface
> > stack-1-pts-1-subscribers-1 type=dpdkvhostuser
> >
> > # Internet DPDK-based Bridge
> > ovs-vsctl add-br flat-br-1 -- set bridge flat-br-1 datapath_type=netdev
> > ovs-vsctl add-port flat-br-1 dpdk1 -- set Interface dpdk1 type=dpdk
> > ovs-vsctl add-port flat-br-1 stack-1-pts-1-internet-1 -- set Interface
> > stack-1-pts-1-internet-1 type=dpdkvhostuser
> >
> > # Bring it up (not sure if needed)
> > ip link set dev flat-br-0 up
> > ip link set dev flat-br-1 up
> >
> > # Enable multi-queue on host side, 4 queues
> > ovs-vsctl set interface dpdk0 options:n_rxq=2
> > ovs-vsctl set interface dpdk1 options:n_rxq=2
> >
> > # Give mode CPU Cores to ovs-vswitchd PMD threads
> > ovs-vsctl set Open_vSwitch . other_config:pmd-cpu-mask=
> >
> >
> > On Tue, Dec 6, 2016 at 12:37 PM, Ben Pfaff wrote:
> >
> > > On Tue, Dec 06, 2016 at 12:20:35PM -0500, Lax Clarke wrote:
> > > > I'm having trouble with 2 OVS bridges I've configured (sitting on
> top of
> > > > OVS-DPDK):
> > > >
> > > > 2e18698f-9583-4c59-972c-72c2c32cfc7d
> > > > Bridge "flat-br-1"
> > > > Port "stack-1-pts-1-internet-1"
> > > > Interface "stack-1-pts-1-internet-1"
> > > > type: dpdkvhostuser
> > > > Port "flat-br-1"
> > > > Interface "flat-br-1"
> > > > type: internal
> > > > Port "dpdk1"
> > > > Interface "dpdk1"
> > > > type: dpdk
> > > > options: {n_rxq="2"}
> > > > Bridge "flat-br-0"
> > > > Port "flat-br-0"
> > > > Interface "flat-br-0"
> > > > type: internal
> > > > Port "stack-1-pts-1-subscribers-1"
> > > > Interface "stack-1-pts-1-subscribers-1"
> > > > type: dpdkvhostuser
> > > > Port "dpdk0"
> > > > Interface "dpdk0"
> > > > type: dpdk
> > > > options: {n_rxq="2"}
> > > > ovs_version: "2.6.0"
> > > >
> > > >
> > > > I have these OF rules (nothing special):
> > > > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-0
> > > > NXST_FLOW reply (xid=0x4):
> > > > cookie=0x0, duration=231.086s, table=0, n_packets=9853,
> n_bytes=591180,
> > > > idle_age=1, priority=0 actions=NORMAL
> > > > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-1
> > > > NXST_FLOW reply (xid=0x4):
> > > > cookie=0x0, duration=234.638s, table=0, n_packets=9984,
> n_bytes=599040,
> > > > idle_age=2, priority=0 actions=NORMAL
> > > >
> > > > The traffic is reaching the bridges themselves (i.e., ovs-tcpdump on
> > > > bridges shows the traffic), but not reaching the endpoints (VMs).
> > >
> > > OK...
> > >
> > > > The error I see in ovs switch log says:
> > > > 2016-12-06T17:14:41.170Z|00092|bridge|ERR|bridge flat-br-0: mirror
> > > > m_flat-br-0 does not specify output; ignoring
> > > > 2016-12-06T17:14:41.170Z|00093|bridge|ERR|bridge flat-br-0: mirror
> > > > m_flat-br-0 does not specify output; ignoring
> > > > 2016-12-06T17:14:41.170Z|00094|bridge|ERR|bridge flat-br-0: mirror
> > > > m_flat-br-0 does not specify output; ignoring
> > > > 2016-12-06T17:14:41.171Z|00095|bridge|ERR|bridge flat-br-1: mirror
> > > > m_flat-br-1 does not specify output; ignoring
> > > > 2016-12-06T17:14:41.171Z|00096|bridge|ERR|bridge flat-br-1: mirror
> > > > m_flat-br-1 does not specify output; ignoring
> > > > 2016-12-06T17:14:41.171Z|00097|bridge|ERR|bridge flat-br-1: mirror
> > > > m_flat-br-1 does not specify output; ignoring
> > > >
> > > > What does this mean?
> > > > I browsed code here
> > > > https://github.com/osrg/openvswitch/blob/master/
> vswitchd/bridge.c#L3641
> > > > It seems to suggest that I need either an output port or an output
> vlan.
> > >
> > > How did you configure mirroring?
> > >
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] What's the purpose of alg=ftp in the ct action?
On Tue, Dec 06, 2016 at 10:22:18AM -0800, Joe Stringer wrote: > Until recently, Linux has turned on automatic helper assignment by > default. What this means is that even if you do not specify ALGs, the > traffic will be put through that ALG. In such cases, it is possible to > construct OpenFlow tables using conntrack actions that are missing the > FTP option, and the conntrack action will track that FTP connection > and correlate its sessions. > > However, Linux 4.7 turned this off by default: > https://github.com/torvalds/linux/commit/3bb398d925ec73e42b778cf823c8f4aecae359ea > > So, to ensure that this works in a future-proof way you should always > specify the alg option for FTP control connections. Is this something we should document? ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] Bridge does not specify output ; ignoring? (OVS-DPDK Ubuntu)
Oh, it's probably caused by ovs-tcpdump, now that I think about it.
On Tue, Dec 06, 2016 at 01:20:19PM -0500, Lax Clarke wrote:
> I do not think we did.
>
> Only config we did:
>
> # Subscribers DPDK-based Bridge
> ovs-vsctl add-br flat-br-0 -- set bridge flat-br-0 datapath_type=netdev
> ovs-vsctl add-port flat-br-0 dpdk0 -- set Interface dpdk0 type=dpdk
> ovs-vsctl add-port flat-br-0 stack-1-pts-1-subscribers-1 -- set Interface
> stack-1-pts-1-subscribers-1 type=dpdkvhostuser
>
> # Internet DPDK-based Bridge
> ovs-vsctl add-br flat-br-1 -- set bridge flat-br-1 datapath_type=netdev
> ovs-vsctl add-port flat-br-1 dpdk1 -- set Interface dpdk1 type=dpdk
> ovs-vsctl add-port flat-br-1 stack-1-pts-1-internet-1 -- set Interface
> stack-1-pts-1-internet-1 type=dpdkvhostuser
>
> # Bring it up (not sure if needed)
> ip link set dev flat-br-0 up
> ip link set dev flat-br-1 up
>
> # Enable multi-queue on host side, 4 queues
> ovs-vsctl set interface dpdk0 options:n_rxq=2
> ovs-vsctl set interface dpdk1 options:n_rxq=2
>
> # Give mode CPU Cores to ovs-vswitchd PMD threads
> ovs-vsctl set Open_vSwitch . other_config:pmd-cpu-mask=
>
>
> On Tue, Dec 6, 2016 at 12:37 PM, Ben Pfaff wrote:
>
> > On Tue, Dec 06, 2016 at 12:20:35PM -0500, Lax Clarke wrote:
> > > I'm having trouble with 2 OVS bridges I've configured (sitting on top of
> > > OVS-DPDK):
> > >
> > > 2e18698f-9583-4c59-972c-72c2c32cfc7d
> > > Bridge "flat-br-1"
> > > Port "stack-1-pts-1-internet-1"
> > > Interface "stack-1-pts-1-internet-1"
> > > type: dpdkvhostuser
> > > Port "flat-br-1"
> > > Interface "flat-br-1"
> > > type: internal
> > > Port "dpdk1"
> > > Interface "dpdk1"
> > > type: dpdk
> > > options: {n_rxq="2"}
> > > Bridge "flat-br-0"
> > > Port "flat-br-0"
> > > Interface "flat-br-0"
> > > type: internal
> > > Port "stack-1-pts-1-subscribers-1"
> > > Interface "stack-1-pts-1-subscribers-1"
> > > type: dpdkvhostuser
> > > Port "dpdk0"
> > > Interface "dpdk0"
> > > type: dpdk
> > > options: {n_rxq="2"}
> > > ovs_version: "2.6.0"
> > >
> > >
> > > I have these OF rules (nothing special):
> > > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-0
> > > NXST_FLOW reply (xid=0x4):
> > > cookie=0x0, duration=231.086s, table=0, n_packets=9853, n_bytes=591180,
> > > idle_age=1, priority=0 actions=NORMAL
> > > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-1
> > > NXST_FLOW reply (xid=0x4):
> > > cookie=0x0, duration=234.638s, table=0, n_packets=9984, n_bytes=599040,
> > > idle_age=2, priority=0 actions=NORMAL
> > >
> > > The traffic is reaching the bridges themselves (i.e., ovs-tcpdump on
> > > bridges shows the traffic), but not reaching the endpoints (VMs).
> >
> > OK...
> >
> > > The error I see in ovs switch log says:
> > > 2016-12-06T17:14:41.170Z|00092|bridge|ERR|bridge flat-br-0: mirror
> > > m_flat-br-0 does not specify output; ignoring
> > > 2016-12-06T17:14:41.170Z|00093|bridge|ERR|bridge flat-br-0: mirror
> > > m_flat-br-0 does not specify output; ignoring
> > > 2016-12-06T17:14:41.170Z|00094|bridge|ERR|bridge flat-br-0: mirror
> > > m_flat-br-0 does not specify output; ignoring
> > > 2016-12-06T17:14:41.171Z|00095|bridge|ERR|bridge flat-br-1: mirror
> > > m_flat-br-1 does not specify output; ignoring
> > > 2016-12-06T17:14:41.171Z|00096|bridge|ERR|bridge flat-br-1: mirror
> > > m_flat-br-1 does not specify output; ignoring
> > > 2016-12-06T17:14:41.171Z|00097|bridge|ERR|bridge flat-br-1: mirror
> > > m_flat-br-1 does not specify output; ignoring
> > >
> > > What does this mean?
> > > I browsed code here
> > > https://github.com/osrg/openvswitch/blob/master/vswitchd/bridge.c#L3641
> > > It seems to suggest that I need either an output port or an output vlan.
> >
> > How did you configure mirroring?
> >
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] What's the purpose of alg=ftp in the ct action?
On 6 December 2016 at 10:41, Samuel Jean wrote: > Awesome, exactly the kind of context background I needed. Thanks Joe! > > On a side note, is that ok to assume the argument to the alg flag is one of > the exact helper name as found with all the nf_conntrack_* modules? Or is > FTP the only supported alg at the moment? Let's say I set alg=irc, is that > expected to turn on helper assignment for IRC conntrack? At the moment, only FTP is supported. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] What's the purpose of alg=ftp in the ct action?
Awesome, exactly the kind of context background I needed. Thanks Joe! On a side note, is that ok to assume the argument to the alg flag is one of the exact helper name as found with all the nf_conntrack_* modules? Or is FTP the only supported alg at the moment? Let's say I set alg=irc, is that expected to turn on helper assignment for IRC conntrack? Many thanks! On Tue, Dec 6, 2016 at 1:22 PM, Joe Stringer wrote: > On 6 December 2016 at 08:03, Samuel Jean via discuss > wrote: > > Howdy folks, > > > > Yesterday, I was playing with the conntrack stuff available since 2.5 > and I > > my assumption was that OVS relies on nf_conntrack for tracking tuples and > > states. So for FTP to work, I assumed all I need is to make sure the > > nf_conntrack_ftp module is loaded to perform its duty. It proved to work > > just fine. However, the ovs-ofctl man page suggests to use the alg=ftp > > argument to the ct() action. That puzzles me a bit since it seems all it > > does is to load the nf_conntrack_ftp module on my behalf. > > > > One of the few thoughts I had to justify that sugar syntax is to allow > FTP > > session tracking regardless of the port on which the server is listening. > > > > Can anyone clarify the purpose of this argument and wether it is > reliable to > > not use alg= at all but rather load the conntrack helpers and allow the > > ports on which the services are listening to? > > Until recently, Linux has turned on automatic helper assignment by > default. What this means is that even if you do not specify ALGs, the > traffic will be put through that ALG. In such cases, it is possible to > construct OpenFlow tables using conntrack actions that are missing the > FTP option, and the conntrack action will track that FTP connection > and correlate its sessions. > > However, Linux 4.7 turned this off by default: > https://github.com/torvalds/linux/commit/3bb398d925ec73e42b778cf823c8f4 > aecae359ea > > So, to ensure that this works in a future-proof way you should always > specify the alg option for FTP control connections. > > For more context, see the blog post from the netfilter team: > http://www.netfilter.org/news.html#2012-04-03 > ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] What's the purpose of alg=ftp in the ct action?
On 6 December 2016 at 08:03, Samuel Jean via discuss wrote: > Howdy folks, > > Yesterday, I was playing with the conntrack stuff available since 2.5 and I > my assumption was that OVS relies on nf_conntrack for tracking tuples and > states. So for FTP to work, I assumed all I need is to make sure the > nf_conntrack_ftp module is loaded to perform its duty. It proved to work > just fine. However, the ovs-ofctl man page suggests to use the alg=ftp > argument to the ct() action. That puzzles me a bit since it seems all it > does is to load the nf_conntrack_ftp module on my behalf. > > One of the few thoughts I had to justify that sugar syntax is to allow FTP > session tracking regardless of the port on which the server is listening. > > Can anyone clarify the purpose of this argument and wether it is reliable to > not use alg= at all but rather load the conntrack helpers and allow the > ports on which the services are listening to? Until recently, Linux has turned on automatic helper assignment by default. What this means is that even if you do not specify ALGs, the traffic will be put through that ALG. In such cases, it is possible to construct OpenFlow tables using conntrack actions that are missing the FTP option, and the conntrack action will track that FTP connection and correlate its sessions. However, Linux 4.7 turned this off by default: https://github.com/torvalds/linux/commit/3bb398d925ec73e42b778cf823c8f4aecae359ea So, to ensure that this works in a future-proof way you should always specify the alg option for FTP control connections. For more context, see the blog post from the netfilter team: http://www.netfilter.org/news.html#2012-04-03 ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] Bridge does not specify output ; ignoring? (OVS-DPDK Ubuntu)
I do not think we did.
Only config we did:
# Subscribers DPDK-based Bridge
ovs-vsctl add-br flat-br-0 -- set bridge flat-br-0 datapath_type=netdev
ovs-vsctl add-port flat-br-0 dpdk0 -- set Interface dpdk0 type=dpdk
ovs-vsctl add-port flat-br-0 stack-1-pts-1-subscribers-1 -- set Interface
stack-1-pts-1-subscribers-1 type=dpdkvhostuser
# Internet DPDK-based Bridge
ovs-vsctl add-br flat-br-1 -- set bridge flat-br-1 datapath_type=netdev
ovs-vsctl add-port flat-br-1 dpdk1 -- set Interface dpdk1 type=dpdk
ovs-vsctl add-port flat-br-1 stack-1-pts-1-internet-1 -- set Interface
stack-1-pts-1-internet-1 type=dpdkvhostuser
# Bring it up (not sure if needed)
ip link set dev flat-br-0 up
ip link set dev flat-br-1 up
# Enable multi-queue on host side, 4 queues
ovs-vsctl set interface dpdk0 options:n_rxq=2
ovs-vsctl set interface dpdk1 options:n_rxq=2
# Give mode CPU Cores to ovs-vswitchd PMD threads
ovs-vsctl set Open_vSwitch . other_config:pmd-cpu-mask=
On Tue, Dec 6, 2016 at 12:37 PM, Ben Pfaff wrote:
> On Tue, Dec 06, 2016 at 12:20:35PM -0500, Lax Clarke wrote:
> > I'm having trouble with 2 OVS bridges I've configured (sitting on top of
> > OVS-DPDK):
> >
> > 2e18698f-9583-4c59-972c-72c2c32cfc7d
> > Bridge "flat-br-1"
> > Port "stack-1-pts-1-internet-1"
> > Interface "stack-1-pts-1-internet-1"
> > type: dpdkvhostuser
> > Port "flat-br-1"
> > Interface "flat-br-1"
> > type: internal
> > Port "dpdk1"
> > Interface "dpdk1"
> > type: dpdk
> > options: {n_rxq="2"}
> > Bridge "flat-br-0"
> > Port "flat-br-0"
> > Interface "flat-br-0"
> > type: internal
> > Port "stack-1-pts-1-subscribers-1"
> > Interface "stack-1-pts-1-subscribers-1"
> > type: dpdkvhostuser
> > Port "dpdk0"
> > Interface "dpdk0"
> > type: dpdk
> > options: {n_rxq="2"}
> > ovs_version: "2.6.0"
> >
> >
> > I have these OF rules (nothing special):
> > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-0
> > NXST_FLOW reply (xid=0x4):
> > cookie=0x0, duration=231.086s, table=0, n_packets=9853, n_bytes=591180,
> > idle_age=1, priority=0 actions=NORMAL
> > root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-1
> > NXST_FLOW reply (xid=0x4):
> > cookie=0x0, duration=234.638s, table=0, n_packets=9984, n_bytes=599040,
> > idle_age=2, priority=0 actions=NORMAL
> >
> > The traffic is reaching the bridges themselves (i.e., ovs-tcpdump on
> > bridges shows the traffic), but not reaching the endpoints (VMs).
>
> OK...
>
> > The error I see in ovs switch log says:
> > 2016-12-06T17:14:41.170Z|00092|bridge|ERR|bridge flat-br-0: mirror
> > m_flat-br-0 does not specify output; ignoring
> > 2016-12-06T17:14:41.170Z|00093|bridge|ERR|bridge flat-br-0: mirror
> > m_flat-br-0 does not specify output; ignoring
> > 2016-12-06T17:14:41.170Z|00094|bridge|ERR|bridge flat-br-0: mirror
> > m_flat-br-0 does not specify output; ignoring
> > 2016-12-06T17:14:41.171Z|00095|bridge|ERR|bridge flat-br-1: mirror
> > m_flat-br-1 does not specify output; ignoring
> > 2016-12-06T17:14:41.171Z|00096|bridge|ERR|bridge flat-br-1: mirror
> > m_flat-br-1 does not specify output; ignoring
> > 2016-12-06T17:14:41.171Z|00097|bridge|ERR|bridge flat-br-1: mirror
> > m_flat-br-1 does not specify output; ignoring
> >
> > What does this mean?
> > I browsed code here
> > https://github.com/osrg/openvswitch/blob/master/vswitchd/bridge.c#L3641
> > It seems to suggest that I need either an output port or an output vlan.
>
> How did you configure mirroring?
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] Bridge does not specify output ; ignoring? (OVS-DPDK Ubuntu)
On Tue, Dec 06, 2016 at 12:20:35PM -0500, Lax Clarke wrote:
> I'm having trouble with 2 OVS bridges I've configured (sitting on top of
> OVS-DPDK):
>
> 2e18698f-9583-4c59-972c-72c2c32cfc7d
> Bridge "flat-br-1"
> Port "stack-1-pts-1-internet-1"
> Interface "stack-1-pts-1-internet-1"
> type: dpdkvhostuser
> Port "flat-br-1"
> Interface "flat-br-1"
> type: internal
> Port "dpdk1"
> Interface "dpdk1"
> type: dpdk
> options: {n_rxq="2"}
> Bridge "flat-br-0"
> Port "flat-br-0"
> Interface "flat-br-0"
> type: internal
> Port "stack-1-pts-1-subscribers-1"
> Interface "stack-1-pts-1-subscribers-1"
> type: dpdkvhostuser
> Port "dpdk0"
> Interface "dpdk0"
> type: dpdk
> options: {n_rxq="2"}
> ovs_version: "2.6.0"
>
>
> I have these OF rules (nothing special):
> root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-0
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=231.086s, table=0, n_packets=9853, n_bytes=591180,
> idle_age=1, priority=0 actions=NORMAL
> root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-1
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=234.638s, table=0, n_packets=9984, n_bytes=599040,
> idle_age=2, priority=0 actions=NORMAL
>
> The traffic is reaching the bridges themselves (i.e., ovs-tcpdump on
> bridges shows the traffic), but not reaching the endpoints (VMs).
OK...
> The error I see in ovs switch log says:
> 2016-12-06T17:14:41.170Z|00092|bridge|ERR|bridge flat-br-0: mirror
> m_flat-br-0 does not specify output; ignoring
> 2016-12-06T17:14:41.170Z|00093|bridge|ERR|bridge flat-br-0: mirror
> m_flat-br-0 does not specify output; ignoring
> 2016-12-06T17:14:41.170Z|00094|bridge|ERR|bridge flat-br-0: mirror
> m_flat-br-0 does not specify output; ignoring
> 2016-12-06T17:14:41.171Z|00095|bridge|ERR|bridge flat-br-1: mirror
> m_flat-br-1 does not specify output; ignoring
> 2016-12-06T17:14:41.171Z|00096|bridge|ERR|bridge flat-br-1: mirror
> m_flat-br-1 does not specify output; ignoring
> 2016-12-06T17:14:41.171Z|00097|bridge|ERR|bridge flat-br-1: mirror
> m_flat-br-1 does not specify output; ignoring
>
> What does this mean?
> I browsed code here
> https://github.com/osrg/openvswitch/blob/master/vswitchd/bridge.c#L3641
> It seems to suggest that I need either an output port or an output vlan.
How did you configure mirroring?
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] What's the purpose of alg=ftp in the ct action?
Howdy folks, Yesterday, I was playing with the conntrack stuff available since 2.5 and I my assumption was that OVS relies on nf_conntrack for tracking tuples and states. So for FTP to work, I assumed all I need is to make sure the nf_conntrack_ftp module is loaded to perform its duty. It proved to work just fine. However, the ovs-ofctl man page suggests to use the alg=ftp argument to the ct() action. That puzzles me a bit since it seems all it does is to load the nf_conntrack_ftp module on my behalf. One of the few thoughts I had to justify that sugar syntax is to allow FTP session tracking regardless of the port on which the server is listening. Can anyone clarify the purpose of this argument and wether it is reliable to not use alg= at all but rather load the conntrack helpers and allow the ports on which the services are listening to? Best regards, Sam ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] Bridge does not specify output ; ignoring? (OVS-DPDK Ubuntu)
Hi,
I'm having trouble with 2 OVS bridges I've configured (sitting on top of
OVS-DPDK):
2e18698f-9583-4c59-972c-72c2c32cfc7d
Bridge "flat-br-1"
Port "stack-1-pts-1-internet-1"
Interface "stack-1-pts-1-internet-1"
type: dpdkvhostuser
Port "flat-br-1"
Interface "flat-br-1"
type: internal
Port "dpdk1"
Interface "dpdk1"
type: dpdk
options: {n_rxq="2"}
Bridge "flat-br-0"
Port "flat-br-0"
Interface "flat-br-0"
type: internal
Port "stack-1-pts-1-subscribers-1"
Interface "stack-1-pts-1-subscribers-1"
type: dpdkvhostuser
Port "dpdk0"
Interface "dpdk0"
type: dpdk
options: {n_rxq="2"}
ovs_version: "2.6.0"
I have these OF rules (nothing special):
root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-0
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=231.086s, table=0, n_packets=9853, n_bytes=591180,
idle_age=1, priority=0 actions=NORMAL
root@terago-2:/home/sandvine/svauto# ovs-ofctl dump-flows flat-br-1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=234.638s, table=0, n_packets=9984, n_bytes=599040,
idle_age=2, priority=0 actions=NORMAL
The traffic is reaching the bridges themselves (i.e., ovs-tcpdump on
bridges shows the traffic), but not reaching the endpoints (VMs).
The error I see in ovs switch log says:
2016-12-06T17:14:41.170Z|00092|bridge|ERR|bridge flat-br-0: mirror
m_flat-br-0 does not specify output; ignoring
2016-12-06T17:14:41.170Z|00093|bridge|ERR|bridge flat-br-0: mirror
m_flat-br-0 does not specify output; ignoring
2016-12-06T17:14:41.170Z|00094|bridge|ERR|bridge flat-br-0: mirror
m_flat-br-0 does not specify output; ignoring
2016-12-06T17:14:41.171Z|00095|bridge|ERR|bridge flat-br-1: mirror
m_flat-br-1 does not specify output; ignoring
2016-12-06T17:14:41.171Z|00096|bridge|ERR|bridge flat-br-1: mirror
m_flat-br-1 does not specify output; ignoring
2016-12-06T17:14:41.171Z|00097|bridge|ERR|bridge flat-br-1: mirror
m_flat-br-1 does not specify output; ignoring
What does this mean?
I browsed code here
https://github.com/osrg/openvswitch/blob/master/vswitchd/bridge.c#L3641
It seems to suggest that I need either an output port or an output vlan.
How do I configure this? I am a bit lost, any help will be useful.
Thanks, Lax
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] What's the purpose of alg=ftp in the ct action?
Howdy folks, Yesterday, I was playing with the conntrack stuff available since 2.5 and I my assumption was that OVS relies on nf_conntrack for tracking tuples and states. So for FTP to work, I assumed all I need is to make sure the nf_conntrack_ftp module is loaded to perform its duty. It proved to work just fine. However, the ovs-ofctl man page suggests to use the alg=ftp argument to the ct() action. That puzzles me a bit since it seems all it does is to load the nf_conntrack_ftp module on my behalf. One of the few thoughts I had to justify that sugar syntax is to allow FTP session tracking regardless of the port on which the server is listening. Can anyone clarify the purpose of this argument and wether it is reliable to not use alg= at all but rather load the conntrack helpers and allow the ports on which the services are listening to? Best regards, Sam ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
