Re: [ovs-discuss] Ip grouping in openflow rule
> On Feb 20, 2017, at 12:46 AM, Tugrul Erdogan > wrote: > > Hi all, > > I am working on Centos 7 with OVS. I have simple flow rules as stated below: > > ovs-ofctl add-flow ovs-brext "ip, nw_dst=10.3.4.6, actions=drop" > ovs-ofctl add-flow ovs-brext "ip, nw_dst=172.16.0.6, actions=drop" > > I want to group the destinations IP addresses in a structure ( like > netfilter:ipset ) so I can drop many of the IP addresses from > different subnets with one flow rule. I have searched this type of > structure in man page of ovs-ctl and ovs-ofctl but I could not find. > > I want take your suggestions about IP grouping structure in flow rules. As Ben mentioned, there's no such grouping mechanism using ovs-ofctl. Those tools are stateless, and OVS would normally expect that sort of state to be maintained by a controller. There is support for such groups in OVN (which acts as a controller), but that might be overkill for your application if you don't need full-blown network virtualization. I have thought about how using just the southbound components of OVN could make a more convenient method of programming OVS. I should do a talk around that at some point, because I think the OVN logical flows are better in a lot of ways than straight OpenFlow. --Justin ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] OVS Make - make[2]: *** [dist-hook-git] Error
Hi Ben, Thanks for your reply and reminder. I've re-make and print the log again. The error might caused by that I download .tar.gz from OVS website, and create a git repo for my implementation maintainence. How to avoid this problem and what is a more recommended way to manage local OVS development and build process ? Here's the [dist-hook-git] error starting message: Thanks for your assistance! make[3]: Entering directory `/home/ovs8/ovs_2.5.1_hybrid_band/datapath' make[3]: Leaving directory `/home/ovs8/ovs_2.5.1_hybrid_band/datapath' The following files are in git but not the distribution: .travis/PaxHeaders.84059/build.sh .travis/PaxHeaders.84059/prepare.sh Documentation/PaxHeaders.84059/automake.mk Documentation/PaxHeaders.84059/group-selection-method-property.txt PaxHeaders.84059/.travis PaxHeaders.84059/.travis.yml PaxHeaders.84059/AUTHORS PaxHeaders.84059/CONTRIBUTING.md PaxHeaders.84059/COPYING PaxHeaders.84059/CodingStyle.md PaxHeaders.84059/DESIGN.md PaxHeaders.84059/Documentation PaxHeaders.84059/FAQ.md PaxHeaders.84059/INSTALL.DPDK.md PaxHeaders.84059/INSTALL.Debian.md PaxHeaders.84059/INSTALL.Docker.md PaxHeaders.84059/INSTALL.Fedora.md PaxHeaders.84059/INSTALL.KVM.md PaxHeaders.84059/INSTALL.Libvirt.md PaxHeaders.84059/INSTALL.NetBSD.md PaxHeaders.84059/INSTALL.RHEL.md PaxHeaders.84059/INSTALL.SELinux.md .. xenserver/PaxHeaders.84059/opt_xensource_libexec_interface-reconfigure xenserver/PaxHeaders.84059/usr_lib_xsconsole_plugins-base_XSFeatureVSwitch.py xenserver/PaxHeaders.84059/usr_share_openvswitch_scripts_ovs-xapi-sync xenserver/PaxHeaders.84059/usr_share_openvswitch_scripts_sysconfig.templatemake[2]: *** [dist-hook-git] Error 1 make[2]: Leaving directory `/home/ovs8/ovs_2.5.1_hybrid_band' make[1]: *** [install-recursive] Error 1 make[1]: Leaving directory `/home/ovs8/ovs_2.5.1_hybrid_band' make: *** [install] Error 2 Regards, Ethan Ben Pfaff 於 2017年2月20日 週一 下午11:55寫道: On Sun, Feb 19, 2017 at 01:51:20PM +, 蘇于倫 wrote: > Hi everyone, > > When I try to re-build and re-install OVS, I encountered the following > error message, which > appears twice in the log of make execution: > > make[2]: *** [dist-hook-git]* Error 1* > make[2]: Leaving directory `/home/ovs8/ovs_2.5.1_hybrid_band' > make[1]: *** [install-recursive]* Error 1* > make[1]: Leaving directory `/home/ovs8/ovs_2.5.1_hybrid_band' > make: *** [install] *Error 2* > > What does this mean and how to solve it ? It means something went wrong with the dist-hook-git target, but we can't tell what because you snipped off that part. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] mirror ports aggregation
On 2017. February 20. 15:43:05 Aaron Conole wrote: > Laszlo Fekete writes: > > Hello! > > > > > > > > I have 8 separate ports where have some incomming traffic (not related to > > that interface so using promisc) and want to mirror these traffics to 1 > > port. But not bridge together the 8 incomming ports, is it possible to > > create like this with ovs? > > It should be possible to construct by setting the select_dst_port and > select_src_port elements of the mirror to the set of Port entries you > wish to monitor. Could you please give an example config? For example there is eth1 and eth2 in promisc mode where there is incomming traffic and mirror those ports all traffic to eth3. But want to see both traffic on eth3 only, not mix eth1 traffic with eth2 on eth1 or eth2. Thanks, Laszlo > > > Tried put all 8 ports in a bridge and set monitor to a 9th port but in > > this case on 1st port see other 7 ports traffic too, i want to see > > separately the 8 ports traffic and 1 aggregated traffic for all 8 ports, > > it is possible? > > See above > > > Regards, Laszlo ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] mirror ports aggregation
Laszlo Fekete writes: > Hello! > > > > I have 8 separate ports where have some incomming traffic (not related to > that interface so using > promisc) and want to mirror these traffics to 1 port. But not bridge together > the 8 incomming ports, is it > possible to create like this with ovs? It should be possible to construct by setting the select_dst_port and select_src_port elements of the mirror to the set of Port entries you wish to monitor. > Tried put all 8 ports in a bridge and set monitor to a 9th port but in this > case on 1st port see other 7 > ports traffic too, i want to see separately the 8 ports traffic and 1 > aggregated traffic for all 8 ports, it is > possible? See above > Regards, Laszlo ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] Ip grouping in openflow rule
On Mon, Feb 20, 2017 at 11:46:12AM +0300, Tugrul Erdogan wrote: > Hi all, > > I am working on Centos 7 with OVS. I have simple flow rules as stated below: > > ovs-ofctl add-flow ovs-brext "ip, nw_dst=10.3.4.6, actions=drop" > ovs-ofctl add-flow ovs-brext "ip, nw_dst=172.16.0.6, actions=drop" > > I want to group the destinations IP addresses in a structure ( like > netfilter:ipset ) so I can drop many of the IP addresses from > different subnets with one flow rule. I have searched this type of > structure in man page of ovs-ctl and ovs-ofctl but I could not find. > > I want take your suggestions about IP grouping structure in flow rules. OVS doesn't have a way to do that. I don't see the value to it; what is the value of it to you? ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] OVS Make - make[2]: *** [dist-hook-git] Error
On Sun, Feb 19, 2017 at 01:51:20PM +, 蘇于倫 wrote: > Hi everyone, > > When I try to re-build and re-install OVS, I encountered the following > error message, which > appears twice in the log of make execution: > > make[2]: *** [dist-hook-git]* Error 1* > make[2]: Leaving directory `/home/ovs8/ovs_2.5.1_hybrid_band' > make[1]: *** [install-recursive]* Error 1* > make[1]: Leaving directory `/home/ovs8/ovs_2.5.1_hybrid_band' > make: *** [install] *Error 2* > > What does this mean and how to solve it ? It means something went wrong with the dist-hook-git target, but we can't tell what because you snipped off that part. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] Open vSwitch with SSL — Open vSwitch 2.6.0 documentation
Dear Sir or Madam, I'm configuring OVS for SSL according to the instructions of http://docs.openvswitch.org/en/latest/howto/ssl/ when I executed the command "$ ovs-pki self-sign sc"(http://docs.openvswitch.org/en/latest/howto/ssl/#switch-key-generation-with-self-signed-certificates) , something unexpected happened. The information prompts me that "sc-req.pem does not exist". What should I do now? Could you please help me? ?? Looking forward to your reply. Zhang Zhaozeng Feb. 20th. 2016 2E01F60A@ADC8BE2B.F09AAA58 Description: Binary data ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] BFD not working with RSTP, suggesting fix
Patch sent to ovs-dev list. BR, Mika 17.2.2017 20.29 "Joe Stringer" kirjoitti: > On 15 February 2017 at 05:18, Mika Väisänen > wrote: > > Hello, > > > > I have discovered that RSTP and BFD do not work together. When BFD is > > enabled on a link, it first assumes that the link is down and informs > this > > to RSTP. RSTP then puts that link to DISABLED state (similar as if > carrier > > was lost). > > > > BFD tries to send its messages over the link, but as RSTP considers port > is > > DISABLED and therefore not forwarding, no messages are allowed through. > This > > means BFD will never get its forwarding state to true even the link > itself > > was working. Therefore RSTP port will remain in DISABLED state forever. > > > > Seems that the problem is in ofproto-dpif-xlate.c. On openvswitch-2.5.1 I > > have overcome the problem with following patch: > > Hi Mika, thanks for taking a look at this! > > Would you mind resubmitting in standard git format-patch(1) format, to > the ovs-dev list, including a sign-off line? Patches on ovs-discuss > aren't tracked through the usual systems so it's easier for developers > to miss them. If you haven't done this before, there's documentation > here about what the patch should look like: > > http://docs.openvswitch.org/en/latest/internals/contributing/submitting- > patches/ > ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] Newbie trying to understand ofproto layer
Hi all, Trying to understand ofproto layer in userspace. where the flows are added and maintained in ofproto layer ? What type of algorithms used to identify the particular flow rule? Any reference to understand the clear picture of ofproto layer. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] mirror ports aggregation
Hello! I have 8 separate ports where have some incomming traffic (not related to that interface so using promisc) and want to mirror these traffics to 1 port. But not bridge together the 8 incomming ports, is it possible to create like this with ovs? Tried put all 8 ports in a bridge and set monitor to a 9th port but in this case on 1st port see other 7 ports traffic too, i want to see separately the 8 ports traffic and 1 aggregated traffic for all 8 ports, it is possible? Regards, Laszlo ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] rtcp packets are reversed in openvswitch
Hi Sam, Below are the requested details. *Open v Switch version details*: ovs-vsctl (Open vSwitch) 2.3.0 Compiled Oct 6 2014 10:51:51 DB Schema 7.6.0 we are sending CONNECT followed by GRANT at container level but in OVS level we are seeing GRANT followed by a CONNECT. On Mon, Feb 13, 2017 at 10:59 AM, Sam wrote: > You could post detail information for further help like: > ovs version > flow table before send package > package you send and order > flow table after send package > package you receive and order > > 2017-02-13 0:03 GMT+08:00 Sudheer Y : > >> Hi Team, >> >> Any update on this request. >> >> Regards, >> Sudheer >> >> On Fri, Feb 3, 2017 at 6:31 PM, Sudheer Y wrote: >> >>> Hi Team, >>> >>> Greetings of the day. >>> >>> We need your help in resolving one of our major issues. >>> >>> Scenario: >>> >>> we have rhel system and on top we have OVS software using as bridge >>> between host network and dockers which are installed in that host machine. >>> >>> when the docker container is sending two packets connect and grant order >>> and if we are captured it on the physical interfaces, those two packers are >>> in reverse order (grant and connect). >>> >>> Please let us know if any of your customers or in the LAB/Production >>> environment facing the issue and got resolved. >>> >>> Also let me know your comments on this issue. >>> >>> Thanks in advance for your help . >>> >>> Please contact me if you have any solution or queries regarding this >>> issue. >>> >>> Regards, >>> Sudheer >>> 9986517972 >>> >> >> >> ___ >> discuss mailing list >> disc...@openvswitch.org >> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss >> >> > ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] Ip grouping in openflow rule
Hi all, I am working on Centos 7 with OVS. I have simple flow rules as stated below: ovs-ofctl add-flow ovs-brext "ip, nw_dst=10.3.4.6, actions=drop" ovs-ofctl add-flow ovs-brext "ip, nw_dst=172.16.0.6, actions=drop" I want to group the destinations IP addresses in a structure ( like netfilter:ipset ) so I can drop many of the IP addresses from different subnets with one flow rule. I have searched this type of structure in man page of ovs-ctl and ovs-ofctl but I could not find. I want take your suggestions about IP grouping structure in flow rules. Thanks for your replies, Best regards, Tugrul ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
