[ovs-discuss] hardware offloading in ovs-2.8

2017-11-06 Thread 王嵘 
Hi,
I'm using ovs-dpdk(ovs2.8/dpdk17.05.2), and I want to use the offload feature. 
But I dont know how to enable it?
As is represented in the release note 2.8:

   - Addexperimental support for hardware offloading
 * HW offloading is disabled by default.

 * HW offloading is done through the TC interface.

thanks a lot.
Rong.Wang
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Capacity/Quota in ovs/openflow

2017-11-06 Thread Peter Phaal 
If interface counters addresses your use case then you are right, you probably 
don’t need to extra complexity of flow analysis. Flow analytics are useful if 
you want to compute more granular quotas (distinguishing traffic by 
destination, protocol, etc) or if you want to calculate cluster wide quotas.

What time period are you looking at for the quota control? If it’s small 
enough, then you are essentially performing rate limiting and you could just 
use Open vSwitch QoS controls:

http://docs.openvswitch.org/en/latest/howto/qos/ 


> On Nov 6, 2017, at 6:39 PM, Amar Padmanabhan  wrote:
> 
> Hi Peter
> Thanks for the mail, we have a local controller instance that is running on 
> the host so the sflow or periodic poll seem equivalent to me. Is there a way 
> to do this on path?
> - Amar
> 
> On 11/6/17, 8:03 AM, "Peter Phaal"  wrote:
> 
>Amar,
> 
>Open vSwitch includes sFlow / NetFlow instrumentation. Using flow data to 
> drive your quota controller reduces the complexity of the OpenFlow rules 
> since you no longer need granular rules to provide the traffic measurements. 
> 
>The following article describes building a quota controller using sFlow:
> 
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.sflow.com_2017_09_real-2Dtime-2Dvisibility-2Dand-2Dcontrol-2Dof.html=DwIFAg=5VD0RTtNlTh3ycd41b3MUw=1N_8hJDvy8eod04dYLy1EEUb1Kv1C1D7BI6HusLWBwA=VAq2E_vnC2DSUjtbm3OLDDpujPc5nNbyE3Xo1XRyqag=yKFKF_3x27O3ktKXYqRV4aun7gHDy_1zgYxu0WWqn7M=
> 
>Peter
> 
>> On Nov 6, 2017, at 7:21 AM, Amar Padmanabhan  wrote:
>> 
>> Hi all,
>> What is the best way to model quota through ovs? Right now the best thing we 
>> could come up with is to periodically poll a flow stat and install a drop 
>> flow when the flow stat goes past the quota.
>> Thanks
>> - Amar
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddiscuss=DwIFAg=5VD0RTtNlTh3ycd41b3MUw=1N_8hJDvy8eod04dYLy1EEUb1Kv1C1D7BI6HusLWBwA=VAq2E_vnC2DSUjtbm3OLDDpujPc5nNbyE3Xo1XRyqag=bqPmWPuy2G5w-_tH_DTOU-MA3BWnKG9ug5Xjx3liMzg=
> 
> 
> 

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] group entries are not deleted after del-controller command

2017-11-06 Thread Ben Pfaff 
On Fri, Nov 03, 2017 at 02:37:02PM +, Periyasamy Palanisamy wrote:
> I have OVS 2.6.1 configured with bridge br-int in fail_mod set to 'secure'.
> 
> There are flows and groups configured by controller in the switch for a VM 
> attached to it.
> 
> 
> 
> After running 'ovs-vsctl del-controller br-int', only flow entries are wiped 
> out. Groups are not removed.

Deleting groups has just never been part of the way that OVS defines
this to happen.  Now that you point it out, I think that it should be.
I sent out a patch to implement that behavior:
https://patchwork.ozlabs.org/patch/835093/

Comments are welcome.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Capacity/Quota in ovs/openflow

2017-11-06 Thread Amar Padmanabhan 
Hi Peter
Thanks for the mail, we have a local controller instance that is running on the 
host so the sflow or periodic poll seem equivalent to me. Is there a way to do 
this on path?
- Amar

On 11/6/17, 8:03 AM, "Peter Phaal"  wrote:

Amar,

Open vSwitch includes sFlow / NetFlow instrumentation. Using flow data to 
drive your quota controller reduces the complexity of the OpenFlow rules since 
you no longer need granular rules to provide the traffic measurements. 

The following article describes building a quota controller using sFlow:


https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.sflow.com_2017_09_real-2Dtime-2Dvisibility-2Dand-2Dcontrol-2Dof.html=DwIFAg=5VD0RTtNlTh3ycd41b3MUw=1N_8hJDvy8eod04dYLy1EEUb1Kv1C1D7BI6HusLWBwA=VAq2E_vnC2DSUjtbm3OLDDpujPc5nNbyE3Xo1XRyqag=yKFKF_3x27O3ktKXYqRV4aun7gHDy_1zgYxu0WWqn7M=

Peter

> On Nov 6, 2017, at 7:21 AM, Amar Padmanabhan  
wrote:
> 
> Hi all,
> What is the best way to model quota through ovs? Right now the best thing 
we could come up with is to periodically poll a flow stat and install a drop 
flow when the flow stat goes past the quota.
> Thanks
> - Amar
> ___
> discuss mailing list
> disc...@openvswitch.org
> 
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddiscuss=DwIFAg=5VD0RTtNlTh3ycd41b3MUw=1N_8hJDvy8eod04dYLy1EEUb1Kv1C1D7BI6HusLWBwA=VAq2E_vnC2DSUjtbm3OLDDpujPc5nNbyE3Xo1XRyqag=bqPmWPuy2G5w-_tH_DTOU-MA3BWnKG9ug5Xjx3liMzg=



___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Capacity/Quota in ovs/openflow

2017-11-06 Thread Peter Phaal 
Amar,

Open vSwitch includes sFlow / NetFlow instrumentation. Using flow data to drive 
your quota controller reduces the complexity of the OpenFlow rules since you no 
longer need granular rules to provide the traffic measurements. 

The following article describes building a quota controller using sFlow:

http://blog.sflow.com/2017/09/real-time-visibility-and-control-of.html

Peter

> On Nov 6, 2017, at 7:21 AM, Amar Padmanabhan  wrote:
> 
> Hi all,
> What is the best way to model quota through ovs? Right now the best thing we 
> could come up with is to periodically poll a flow stat and install a drop 
> flow when the flow stat goes past the quota.
> Thanks
> - Amar
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] Capacity/Quota in ovs/openflow

2017-11-06 Thread Amar Padmanabhan 
Hi all,
What is the best way to model quota through ovs? Right now the best thing we 
could come up with is to periodically poll a flow stat and install a drop flow 
when the flow stat goes past the quota.
Thanks
- Amar
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Problem on OpenVSwitch 2.8.1

2017-11-06 Thread Flavio Leitner 
On Tue, 31 Oct 2017 16:41:53 +0100
Fabio Zingaretti  wrote:

> Dear support,
> I’m testing OpenVSwitch version 2.8.1 on my infrastructure using CentOS7 , 
> but I’m having any problem , in particular: 
> 
> 1) I configured the VXLAN but if I perform a reboot of the server I lose the 
> VXLAN configuration and I have to perform again the configuration 

Look at /usr/share/doc/openvswitch/README.RHEL.rst to
see how to configure it in a persistent way.

> 2) I see the following error inside /var/log/messages :  “kernel: 
> openvswitch: ovs: recursion limit reached on datapath ovs-system, probable 
> configuration error”  but the configuration works properly…

I will be hard for us to help without more info.  There was a fix to control
how many recursions could happen, and your setup is most probably hitting it.

It can crash the kernel if you go beyond, see:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b064d0d88ae5280c7e878f79d0c9a8e2876a4d14


> I replicated the configuration that I used with old version of  OpenVSwitch. 

-- 
Flavio

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] nd_target is not working at IPv6

2017-11-06 Thread Andrey Ziltsov 
Sorry.

The answer for ICMP6 type 135 request is looks like following:

*# ovs-dpctl --more --names dump-flows filter="icmp6"*

ufid:fb335040-2772-448e-8fc3-c489754013da,
recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(bond0.6),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x86dd),ipv6(src=::/::,dst=::/::,label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),icmpv6(type=135,code=0/0),nd(target=::/::,sll=00:00:00:00:00:00/00:00:00:00:00:00,tll=00:00:00:00:00:00/00:00:00:00:00:00),
packets:10, bytes:860, used:0.275s, actions:vnet1

ufid:43e8508a-1164-419a-945d-dd0d7f57d0a2,
recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(vnet1),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x86dd),ipv6(src=::/::,dst=::/::,label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),icmpv6(type=136,code=0/0),nd(target=::/::,sll=00:00:00:00:00:00/00:00:00:00:00:00,tll=00:00:00:00:00:00/00:00:00:00:00:00),
packets:0, bytes:0, used:never, actions:bond0.6

2017-11-06 14:31 GMT+02:00 Andrey Ziltsov :

> Hallo!!!
>
> On external interface bond0.6 we have following traffic:
>
> *# tcpdump -e -nn -i bond0.6 icmp6 and ip6[40] == 135 | grep
> ::2:2::a5*
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on bond0.6, link-type EN10MB (Ethernet), capture size 262144
> bytes
> 13:39:28.724325 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
> (0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
> neighbor solicitation, who has ::2:2::a5, length 32
> 13:39:29.723075 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
> (0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
> neighbor solicitation, who has ::2:2::a5, length 32
> 13:39:30.723165 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
> (0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
> neighbor solicitation, who has ::2:2::a5, length 32
> 13:39:31.739472 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
> (0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
> neighbor solicitation, who has ::2:2::a5, length 32
> 13:39:32.738971 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
> (0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
> neighbor solicitation, who has ::2:2::a5, length 32
> 13:39:33.738933 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
> (0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
> neighbor solicitation, who has ::2:2::a5, length 32
> 13:39:34.755430 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
> (0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
> neighbor solicitation, who has ::2:2::a5, length 32
>
> The output of "ovs-appctl ofproto/trace" have a right output port in
> datapath action:
>
> *# ovs-appctl ofproto/trace public-switch
> in_port=1,icmp6,icmpv6_type=135,nd_target=::2:2::a5,dl_src=xx:xx:xx:1b:b3:67,dl_dst=33:33:ff:00:00:a5,ipv6_src=fe80:::xxff:fe1b:b367,ipv6_dst=ff02::1:ff00:a5*
> Flow: icmp6,in_port=1,vlan_tci=0x,dl_src=xx:xx:xx:1b:b3:
> 67,dl_dst=33:33:ff:00:00:a5,ipv6_src=fe80:::xxff:fe1b:
> b367,ipv6_dst=ff02::1:ff00:a5,ipv6_label=0x0,nw_tos=0,
> nw_ecn=0,nw_ttl=0,icmp_type=135,icmp_code=0,nd_target=
> ::2:2::a5,nd_sll=00:00:00:00:00:00,nd_tll=00:00:00:00:00:00
>
> bridge("public-switch")
> ---
>  0. icmp6,in_port=1,icmp_type=135, priority 10005, cookie 0x10005
> resubmit(,2)
>  2. icmp6,icmp_type=135,nd_target=::2:2::a5, priority 108, cookie
> 0x124994
> output:27
>
> Final flow: unchanged
> Megaflow: recirc_id=0,eth,icmp6,in_port=1,nw_frag=no,icmp_type=0x87/
> 0xff,nd_target=::2:2::a5
> Datapath actions: 3
>
>
> The output of "ovs-appctl dpif/show":
>
> *# ovs-appctl dpif/show*
> system@ovs-system: hit:479117438 missed:112792546
> public-switch:
> bond0.6 1/2: (system)
> public-switch 65534/1: (internal)
> vnet0 27/3: (system)
> vnet1 28/4: (system)
>
> The configuration file of external interface bond0.6:
>
> *# cat /etc/sysconfig/network-scripts/ifcfg-bond0.6 *
> DEVICE=bond0.6
> VLAN=yes
> ONBOOT=yes
> BOOTPROTO=static
>
> TYPE="OVSPort"
> DEVICETYPE="ovs"
> OVS_BRIDGE="public-switch"
>
>
> The configuration file of openvswitch bridge public-switch:
>
> *# cat /etc/sysconfig/network-scripts/ifcfg-public-switch *
> DEVICE=public-switch
> ONBOOT=yes
> BOOTPROTO=static
>
> TYPE="OVSBridge"
> DEVICETYPE="ovs"
>
>
> For example, the answer for ICMP6 type 135 request is looks like
> following:
>
> *# ovs-dpctl --more --names dump-flows filter="icmp6"*
>
> ufid:c171538c-9800-472c-9666-253f1873f478,

Re: [ovs-discuss] nd_target is not working at IPv6

2017-11-06 Thread Andrey Ziltsov 
Hallo!!!

On external interface bond0.6 we have following traffic:

*# tcpdump -e -nn -i bond0.6 icmp6 and ip6[40] == 135 | grep
::2:2::a5*
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0.6, link-type EN10MB (Ethernet), capture size 262144 bytes
13:39:28.724325 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
(0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
neighbor solicitation, who has ::2:2::a5, length 32
13:39:29.723075 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
(0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
neighbor solicitation, who has ::2:2::a5, length 32
13:39:30.723165 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
(0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
neighbor solicitation, who has ::2:2::a5, length 32
13:39:31.739472 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
(0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
neighbor solicitation, who has ::2:2::a5, length 32
13:39:32.738971 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
(0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
neighbor solicitation, who has ::2:2::a5, length 32
13:39:33.738933 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
(0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
neighbor solicitation, who has ::2:2::a5, length 32
13:39:34.755430 xx:xx:xx:1b:b3:67 > 33:33:ff:00:00:a5, ethertype IPv6
(0x86dd), length 86: fe80:::xxff:fe1b:b367 > ff02::1:ff00:a5: ICMP6,
neighbor solicitation, who has ::2:2::a5, length 32

The output of "ovs-appctl ofproto/trace" have a right output port in
datapath action:

*# ovs-appctl ofproto/trace public-switch
in_port=1,icmp6,icmpv6_type=135,nd_target=::2:2::a5,dl_src=xx:xx:xx:1b:b3:67,dl_dst=33:33:ff:00:00:a5,ipv6_src=fe80:::xxff:fe1b:b367,ipv6_dst=ff02::1:ff00:a5*
Flow:
icmp6,in_port=1,vlan_tci=0x,dl_src=xx:xx:xx:1b:b3:67,dl_dst=33:33:ff:00:00:a5,ipv6_src=fe80:::xxff:fe1b:b367,ipv6_dst=ff02::1:ff00:a5,ipv6_label=0x0,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=135,icmp_code=0,nd_target=::2:2::a5,nd_sll=00:00:00:00:00:00,nd_tll=00:00:00:00:00:00

bridge("public-switch")
---
 0. icmp6,in_port=1,icmp_type=135, priority 10005, cookie 0x10005
resubmit(,2)
 2. icmp6,icmp_type=135,nd_target=::2:2::a5, priority 108, cookie
0x124994
output:27

Final flow: unchanged
Megaflow:
recirc_id=0,eth,icmp6,in_port=1,nw_frag=no,icmp_type=0x87/0xff,nd_target=::2:2::a5
Datapath actions: 3


The output of "ovs-appctl dpif/show":

*# ovs-appctl dpif/show*
system@ovs-system: hit:479117438 missed:112792546
public-switch:
bond0.6 1/2: (system)
public-switch 65534/1: (internal)
vnet0 27/3: (system)
vnet1 28/4: (system)

The configuration file of external interface bond0.6:

*# cat /etc/sysconfig/network-scripts/ifcfg-bond0.6 *
DEVICE=bond0.6
VLAN=yes
ONBOOT=yes
BOOTPROTO=static

TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="public-switch"


The configuration file of openvswitch bridge public-switch:

*# cat /etc/sysconfig/network-scripts/ifcfg-public-switch *
DEVICE=public-switch
ONBOOT=yes
BOOTPROTO=static

TYPE="OVSBridge"
DEVICETYPE="ovs"


For example, the answer for ICMP6 type 135 request is looks like following:

*# ovs-dpctl --more --names dump-flows filter="icmp6"*

ufid:c171538c-9800-472c-9666-253f1873f478,
recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(bond0.6),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x86dd),ipv6(src=::/::,dst=::/::,label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),icmpv6(type=135,code=0/0),nd(target=::/::,sll=00:00:00:00:00:00/00:00:00:00:00:00,tll=00:00:00:00:00:00/00:00:00:00:00:00),
packets:115, bytes:9890, used:0.752s, actions:vnet1

ufid:9b2cf37e-52c1-4874-bb9f-d21bd319c054,
recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(vnet1),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x86dd),ipv6(src=::/::,dst=::/::,label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),icmpv6(type=136,code=0/0),nd(target=::/::,sll=00:00:00:00:00:00/00:00:00:00:00:00,tll=00:00:00:00:00:00/00:00:00:00:00:00),
packets:79, bytes:6794, used:0.760s, actions:drop

If we add two flows as following:

 cookie=0x1, table=3, priority=1 actions=output:"bond0.6"
 cookie=0x10005, priority=10005,icmp6,in_port=vnet1,icmp_type=136
actions=resubmit(,3)


2017-11-03 20:04 GMT+02:00 Ben Pfaff :

> On Fri, Nov 03, 2017 at 04:18:25PM +0200, Andrey Ziltsov wrote:
> > Hallo!!!
> >
> > We have a problem with flow field "nd_target" at IPv6.
> >
> > For example.
> >
> > We have two VM with