Re: [ovs-discuss] flow table in standalone mode

[Ben Pfaff]

On Tue, Sep 11, 2018 at 05:05:15PM +0800, sun joe wrote:
> I'm trying to  pack OVS into a fibre modem to build a vCPE controlled
> by ODL。Reading  those documents describing interaction between OVS and ODL，
> it seems flow tables should be controlled by ODL and initialized by ODL.
> 
> But,  as u all know  we could not guarantee controller is available all
> the time, and vCPE should consider such situation and  should be able to
> provide service without controller . To deal with this situation OVS
> fail-mode  should be set to  standalone to make vCPE work.
> 
> Testing with  mininet , it is  found   ovs continue working  in
> standalone mode , but I could not set up   a  basic flow-table other than
> OVS works just like a L2 switch.
> 
>   What  I   want to know is , could it be possible to setup a basic
> flow table in vCPE situation?   that is , when controller is out of
> connection  vCPE could work  with basic flow tables with more than one
> table?

This could be done by running a controller locally on the vCPE.  OVS
doesn't currently support such a configuration without a local
controller.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS Faucet tutorial broken

[Ben Pfaff]

On Thu, Sep 13, 2018 at 09:33:54AM +1200, Brad Cowie wrote:
> On 31 August 2018 at 08:05, Ben Pfaff  wrote:
> 
> > > Well, that wouldn't be too hard, I guess.  It's too bad that there's no
> > > way with a Table Features Request to just modify *some* of the
> > > properties of a table (such as the name).  I guess that Faucet would
> > > have to spit back at OVS all the capabilities that OVS says it supports,
> > > and then OVS would have to verify that it was actually the same.  That
> > > seems a little prone to error, but probably we could get it right.
> >
> > It was more work than I expected (what isn't?) but I did finish it:
> > https://patchwork.ozlabs.org/project/openvswitch/list/?series=63372
> > or
> > https://github.com/blp/ovs-reviews/tree/multipart-requests2
> 
> 
> 
> Perfect,
> 
> We had a play internally with mod-table and it seems to work.
> We are a little swamped at faucet at the moment due to some
> impending deployment deadlines but I have raised a feature
> request against faucet to use the new code:
> 
> https://github.com/faucetsdn/faucet/issues/2420
> 
> I have also submitted a patch upstream for updating the faucet
> tutorial, do let me know if you want any changes!
> 
> https://mail.openvswitch.org/pipermail/ovs-dev/2018-September/352046.html

Thanks a lot!

The series hasn't been reviewed yet; if I don't get a review in the next
week or two, maybe I'll apply it and add a Tested-by from you.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] What is the best way to map a VTEP flow to an internal port?

[Ben Pfaff]

On Sat, Sep 15, 2018 at 07:40:11PM -0600, Grant Taylor via discuss wrote:
> What is the best way to map a specific flow ID coming in a VTEP to a
> specific internal port?
> 
> # ovs-vsctl add-br br0
> 
> # ovs-vsctl add-port br0 port0 -- set interface port0 type=internal -- set
> port port0 tag=100
> 
> # ovs-vsctl add-port br0 port1 -- set interface port1 type=internal -- set
> port port1 tag=101
> 
> # ovs-vsctl add-port br0 vtep0 -- set interface vtep0 type=vxlan
> options:remote_ip=192.0.2.1 options:key=flow
> 
> I want VNI / flow 100 to go to port0 and VNI / flow 101 to go to port1.
> 
> Do I need to map the VNIs to a VLAN (possibly via OpenFlow?) and then assign
> a VLAN to the internal port?
> 
> Is there a way to associate an internal port with a specific VNI / flow like
> there is a a way to associate a specific VLAN (tag=$VID)?

Something like this?  I have not tested it.

ovs-vsctl add-port br0 port0 -- set interface port0 type=internal -- set port 
port0 tag=100
ovs-vsctl add-port br0 port1 -- set interface port1 type=internal -- set port 
port1 tag=101
ovs-vsctl add-port br0 vtep0 -- set interface vtep0 type=vxlan 
options:remote_ip=192.0.2.1 options:key=100 tag=100
ovs-vsctl add-port br0 vtep1 -- set interface vtep1 type=vxlan 
options:remote_ip=192.0.2.1 options:key=101 tag=101
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] line 17: /usr/local/share/openvswitch/scripts/ovs-lib: No such file or directory

[Ben Pfaff]

On Fri, Sep 14, 2018 at 10:36:02PM +, Paul Greenberg wrote:
> Running the latest:
> 
> https://github.com/openvswitch/ovs/commit/cd2c1d3b1e03b41f0e2c964fcbdb1e82cde7c794
> 
> An attempt to start "ovs-vswitchd.service" fails:
> 
> ovs-ctl[2078]: /usr/share/openvswitch/scripts/ovs-kmod-ctl: line 17: 
> /usr/local/share/openvswitch/scripts/ovs-lib: No such file or directory
>  
> The "/usr/local/share/openvswitch/scripts/ovs-lib" does not exists, but 
> "/usr/share/openvswitch/scripts/ovs-lib"
> 
> Once I amended the line 17 to "/usr/share/openvswitch/scripts/ovs-lib", 
> things started working.

Usually, this kind of mismatch means that OVS scripts were installed in
a directory different from the one that was configured.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] line 17: /usr/local/share/openvswitch/scripts/ovs-lib: No such file or directory

[Gregory Rose]

On 9/14/2018 3:36 PM, Paul Greenberg wrote:

Running the latest:

https://github.com/openvswitch/ovs/commit/cd2c1d3b1e03b41f0e2c964fcbdb1e82cde7c794

An attempt to start "ovs-vswitchd.service" fails:

ovs-ctl[2078]: /usr/share/openvswitch/scripts/ovs-kmod-ctl: line 17: 
/usr/local/share/openvswitch/scripts/ovs-lib: No such file or directory
  
The "/usr/local/share/openvswitch/scripts/ovs-lib" does not exists, but "/usr/share/openvswitch/scripts/ovs-lib"


Once I amended the line 17 to "/usr/share/openvswitch/scripts/ovs-lib", things 
started working.


Martin,

I'm seeing this as well - do you think it's related to your recent changes?

Thanks,

- Greg


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] VXLAN over IPSec - what's wrong

[Sebastian Pitei]

Hi everyone,

I'm trying to build a simple OVS setup as follows:
-two OVS switches (on separate machines), both having one physical port 
(enp0s10) and a virtual one (vxlan0), on the same br0 bridge.
-each br0 has a manually set IPv6 address that's being used as source and 
destination for the VXLAN tunnel.

[Scenario 1]
-VXLAN comes up, traffic flows from the physical interface to the VXLAN tunnel 
and vice-versa

[Scenario 2]
-I've added strongswan and configured host-to-host IPSec encryption, but 
unfortunately traffic is not passing between briges.

Am I missing something? Is there another way to do this? I'm pasting below my 
configuration, maybe it helps

[bridge-config]
Bridge "br0"
Controller "tcp:[fd00::100]"
fail_mode: secure
Port "br0"
Interface "br0"
type: internal
Port "vxlan0"
Interface "vxlan0"
type: vxlan
options: {key="1000", local_ip="fd00::10", remote_ip="fd00::11"}
Port "enp0s10"
Interface "enp0s10"
ovs_version: "2.9.0"

[openflow-flows]
cookie=0x0, duration=86993.364s, table=0, n_packets=168419, n_bytes=16303712, 
in_port=enp0s10 actions=output:vxlan0
 cookie=0x0, duration=86992.812s, table=0, n_packets=167802, n_bytes=16266100, 
in_port=vxlan0 actions=output:enp0s10

[strongswan_ipsec.conf]

conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
authby=secret
mobike=no

conn host-host
left=fd00::10
leftid=fd00::10
right=fd00::11
rightid=fd00::11
auto=route


Thx,
Seb
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Connection to VM issue

[Flavio Leitner]

On Fri, Sep 14, 2018 at 11:22:55AM +, Polossat, Arnaud [FR] wrote:
> Hello,
> 
> I would like to connect a CentOS 7 virtual machine to an Open
> vSwitch 2.5.0 (OVS) with SSH. The OVS is installed on a CentOS 7
> physical server and the VM, which runs on the same server, is
> managed with VirtualBox. The interface in the OVS, called vnet7, is
> internal type, and has been added in VirtualBox as a Bridge.
> I put the IP address 10.0.0.8/28 in the OVS to enable it to
> communicate with the VM (the latter has the IP address 10.0.0.7/28).
> Here is a schema of the configuration:
> [Schema]

I don't know how VirtualBox will make it available through bridge but
sounds like you're seeing a routing issue. Though you say it's not.
On each side, run
# ip route get  

and check if the interface is indeed the correct one.


fbl

> 
> The setup of OVS is as follows:
> ovs-vsctl add-br ovs1
> ovs-vsctl add-port ovs1 vnet7
> ovs-vsctl set Interface vnet7 type=internal
> ip link set vnet7 up
> ip addr add 10.0.0.8/28 dev ovs1
> ip link set ovs1 up
> 
> In the server and the VM, ip routes are correct, there is no Iptables, 
> Firewalld is disabled and SELinux is in permissive mode.
> However, I do not manage to connect the VM to the OVS with SSH (or conversely 
> to connect the server with OVS to the VM) whereas Nmap shows that port 22 is 
> open.
> In addition, I completed several tests:
> 
> * I can ping the OVS from the VM, and the VM from the physical server.
> 
> * UDP traffic generated with Iperf from the VM to the server is also 
> working, but not conversely.
> 
> * If I connect another VM to the OVS (still installed on the same 
> server), the 2 VMs are able to communicate with TCP.
> 
> For example, a tcpdump in the server while launching a ssh 10.0.0.8 from the 
> VM shows:
> 
> [cid:image004.jpg@01D44C2E.0B4A1CC0]
> 
> The server receives SYN flags but doesn't reply with an ACK.
> 
> A tcpdump in the VM while launching a ssh 10.0.0.7 form the server with the 
> OVS shows:
> 
> [cid:image006.jpg@01D44C2E.0B4A1CC0]
> 
> Flags are diverse but the TCP session remains not established.
> 
> Surprisingly, the result differs sometimes. In the server after a ssh from 
> the VM:
> 
> [Tcpdump SSH server 2]
> 
> In the VM after a ssh from the server:
> 
> [Tcpdump SSH VM 2]
> 
> Do you have any idea about this kind of issue and the way to solve it?
> 
> Thank you very much in advance for answering my question.
> 
> Best regards,
> 
> Arnaud POLOSSAT
> Airbus Defence and Space
> 1, Bvd Jean Moulin, CS 40001
> 78 996 Elancourt Cedex, France
> E-mail: arnaud.polos...@fr.airbus.com
> 
> 
> ***
> Ce courriel (incluant ses eventuelles pieces jointes) peut contenir des 
> informations confidentielles et/ou protegees ou dont la diffusion est 
> restreinte. Si vous avez recu ce courriel par erreur, vous ne devez ni le 
> copier, ni l'utiliser, ni en divulguer le contenu a quiconque. Merci d'en 
> avertir immediatement l'expediteur et d'effacer ce courriel de votre systeme. 
> Airbus Defence and Space et les sociétés Airbus Group declinent toute 
> responsabilite en cas de corruption par virus, d'alteration ou de 
> falsification de ce courriel lors de sa transmission par voie electronique.
> This email (including any attachments) may contain confidential and/or 
> privileged information or information otherwise protected from disclosure. If 
> you are not the intended recipient, please notify the sender immediately, do 
> not copy this message or any attachments and do not use it for any purpose or 
> disclose its content to any person, but delete this message and any 
> attachments from your system. Airbus Defence and Space and Airbus Group 
> companies disclaim any and all liability if this email transmission was virus 
> corrupted, altered or falsified. 
> -
> Airbus Defence and Space SAS (393 341 516 RCS Toulouse) - Capital: 29.821.072 
> EUR - Siege social: 31 rue des Cosmonautes, ZI du Palays, 31402 Toulouse 
> cedex 4, France






> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


-- 
Flavio


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] [ovs-dev] [PATCH v2] [PATCH] QinQ: support more vlan headers.

[Eric Garver]

On Tue, Sep 11, 2018 at 01:10:09AM +, Lilijun (Jerry, Cloud Networking) 
wrote:
> Thanks for your reply.
> 
> In my use case, it's OVS userspace datapath with dpdk.
> 
>  My detail case was a bit complicated as follows:
> 1. Start the OVS userspace datapath with dpdk in my host server. 
> 2. A VM was running and the VNIC's  vhostuser port on the userspace datapath 
> is configured as QinQ  mode, qinq-ethtype 802.1q.
> 3. Another kernel OVS is running in that VM to switch packets of some 
> containers. Then the container's VNIC port on the kernel datapath is also 
> configured as QinQ  Mode, qinq-ethtype=802.1q .
> 4. So when the container sends a packet with VLAN tag,  the OVS running in 
> the host will receive a packet with 2 VLANS from the VM.
> 5. Here the QinQ is not worked when we need 3 VLANs. 
> 
> Yes, VXLAN or PBB can work but we need change our basic  network topology and 
> push/pop for every packets.  That maybe the last choice if QinQ can't support 
> triple VLAN.

There is still a push/pop for the third VLAN tag.

I'm not sure it makes sense to support the extra VLANs in upstream OVS.
This is non-standard and there are alternatives such as VXLAN. If it
wasn't splitting the MPLS labels across cache lines then it would be a
harmless change.

> 
> -Original Message-
> From: Ben Pfaff [mailto:b...@ovn.org] 
> Sent: Tuesday, September 11, 2018 3:33 AM
> To: Eric Garver ; Lilijun (Jerry, Cloud Networking) 
> ; d...@openvswitch.org; ovs-discuss@openvswitch.org
> Subject: Re: [ovs-discuss] [PATCH v2] [ovs-dev] [PATCH] QinQ: support more 
> vlan headers.
> 
> On Mon, Sep 10, 2018 at 03:15:21PM -0400, Eric Garver wrote:
> > On Mon, Sep 10, 2018 at 03:03:19AM +, Lilijun (Jerry, Cloud Networking) 
> > wrote:
> > > Hi Eric,
> > > 
> > > Yes, I agree with that effect. 
> > > But how about this issue of QinQ that we can only support at most 2 VLANs 
> > > ?  Do you have any ideas?
> > 
> > I was not NACKing the idea. Just wanted everyone to understand the 
> > implications of increasing the VLAN field size.
> > 
> > I tried playing with the fields, but didn't come with a reasonable way 
> > to rearrange them to make room for the extra VLANs.
> > 
> > I'm curious what you're use case is for triple VLAN. I wonder if VXLAN 
> > or PBB (802.1ah) is a better solution.
> 
> I'd also like to know what datapath we're talking about.  The Linux kernel 
> datapath only supports 2 VLANs in any case.
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Starting OVS w/ DPDK ...

[Flavio Leitner]

On Thu, Sep 13, 2018 at 04:56:51PM +0200, Andrzej Ostruszka wrote:
> First of all, thank you for your reply Flavio.
> 
> On 12.09.2018 19:33, Flavio Leitner wrote:
> > On Wed, Sep 12, 2018 at 09:21:18AM +0200, Andrzej Ostruszka wrote:
> [...]
> >> but when I try to start the vswitchd I'm getting errors:
> >>
> >> # ovs-ctl --no-ovsdb-server start
> > 
> > I don't know which OVS version is this and it may be because ovs-ctl
> > is trying to load the module or because ovs-vswitchd is doing that.
> > So, running sh -x ovs-ctl ... might shed a bit of light.
> 
> The version is 2.9.2 (build from git tag v2.9.2 with the previously
> mentioned configure line).
> 
> This is the ovs-ctl that is unconditionally trying to load modules.
> 
> start -> start_ovsdb & start_forwarding
> start_forwarding -> do_start_forwarding -> insert_mod_if_required

Yeah, the initialization scripts doesn't know what is in the db, so
it seems convenient to just load the module.
 
> and "if_required" part of that function only skips loading if module is
> already present or there is no support in kernel for modules.  Below are
> some snippets from "sh -x
> /usr/local/ovs/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server start"
[...]
> modprobe: ERROR: could not insert 'openvswitch': Unknown symbol in
> module, or unknown parameter (see d
> mesg)

You can work around that in modprobe.conf, e.g.:
install openvswitch /bin/true

> I'm not sure why openvswitch module is needed in case of using DPDK
> based ports.  That might be just the case of documentation not being up
> to date (in case it is needed) or missing checks in ovs-ctl (in case it
> can be skipped for DPDK based switching).

I suspect it is the latter.
 
> Anyway I've decided to reconfigure my kernel to match requirements of
> openvswitch module (some config options were missing) and now I have
> some progress (I load Marvell's modules, configure huge pages first,
> then I start db and set dpd-init to true - as previously):
> 
> # ovs-ctl --no-ovsdb-server start
>  * Starting ovs-vswitchd
> 
>  * Enabling remote OVSDB managers
> 
> # ovs-ctl status
> ovsdb-server is running with pid 2928
> 
> ovs-vswitchd is running with pid 3055
> 
> # ovs-vsctl show
> 78e4732f-e2e1-4784-971c-f4d67e163a26
> 
> Bridge "br0"
> 
> Port "br0"
> 
> Interface "br0"
> 
> type: internal
> 
> ovs_version: "2.9.2"
> 
> 
> so it looks like I'm good to go but I get problems when I try to add
> ports to it.

BTW the bridge 'br0' also needs to be in the userspace DP.

 
> # ovs-vsctl add-port br0 port0 -- set Interface port0 type=dpdk
> options:dpdk-devargs=eth_mvpp20,iface=eth0 ofport_request=1
> 
> [ 7156.926062] pgd = ffc23465a000
> 
> [ 7156.927215] pgd = ffc23465a000
> 
> [ 7156.927278] [0008] *pgd=000235346003, *pud=000235346003,
> *pmd=
> [ 7156.941365] [] *pgd=000235346003, *pud=000235346003,
> *pmd=
> [ 7161.622915] pgd = ffc1ddd54000
> 
> [ 7161.622938] [0008] *pgd=0001ddd55003, *pud=0001ddd55003,
> *pmd=
> 
> and I don't get command prompt again unless I interrupt with ^C.
> I have no idea what ofport_request=1 is for - I'm just copying from the
> docs (I assume this just gives id to port).  This type of log is

The ofport_request tells the switch that you want a specific OpenFlow
port ID for that port. If you don't provide it, then the vswitch will
get the next available to you.

> periodic - ovs-vswitchd seems to be crashing and is being periodically
> restarted.  In dmesg I see periodic entries as in [1] and in
> var/run/openvswitch I get ovs-vswitchd.PID.ctl sockets being added.
> 
> So I infer that for some reason vswitchd is crashing and I'd like to
> investigate that.  Any tips on how could I proceed with it?

Look at ovs-vswitchd.log and possibly the core dump file.

OVS can start the monitoring threads, then if the vswitchd crashes, it
will try to bring it up again.  There are some safe guards there to
avoid loops.

> Best regards
> Andrzej
> 
> [1] example of dmesg entry:
> --8<

I'd say to stop trying with OVS and try ``testpmd´´ from DPDK directly and
see if you can get it working. It is the simplest possible scenario
where you can tell that at least the bare bones are working.

> [10262.208121] CMA: total alloc 314, total free: 314 (garbage 1)
> [10271.717382] CMA buffer allocated: size = 41943040 Bytes, kvaddr =
> ffc1de5f6000, paddr = 0xb050
> 
> [10271.717458] CMA buffer remapped: vm_start=0x7f3c80, size =
> 41943040 bytes, paddr = 0xb050
> [10271.893887] pmd8[6947]: unhandled level 2 translation fault (11) at
> 0x, esr 0x9206
> [10271.893893] pgd = ffc1de506000
> [10271.893957] [6936]: unhandled level 2 translation fault (11) at
> 0x0008, esr 0x9206
> [10271.893958] pgd = ffc1de506000
> [10271.893962] [0008] *pgd=0001dde36003, *pud=0001dde36003,
>