[ovs-discuss] Connect ONOS VM as controller for the open vSwitch.

2019-07-24 Thread George Moudatsakis 

Hello,

i created a topology in GNS3 and added the open vSwitch appliance. I 
want to add the ONOS vm as the controller of the switch


but i can't. I activated OpenFlow on the bridge with the ports i want, 
set the fail mode as secure, and used the command


ovs-vsctl set-controller br0 tcp::PORT and

got no errors but the switch can't find the device.

Am i missing something?

Thank you in advance.

G.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] output action into write-actions vs apply-actions instructions

2019-07-24 Thread Ben Pfaff 
See inline below.

On Wed, Jul 24, 2019 at 02:22:23PM +0300, bogun.dmit...@gmail.com wrote:
> I am not sure that I have used correct syntax to "define" 2 vlans on packet
> for ofproto/trace... but here what I got for my rules setup:

I can see what's going on.
 
> root@b9b4eb92ef34:/app/lab# ovs-appctl ofproto/trace system
> 'in_port(6),eth(src=00:11:22:33:44:55,dst=ff:ff:ff:ff:ff:ff),eth_type(0x8100),vlan(vid=127,pcp=0),encap(eth_type(0x8100),vlan(vid=128,pcp=0),encap(eth_type(0x0806)))'
> Flow:
> arp,in_port=2,dl_vlan=127,dl_vlan_pcp=0,dl_vlan1=128,dl_vlan_pcp1=0,dl_src=00:11:22:33:44:55,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=0.0.0.0,arp_tpa=0.0.0.0,arp_op=0,arp_sha=00:00:00:00:00:00,arp_tha=00:00:00:00:00:00
> 
> bridge("A")
> ---

First, table 0 goes to table 1, then in table 1 there's a write_actions
that outputs to TABLE.

>  0. priority 0, cookie 0x2140001
> goto_table:1
>  1. in_port=2,dl_vlan=127, priority 16384, cookie 0x2160001
> pop_vlan
> write_actions(TABLE)
>  -> action set is: TABLE
> write_metadata:0x4007f/0x40fff

Then we execute the action set:

> --. Executing action set:
> TABLE
>  0. priority 0, cookie 0x2140001
> goto_table:1
>  1. metadata=0x4007f/0x40fff,in_port=2,dl_vlan=128,
> priority 16394, cookie 0x2160001
> pop_vlan
> write_metadata:0x102160001/0x1
> goto_table:2
>  2. arp,metadata=0x102160001/0x1, priority 16384, cookie
> 0x2160001
> TABLE
>  0. metadata=0x1/0x1, priority 24676, cookie
> 0x2140001
> write_metadata:0x2/0x2
> goto_table:2
>  2. metadata=0x302160001/0x3, priority 24576,
> cookie 0x2160001
> write_actions(CONTROLLER:0)
>  -> action set is: CONTROLLER:0
> goto_table:3

At the end of the flow table traversal by the action set, there's
another action set that outputs to port 1:

>  3. metadata=0x102160001/0x1, priority 16384, cookie
> 0x2160001
> push_vlan:0x8100
> set_field:4351->vlan_vid
> write_actions(output:1)
>  -> action set is: output:1

However, OVS doesn't execute action sets in a recursive manner (I don't
believe that's a reasonable thing to do), so that's where everything
ends.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] output action into write-actions vs apply-actions instructions

2019-07-24 Thread bogun . dmitriy 
I am not sure that I have used correct syntax to "define" 2 vlans on packet
for ofproto/trace... but here what I got for my rules setup:

root@b9b4eb92ef34:/app/lab# ovs-appctl ofproto/trace system
'in_port(6),eth(src=00:11:22:33:44:55,dst=ff:ff:ff:ff:ff:ff),eth_type(0x8100),vlan(vid=127,pcp=0),encap(eth_type(0x8100),vlan(vid=128,pcp=0),encap(eth_type(0x0806)))'
Flow:
arp,in_port=2,dl_vlan=127,dl_vlan_pcp=0,dl_vlan1=128,dl_vlan_pcp1=0,dl_src=00:11:22:33:44:55,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=0.0.0.0,arp_tpa=0.0.0.0,arp_op=0,arp_sha=00:00:00:00:00:00,arp_tha=00:00:00:00:00:00

bridge("A")
---
 0. priority 0, cookie 0x2140001
goto_table:1
 1. in_port=2,dl_vlan=127, priority 16384, cookie 0x2160001
pop_vlan
write_actions(TABLE)
 -> action set is: TABLE
write_metadata:0x4007f/0x40fff
--. Executing action set:
TABLE
 0. priority 0, cookie 0x2140001
goto_table:1
 1. metadata=0x4007f/0x40fff,in_port=2,dl_vlan=128,
priority 16394, cookie 0x2160001
pop_vlan
write_metadata:0x102160001/0x1
goto_table:2
 2. arp,metadata=0x102160001/0x1, priority 16384, cookie
0x2160001
TABLE
 0. metadata=0x1/0x1, priority 24676, cookie
0x2140001
write_metadata:0x2/0x2
goto_table:2
 2. metadata=0x302160001/0x3, priority 24576,
cookie 0x2160001
write_actions(CONTROLLER:0)
 -> action set is: CONTROLLER:0
goto_table:3
 3. metadata=0x102160001/0x1, priority 16384, cookie
0x2160001
push_vlan:0x8100
set_field:4351->vlan_vid
write_actions(output:1)
 -> action set is: output:1

Final flow:
arp,metadata=0x702160001,in_port=2,dl_vlan=255,dl_vlan_pcp=0,vlan_tci1=0x,dl_src=00:11:22:33:44:55,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=0.0.0.0,arp_tpa=0.0.0.0,arp_op=0,arp_sha=00:00:00:00:00:00,arp_tha=00:00:00:00:00:00
Megaflow:
recirc_id=0,eth,arp,in_port=2,dl_vlan=127,dl_vlan1=128,dl_vlan_pcp1=0
Datapath actions: drop

Flows dump:

root@b9b4eb92ef34:/app/lab# ovs-ofctl --no-stats -OOpenFlow13 dump-flows A
 cookie=0x2140001, priority=24676,metadata=0x1/0x1
actions=write_metadata:0x2/0x2,goto_table:2
 cookie=0x2140002, priority=24576,in_port="A-1" actions=goto_table:4
 cookie=0x2140001, priority=0 actions=goto_table:1
 cookie=0x2160001, table=1,
priority=16394,metadata=0x4007f/0x40fff,in_port="A-2",dl_vlan=128
actions=pop_vlan,write_metadata:0x102160001/0x1,goto_table:2
 cookie=0x2160001, table=1, priority=16384,in_port="A-2",dl_vlan=127
actions=pop_vlan,write_actions(TABLE),write_metadata:0x4007f/0x40fff
 cookie=0x2140001, table=1, priority=0 actions=drop
 cookie=0x2160001, table=2,
priority=24576,metadata=0x302160001/0x3
actions=write_actions(CONTROLLER:0)
 cookie=0x2140001, table=2,
priority=24566,metadata=0x2/0x2 actions=drop
 cookie=0x2160001, table=2,
priority=16384,arp,metadata=0x102160001/0x1
actions=TABLE,goto_table:3
 cookie=0x2140001, table=2, priority=0 actions=goto_table:3
 cookie=0x2160001, table=3,
priority=16384,metadata=0x102160001/0x1
actions=push_vlan:0x8100,set_field:4351->vlan_vid,write_actions(output:"A-1")
 cookie=0x2140001, table=3, priority=0 actions=drop
 cookie=0x2160001, table=4, priority=16384,in_port="A-1",dl_vlan=255
actions=set_field:4224->vlan_vid,push_vlan:0x8100,set_field:4223->vlan_vid,write_actions(output:"A-2")

And  ovs "layout" (forgot to include it in original message):
982ed09e-e3b2-4e38-968f-d07281901994
Bridge A
Controller "tcp:172.25.0.8:6653"
is_connected: true
fail_mode: secure
Port "A-1"
Interface "A-1"
Port "A-2"
Interface "A-2"
Port A
Interface A
type: internal
Bridge aswitch
fail_mode: secure
Port aswitch
Interface aswitch
type: internal
Bridge B
Controller "tcp:172.25.0.8:6653"
is_connected: true
fail_mode: secure
Port "B-1"
Interface "B-1"
Port "B-2"
Interface "B-2"
Port B
Interface B
type: internal
ovs_version: "2.10.0"

вт, 23 июл. 2019 г. в 20:15, Ben Pfaff :

> On Tue, Jul 23, 2019 at 01:40:49PM +0300, bogun.dmit...@gmail.com wrote:
> > My question is - why traffic does not forward on A-1 despite action
> > "output:A-1" into write-actions set into last matched rule?
>
> ofproto/trace probably would help figure this out.  Please try it and
> paste the output.
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] [OVN] Site-to-site IPSec VPN support?

2019-07-24 Thread zhi 
Hi, all
Recently, we are using OVN as our MEC( Multi-access Edge Computing )
networking platform. There is a demand for IPSec. We want to set up IPSec
tunnels between a logical switch and the other logical switch or logical
switch and other external service providers.
I think that IPSec VPN can implement this demand.

But in terms of OVN architecture, OVN has ability to encrypted tunnels by
IPSec now. Unfortunately, OVN doesn't support site-to-site IPSec VPN right
now, isn't it?

If we want to set up site-to-site IPSec tunnels between OVN and the other
external service providers, what should we do?
Could anyone give me some advice?


Thanks
Zhi Chang
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss