[ovs-discuss] match ethertype when packet with multiple vlan tags
Hello, I have a problem with matching ethertype when the packet with vlan tags. My testing environment is Ubuntu 16 in vmware fusion, mininet 2.2.2rc1, openvswitch 2.7.90 With these cases: case 1: packet with vlan=100,ethertype=arp case 2: packet with vlan=2000,vlan=100,ethertype=arp The result of cases: case 1 can be matched by vlan=100 and ethertype=arp fields in a flow entry case 2 can be matched only by vlan=2000 and ethertype=0x8100 fields in a flow entry But I read some informations from OpenFlow Spec 1.1, that says about "match ethertype after all vlan tags". Is the resulf of case 2 should be matched vlan=2000 and ethertype=arp? Thanks for your reply. best wishes, Dickens Yeh ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] match ethertype when packet with multiple vlan tags
Thanks for your response. I know that if I have to match multiple vlan tags, it have to pop the outer vlan. But I think my question are not the matching vlan tags in multiple vlan, my question is matching the first vlan tag and the correct ethertype that OpenFlow Spec defined ( the ethertype after all vlan tags ), not the case that match multiple vlan tags in a single flow entry. For example, that packet header like 0012 8100 00d0 8060 0010800060400010012c0a 80202c0a80302 In the view of ethernet, the ethertype should be 8100, that's not a problem. In the view of openflow spec match, the ethertype should be 0806 ( ARP ), the ethertype match after vlan tags In the view of OVS match, the etherype is 0806, the result is matching with spec. Then, if the packet header like 0012 88a8 00c0 8100 00d0 8060 0010800060400010012c0a80202c0a80302 In the view of ethernet, the ethertype should be 88a8, the same result with one vlan tag. In the view of openflow spec match, the ethertype should be 0806 ( ARP ) In the view of OVS match, the ethertype is 8100, not 0806. I think the result is strange, but I don't know that it's an issue or something else. Is there any ideas? or I misunderstand something. best wishes, Dickens Yeh 2017-04-18 0:35 GMT+08:00 Ben Pfaff : > On Mon, Apr 17, 2017 at 10:51:08AM -0400, Eric Garver wrote: > > On Mon, Apr 17, 2017 at 01:26:37PM +0800, Dickens Yeh wrote: > > > Hello, > > > I have a problem with matching ethertype when the packet with vlan > tags. > > > My testing environment is Ubuntu 16 in vmware fusion, mininet 2.2.2rc1, > > > openvswitch 2.7.90 > > > > > > With these cases: > > > case 1: packet with vlan=100,ethertype=arp > > > case 2: packet with vlan=2000,vlan=100,ethertype=arp > > > > > > The result of cases: > > > case 1 can be matched by vlan=100 and ethertype=arp fields in a flow > entry > > > case 2 can be matched only by vlan=2000 and ethertype=0x8100 fields in > a > > > flow entry > > > > > > But I read some informations from OpenFlow Spec 1.1, that says about > "match > > > ethertype after all vlan tags". > > > Is the resulf of case 2 should be matched vlan=2000 and ethertype=arp? > > > > Until very recently openvswitch only supported a single VLAN tag. > > Current master branch has support for 802.1ad/QinQ and can match the ARP > > EtherType as you wish in case 2 above. > > I think that OVS still doesn't have the ability to match multiple VLAN > tags in a single flow entry. I think that you have to match one, then > pop it and match the second one in another flow lookup. > ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] match ethertype when packet with multiple vlan tags
Yes, I use the master branch and set with vlan-limit=0. The line 362 says "e.g. a packet with more 802.1q headers will match Ethernet type 0x8100." Is that means OVS will keep match 0x8100 that not the defined from OpenFlow spec or maybe will be fixed with maybe next version? best wishes, Dickens Yeh 2017-04-17 22:51 GMT+08:00 Eric Garver : > On Mon, Apr 17, 2017 at 01:26:37PM +0800, Dickens Yeh wrote: > > Hello, > > I have a problem with matching ethertype when the packet with vlan tags. > > My testing environment is Ubuntu 16 in vmware fusion, mininet 2.2.2rc1, > > openvswitch 2.7.90 > > > > With these cases: > > case 1: packet with vlan=100,ethertype=arp > > case 2: packet with vlan=2000,vlan=100,ethertype=arp > > > > The result of cases: > > case 1 can be matched by vlan=100 and ethertype=arp fields in a flow > entry > > case 2 can be matched only by vlan=2000 and ethertype=0x8100 fields in a > > flow entry > > > > But I read some informations from OpenFlow Spec 1.1, that says about > "match > > ethertype after all vlan tags". > > Is the resulf of case 2 should be matched vlan=2000 and ethertype=arp? > > Until very recently openvswitch only supported a single VLAN tag. > Current master branch has support for 802.1ad/QinQ and can match the ARP > EtherType as you wish in case 2 above. > > To use it you'll have to build from master and set vlan-limit=2 or > vlan-limit=0. > See https://github.com/openvswitch/ovs/blob/master/ > vswitchd/vswitch.xml#L362 > > > > > > > Thanks for your reply. > > > > best wishes, > > Dickens Yeh > > > ___ > > discuss mailing list > > disc...@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] match ethertype when packet with multiple vlan tags
Okay, thanks for your response. 2017-04-18 23:49 GMT+08:00 Ben Pfaff : > On Tue, Apr 18, 2017 at 10:29:50AM -0400, Eric Garver wrote: > > On Tue, Apr 18, 2017 at 12:17:17PM +0800, Dickens Yeh wrote: > > > Thanks for your response. > > > I know that if I have to match multiple vlan tags, it have to pop the > outer > > > vlan. > > > But I think my question are not the matching vlan tags in multiple > vlan, my > > > question is matching the first vlan tag and the correct ethertype that > > > OpenFlow Spec defined ( the ethertype after all vlan tags ), not the > case > > > that match multiple vlan tags in a single flow entry. > > > > > > For example, that packet header like > > > 0012 8100 00d0 8060 0010800060400010012c0a > > > 80202c0a80302 > > > In the view of ethernet, the ethertype should be 8100, that's not a > problem. > > > In the view of openflow spec match, the ethertype should be 0806 ( ARP > ), > > > the ethertype match after vlan tags > > > In the view of OVS match, the etherype is 0806, the result is matching > with > > > spec. > > > > > > Then, if the packet header like > > > 0012 88a8 00c0 8100 00d0 8060 > > > 0010800060400010012c0a80202c0a80302 > > > In the view of ethernet, the ethertype should be 88a8, the same result > with > > > one vlan tag. > > > In the view of openflow spec match, the ethertype should be 0806 ( ARP > ) > > > In the view of OVS match, the ethertype is 8100, not 0806. > > > > This is true if vlan-limit == 1, which is the default. > > If vlan-limit > 1, then dl_type would be 0x0806. As I indicated earlier, > > vlan-limit is new with 802.1ad support. > > > > > I think the result is strange, but I don't know that it's an issue or > > > something else. > > > > Strange or not, it's this way because OVS used to only support a single > > VLAN tag. It didn't know how to keep looking for the "true" Ethertype. > > It's also a security risk if OVS skips over VLAN tags and indicates the > innermost Ethertype, because it means that the controller has no way to > tell that it's forwarding a packet with additional VLANs that might have > arbitrary semantics to the receivers. On the other hand, with a VLAN > Ethertype when the maximum number of VLANs is surpassed, the controller > can detect and drop such packets. > ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] Cannot match correct ethertype after POP vlan and GOTO table
Hi, I have an question, and I haven't found any OpenFlow Spec to defined it , please give me a help. I am trying to work with 3 vlan tags, but it cannot match correct ethertype after pop 1 vlan tag. OVS Bridge already set with vlan-limit = 0, and it can watch over 2 vlan and match the correct ethertype like ARP. My question is: the packet have 3 vlan tags, pop 1 vlan tag and goto-table 1. In table 1, will it match with the new packet (modified) or the original packet like in table 0? Thanks for answering my question. best wishes, Dickens Yeh ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] ovs-ofctl broken when getting table features reply
Hi, When I using the ovs-ofctl utility tool to dump flows from a non-openvswitch switch without --no-names parameter, and I got error message. cmd: ~/openvswitch-2.13.1/utilities/ovs-ofctl -O OpenFlow13 dump-flows tcp: 192.168.17.166:6644 msg: 2020-12-31T10:12:22Z|1|ofp_table|WARN|table features message missing required property ovs-ofctl: received bad reply: (***only uses 512 bytes out of 7056***) 04 50 02 00 00 00 00 00-6e 6f 76 69 5f 74 61 62 |.P..novi_tab| 0010 6c 65 5f 32 00 00 00 00-00 00 00 00 00 00 00 00 |le_2| ... I also attached the pcap file, please tell me if the switch should be fixed with the reply messages. Thanks a lot. best wishes, Dickens Yeh dump-error.pcap Description: Binary data ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] ovs-ofctl broken when getting table features reply
Thanks for helping me. I find the section in OF1.3.2 spec, and re-check with pcap file as you said. I think I was missed the important message: "table features message missing required property", but only focus on "received bad reply: (***only uses 512 bytes out of 7056***)". Thanks. best wishes, Dickens Yeh Ben Pfaff 於 2021年1月22日 週五 上午6:44寫道: > OK, I figured out the problem. > > Property 10, OFPTFPT_WILDCARDS, is missing. OF1.3 section 7.3.5.5.2 > says that it's mandatory: "If a specific property does not have any > capability (for example no Set-Field support), a property with an empty > list must be included in the property list." I think that OVS is > correctly rejecting this set of table features. > > On Fri, Jan 08, 2021 at 01:00:36PM +0800, Dickens Yeh wrote: > > Hi Ben, > > Thanks for your reply. > > > > I can open it with Wireshark, decode as 'OpenFlow', and it shows info as > > following(also in attachment file): > > OFPT_HELLO, > > OFPT_MULTIPART_REQUEST, OFPMP_FLOW > > OFPT_MULTIPART_REPLY, OFPMP_FLOW > > OFPT_HELLO, > > OFPT_MULTIPART_REUQEST, OFPMP_TABLE_FEATURES > > OFPT_MULTIPART_REPLY, OFPMP_TABLE_FEATURES > > > > I also use your command to parse pcap file, I don't know why it shows > > "OFPST_FLOW request" but there is no "OFPST_FLOW reply" message. > > Maybe it cannot show the MULTIPART reply message, and the table features > > reply didn't show with the same reason. > > > > best wishes, > > Dickens Yeh > > > > > > > > Ben Pfaff 於 2021年1月8日 週五 上午3:36寫道: > > > > > On Mon, Jan 04, 2021 at 11:13:53AM +0800, Dickens Yeh wrote: > > > > Hi, > > > > When I using the ovs-ofctl utility tool to dump flows from a > > > > non-openvswitch switch without --no-names parameter, and I got error > > > > message. > > > > > > > > cmd: > > > > > > > > ~/openvswitch-2.13.1/utilities/ovs-ofctl -O OpenFlow13 dump-flows > tcp: > > > > 192.168.17.166:6644 > > > > > > > > msg: > > > > 2020-12-31T10:12:22Z|1|ofp_table|WARN|table features message > missing > > > > required property > > > > ovs-ofctl: received bad reply: (***only uses 512 bytes out of > 7056***) > > > > 04 50 02 00 00 00 00 00-6e 6f 76 69 5f 74 61 62 > > > |.P..novi_tab| > > > > 0010 6c 65 5f 32 00 00 00 00-00 00 00 00 00 00 00 00 > > > |le_2| > > > > ... > > > > > > > > I also attached the pcap file, please tell me if the switch should be > > > fixed > > > > with the reply messages. > > > > > > I ran "ovs-ofctl ofp-parse-pcap dump-error.pcap 6644" and got only the > > > following output: > > > > > > 192.168.13.141.52476 > 192.168.17.166.6644: > > > OFPT_HELLO (OF1.3) (xid=0x1): > > > version bitmap: 0x04 > > > > > > 192.168.13.141.52476 > 192.168.17.166.6644: > > > OFPST_FLOW request (OF1.3) (xid=0x2): > > > > > > 192.168.13.141.52478 > 192.168.17.166.6644: > > > OFPT_HELLO (OF1.3) (xid=0x3): > > > version bitmap: 0x04 > > > > > > 192.168.13.141.52478 > 192.168.17.166.6644: > > > OFPST_TABLE_FEATURES request (OF1.3) (xid=0x4): > > > > > > I don't think the table features reply is in the pcap. > > > > > > ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
