Re: [ovs-discuss] [EXTERNAL] Re: Building OVS+DPDK with rpmbuild and spec files

[Guru Shetty]

ires: doxygen, python-sphinx, inkscape
-BuildRequires: texlive-collection-latexextra
+BuildRequires: doxygen, python3-sphinx

 %description
 DPDK core includes kernel modules, core libraries and tools.
@@ -41,13 +40,6 @@
 DPDK devel is a set of makefiles, headers and examples
 for fast packet processing on x86 platforms.

-%package doc
-Summary: Data Plane Development Kit API documentation
-BuildArch: noarch
-%description doc
-DPDK doc is divided in two parts: API details in doxygen HTML format
-and guides in sphinx HTML/PDF formats.
-
 %prep
 %setup -q

@@ -60,7 +52,6 @@
 sed -ri 's,(LIBRTE_VHOST=).*,\1y,' %{target}/.config
 sed -ri 's,(LIBRTE_PMD_PCAP=).*,\1y,'  %{target}/.config
 make O=%{target} %{?_smp_mflags}
-make O=%{target} doc

 %install
 rm -rf %{buildroot}
@@ -69,6 +60,9 @@
  includedir=%{_includedir}/dpdk libdir=%{_libdir} \
  datadir=%{_datadir}/dpdk docdir=%{_docdir}/dpdk

+find %{buildroot}%{_datadir}/ -name "*.py" -exec \
+  sed -i -e 's|#!\s*/usr/bin/env python$|#!/usr/bin/python3|' {} +
+
 %files
 %dir %{_datadir}/dpdk
 %{_datadir}/dpdk/usertools
@@ -81,11 +75,9 @@
 %{_includedir}/dpdk
 %{_datadir}/dpdk/mk
 %{_datadir}/dpdk/buildtools
-%{_datadir}/dpdk/%{target}
+%{_datadir}/dpdk/arm64-%{machine}-linux-gcc
 %{_datadir}/dpdk/examples

-%files doc
-%doc %{_docdir}/dpdk

 %post
 /sbin/ldconfig




>
>
> Mark
>
>
>
> Regards,
>
> *Mark Wittling*
>
> NFV Cloud Operations
>
> Cox Communications Inc
>
> CTECH A08-150D
>
> 6305-A Peachtree Dunwoody Road, Atlanta GA 30328
>
> 1-770-849-9696
>
>
>
> *From:* Guru Shetty 
> *Sent:* Friday, May 15, 2020 2:12 PM
> *To:* Wittling, Mark (CCI-Atlanta) 
> *Cc:* ovs-discuss@openvswitch.org
> *Subject:* [EXTERNAL] Re: [ovs-discuss] Building OVS+DPDK with rpmbuild
> and spec files
>
>
>
> I have recently built OVS DPDK rpms. For e.g., yesterday, I built OVS 2.13
> with DPDK 19.11
>
>
>
> The rhel/openvswitch-fedora.spec.in
> <https://urldefense.com/v3/__http:/openvswitch-fedora.spec.in/__;!!Hit2Ag!j0U9zeO00sNxzsI9ksV88Ly9SspmBzZb1mZk2c1W-2TTP9SRFcVG3O9y0h1MIFbhDA$>
>  should
> have everything you need.
>
>
>
> You need to first build dpdk devel and dpdk rpms from DPDK. And then
> install those rpms. And then:
>
>
>
> ./boot.sh
>
> ./configure
>
> make rpm-fedora RPMBUILD_OPT="--with dpdk --without check --without
> libcapng --with autoenable"
>
>
>
> On Wed, 13 May 2020 at 06:28, Wittling, Mark (CCI-Atlanta) <
> mark.wittl...@cox.com> wrote:
>
> Does anyone have any experience with this?
>
>
>
> I was able to “build by hand” and get these working, but the problem is
> that if you don’t have an rpm, OpenStack will install OVS packages on top
> of what you’ve built.
>
>
>
> So I need to build rpms, so that once I get this working, I can proceed to
> install OpenStack.
>
>
>
> I got a link error on the final stage of the rpmbuild using the spec file
> on OpenStack.
>
>
>
> Versions I am using are DPDK 17.11.10 and OVS 2.10.2
>
>
>
> Mark
>
>
>
> Regards,
>
> *Mark Wittling*
>
> NFV Cloud Operations
>
> Cox Communications Inc
>
> CTECH A08-150D
>
> 6305-A Peachtree Dunwoody Road, Atlanta GA 30328
>
> 1-770-849-9696
>
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> <https://urldefense.com/v3/__https:/mail.openvswitch.org/mailman/listinfo/ovs-discuss__;!!Hit2Ag!j0U9zeO00sNxzsI9ksV88Ly9SspmBzZb1mZk2c1W-2TTP9SRFcVG3O9y0h340WTo4w$>
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Building OVS+DPDK with rpmbuild and spec files

[Guru Shetty]

I have recently built OVS DPDK rpms. For e.g., yesterday, I built OVS 2.13
with DPDK 19.11

The rhel/openvswitch-fedora.spec.in should have everything you need.

You need to first build dpdk devel and dpdk rpms from DPDK. And then
install those rpms. And then:

./boot.sh
./configure
make rpm-fedora RPMBUILD_OPT="--with dpdk --without check --without
libcapng --with autoenable"

On Wed, 13 May 2020 at 06:28, Wittling, Mark (CCI-Atlanta) <
mark.wittl...@cox.com> wrote:

> Does anyone have any experience with this?
>
>
>
> I was able to “build by hand” and get these working, but the problem is
> that if you don’t have an rpm, OpenStack will install OVS packages on top
> of what you’ve built.
>
>
>
> So I need to build rpms, so that once I get this working, I can proceed to
> install OpenStack.
>
>
>
> I got a link error on the final stage of the rpmbuild using the spec file
> on OpenStack.
>
>
>
> Versions I am using are DPDK 17.11.10 and OVS 2.10.2
>
>
>
> Mark
>
>
>
> Regards,
>
> *Mark Wittling*
>
> NFV Cloud Operations
>
> Cox Communications Inc
>
> CTECH A08-150D
>
> 6305-A Peachtree Dunwoody Road, Atlanta GA 30328
>
> 1-770-849-9696
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS/OVN docker image for each stable release

[Guru Shetty]

On Mon, 11 Nov 2019 at 10:08, aginwala  wrote:

>
>
> On Mon, Nov 11, 2019 at 9:00 AM Guru Shetty  wrote:
>
>>
>>
>> On Fri, 8 Nov 2019 at 14:41, aginwala  wrote:
>>
>>> openvswitch.ko ships default with newer kernel but if we want to use say
>>> stt, we need to build it with respective kernel for host on which we will
>>> run. Hence, to skip host level installation , we pack the modules in
>>> container.
>>>
>>
>> It is not clear to me. Is DKMS enabled here? Or is it that
>> openvswitch/ovs:2.12.0_debian_4.15.0-66-generic will only work on
>> kernel 4.15.0-66-generic?
>>
>>
> No. Dkms is not enabled because idea is to release a new docker image for
> every new kernel upgrade on compute (Not sure if dkms will help much in
> container case as we are not installing on host). Do you have any specific
> use case which? Yes on host with 4.15.0-66-generic.
>

It will probably be very hard to release each OVS version to so many
available kernels. How do you decide which kernel that you want to release
a image for? What is the plan here? I think it makes sense to release one
image without a kernel module packed with it.



>
>>> On Fri, Nov 8, 2019 at 2:37 PM Guru Shetty  wrote:
>>>
>>>>
>>>>
>>>> On Fri, 8 Nov 2019 at 14:18, aginwala  wrote:
>>>>
>>>>> Hi all:
>>>>>
>>>>>
>>>>> I have pushed two images to public openvswitch org on docker.io for
>>>>> ovs and ovn;
>>>>> OVS for ubuntu with 4.15 kernel:
>>>>> *openvswitch/ovs:2.12.0_debian_4.15.0-66-generic*
>>>>>
>>>>
>>>> Why is the kernel important here? Is the OVS kernel module being packed?
>>>>
>>>>
>>>>>  run as : docker run -itd --net=host --name=ovsdb-server
>>>>> openvswitch/ovs:2.12.0_debian_4.15.0-66-generic ovsdb-server
>>>>> docker run -itd --net=host --name=ovs-vswitchd
>>>>>  --volumes-from=ovsdb-server --privileged
>>>>> openvswitch/ovs:2.12.0_debian_4.15.0-66-generic ovs-vswitchd
>>>>>
>>>>> OVN debian docker image:  *openvswitch/ovn:2.12_e60f2f2_debian_master*
>>>>> as we don't have a branch cut out for ovn yet. (Hence, tagged it with last
>>>>> commit on master)
>>>>> Follow steps as per:
>>>>> https://github.com/ovn-org/ovn/blob/master/Documentation/intro/install/general.rst
>>>>>
>>>>>
>>>>> Thanks Guru for sorting out the access/cleanups for openvswitch org on
>>>>> docker.io.
>>>>>
>>>>> We can plan to align this docker push for each stable release ahead.
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Nov 8, 2019 at 10:17 AM aginwala  wrote:
>>>>>
>>>>>> Thanks Guru:
>>>>>>
>>>>>> Sounds good. Can you please grant user aginwala as admin? I can
>>>>>> create two repos ovs and ovn under openvswitch org and can push new 
>>>>>> stable
>>>>>> release versions there.
>>>>>>
>>>>>> On Fri, Nov 8, 2019 at 10:04 AM Guru Shetty  wrote:
>>>>>>
>>>>>>> On Fri, 8 Nov 2019 at 09:53, Guru Shetty  wrote:
>>>>>>>
>>>>>>>> I had created a openvswitch repo in docker as a placeholder. Happy
>>>>>>>> to provide it to whoever the admin is.
>>>>>>>>
>>>>>>>
>>>>>>> i.e. You can use the keyword "openvswitch". For e.g., right now, it
>>>>>>> has one stale image.
>>>>>>>
>>>>>>> docker run -d --net=none openvswitch/ipam:v2.4.90 /bin/sh -c "while
>>>>>>> true; do echo hello world; sleep 1; done"
>>>>>>>
>>>>>>> So if we want the name "openvswitch", this is one option. If we
>>>>>>> prefer ovs/ovn or other keywords, then the admin can create a new one.
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, 7 Nov 2019 at 13:15, aginwala  wrote:
>>>>>>>>
>>>>>>>>> Hi All:
>>>>>>>>>
>>>>>>>>> As discussed in the meeting today, we all agreed that it will be a
>>>>>>>>> good idea to push docker images for each new ovs/ovn stable release. 
>>>>>>>>> Hence,
>>>>>>>>> need help from maintainers Ben/Mark/Justin/Han to address some open 
>>>>>>>>> action
>>>>>>>>> items as it is more of org/ownership/rights related:
>>>>>>>>>
>>>>>>>>>1. Get new repo created under docker.io with name either
>>>>>>>>>ovs/ovn and declare it public repo
>>>>>>>>>2. How about copy-rights for running images for open source
>>>>>>>>>projects
>>>>>>>>>3. Storage: unlimited or some limited GBs
>>>>>>>>>4. Naming conventions for docker images ;e.g
>>>>>>>>>openswitch/ovn:2.13.1_debian or openswitch/ovn:2.13.1_rhel.
>>>>>>>>>Similar for ovs.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Once this is done, we can bundle docker image changes in the same
>>>>>>>>> release process
>>>>>>>>>
>>>>>>>>> Please feel free to add any missing piece.
>>>>>>>>>
>>>>>>>>> ___
>>>>>>>>> discuss mailing list
>>>>>>>>> disc...@openvswitch.org
>>>>>>>>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>>>>>>>>
>>>>>>>>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS/OVN docker image for each stable release

[Guru Shetty]

On Fri, 8 Nov 2019 at 14:41, aginwala  wrote:

> openvswitch.ko ships default with newer kernel but if we want to use say
> stt, we need to build it with respective kernel for host on which we will
> run. Hence, to skip host level installation , we pack the modules in
> container.
>

It is not clear to me. Is DKMS enabled here? Or is it that
openvswitch/ovs:2.12.0_debian_4.15.0-66-generic will only work on
kernel 4.15.0-66-generic?


>
> On Fri, Nov 8, 2019 at 2:37 PM Guru Shetty  wrote:
>
>>
>>
>> On Fri, 8 Nov 2019 at 14:18, aginwala  wrote:
>>
>>> Hi all:
>>>
>>>
>>> I have pushed two images to public openvswitch org on docker.io for ovs
>>> and ovn;
>>> OVS for ubuntu with 4.15 kernel:
>>> *openvswitch/ovs:2.12.0_debian_4.15.0-66-generic*
>>>
>>
>> Why is the kernel important here? Is the OVS kernel module being packed?
>>
>>
>>>  run as : docker run -itd --net=host --name=ovsdb-server
>>> openvswitch/ovs:2.12.0_debian_4.15.0-66-generic ovsdb-server
>>> docker run -itd --net=host --name=ovs-vswitchd
>>>  --volumes-from=ovsdb-server --privileged
>>> openvswitch/ovs:2.12.0_debian_4.15.0-66-generic ovs-vswitchd
>>>
>>> OVN debian docker image:  *openvswitch/ovn:2.12_e60f2f2_debian_master*
>>> as we don't have a branch cut out for ovn yet. (Hence, tagged it with last
>>> commit on master)
>>> Follow steps as per:
>>> https://github.com/ovn-org/ovn/blob/master/Documentation/intro/install/general.rst
>>>
>>>
>>> Thanks Guru for sorting out the access/cleanups for openvswitch org on
>>> docker.io.
>>>
>>> We can plan to align this docker push for each stable release ahead.
>>>
>>>
>>>
>>> On Fri, Nov 8, 2019 at 10:17 AM aginwala  wrote:
>>>
>>>> Thanks Guru:
>>>>
>>>> Sounds good. Can you please grant user aginwala as admin? I can create
>>>> two repos ovs and ovn under openvswitch org and can push new stable release
>>>> versions there.
>>>>
>>>> On Fri, Nov 8, 2019 at 10:04 AM Guru Shetty  wrote:
>>>>
>>>>> On Fri, 8 Nov 2019 at 09:53, Guru Shetty  wrote:
>>>>>
>>>>>> I had created a openvswitch repo in docker as a placeholder. Happy to
>>>>>> provide it to whoever the admin is.
>>>>>>
>>>>>
>>>>> i.e. You can use the keyword "openvswitch". For e.g., right now, it
>>>>> has one stale image.
>>>>>
>>>>> docker run -d --net=none openvswitch/ipam:v2.4.90 /bin/sh -c "while
>>>>> true; do echo hello world; sleep 1; done"
>>>>>
>>>>> So if we want the name "openvswitch", this is one option. If we prefer
>>>>> ovs/ovn or other keywords, then the admin can create a new one.
>>>>>
>>>>>
>>>>>>
>>>>>> On Thu, 7 Nov 2019 at 13:15, aginwala  wrote:
>>>>>>
>>>>>>> Hi All:
>>>>>>>
>>>>>>> As discussed in the meeting today, we all agreed that it will be a
>>>>>>> good idea to push docker images for each new ovs/ovn stable release. 
>>>>>>> Hence,
>>>>>>> need help from maintainers Ben/Mark/Justin/Han to address some open 
>>>>>>> action
>>>>>>> items as it is more of org/ownership/rights related:
>>>>>>>
>>>>>>>1. Get new repo created under docker.io with name either ovs/ovn
>>>>>>>and declare it public repo
>>>>>>>2. How about copy-rights for running images for open source
>>>>>>>projects
>>>>>>>3. Storage: unlimited or some limited GBs
>>>>>>>4. Naming conventions for docker images ;e.g
>>>>>>>openswitch/ovn:2.13.1_debian or openswitch/ovn:2.13.1_rhel.
>>>>>>>Similar for ovs.
>>>>>>>
>>>>>>>
>>>>>>> Once this is done, we can bundle docker image changes in the same
>>>>>>> release process
>>>>>>>
>>>>>>> Please feel free to add any missing piece.
>>>>>>>
>>>>>>> ___
>>>>>>> discuss mailing list
>>>>>>> disc...@openvswitch.org
>>>>>>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>>>>>>
>>>>>>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS/OVN docker image for each stable release

[Guru Shetty]

On Fri, 8 Nov 2019 at 14:18, aginwala  wrote:

> Hi all:
>
>
> I have pushed two images to public openvswitch org on docker.io for ovs
> and ovn;
> OVS for ubuntu with 4.15 kernel:
> *openvswitch/ovs:2.12.0_debian_4.15.0-66-generic*
>

Why is the kernel important here? Is the OVS kernel module being packed?


>  run as : docker run -itd --net=host --name=ovsdb-server
> openvswitch/ovs:2.12.0_debian_4.15.0-66-generic ovsdb-server
> docker run -itd --net=host --name=ovs-vswitchd
>  --volumes-from=ovsdb-server --privileged
> openvswitch/ovs:2.12.0_debian_4.15.0-66-generic ovs-vswitchd
>
> OVN debian docker image:  *openvswitch/ovn:2.12_e60f2f2_debian_master* as
> we don't have a branch cut out for ovn yet. (Hence, tagged it with last
> commit on master)
> Follow steps as per:
> https://github.com/ovn-org/ovn/blob/master/Documentation/intro/install/general.rst
>
>
> Thanks Guru for sorting out the access/cleanups for openvswitch org on
> docker.io.
>
> We can plan to align this docker push for each stable release ahead.
>
>
>
> On Fri, Nov 8, 2019 at 10:17 AM aginwala  wrote:
>
>> Thanks Guru:
>>
>> Sounds good. Can you please grant user aginwala as admin? I can create
>> two repos ovs and ovn under openvswitch org and can push new stable release
>> versions there.
>>
>> On Fri, Nov 8, 2019 at 10:04 AM Guru Shetty  wrote:
>>
>>> On Fri, 8 Nov 2019 at 09:53, Guru Shetty  wrote:
>>>
>>>> I had created a openvswitch repo in docker as a placeholder. Happy to
>>>> provide it to whoever the admin is.
>>>>
>>>
>>> i.e. You can use the keyword "openvswitch". For e.g., right now, it has
>>> one stale image.
>>>
>>> docker run -d --net=none openvswitch/ipam:v2.4.90 /bin/sh -c "while
>>> true; do echo hello world; sleep 1; done"
>>>
>>> So if we want the name "openvswitch", this is one option. If we prefer
>>> ovs/ovn or other keywords, then the admin can create a new one.
>>>
>>>
>>>>
>>>> On Thu, 7 Nov 2019 at 13:15, aginwala  wrote:
>>>>
>>>>> Hi All:
>>>>>
>>>>> As discussed in the meeting today, we all agreed that it will be a
>>>>> good idea to push docker images for each new ovs/ovn stable release. 
>>>>> Hence,
>>>>> need help from maintainers Ben/Mark/Justin/Han to address some open action
>>>>> items as it is more of org/ownership/rights related:
>>>>>
>>>>>1. Get new repo created under docker.io with name either ovs/ovn
>>>>>and declare it public repo
>>>>>2. How about copy-rights for running images for open source
>>>>>projects
>>>>>3. Storage: unlimited or some limited GBs
>>>>>4. Naming conventions for docker images ;e.g
>>>>>openswitch/ovn:2.13.1_debian or openswitch/ovn:2.13.1_rhel.
>>>>>Similar for ovs.
>>>>>
>>>>>
>>>>> Once this is done, we can bundle docker image changes in the same
>>>>> release process
>>>>>
>>>>> Please feel free to add any missing piece.
>>>>>
>>>>> ___
>>>>> discuss mailing list
>>>>> disc...@openvswitch.org
>>>>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>>>>
>>>>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS/OVN docker image for each stable release

[Guru Shetty]

On Fri, 8 Nov 2019 at 09:53, Guru Shetty  wrote:

> I had created a openvswitch repo in docker as a placeholder. Happy to
> provide it to whoever the admin is.
>

i.e. You can use the keyword "openvswitch". For e.g., right now, it has one
stale image.

docker run -d --net=none openvswitch/ipam:v2.4.90 /bin/sh -c "while true;
do echo hello world; sleep 1; done"

So if we want the name "openvswitch", this is one option. If we prefer
ovs/ovn or other keywords, then the admin can create a new one.


>
> On Thu, 7 Nov 2019 at 13:15, aginwala  wrote:
>
>> Hi All:
>>
>> As discussed in the meeting today, we all agreed that it will be a good
>> idea to push docker images for each new ovs/ovn stable release. Hence, need
>> help from maintainers Ben/Mark/Justin/Han to address some open action items
>> as it is more of org/ownership/rights related:
>>
>>1. Get new repo created under docker.io with name either ovs/ovn and
>>declare it public repo
>>2. How about copy-rights for running images for open source projects
>>3. Storage: unlimited or some limited GBs
>>4. Naming conventions for docker images ;e.g
>>openswitch/ovn:2.13.1_debian or openswitch/ovn:2.13.1_rhel. Similar
>>for ovs.
>>
>>
>> Once this is done, we can bundle docker image changes in the same release
>> process
>>
>> Please feel free to add any missing piece.
>>
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS/OVN docker image for each stable release

[Guru Shetty]

I had created a openvswitch repo in docker as a placeholder. Happy to
provide it to whoever the admin is.

On Thu, 7 Nov 2019 at 13:15, aginwala  wrote:

> Hi All:
>
> As discussed in the meeting today, we all agreed that it will be a good
> idea to push docker images for each new ovs/ovn stable release. Hence, need
> help from maintainers Ben/Mark/Justin/Han to address some open action items
> as it is more of org/ownership/rights related:
>
>1. Get new repo created under docker.io with name either ovs/ovn and
>declare it public repo
>2. How about copy-rights for running images for open source projects
>3. Storage: unlimited or some limited GBs
>4. Naming conventions for docker images ;e.g
>openswitch/ovn:2.13.1_debian or openswitch/ovn:2.13.1_rhel. Similar
>for ovs.
>
>
> Once this is done, we can bundle docker image changes in the same release
> process
>
> Please feel free to add any missing piece.
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS deleting flows from the datapath on exit

[Guru Shetty]

It may have come from this commit instead:

commit 9b5422a98f817b9f2a1f8224cab7e1a8d0bbba1f
Author: Ilya Maximets 
Date:   Wed Dec 16 15:32:21 2015 +0300

ovs-lib: Try to call exit before killing.

While killing OVS may not free all allocated resources.

Previously we used to SIGTERM ovs-vswitchd and even now, it looks like
doing that prevents the flush of datapath flows.

On Fri, 1 Nov 2019 at 13:35, Ben Pfaff  wrote:

> OVS currently can gracefully exit in two ways: either with or without
> deleting the datapath.  But, either way, it deletes all of the flows
> from the datapath before it exits.  That is due to commit e96a5c24e853
> ("upcall: Remove datapath flows when setting n-threads."), which was
> first released in OVS 2.1 back in 2014.
>
> This isn't usually a big deal.  However, some controller folks I'm
> talking to are concerned about upgrade.  If the datapath flows persisted
> after OVS exits, then existing network connections (and perhaps some
> that are "similar" to them because they match the same megaflows) could
> carry on while the upgrade was in progress.
>
> I am surprised that I have not heard complaints about this in the 5
> years that the behavior has been this way.  Does anyone have any stories
> to report about it now that I bring it up?  Contrariwise, if we changed
> OVS so that it did not delete datapath flows on exit, can anyone suggest
> what problems that might cause?
>
> Thanks,
>
> Ben.
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Cannot restore network connectivity when OVS processes are stopped

[Guru Shetty]

You cannot accomplish this via nmcli as it needs OVS processes to tear down
OVS artifcats.

You clearly mention that you don't want to use OVS commands - but if your
goal is to not run OVS processes, you can potentially try your luck with
"ovs-dpctl del-dp system@ovs-system" when OVS processes are not running.
That _may_ work.


On Tue, 29 Oct 2019 at 19:58, Igor Bezukh  wrote:

> Hi,
>
> Can you please advise how can I revert the things that OVS did WITHOUT
> using the OVS commands, when OVS processes are not running?
>
> I am trying to "move" the IP address from the NIC (eth0) to the OVS
> bridge interface. I am doing the following steps:
> 1. Create OVS bridge "brcnv".
> 2. Create OVS internal port "port0" and configure it as L3 interface
> (configure DHCP client on it)
> 3. Create OVS port "port1" and attach the NIC interface "eth0" to that port
> 4. Assign the port "port1" to the bridge "brcnv".
> 5. Bring up the L3 interface of OVS.
> 6. Bring down the L3 interface "eth0".
>
>
> I am using "nmcli" commands in order to configure the previous steps,
> following are the commands:
> nmcli conn add type ovs-bridge conn.interface brcnv
> nmcli conn add type ovs-port conn.interface brcnv-port master brcnv
> nmcli conn add type ovs-interface conn.id brcnv-iface conn.interface
> brcnv master brcnv-port ipv4.method auto connection.autoconnect no
> nmcli conn add type ovs-port conn.interface port1 master brcnv
> nmcli conn add type ethernet conn.interface eth0 master port1
> nmcli conn down eth0
> nmcli conn up brcnv-iface
> nmcli conn mode brcnv-iface connection.autoconnect yes
> nmcli conn mode eth0 connection.autoconnect no
>
> Here are the relevant outputs:
>
> [root@localhost ~]# ovs-vsctl show
> af1e42a3-04e6-48fd-9545-8271a1f0bbfe
> Bridge brcnv
> Port "port1"
> Interface "eth0"
> type: system
> Port brcnv-port
> Interface brcnv
> type: internal
> ovs_version: "2.9.2"
>
> [root@localhost ~]# nmcli conn
> NAME  UUID  TYPE
> DEVICE
> brcnv-iface   c27717db-2f24-49a6-a3af-3b524b1cb990
> ovs-interface  brcnv
> ovs-bridge-brcnv  e8d57b84-3cd3-4a17-b634-608c1dd61ba4  ovs-bridge
> brcnv
> ovs-slave-brcnv-port  e0fc4f3f-5426-4fc6-8f24-dd051e1bf63d  ovs-port
> brcnv-port
> ovs-slave-eth04af777a7-4bd4-4d68-9f33-e3b45e7ae46d  ethernet
> eth0
> ovs-slave-port1   b53b74d4-d3f6-4eac-be28-a9c4737a8dfd  ovs-port
> port1
> eth0  3e06d59a-92c5-4ea6-9ec6-ce416df95646  ethernet
> --
>
> [root@localhost ~]# ip addr
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: eth0:  mtu 1500 qdisc pfifo_fast
> master ovs-system state UP group default qlen 1000
> link/ether 52:54:00:90:1f:4f brd ff:ff:ff:ff:ff:ff
> 3: ovs-system:  mtu 1500 qdisc noop state DOWN
> group default qlen 1000
> link/ether 42:03:50:51:f7:e6 brd ff:ff:ff:ff:ff:ff
> 4: brcnv:  mtu 1500 qdisc noqueue
> state UNKNOWN group default qlen 1000
> link/ether 3e:4f:21:94:bd:43 brd ff:ff:ff:ff:ff:ff
> inet 192.168.122.84/24 brd 192.168.122.255 scope global
> noprefixroute dynamic brcnv
>valid_lft 3264sec preferred_lft 3264sec
> inet6 fe80::8ea4:f24c:119f:a9b5/64 scope link noprefixroute
>valid_lft forever preferred_lft forever
>
> I am using VM with one NIC, OS is Centos 7.7.1908
> ovs-vsctl (Open vSwitch) 2.9.2
> DB Schema 7.15.1
>
>
> My issue is that when I stop the openvswitch processes using
> "systemctl stop openvswitch" I cannot restore the connectivity after
> reverting the IP back to "eth0". I have tried both "nmcli" and "ip"
> commands:
>
> systemctl stop openvswitch
> ip addr flush dev brcnv
> ip link set dev brcnv down
> ip link set dev eth0 promisc off
> ip addr add 192.168.122.70/24 dev eth0
> ip link set dev eth0 up
> ping 192.168.122.1 (IP of virbr0 on the host OS, no response)
>
> OR
>
> nmcli conn down brcnv-iface
> nmcli conn up eth0 (eth0 got IP address from DHCP)
> ping 192.168.122.1 (no response)
>
> This issue is solved only when I start the OVS processes and delete
> the brcnv using "ovs-vsctl del-br brcnv".
>
>
> Please advise.
>
> TIA and BR,
> Igor
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ovs-vtep - import error

[Guru Shetty]

Did you install OVS with "make install"? If so, you will have to provide
python path for OVS python libraries. If you install it via packages, you
will need "python-openvswitch" package.

On Wed, 21 Aug 2019 at 14:46, Massimiliano Bavelloni 
wrote:

> Hello,
>
> after compiling (gcc) openvswitch-2.11.1 on ubuntu mate 18.04 LTS, at step
> 6 of "How to use VTEP Emulator" the command (from
> /usr/local/share/openvswitch/scripts): ./ovs-vtep .   fails with error
> message:
> *Traceback (most recent call last):*
> *   File "./ovs-vtep", line 26, in *
> *  import ovs.daemon*
> *ImportError: No module named ovs.daemon*
>
> thanks in advance
> Massimiliano Bavelloni
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ovs-2.11.1 Installation

[Guru Shetty]

What were the errors encountered?

On Mon, 12 Aug 2019 at 21:20, V Sai Surya Laxman Rao Bellala <
laxmanraobell...@gmail.com> wrote:

> Hello all,
>
> Does anyone have a standard procedure for installing the ovs-2.11.1 in
> ubuntu 16.04 ?
> I am encountering so many problemsErrors were encountered while processing:
> *"*
>
>
>
>
>
>
>
>
>
>
> * dpkg: error processing package openvswitch-switch
> (--install): dependency problems - leaving unconfiguredProcessing triggers
> for man-db (2.7.5-1) ...Processing triggers for systemd (229-4ubuntu21.22)
> ...Processing triggers for ureadahead (0.100.0-19.1) ...Errors were
> encountered while
> processing: openvswitch-controller*.deb openvswitch-common 
> openvswitch-datapath-dkms openvswitch-pki openvswitch-switch"*
>
>
> Regards
> Laxman
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS + VXLAN Performance

[Guru Shetty]

How do you define "poor" performance? If it is awfully low, it is likely
that your [ outer MTU < (inner MTU + vxlan header)]. You can reduce your
inner MTU and see the difference.

On Mon, 24 Jun 2019 at 06:34, Heim, Dennis  wrote:

> I am running Ubuntu on virtualized hosts, along with VXLAN. However, the
> VXLAN performance has been poor. I am trying to verify the VM environment.
> Any recommendations from a performance tuning perspective? Is it possible
> to get good performance with VXLAN in virtual hardware, or would I be
> better going with a different tunnel type.
>
>
>
> Thanks,
>
>
>
> *Dennis Heim | Domain Architect (Collaboration Labs)*
>
> World Wide Technology, Inc. | +1 314-212-1814
>
> [image: cid:image001.png@01D10DD2.7FC81F90]
> 
>
> [image: cid:image002.png@01D10DD2.7FC81F90][image:
> cid:image003.png@01D10DD2.7FC81F90] <+13142121814>[image:
> cid:image004.png@01D10DD2.7FC81F90]
>
> “The most powerful person in the world is the story teller. The
> storyteller sets the vision, values and agenda of an entire generation that
> is to come” – Steve Jobs
>
> "Leaders who don't listen will eventually be surrounded by people who have
> nothing to say" --- Andy Stanley
>
> "Worry less about who you might offend, and more about who you might
> inspire" -- Tim Allen
>
> “Imagination is more important than knowledge.”  -- Albert Einstein
>
> “If you can raise the level of effort and performance in those around you,
> you are officially a leader” – Urban Meyer
>
> “The greatest danger for most of us is not that our aim is too high and we
> miss it, but that it is too low and we reach it.” -- Michelangelo Buonarroti
>
> “Mediocore managers play checkers (assuming everyone is the same). Great
> managers play chess (acknowledging that everyone is unique)” – Marcus
> Buckingham
>
> “If you’re not failing every now and again, it’s a sign you’re not doing
> anything very innovative” – Woody Allen
>
>
>
> *Click here to join me in my Collaboration Meeting Room
> *
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS Docker

[Guru Shetty]

On Sun, 7 Apr 2019 at 11:39, Tu Nguyen Phuoc 
wrote:

> Hi OVS Community.
> I have 1 Physical host which had docker and ovs installed.
> I want to set up 2 ovs bridges (ovsbr1 and ovsbr2), each bridge has 1
> container connects to (h1 and h2), here is my set up:
>  On Physical host 
> *** Create 2 bridges ***
>
> *# ovs-vsctl add-br ovsbr1# ovs-vsctl add-br ovsbr2*
> *** Set ip for bridges 
>
> *# ifconfig ovsbr1 172.16.1.1 netmask 255.255.255.0 up*
> *# ifconfig ovsbr2 172.16.2.1 netmask 255.255.255.0 up*
> *** Connect 2 containers to 2 bridges ***
>
> *# ovs-docker add-port ovs-br1 eth1 h1 --ipaddress=172.16.1.10/24
>  # ovs-docker add-port ovs-br2 eth1 h2
> --ipaddress=172.16.2.10/24    *
> *** Create link (for LLDP SDN) between ovsbr1 - ovsbr2 ***
> *# ip link add veth1 type veth peer name veth2*
> *# ifconfig veth1 up*
> *# ifconfig veth2 up*
> *# ovs-vsctl add-port ovsbr1 veth1*
> *# ovs-vsctl add-port ovsbr2 veth2*
>
> I've connected 2 ovs bridges to Floodlight and they worked fine. But when
> i removed *docker0 (default docker NIC)* on each container, the
> containers cannot ping each other through *eth1*.
>
> What is my mistake? How can the containers communicate through the NIC
> eth1 that ovs-docker command added on them?
>
> Thanks in advance. I appreciate any response (sorry my my bad English btw)
>

Looks like you are trying to connect 2 different networks together. You
will need something that acts a router in-between. That can either be flows
or a network namespace.


> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] How about give a simplify kernel version OVS used in Docker network?

[Guru Shetty]

On Tue, 13 Nov 2018 at 21:53, Sam  wrote:

> And why OVS take high CPU cost?
>

My simplistic guess is that you have created a loop in your network with
OVS. Or your SDN flows are inefficient. For a simple setup, there should
really be not much difference with CPU between linux bridge and OVS.





> Sam  于2018年11月14日周三 下午1:51写道：
>
>> Hi all,
>>
>> When I'm using Docker network, I choose linux bridge, as OVS will take
>> high CPU cost. I think most user will encounter this problem.
>>
>> But also I want to use openflow and SDN. So how about give a simplify
>> kernel version OVS used in Docker network ?
>>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] "ovs|01253|reconnect|ERR|tcp:127.0.0.1:50814: no response to inactivity probe after 5.01 seconds, disconnecting" messages and lost packets

[Guru Shetty]

On Thu, 27 Sep 2018 at 13:17, Jean-Philippe Méthot <
jp.met...@planethoster.info> wrote:

> 1. Who is at 127.0.0.1:6633?  This is likely a openflow controller.
>
>
> That would be the neutron-openvswitch-agent, so the openstack service
> managing openvswitch.
>
> 2. What does `ovs-vsctl list controller` say?
>
> _uuid   : ff2dca74-9628-43c8-b89c-8d2f1242dd3f
> connection_mode : out-of-band
> controller_burst_limit: []
> controller_rate_limit: []
> enable_async_messages: []
> external_ids: {}
> inactivity_probe: []
> is_connected: false
> local_gateway   : []
> local_ip: []
> local_netmask   : []
> max_backoff : []
> other_config: {}
> role: other
> status  : {last_error="Connection timed out",
> sec_since_connect="22", sec_since_disconnect="1", state=BACKOFF}
> target  : "tcp:127.0.0.1:6633"
>

The above tells that ovs-vswitchd is complaining in its logs about your
agent at 6633 cannot be connected to. So I would start looking at what is
the agent doing at this time. And probably ask for more questions around
this in a OpenStack mailing list. May be at the scale you are running, the
OpenStack agent is struggling.

The ovsdb-server error is also likely because of the same reason.





>
> _uuid   : 4f9ae2d1-4f1b-460c-b2bc-c96d24f445bb
> connection_mode : out-of-band
> controller_burst_limit: []
> controller_rate_limit: []
> enable_async_messages: []
> external_ids: {}
> inactivity_probe: []
> is_connected: false
> local_gateway   : []
> local_ip: []
> local_netmask   : []
> max_backoff : []
> other_config: {}
> role: other
> status  : {last_error="Connection timed out",
> sec_since_connect="1284", sec_since_disconnect="14", state=CONNECTING}
> target  : "tcp:127.0.0.1:6633"
>
> _uuid   : 1b503dbf-3117-45c2-9e2b-0f50cb48554b
> connection_mode : out-of-band
> controller_burst_limit: []
> controller_rate_limit: []
> enable_async_messages: []
> external_ids: {}
> inactivity_probe: []
> is_connected: false
> local_gateway   : []
> local_ip: []
> local_netmask   : []
> max_backoff : []
> other_config: {}
> role: other
> status  : {last_error="Connection timed out",
> sec_since_connect="22", sec_since_disconnect="1", state=BACKOFF}
> target  : "tcp:127.0.0.1:6633 »
>
> 3. What does `ovs-vsctl list manager` say?
>
>
> _uuid   : 7f6c413f-972e-4ef2-89dd-1fa6078abcfe
> connection_mode : []
> external_ids: {}
> inactivity_probe: []
> is_connected: false
> max_backoff : []
> other_config: {}
> status  : {bound_port="6640", sec_since_connect="0",
> sec_since_disconnect="0"}
> target  : "ptcp:6640:127.0.0.1"
>
> 4. ovs-appctl -t ovsdb-server ovsdb-server/list-remotes
>
>
> db:Open_vSwitch,Open_vSwitch,manager_options
> punix:/var/run/openvswitch/db.sock
>
> 5. What does 'ps -ef | grep ovs' say?
>
>
> openvsw+   939 1  0 19:45 ?00:00:49 ovsdb-server
> /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info
> --remote=punix:/var/run/openvswitch/db.sock
> --private-key=db:Open_vSwitch,SSL,private_key
> --certificate=db:Open_vSwitch,SSL,certificate
> --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --user
> openvswitch:hugetlbfs --no-chdir
> --log-file=/var/log/openvswitch/ovsdb-server.log
> --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
> openvsw+  1013 1 11 19:45 ?00:17:46 ovs-vswitchd
> unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info
> --mlockall --user openvswitch:hugetlbfs --no-chdir
> --log-file=/var/log/openvswitch/ovs-vswitchd.log
> --pidfile=/var/run/openvswitchovs-vswitchd.pid --detach
> neutron  25792  2414  0 22:16 ?00:00:00 ovsdb-client monitor tcp:
> 127.0.0.1:6640 Bridge name --format=json
>
> Jean-Philippe Méthot
> Openstack system administrator
> Administrateur système Openstack
> PlanetHoster inc.
>
>
>
>
> Le 27 sept. 2018 à 16:09, Guru Shetty  a écrit :
>
>
>
> On Thu, 27 Sep 2018 at 12:52, Jean-Philippe Méthot <
> jp.met...@planethoster.info> wrote:
>
>> Sorry, the log file is ovsdb-server.log. ovs-vswitchd.log as the other
>> counterpart of this error it seems:
>>
>> 2018-09-27T19:38:01.217

Re: [ovs-discuss] "ovs|01253|reconnect|ERR|tcp:127.0.0.1:50814: no response to inactivity probe after 5.01 seconds, disconnecting" messages and lost packets

[Guru Shetty]

ovs-vswitchd is multi-threaded. ovsdb-server is single threaded.
(You did not answer my question about the file from which the logs were
printed in your email)

Who is at 127.0.0.1:45928 and 127.0.0.1:45930?

On Thu, 27 Sep 2018 at 11:14, Jean-Philippe Méthot <
jp.met...@planethoster.info> wrote:

> Thank you for your reply.
>
> This is Openstack with ml2 plugin. There’s no other 3rd party application
> used with our network, so no OVN or anything of the sort. Essentially, to
> give a quick idea of the topology, we have our vms on our compute nodes
> going through GRE tunnels toward network nodes where they are routed in
> network namespace toward a flat external network.
>
> Generally, the above indicates that a daemon fronting a Open vSwitch
> database hasn't been able to connect to its client. Usually happens when
> CPU consumption is very high.
>
>
> Our network nodes CPU are literally sleeping. Is openvswitch single-thread
> or multi-thread though? If ovs overloaded a single thread, it’s possible I
> may have missed it.
>
> Jean-Philippe Méthot
> Openstack system administrator
> Administrateur système Openstack
> PlanetHoster inc.
>
>
>
>
> Le 27 sept. 2018 à 14:04, Guru Shetty  a écrit :
>
>
>
> On Wed, 26 Sep 2018 at 12:59, Jean-Philippe Méthot via discuss <
> ovs-discuss@openvswitch.org> wrote:
>
>> Hi,
>>
>> I’ve been using openvswitch for my networking backend on openstack for
>> several years now. Lately, as our network has grown, we’ve started noticing
>> some intermittent packet drop accompanied with the following error message
>> in openvswitch:
>>
>> 2018-09-26T04:15:20.676Z|5|reconnect|ERR|tcp:127.0.0.1:45928: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:15:20.677Z|6|reconnect|ERR|tcp:127.0.0.1:45930: no
>> response to inactivity probe after 5 seconds, disconnecting
>>
>
> Open vSwitch is a project with multiple daemons. Since you are using
> OpenStack, it is not clear from your message, what type of networking
> plugin you are using. Do you use OVN?
> Also, you did not mention from which file you have gotten the above errors.
>
> Generally, the above indicates that a daemon fronting a Open vSwitch
> database hasn't been able to connect to its client. Usually happens when
> CPU consumption is very high.
>
>
>
>> 2018-09-26T04:15:30.409Z|7|reconnect|ERR|tcp:127.0.0.1:45874: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:15:33.661Z|8|reconnect|ERR|tcp:127.0.0.1:45934: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:15:33.847Z|9|reconnect|ERR|tcp:127.0.0.1:45894: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:16:03.247Z|00010|reconnect|ERR|tcp:127.0.0.1:45958: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:16:21.534Z|00011|reconnect|ERR|tcp:127.0.0.1:45956: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:16:21.786Z|00012|reconnect|ERR|tcp:127.0.0.1:45974: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:16:47.085Z|00013|reconnect|ERR|tcp:127.0.0.1:45988: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:16:49.618Z|00014|reconnect|ERR|tcp:127.0.0.1:45982: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:16:53.321Z|00015|reconnect|ERR|tcp:127.0.0.1:45964: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:17:15.543Z|00016|reconnect|ERR|tcp:127.0.0.1:45986: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:17:24.767Z|00017|reconnect|ERR|tcp:127.0.0.1:45990: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:17:31.735Z|00018|reconnect|ERR|tcp:127.0.0.1:45998: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:20:12.593Z|00019|reconnect|ERR|tcp:127.0.0.1:46014: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:23:51.996Z|00020|reconnect|ERR|tcp:127.0.0.1:46028: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:25:12.187Z|00021|reconnect|ERR|tcp:127.0.0.1:46022: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:25:28.871Z|00022|reconnect|ERR|tcp:127.0.0.1:46056: no
>> response to inactivity probe after 5 seconds, disconnecting
>> 2018-09-26T04:27:11.663Z|00023|reconnect|ERR|tcp:127.0.0.1:46046: no
>> response to inactivity probe af

Re: [ovs-discuss] "ovs|01253|reconnect|ERR|tcp:127.0.0.1:50814: no response to inactivity probe after 5.01 seconds, disconnecting" messages and lost packets

[Guru Shetty]

On Wed, 26 Sep 2018 at 12:59, Jean-Philippe Méthot via discuss <
ovs-discuss@openvswitch.org> wrote:

> Hi,
>
> I’ve been using openvswitch for my networking backend on openstack for
> several years now. Lately, as our network has grown, we’ve started noticing
> some intermittent packet drop accompanied with the following error message
> in openvswitch:
>
> 2018-09-26T04:15:20.676Z|5|reconnect|ERR|tcp:127.0.0.1:45928: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:15:20.677Z|6|reconnect|ERR|tcp:127.0.0.1:45930: no
> response to inactivity probe after 5 seconds, disconnecting
>

Open vSwitch is a project with multiple daemons. Since you are using
OpenStack, it is not clear from your message, what type of networking
plugin you are using. Do you use OVN?
Also, you did not mention from which file you have gotten the above errors.

Generally, the above indicates that a daemon fronting a Open vSwitch
database hasn't been able to connect to its client. Usually happens when
CPU consumption is very high.



> 2018-09-26T04:15:30.409Z|7|reconnect|ERR|tcp:127.0.0.1:45874: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:15:33.661Z|8|reconnect|ERR|tcp:127.0.0.1:45934: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:15:33.847Z|9|reconnect|ERR|tcp:127.0.0.1:45894: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:16:03.247Z|00010|reconnect|ERR|tcp:127.0.0.1:45958: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:16:21.534Z|00011|reconnect|ERR|tcp:127.0.0.1:45956: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:16:21.786Z|00012|reconnect|ERR|tcp:127.0.0.1:45974: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:16:47.085Z|00013|reconnect|ERR|tcp:127.0.0.1:45988: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:16:49.618Z|00014|reconnect|ERR|tcp:127.0.0.1:45982: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:16:53.321Z|00015|reconnect|ERR|tcp:127.0.0.1:45964: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:17:15.543Z|00016|reconnect|ERR|tcp:127.0.0.1:45986: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:17:24.767Z|00017|reconnect|ERR|tcp:127.0.0.1:45990: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:17:31.735Z|00018|reconnect|ERR|tcp:127.0.0.1:45998: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:20:12.593Z|00019|reconnect|ERR|tcp:127.0.0.1:46014: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:23:51.996Z|00020|reconnect|ERR|tcp:127.0.0.1:46028: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:25:12.187Z|00021|reconnect|ERR|tcp:127.0.0.1:46022: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:25:28.871Z|00022|reconnect|ERR|tcp:127.0.0.1:46056: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:27:11.663Z|00023|reconnect|ERR|tcp:127.0.0.1:46046: no
> response to inactivity probe after 5 seconds, disconnecting
> 2018-09-26T04:29:56.161Z|00024|jsonrpc|WARN|tcp:127.0.0.1:46018: receive
> error: Connection reset by peer
> 2018-09-26T04:29:56.161Z|00025|reconnect|WARN|tcp:127.0.0.1:46018:
> connection dropped (Connection reset by peer)
>
> This definitely kills the connection for a few seconds before it
> reconnects. So, I’ve been wondering, what is this probe and what is really
> happening here? What’s the cause and is there a way to fix this?
>
> Openvswitch version is 2.9.0-3 on CentOS 7 with Openstack Pike running on
> it (but the issues show up on Queens too).
>
>
> Jean-Philippe Méthot
> Openstack system administrator
> Administrateur système Openstack
> PlanetHoster inc.
>
>
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS 2.10 geneve errors

[Guru Shetty]

I should clarify that I am seeing this in kernel datapath. I realized that
my usage of "userspace geneve tunnels" can be misleading.

On Mon, 20 Aug 2018 at 21:22, Guru Shetty  wrote:

> Hello All,
>   Looks like with OVS 2.10, we cannot create more than 2 userspace geneve
> tunnels.
> You get an error that says: could not add network device geneve23 to
> ofproto (Device or resource busy)
>
> e.g:
>
> vagrant@k8smaster:~$ sudo ovs-vsctl show
> 86d11177-d982-48f9-a08e-c9f6f6587215
> Bridge "br0"
> Port "geneve23"
> Interface "geneve23"
> type: geneve
> options: {remote_ip="192.168.0.3"}
> error: "could not add network device geneve23 to ofproto
> (Device or resource busy)"
> Port "br0"
> Interface "br0"
> type: internal
>Bridge br-int
> fail_mode: secure
> Port "k8s-patch-br-int-br-localnet"
> Interface "k8s-patch-br-int-br-localnet"
> type: patch
> options: {peer="k8s-patch-br-localnet-br-int"}
> Port "ovn-d18708-0"
> Interface "ovn-d18708-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.10.0.12"}
> Port "26dfc422a6875c2"
> Interface "26dfc422a6875c2"
> Port br-int
> Interface br-int
> type: internal
> Port "ovn-8abe64-0"
> Interface "ovn-8abe64-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.10.0.13"}
> error: "could not add network device ovn-8abe64-0 to
> ofproto (Device or resource busy)"
>
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] OVS 2.10 geneve errors

[Guru Shetty]

Hello All,
  Looks like with OVS 2.10, we cannot create more than 2 userspace geneve
tunnels.
You get an error that says: could not add network device geneve23 to
ofproto (Device or resource busy)

e.g:

vagrant@k8smaster:~$ sudo ovs-vsctl show
86d11177-d982-48f9-a08e-c9f6f6587215
Bridge "br0"
Port "geneve23"
Interface "geneve23"
type: geneve
options: {remote_ip="192.168.0.3"}
error: "could not add network device geneve23 to ofproto
(Device or resource busy)"
Port "br0"
Interface "br0"
type: internal
   Bridge br-int
fail_mode: secure
Port "k8s-patch-br-int-br-localnet"
Interface "k8s-patch-br-int-br-localnet"
type: patch
options: {peer="k8s-patch-br-localnet-br-int"}
Port "ovn-d18708-0"
Interface "ovn-d18708-0"
type: geneve
options: {csum="true", key=flow, remote_ip="10.10.0.12"}
Port "26dfc422a6875c2"
Interface "26dfc422a6875c2"
Port br-int
Interface br-int
type: internal
Port "ovn-8abe64-0"
Interface "ovn-8abe64-0"
type: geneve
options: {csum="true", key=flow, remote_ip="10.10.0.13"}
error: "could not add network device ovn-8abe64-0 to
ofproto (Device or resource busy)"
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] [ovs-dev] ovsdb-server core dump and ovsdb corruption using raft cluster

[Guru Shetty]

I was able to reproduce it. I will work with Ben to get this fixed.

On 26 July 2018 at 23:14, Girish Moodalbail  wrote:

> Hello Ben,
>
> Sorry, got distracted with something else at work. I am still able to
> reproduce the issue, and this is what I have and what I did
> (if you need the core, let me know and I can share it with you)
>
> - 3-cluster RAFT setup in Ubuntu VM (2 VCPUs with 8GB RAM)
>   $ uname -r
>   Linux u1804-HVM-domU 4.15.0-23-generic #25-Ubuntu SMP Wed May 23
> 18:02:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
>
> - On all of the VMs, I have installed openvswitch-switch=2.9.2,
> openvswitch-dbg=2.9.2, and ovn-central=2.9.2
>   (all of these packages are from http://packages.wand.net.nz/)
>
> - I bring up the node in the cluster one after the other -- leader 1st and
> followed by two followers
> - I check for cluster status and everything is healthy
> - ovn-nbctl show and ovn-sbctl show is all empty
>
> - on the leader with OVN_NB_DB set to comma-separated-NB connection
> strings I did
>for i in `seq 1 50`; do ovn-nbclt ls-add ls$i; ovn-nbctl lsp-add ls$i
> port0_$i; done
>
> - Check for the presence of 50 logical switches and 50 logical ports (one
> on each switch). Compact the database on all the nodes.
>
> - Next I try to delete the ports and whilst the deletion is happening I
> run compact on one of the followers
>
>   leader_node# for i in `seq  1 50`; do ovn-nbctl lsp-del port0_$i;done
>   follower_node# ovs-appctl -t /var/run/openvswitch/ovnnb_db.ctl
> ovsdb-server/compact OVN_Northbound
>
> - On the follower node I see the crash:
>
> ● ovn-central.service - LSB: OVN central components
>Loaded: loaded (/etc/init.d/ovn-central; generated)
>Active: active (running) since Thu 2018-07-26 22:48:53 PDT; 19min ago
>  Docs: man:systemd-sysv-generator(8)
>   Process: 21883 ExecStop=/etc/init.d/ovn-central stop (code=exited,
> status=0/SUCCESS)
>   Process: 21934 ExecStart=/etc/init.d/ovn-central start (code=exited,
> status=0/SUCCESS)
> Tasks: 10 (limit: 4915)
>CGroup: /system.slice/ovn-central.service
>├─22047 ovsdb-server: monitoring pid 22134 (*1 crashes: pid
> 22048 died, killed (Aborted), core dumped*
>├─22059 ovsdb-server: monitoring pid 22060 (healthy)
>├─22060 ovsdb-server -vconsole:off -vfile:info
> --log-file=/var/log/openvswitch/ovsdb-server-sb.log -
>├─22072 ovn-northd: monitoring pid 22073 (healthy)
>├─22073 ovn-northd -vconsole:emer -vsyslog:err -vfile:info
> --ovnnb-db=tcp:10.0.7.33:6641,tcp:10.0.7.
>└─22134 ovsdb-server -vconsole:off -vfile:info
> --log-file=/var/log/openvswitch/ovsdb-server-nb.log
>
>
> Same call trace and reason:
>
> #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> #1  0x7f79599a1801 in __GI_abort () at abort.c:79
> #2  0x5596879c017c in json_serialize (json=,
> s=) at ../lib/json.c:1554
> #3  0x5596879c01eb in json_serialize_object_member (i=,
> s=, node=, node=) at
> ../lib/json.c:1583
> #4  0x5596879c0132 in json_serialize_object (s=0x7ffc17013bf0,
> object=0x55968993dcb0) at ../lib/json.c:1612
> #5  json_serialize (json=, s=0x7ffc17013bf0) at
> ../lib/json.c:1533
> #6  0x5596879c249c in json_to_ds (json=json@entry=0x559689950670,
> flags=flags@entry=0, ds=ds@entry=0x7ffc17013c80) at ../lib/json.c:1511
> #7  0x5596879ae8df in ovsdb_log_compose_record 
> (json=json@entry=0x559689950670,
> magic=0x55968993dc60 "CLUSTER", header=header@entry=0x7ffc17013c60,
> data=data@entry=0x7ffc17013c80) at ../ovsdb/log.c:570
> #8  0x5596879aebbf in ovsdb_log_write (file=0x5596899b5df0,
> json=0x559689950670) at ../ovsdb/log.c:618
> #9  0x5596879aed3e in ovsdb_log_write_and_free 
> (log=log@entry=0x5596899b5df0,
> json=0x559689950670) at ../ovsdb/log.c:651
> #10 0x5596879b0954 in raft_write_snapshot (raft=raft@entry=0x5596899151a0,
> log=0x5596899b5df0, new_log_start=new_log_start@entry=166,
> new_snapshot=new_snapshot@entry=0x7ffc17013e30) at
> ../ovsdb/raft.c:3588
> #11 0x5596879b0ec3 in raft_save_snapshot (raft=raft@entry=0x5596899151a0,
> new_start=new_start@entry=166, new_snapshot=new_snapshot@
> entry=0x7ffc17013e30)
> at ../ovsdb/raft.c:3647
> #12 0x5596879b8aed in raft_store_snapshot (raft=0x5596899151a0,
> new_snapshot_data=new_snapshot_data@entry=0x5596899505f0) at
> ../ovsdb/raft.c:3849
> #13 0x5596879a579e in ovsdb_storage_store_snapshot__
> (storage=0x5596899137a0, schema=0x559689938ca0, data=0x559689946ea0) at
> ../ovsdb/storage.c:541
> #14 0x5596879a625e in ovsdb_storage_store_snapshot
> (storage=0x5596899137a0, schema=schema@entry=0x559689938ca0,
> data=data@entry=0x559689946ea0) at ../ovsdb/storage.c:568
> #15 0x55968799f5ab in ovsdb_snapshot (db=0x5596899137e0) at
> ../ovsdb/ovsdb.c:519
> #16 0x559687999f23 in ovsdb_server_compact (conn=0x559689938440,
> argc=, argv=, dbs_=0x7ffc170141c0) at
> ../ovsdb/ovsdb-server.c:1443
> #17 0x5596879d9cc0 in 

Re: [ovs-discuss] Bugs in /etc/init.d/openvswitch-switch restart

[Guru Shetty]

How did you configure OVS?
You should use:
./configure --prefix=/usr --localstatedir=/var  --sysconfdir=/etc
--enable-ssl

On 25 July 2018 at 23:17, Vikas Kumar  wrote:

>
> hi Team,
> when i am trying to restart the vswitch daemon i am getting the below erro:
>
> 2018-07-26T06:12:08Z|1|unixctl|WARN|failed to connect to
> /var/run/openvswitch/ovsdb-server.12908.ctl
> ovs-appctl: cannot connect to "/var/run/openvswitch/ovsdb-server.12908.ctl"
> (No such file or directory)
>
> Could any one suggest me how to resolve this?
>
> Thanks
> Vikash
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] bugs in script which is not creating openvswitch-switch

[Guru Shetty]

A 'make install' does not install the startup script. You can copy it over
manually. E.g : cp debian/openvswitch-switch.init
/etc/init.d/openvswitch-switch

On 23 July 2018 at 01:23, Vikas Kumar  wrote:

> hi Team,
> i was trying to restart the openvswitch daemon using the below script:
> /etc/init.d/openvswitch-switch, i have download 2.9.0 version of ovs
> source code. after building the source code using below commads:
> ./boot.sh
> ./configure
> make
> make install
>
> but, i got an error, saying no such script /etc/init.d/openvswitch-switch
> found. could any one  tell what is the problem?
>
> Thanks
> Vikash
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] SDN networkslower than physical network

[Guru Shetty]

Since this is the same host, your 25 Gbps physical network does not come to
picture. Neither does VXLAN as both the VMs are in the same host. I would
suggest trying the following experiments.

1. Multiple sessions of netperf/iperf.
2. Sometimes, your VM's virtual NIC is the bottleneck. So if you use
para-vritualized virtual NICs, you will likely get higher throughput.
3.  I would suggest adding 2 more VMs and running multiple sessions of
netperf/iperf to see your throughput increase.

On 5 July 2018 at 23:10, Manuel Sopena Ballesteros 
wrote:

> Dear OVS community,
>
>
>
> First of all, I am not sure if this is the right place for this question
> but I think it is worth to try.
>
>
>
> I installed openstack pike with ovs supporting the SDN virtual switches
> and had the impression that my SDN was not fast enough. Please see my
> configuration below:
>
>
>
> ·Physical compute hosts connected through a 25Gbps network.
>
> ·Each compute node has 64 cpus and 512 GB RAM.
>
>
>
> For some reason I could not get more than 10Gbps bandwidth of intra-subnet
> traffic (no routing) across 2 vms living in same physical host with VXLAN
> offload configured.
>
>
>
> I tested the network performance using iperf and iperf3 with multiple
> threads in parallel.
>
> No other vm was running in the system and the vms were only instantiated
> to run this network performance test so there were no shortage of resources
>
>
>
> Because the SDN traffic was within same compute node and same network (no
> routing involved) I am guessing that poor performance has something to do
> with OVS running in cpu but I have no clue to prove my theory. I am hoping
> someone in this email list would clarify if I am in the right direction or
> not and why.
>
>
>
> Thank you very much
>
>
>
> *Manuel Sopena Ballesteros *| Big data Engineer
> *Garvan Institute of Medical Research *
> The Kinghorn Cancer Centre, 370 Victoria Street, Darlinghurst, NSW 2010
> *T:* + 61 (0)2 9355 5760 | *F:* +61 (0)2 9295 8507 | *E:*
> manuel...@garvan.org.au
>
>
> NOTICE
> Please consider the environment before printing this email. This message
> and any attachments are intended for the addressee named and may contain
> legally privileged/confidential/copyright information. If you are not the
> intended recipient, you should not read, use, disclose, copy or distribute
> this communication. If you have received this message in error please
> notify us at once by return email and then delete both messages. We accept
> no liability for the distribution of viruses or similar in electronic
> communications. This notice should not be removed.
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] unable to bring up simple switch with "eno1" interface for ethernet

[Guru Shetty]

>
>
> So, if I build OVS from source, am I going to have the same problem? It
> seems that everything in Squeeze is systemd? I guess I could try and
> see. Will the init.d script work?
>
>
You said it is OVS 2.6.2. First thing to do is to simply modify your
/etc/init.d/openvswitch-switch to include the following 2 lines and see
what happens.
https://github.com/openvswitch/ovs/blob/master/debian/openvswitch-switch.init#L30-L31

You can build OVS 2.9.x from the repo and install it. Before installing it,
make sure to purge the old installation.


>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] unable to bring up simple switch with "eno1" interface for ethernet

[Guru Shetty]

On 3 July 2018 at 10:44, Brian E. Lavender  wrote:

> I am using the package that comes with Debian Stretch. Is there an Open
> vSwitch Debian repository?
>
> Or, should I build the package from source using the latest source? I
> take it already has the debian/rules ?
>

Yes. You can build debian packages by following:
http://docs.openvswitch.org/en/latest/intro/install/debian/

Tangentially, Which version of OVS are you installing?

Do you have OVS systemd files in your machine? (e.g
/lib/systemd/system/ovsdb-server.service).  (OVS repo does not provide any.
We just provide /etc/init.d/openvswitc-switch script).


>
> brian
>
> On Tue, Jul 03, 2018 at 10:39:03AM -0700, Guru Shetty wrote:
> >On 1 July 2018 at 22:37, Brian E. Lavender <[1]br...@brie.com> wrote:
> >
> >  Turns out OVS got stuck in the systemd cycle. After waiting 5
> >  minutes,
> >  it came up.
> >
> >You are likely using packages from Canonical and not from this repo?
> >
> >  brian
> >
> >On Sun, Jul 01, 2018 at 09:06:48AM -0700, Brian E. Lavender wrote:
> >> I did a fresh install and tried things from scratch.
> >>
> >> I tried again bringing up the switch manually using the command line
> >and
> >> for some reason, when I attempt to do the same with
> >> /etc/network/interfaces, it doesn't work. The only thing that seems
> >> different from when I did this before is the fact that I have to
> >bring
> >> the link up on the device.
> >>
> >> ip link set dev eno1 up
> >> ovs-vsctl add-br br0
> >> ovs-vsctl add-port br0 eno1
> >> dhclient br0
> >>
> >> This is what I put in /etc/network/interfaces . It's what I thought
> >> worked before and seems pretty straight forward, but after boot, I
> >get
> >> no switch. :( Do I have to add something for the link up?
> >>
> >> allow-ovs br0
> >> iface br0 inet dhcp
> >> ovs_type OVSBridge
> >> ovs_ports eno1
> >>
> >> allow-br0 eno1
> >> iface eno1 inet manual
> >> ovs_bridge br0
> >> ovs_type OVSPort
> >>
> >> Any suggestions?
> >>
> >> On Sat, Jun 30, 2018 at 11:08:07PM -0700, Brian E. Lavender wrote:
> >> > I am using Debian and I am just trying to get a simple bridge
> going
> >and
> >> > connect the ethernet to it. It is an Intel NUC and the ethernet
> >shows up
> >> > as "eno1". I don't know why it doesn't come up as "eth0".
> >> >
> >> > iface eno1 inet dhcp
> >> > auto eno1
> >> >
> >> > But, if I replace that with the following, it doesn't come up.
> >> >
> >> > allow-ovs br0
> >> > iface br0 inet dhcp
> >> > ovs_type OVSBridge
> >> > ovs_ports eno1
> >> >
> >> > allow-br0 eno1
> >> > iface eno1 inet manual
> >> > ovs_bridge br0
> >> > ovs_type OVSPort
> >> >
> >> > I check the system and when I look at the output of "ip address",
> >it
> >> > shows DOWN for interface "eno1". If I do the following from the
> >command
> >> > line, the bridge comes up and I get an IP address. The "#"
> >indicates ran
> >> > as root.
> >> >
> >> > # ip link set dev eno1 up
> >> > # ovs-vsctl add-br br0
> >> > # ovs-vsctl add-port br0 eno1
> >> > # dhclient br0
> >> >
> >> > Is there something I am missing in my interfaces file on Debian?
> >> >
> >> > brian
> >> > --
> >> > Brian Lavender
> >> > [2]http://www.brie.com/brian/
> >> >
> >> > "There are two ways of constructing a software design. One way is
> >to
> >> > make it so simple that there are obviously no deficiencies. And
> the
> >other
> >> > way is to make it so complicated that there are no obvious
> >deficiencies."
> >> >
> >> > Professor C. A. R. Hoare
> >> > The 1980 Turing award lecture
> >> > ___
> >

Re: [ovs-discuss] unable to bring up simple switch with "eno1" interface for ethernet

[Guru Shetty]

On 1 July 2018 at 22:37, Brian E. Lavender  wrote:

> Turns out OVS got stuck in the systemd cycle. After waiting 5 minutes,
> it came up.
>
> You are likely using packages from Canonical and not from this repo?


> brian
>
> On Sun, Jul 01, 2018 at 09:06:48AM -0700, Brian E. Lavender wrote:
> > I did a fresh install and tried things from scratch.
> >
> > I tried again bringing up the switch manually using the command line and
> > for some reason, when I attempt to do the same with
> > /etc/network/interfaces, it doesn't work. The only thing that seems
> > different from when I did this before is the fact that I have to bring
> > the link up on the device.
> >
> > ip link set dev eno1 up
> > ovs-vsctl add-br br0
> > ovs-vsctl add-port br0 eno1
> > dhclient br0
> >
> > This is what I put in /etc/network/interfaces . It's what I thought
> > worked before and seems pretty straight forward, but after boot, I get
> > no switch. :( Do I have to add something for the link up?
> >
> > allow-ovs br0
> > iface br0 inet dhcp
> > ovs_type OVSBridge
> > ovs_ports eno1
> >
> > allow-br0 eno1
> > iface eno1 inet manual
> > ovs_bridge br0
> > ovs_type OVSPort
> >
> > Any suggestions?
> >
> > On Sat, Jun 30, 2018 at 11:08:07PM -0700, Brian E. Lavender wrote:
> > > I am using Debian and I am just trying to get a simple bridge going and
> > > connect the ethernet to it. It is an Intel NUC and the ethernet shows
> up
> > > as "eno1". I don't know why it doesn't come up as "eth0".
> > >
> > > iface eno1 inet dhcp
> > > auto eno1
> > >
> > > But, if I replace that with the following, it doesn't come up.
> > >
> > > allow-ovs br0
> > > iface br0 inet dhcp
> > > ovs_type OVSBridge
> > > ovs_ports eno1
> > >
> > > allow-br0 eno1
> > > iface eno1 inet manual
> > > ovs_bridge br0
> > > ovs_type OVSPort
> > >
> > > I check the system and when I look at the output of "ip address", it
> > > shows DOWN for interface "eno1". If I do the following from the command
> > > line, the bridge comes up and I get an IP address. The "#" indicates
> ran
> > > as root.
> > >
> > > # ip link set dev eno1 up
> > > # ovs-vsctl add-br br0
> > > # ovs-vsctl add-port br0 eno1
> > > # dhclient br0
> > >
> > > Is there something I am missing in my interfaces file on Debian?
> > >
> > > brian
> > > --
> > > Brian Lavender
> > > http://www.brie.com/brian/
> > >
> > > "There are two ways of constructing a software design. One way is to
> > > make it so simple that there are obviously no deficiencies. And the
> other
> > > way is to make it so complicated that there are no obvious
> deficiencies."
> > >
> > > Professor C. A. R. Hoare
> > > The 1980 Turing award lecture
> > > ___
> > > discuss mailing list
> > > disc...@openvswitch.org
> > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> >
> > --
> > Brian Lavender
> > http://www.brie.com/brian/
> >
> > "There are two ways of constructing a software design. One way is to
> > make it so simple that there are obviously no deficiencies. And the other
> > way is to make it so complicated that there are no obvious deficiencies."
> >
> > Professor C. A. R. Hoare
> > The 1980 Turing award lecture
>
>
>
> > ___
> > discuss mailing list
> > disc...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
> --
> Brian Lavender
> http://www.brie.com/brian/
>
> "There are two ways of constructing a software design. One way is to
> make it so simple that there are obviously no deficiencies. And the other
> way is to make it so complicated that there are no obvious deficiencies."
>
> Professor C. A. R. Hoare
> The 1980 Turing award lecture
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Seeking help on bringing up ovs defined network at boot under Ubuntu bionic

[Guru Shetty]

On 28 June 2018 at 11:58, Stephen V. Nesbitt 
wrote:

> Noob alert! I am looking for a recipe that will configure an OVS defined
> network at boot on Ubuntu bionic.
>
> My ovs network comprises the following:
>
> * switch0
>
> * enp3s0 - physical NIC defined as a port tagged with 100 and marked as
> vlan_mode=native-untagged
>
> * vnet100 - port tagged with 100 and set with an internal interface
>
> * vlan100 - a fake bridge (add-br vlan100 switch0 100) which gets the ip
> address
>
> As far as I can tell this is working - my host system is attached to the
> 192.168.0.1/26 and I can give containers access to this network using
> vlan100.
>
> What I don't know how to do is setup an Ubuntu bionic system to bring this
> network up at boot. I've looked at the following options:
>
> * Netplan - doesn't look like it will support this.
>
> * Systemd-networkd - maybe, but it is unclear how.
>

Read this after you read my comment further down below.

We are exploring how to integrate better with systemd. We haven't
completely thought it through. My initial thoughts are that we will likely
have OVS startup scripts call a hook which will execute a bunch of user
defined ovs-vsctl calls. When the device appears, systemd should
automatically setup DNS/DHCP for the interface based on entry
in /etc/systemd/network/ifcfg-*


>
> * switch to ifupdown and define an interfaces file using allow-ovs stanzas.
>
> I've spent most of my time looking at ifupdown. But simply can't get it to
> work. Specifically my interfaces file is apparently ignored. I *think* this
> is caused because ifup needs to be called with the --allow=ovs option. But
> I have no idea how to enable this.
>

The OVS startup script here will call ifup --allow=ovs option after it has
started OVS daemons. See here:

https://github.com/openvswitch/ovs/blob/master/debian/openvswitch-switch.init#L40

But you likely has installed OVS with "apt-get install" from Ubuntu
packages. Ubuntu guys have added systemd startup scripts (not provided by
OVS repo) and that skips the init.d script.

The above only works for allow-ovs stanzas in /etc/network/interfaces and
not in  /etc/systemd/network. I am not very familiar with your system.


> Other questions include whether I need to add an
> openvswitch-nonetwork.system file to ensure the openvswitch is enabled
> prior to bringing up the network and whether the auto clause is needed (and
> where) with the interface definition.
>
> If someone could provide - or point me to - a recipe I'd be very
> appreciative.
>
> Thx in advance,
>
>
> -steve
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN IPAM

[Guru Shetty]

In tests/ovn.at, search for "ipam".

On 17 June 2018 at 14:27, Paul Greenberg  wrote:

> All,
>
> I want to get an IP address from OVN without using DHCP. I did not find a
> command line option to do so.
>
> How could one do it through OVSDB queries? Did anyone attempt it?
>
> Best Regards,
> Paul Greenberg
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Source NAT with OpenVSwitch failed

[Guru Shetty]

No, OVS NAT cannot do that. OVS NAT in your situation is more useful with a
controller that will program the OVS. And when a packet comes in that needs
to reach the gateway, the controller needs to 1. Create a ARP request for
the gateway's IP, collect the reply and update the flows such that future
packets know the MAC address.

On 2 May 2018 at 20:52, Wei-Yu Chen <aweimeow...@gmail.com> wrote:

> Hi Guru,
>
> Thanks for your reply, but I can’t make sure what MAC address for Gateway,
> doesn’t this should be automatic done by OVS NAT function?
>
>
>
> ---
> Best Regards,
>
> Wei-Yu Chen
> Wireless Internet Laboratory
> Department of Computer Science
> National Chiao Tung University
>
> On 30 April 2018 at 11:49:29 PM, Guru Shetty (g...@ovn.org) wrote:
>
>
>
> On 26 April 2018 at 06:41, Wei-Yu Chen <aweimeow...@gmail.com> wrote:
>
>> Hello all,
>>
>> Recently, I’m trying on SNAT with OVS, I tried to apply all possible
>> flows to OVS, but SNAT still don’t work, so I post this message for asking
>> your help.
>>
>> In my experiment environment, I used Ubuntu 16.04 with kernel version
>> 4.10.0–28-generic, and OVS’s version 2.9.0.
>>
>> I have a VM in my PC, connected VM and OVS with a Linux bridge, as
>> following illustrated:
>>
>> +———–+
>> | |
>> | +——+ +—–+ |
>> | +–+ br +———+ OVS | |
>> | | +——+ vnet2+—+-+ |
>> | | | |
>> | +–+——+ | |
>> | | VM | | |
>> | |10.1.1.2 | | |
>> | +———+ +—+—-+ |
>> | Ubuntu 16.04 | enp2s0 | |
>> ++——–+-+
>>
>> And OVS have 2 IP addresses, 10.1.1.1/24 and an public IP
>> address(140.113.x.x) original enp2s0 have. I attached vnet2 and enp2s0 on
>> my OVS.
>>
>> I referred many posts and wrote following script:
>>
>> #!/bin/sh
>> IN="vnet2"
>> OUT="enp2s0"
>>
>> flow1="in_port=$IN,ip,actions=ct(commit,zone=1,nat(src=10.1.1.1)),$OUT"
>> flow2="in_port=$OUT,ip,ct_state=-trk,actions=ct(zone=1,nat)"
>> flow3="in_port=$OUT,ip,ct_state=+trk,ct_zone=1,actions=$IN"
>>
>> # Add Flows
>> sudo ovs-ofctl add-flow $BR $flow1
>> sudo ovs-ofctl add-flow $BR $flow2
>> sudo ovs-ofctl add-flow $BR $flow3
>>
>> But I found ICMP echo to Google DNS from VM (nw_src=10.1.1.2,
>> nw_dst=8.8.8.8), when it passed to enp2s0, only source IP address changed
>> to 10.1.1.1, but source MAC address keep same as VM’s MAC, and destination
>> MAC address keep same as OVS’s MAC address. (VM’s default gateway is
>> 10.1.1.1/24, OVS’s vnet2 interface).
>>
> You need to change the MAC addresses too.
>
>
>
>> Tcpdump’s log:
>>
>> 10.1.1.1 > 8.8.8.8: ICMP echo request, id 725, seq 1, length 64
>> 21:12:09.413082 52:54:00:fd:d6:ce > 70:4d:7b:6e:16:e0, ethertype IPv4 
>> (0x0800), length 98: (tos 0x0, ttl 64, id 41649, offset 0, flags [DF], proto 
>> ICMP (1), length 84)
>>
>> I also tried to find reason by conntrack tool, but it shows only 10.1.1.2
>> have a NEW connection to 8.8.8.8 but didn’t get any reply.
>>
>> I can’t figure out why OVS’s SNAT didn’t work, do my flows have wrong?
>> Any suggestion and idea is appreciated, Thanks very much.
>>
>> P.s. Attachment is illustration snapshot, if illustrate broken in mail
>> viewer, please take a look on the attachment.
>>
>>
>> ---
>> Best Regards,
>>
>> Wei-Yu Chen
>> Wireless Internet Laboratory
>> Department of Computer Science
>> National Chiao Tung University
>>
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN load balancing on same subnet failing

[Guru Shetty]

On 9 March 2018 at 11:19, Ben Pfaff <b...@ovn.org> wrote:

> On Fri, Mar 02, 2018 at 09:40:07AM -0800, Guru Shetty wrote:
> > On 1 March 2018 at 21:09, Anil Venkata <anilvenk...@redhat.com> wrote:
> >
> > >
> > >
> > > On Fri, Mar 2, 2018 at 7:23 AM, Guru Shetty <g...@ovn.org> wrote:
> > >
> > >>
> > >>
> > >> On 27 February 2018 at 03:13, Anil Venkata <anilvenk...@redhat.com>
> > >> wrote:
> > >>
> > >>> For example, I have a 10.1.0.0/24 network and a load balancer is
> added
> > >>> to it with 10.1.0.10 as VIP and 10.1.0.2(MAC 50:54:00:00:00:01),
> > >>> 10.1.0.3(MAC 50:54:00:00:00:02) as members.
> > >>> ovn-nbctl  create load_balancer vips:10.1.0.10="10.1.0.2,10.1.0.3"
> > >>>
> > >>
> > >> We currently need the VIP to be in a different subnet. You should
> connect
> > >> switch it to a dummy logical router (or connect it to a external
> router).
> > >> Since a VIP is in a different subnet, it sends an ARP for logical
> router IP
> > >> and then things will work.
> > >>
> > >>
> > >
> > > Thanks Guru. Any reason for introducing this constraint(i.e VIP to be
> in a
> > > different subnet)? Can we address this limitation?
> > >
> >
> > It was just easy to implement with the constraint. You will need a ARP
> > responder for the VIP. And now, you will have to specify the mac address
> > for each VIP in the schema. So that is a bit of work - but not hard.
>
> Do we document the constraint?  If we do not, then that would be
> helpful.
>
I sent a patch:
https://patchwork.ozlabs.org/patch/884054/
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN load balancing on same subnet failing

[Guru Shetty]

On 1 March 2018 at 21:09, Anil Venkata <anilvenk...@redhat.com> wrote:

>
>
> On Fri, Mar 2, 2018 at 7:23 AM, Guru Shetty <g...@ovn.org> wrote:
>
>>
>>
>> On 27 February 2018 at 03:13, Anil Venkata <anilvenk...@redhat.com>
>> wrote:
>>
>>> For example, I have a 10.1.0.0/24 network and a load balancer is added
>>> to it with 10.1.0.10 as VIP and 10.1.0.2(MAC 50:54:00:00:00:01),
>>> 10.1.0.3(MAC 50:54:00:00:00:02) as members.
>>> ovn-nbctl  create load_balancer vips:10.1.0.10="10.1.0.2,10.1.0.3"
>>>
>>
>> We currently need the VIP to be in a different subnet. You should connect
>> switch it to a dummy logical router (or connect it to a external router).
>> Since a VIP is in a different subnet, it sends an ARP for logical router IP
>> and then things will work.
>>
>>
>
> Thanks Guru. Any reason for introducing this constraint(i.e VIP to be in a
> different subnet)? Can we address this limitation?
>

It was just easy to implement with the constraint. You will need a ARP
responder for the VIP. And now, you will have to specify the mac address
for each VIP in the schema. So that is a bit of work - but not hard.


>
>
>>>  When I try to send a request from client within the subnet(i.e
>>> 10.1.0.33) its not reaching any load balancer members.
>>> I noticed ARP not resolved for VIP 10.1.0.10.
>>>
>>> I tried to resolve this in two ways
>>> 1) Adding a new ARP reply ovs flow for VIP 10.1.0.10 with router port's
>>> MAC. When client tries to connect VIP, it will use router's MAC. Now router
>>> gets the packet after load balancing, and will forward the packet to
>>> appropriate member.
>>>
>>> 2) Second approach,
>>>a) Using a new MAC(example, 50:54:00:00:00:ab) for VIP 10.1.0.10, and
>>> adding a new ARP reply flow with this MAC.
>>>b) As we are not using router, when load balancing changes
>>> destination ip, VIP MAC has to be replaced with corresponding member's MAC
>>> i.e
>>>   sudo ovs-ofctl add-flow br-int "table=24,ip,priority=150,dl_d
>>> st=50:54:00:00:00:ab,nw_dst=10.1.0.2,action=mod_dl_dst:50:54
>>> :00:00:00:01,load:0x1->NXM_NX_REG15[],resubmit(,32)"
>>> sudo ovs-ofctl add-flow br-int "table=24,ip,priority=150,dl_d
>>> st=50:54:00:00:00:ab,nw_dst=10.1.0.3,action=mod_dl_dst:50:54
>>> :00:00:00:02,load:0x2->NXM_NX_REG15[],resubmit(,32)"
>>>
>>> Which approach will be better or is there any alternate solution?
>>>
>>> Thanks
>>> Anil
>>>
>>>
>>> ___
>>> discuss mailing list
>>> disc...@openvswitch.org
>>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>>
>>>
>>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN load balancing on same subnet failing

[Guru Shetty]

On 27 February 2018 at 03:13, Anil Venkata  wrote:

> For example, I have a 10.1.0.0/24 network and a load balancer is added to
> it with 10.1.0.10 as VIP and 10.1.0.2(MAC 50:54:00:00:00:01), 10.1.0.3(MAC
> 50:54:00:00:00:02) as members.
> ovn-nbctl  create load_balancer vips:10.1.0.10="10.1.0.2,10.1.0.3"
>

We currently need the VIP to be in a different subnet. You should connect
switch it to a dummy logical router (or connect it to a external router).
Since a VIP is in a different subnet, it sends an ARP for logical router IP
and then things will work.


>
>  When I try to send a request from client within the subnet(i.e 10.1.0.33)
> its not reaching any load balancer members.
> I noticed ARP not resolved for VIP 10.1.0.10.
>
> I tried to resolve this in two ways
> 1) Adding a new ARP reply ovs flow for VIP 10.1.0.10 with router port's
> MAC. When client tries to connect VIP, it will use router's MAC. Now router
> gets the packet after load balancing, and will forward the packet to
> appropriate member.
>
> 2) Second approach,
>a) Using a new MAC(example, 50:54:00:00:00:ab) for VIP 10.1.0.10, and
> adding a new ARP reply flow with this MAC.
>b) As we are not using router, when load balancing changes destination
> ip, VIP MAC has to be replaced with corresponding member's MAC i.e
>   sudo ovs-ofctl add-flow br-int "table=24,ip,priority=150,dl_
> dst=50:54:00:00:00:ab,nw_dst=10.1.0.2,action=mod_dl_dst:50:
> 54:00:00:00:01,load:0x1->NXM_NX_REG15[],resubmit(,32)"
> sudo ovs-ofctl add-flow br-int "table=24,ip,priority=150,dl_
> dst=50:54:00:00:00:ab,nw_dst=10.1.0.3,action=mod_dl_dst:50:
> 54:00:00:00:02,load:0x2->NXM_NX_REG15[],resubmit(,32)"
>
> Which approach will be better or is there any alternate solution?
>
> Thanks
> Anil
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ***SPAM*** Re: kubernetes - kubeadm problem with watcher

[Guru Shetty]

On 16 November 2017 at 09:26, Sébastien Bernard <sbern...@nerim.net> wrote:

> On 16/11/2017 13:08, Guru Shetty wrote:
>
>
>
> On 16 November 2017 at 01:56, Sébastien Bernard <sbern...@nerim.net>
> wrote:
>
>> Ok,
>>
>> I got to reproduce the error I had yesterday.
>>
>> Here's the path :
>>
>>   1- one vm with centos 7
>>
>>   2- install kubeadm v1.8.3
>>
>>   3- kubeadm init
>>
>>   4- install openvswitch (v2.8.1)
>>
>>   5- follow the instruction of set-master.sh
>>
>>   6- ln -s /etc/kubernetes/pki/ca.crt /etc/openvswitch/k8s-ca.crt
>>
>>   7- cp etc/ovn-k8s.conf /etc/openvswitch /
>>
>>   8- try to start ovn-k8s-watcher and watch it fails. See the log below.
>> Seems the watcher really needs a kubeconfig file to use.
>>
>> cmdline :
>>
>> ovn-k8s-watcher --overlay --pidfile --log-file -vfile:info
>> -vconsole:emer
>>
>> kubeadm init set RBAC by default. It seems the watcher is not able to
>> provide authentication.
>>
>
> You are right. I will work on a fix.
>
> ovn-k8s-watcher is able to look for a token in the external_ids.
>
> In get_api_params:
>
> k8s_api_token = ovs_vsctl("--if-exists", "get", "Open_vSwitch", ".",
>   "external_ids:k8s-api-token").strip('"')
> An then in stream_api function :
>
> if api_token:
> headers['Authorization'] = 'Bearer %s' % api_token
>
> So, it should missing a few configuration parameters  (a Role, a
> serviceaccount, and RoleBinding).
>
> I'll figure out something from flannel-rbac.yaml. It shouldn't be too
> different.
>

I got a bit of time to try kubeadm. One thing was that the port API server
was listening on was 6443. Since it was not using API token, I had to get
certificates from kubeconfig. A patch like this would work (after a 'pip
install kubernetes'. But the same change is needed at multiple places.

diff --git a/ovn_k8s/common/kubernetes.py b/ovn_k8s/common/kubernetes.py
index a837111..26f7bdd 100644
--- a/ovn_k8s/common/kubernetes.py
+++ b/ovn_k8s/common/kubernetes.py
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+from __future__ import absolute_import
 import json
 import requests

@@ -23,6 +24,9 @@ from ovn_k8s.common import exceptions
 from ovn_k8s.common.util import ovs_vsctl
 from ovn_k8s.common import variables

+import kubernetes
+import kubernetes.config
+
 CA_CERTIFICATE = config.get_option('k8s_ca_certificate')
 vlog = ovs.vlog.Vlog("kubernetes")

@@ -161,12 +165,19 @@ def set_pod_annotation(server, namespace, pod, key,
value):


 def _get_objects(url, namespace, resource_type, resource_id):
+kubernetes.config.load_kube_config()
+apiclient = kubernetes.config.new_client_from_config()
+
 ca_certificate, api_token = _get_api_params()

 headers = {}
 if api_token:
 headers['Authorization'] = 'Bearer %s' % api_token
-if ca_certificate:
+
+if apiclient.configuration.cert_file:
+   response = requests.get(url, headers=headers,
verify=apiclient.configuration.ssl_ca_cert,
+   cert=(apiclient.configuration.cert_file,
apiclient.configuration.key_file))
+elif ca_certificate:
 response = requests.get(url, headers=headers,
verify=ca_certificate)
 else:
 response = requests.get(url, headers=headers)



The client that I used to test was:

import ovn_k8s.common.kubernetes


pods = ovn_k8s.common.kubernetes.get_all_pods("https://10.33.75.67:6443;)

print pods


I need to think about what is a nice way to do this though...


>
> Seb
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] kubernetes - kubeadm problem with watcher

[Guru Shetty]

On 16 November 2017 at 01:56, Sébastien Bernard  wrote:

> Ok,
>
> I got to reproduce the error I had yesterday.
>
> Here's the path :
>
>   1- one vm with centos 7
>
>   2- install kubeadm v1.8.3
>
>   3- kubeadm init
>
>   4- install openvswitch (v2.8.1)
>
>   5- follow the instruction of set-master.sh
>
>   6- ln -s /etc/kubernetes/pki/ca.crt /etc/openvswitch/k8s-ca.crt
>
>   7- cp etc/ovn-k8s.conf /etc/openvswitch /
>
>   8- try to start ovn-k8s-watcher and watch it fails. See the log below.
> Seems the watcher really needs a kubeconfig file to use.
>
> cmdline :
>
> ovn-k8s-watcher --overlay --pidfile --log-file -vfile:info
> -vconsole:emer
>
> kubeadm init set RBAC by default. It seems the watcher is not able to
> provide authentication.
>

You are right. I will work on a fix.


>
> ov. 16 01:09:44 km1 ovn-k8s-watcher[6186]: ovs|  0  | watcher | ERR |
> failed in _sync_k8s_pods (Failed to fetch pod:all_pods in namespace all
> (403) 
> :{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods
> is forbidden: User \"system:anonymous\" cannot list pods at the cluster
> scope","reason":"Forbidden","details":{"kind":"pods"},"code":403}
> )
> Traceback (most recent call
> last):
>   File
> "/usr/lib/python2.7/site-packages/ovn_k8s/watcher/watcher.py", line 80,
> in _sync_k8s_pods
> pods =
> kubernetes.get_all_pods(variables.K8S_API_SERVER)
>   File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
> 194, in get_all_pods
> return _get_objects(url,
> 'all', 'pod', "all_pods")
>   File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
> 181, in _get_objects
> response.status_code, response.text))
> Exception: Failed to fetch
> pod:all_pods in namespace all (403) :{"kind":"Status","apiVersion"
> :"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User
> \"system:anonymous\" cannot list pods at the cluster
> scope","reason":"Forbidden","details":{"kind":"pods"},"code":403}
> nov. 16 01:09:44 km1 ovn-k8s-watcher[6186]: ovs|  1  | watcher | ERR |
> failed in _sync_k8s_services (Failed to fetch service:all_services in
> namespace all (403) :{"kind":"Status","apiVersion"
> :"v1","metadata":{},"status":"Failure","message":"services is forbidden:
> User \"system:anonymous\" cannot list services at the cluster
> scope","reason":"Forbidden","details":{"kind":"services"},"code":403}
> )
> Traceback (most recent call
> last):
>   File
> "/usr/lib/python2.7/site-packages/ovn_k8s/watcher/watcher.py", line 94,
> in _sync_k8s_services
> services =
> kubernetes.get_all_services(variables.K8S_API_SERVER)
>   File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
> 199, in get_all_services
> return _get_objects(url,
> 'all', 'service', "all_services")
>   File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
> 181, in _get_objects
> response.status_code, response.text))
> Exception: Failed to fetch
> service:all_services in namespace all (403) :{"kind":"Status","apiVersion"
> :"v1","metadata":{},"status":"Failure","message":"services is forbidden:
> User \"system:anonymous\" cannot list services at the cluster
> scope","reason":"Forbidden","details":{"kind":"services"},"code":403}
> nov. 16 01:09:44 km1 ovn-k8s-watcher[6186]: ovs|  2  | watcher
> (GreenThread-1) | ERR | Failure in watcher PodWatcher
> Traceback (most recent call
> last):
>   File
> "/usr/lib/python2.7/site-packages/ovn_k8s/watcher/watcher.py", line 61,
> in _process_func
> watcher.process()
>   File
> "/usr/lib/python2.7/site-packages/ovn_k8s/watcher/pod_watcher.py", line
> 83, in process
> self._process_pod_event)
>   File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/util.py", line 77, in
> process_stream
> line = next(data_stream)
> TypeError: NoneType object is
> not an iterator
>
>
> ___
> discuss mailing list
> 

Re: [ovs-discuss] OVS-Bugtool plugins

[Guru Shetty]

On 15 November 2017 at 01:17, Dávid Patrik Pintér <
david.patrik.pin...@ericsson.com> wrote:

> Hi All,
>
> I have a question about the OVS-Bugtool plugins:
> What's the actual benefit of using bash scripts for calling single line
> shell commands:
> https://github.com/openvswitch/ovs/blob/master/utilities/bugtool/ovs-bu
> gtool-bond-show
> https://github.com/openvswitch/ovs/blob/master/utilities/bugtool/ovs-bu
> gtool-cfm-show
> etc… ?
>

No benefits that I remember of. There must have been a couple of shell
scripts out there and when devs added new features, they saw it and simply
added new scripts.


>
> For example, why not use:
> ovs-appctl
> cfm/show
> instead of:
>  filters="ovs">/usr/share/openvswitch/scripts/ovs-bugtool-cfm-
> show
> in:
> https://github.com/openvswitch/ovs/blob/master/utilities/bugtool/plugin
> s/network-status/openvswitch.xml
> ?
>
> Thank you!
> David
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Integration of ovn/ovs with kubernetes

[Guru Shetty]

On 15 November 2017 at 05:02, Sébastien Bernard <sbern...@nerim.net> wrote:

> On 15/11/2017 01:22, Guru Shetty wrote:
>
>
>
> On 14 November 2017 at 14:40, Sébastien Bernard <sbern...@nerim.net>
> wrote:
>
>> Hello,
>>
>> I'm looking for some pieces of advise to use a network based on
>> openvswitch with kubernetes.
>>
>> I've tried to follow the following document
>> https://github.com/openvswitch/ovn-kubernetes, with some success and
>> some failures.
>
>
>> First, it's not really clear what version of kubernetes is supported with
>> this software. I followed all the recipe, and at the end when starting the
>> ovs-k8s-watcher, I get error about the system:anonymous-user not having the
>> right to list services (tried with kubernetes 1.8).
>>
>
> I have seen it work till k8s 1.7. Haven't tried k8s 1.8 yet.
> This is most likely some permission issue. Haven't seen it before. Are you
> running it as a root? Can you use kubectl to list services? How about curl.
> For e.g:
> curl http://127.0.0.1:8080/api/v1/watch/endpoints
>
> I'm indeed running as root. The setup is ok up to the point of interacting
> with the kubernetes cluster. At this point it breaks with the error message.
> The install Doc may be amended for the new way of building kube cluster
> the kubernetes team is pushing (RBAC + kubeadm setup see below).
> I'll post a followup with the errors later.
>
>
>
>>
>> Second, I was puzzled by the install procedure, I don't really know where
>> the kubernetes configuration is modified. I was expecting some yaml to
>> apply with the kubectl, and nothing seems to change the kube configuration.
>> Where's the link between the pods and the ovs ?
>>
>
> When you do the "minion-init", it installs a OVN CNI plugin. The plugin
> gets invoked by kubelet when a pod gets scheduled. The plugin will setup
> the IP address and also add the pod's network interface to OVS.
>
>
>
>>
>> Third, is the 'ovn-k8s-overlay minion-init ' to be run on all minion and
>> the master also or only on the nodes ?
>>
> minion-init only on the nodes.
>
> The kubernetes setup is now done through the kubeadm.
> A master is an ordinary node with only pods of kube-system namespace
> scheduled. apiserver / controller-manager / scheduler are just pods
> scheduled statically.
>
> Let me ask this in a different way : should the ovn-k8s-overlay
> minion-init be run on each machine running a kubelet service ?
>

The current scripts assume that the kubernetes daemons run in host and not
inside pods. I will spend some time to see the changes in the script needed
to make it work with kubeadm too. It is unlikely to work as-is with kubeadm.

The OVN watcher needs access to kubernetes API server's IP address. All the
CNI plugins running in minions need access to the API server too. Those are
the only 2 OVN requirements.



>
>
>
>
>
>>
>> And last, what is the ovn-kube exectutable and how do you use it ?
>>
>
> This is a golang watcher which right now is only for advanced users, which
> calls things like "minion-init", "master-init" etc on its own, allocating
> subnets etc. We need to do a better job documenting it.
>
> I would suggest starting from the vagrant here. To get familiar with
> installation procedure. I often run it on my mac and it works.
> https://github.com/openvswitch/ovn-kubernetes/tree/master/vagrant
>
> You can then look at the installation scripts the vagrant uses.
>
> e.g:
> https://github.com/openvswitch/ovn-kubernetes/blob/master/vagrant/
> provisioning/setup-master.sh
> https://github.com/openvswitch/ovn-kubernetes/blob/master/vagrant/
> provisioning/setup-k8s-master.sh
>
>
> Thanks for the links. Vagrant setup is working ok. I'll try to reproduce
> it on a real setup (i.e. by hand).
>
> Seb
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Integration of ovn/ovs with kubernetes

[Guru Shetty]

On 14 November 2017 at 14:40, Sébastien Bernard  wrote:

> Hello,
>
> I'm looking for some pieces of advise to use a network based on
> openvswitch with kubernetes.
>
> I've tried to follow the following document https://github.com/openvswitch
> /ovn-kubernetes, with some success and some failures.


> First, it's not really clear what version of kubernetes is supported with
> this software. I followed all the recipe, and at the end when starting the
> ovs-k8s-watcher, I get error about the system:anonymous-user not having the
> right to list services (tried with kubernetes 1.8).
>

I have seen it work till k8s 1.7. Haven't tried k8s 1.8 yet.
This is most likely some permission issue. Haven't seen it before. Are you
running it as a root? Can you use kubectl to list services? How about curl.
For e.g:
curl http://127.0.0.1:8080/api/v1/watch/endpoints


>
> Second, I was puzzled by the install procedure, I don't really know where
> the kubernetes configuration is modified. I was expecting some yaml to
> apply with the kubectl, and nothing seems to change the kube configuration.
> Where's the link between the pods and the ovs ?
>

When you do the "minion-init", it installs a OVN CNI plugin. The plugin
gets invoked by kubelet when a pod gets scheduled. The plugin will setup
the IP address and also add the pod's network interface to OVS.



>
> Third, is the 'ovn-k8s-overlay minion-init ' to be run on all minion and
> the master also or only on the nodes ?
>
minion-init only on the nodes.



>
> And last, what is the ovn-kube exectutable and how do you use it ?
>

This is a golang watcher which right now is only for advanced users, which
calls things like "minion-init", "master-init" etc on its own, allocating
subnets etc. We need to do a better job documenting it.

I would suggest starting from the vagrant here. To get familiar with
installation procedure. I often run it on my mac and it works.
https://github.com/openvswitch/ovn-kubernetes/tree/master/vagrant

You can then look at the installation scripts the vagrant uses.

e.g:
https://github.com/openvswitch/ovn-kubernetes/blob/master/vagrant/provisioning/setup-master.sh
https://github.com/openvswitch/ovn-kubernetes/blob/master/vagrant/provisioning/setup-k8s-master.sh


>
> Seb
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Debugging ct dnat openflow action

[Guru Shetty]

On 12 November 2017 at 22:43, Hui Xiang  wrote:

> Does ovs linux dapath NAT work with linux kernel 4.4.70 version?
>

If you use the kernel module that comes with OVS repo, it will work. If you
use the kernel module that comes by default with linux kernel, it won't.
You can look at ovs-vswitchd.log when ovs-vswitchd starts to see a message
of the form:

2017-11-13T20:53:01.635Z|00018|ofproto_dpif|INFO|system@ovs-system:
Datapath does not support ct_state_nat



>
> I have seen below comments in the NEWS saying [1]
> "
> - Linux:
> * OVS Linux datapath now implements Conntrack NAT action with all
> supported Linux kernels.
> "
> However, the NAT support for ovs linux datath showed in [2] and [3](below)
> means they are merged since kernel 4.6
> "
> FeatureLinux upstreamLinux OVS treeUserspaceHyper-V
> NAT 4.6 YES Yes NO
> "
>
> My understanding is that the NAT is only working with a minimal version of
> kernel 4.6? Thanks much for any help.
>
> [1] https://github.com/openvswitch/ovs/blob/master/NEWS
> [2] https://www.mail-archive.com/netdev@vger.kernel.org/msg101556.html
> [3] http://docs.openvswitch.org/en/latest/faq/releases/
>
>
> Hui.
>
>
> On Fri, Nov 10, 2017 at 6:41 PM, Hui Xiang  wrote:
>
>> Hi Folks,
>>
>>
>> I am now debugging OVN NAT with openstack, networking-ovn. now I am
>> blocked at the dnat action step, if anyone can give a help or hint would be
>> really appreciated.
>>
>> VM instance has fixedip 20.0.0.2 and floatingip 172.16.0.131
>>
>> Below are the lflow-trace, openflow-trace and related openflow table.
>>
>> From lflow-trace, the ip4.dst=172.16.0.131 is expected turn to 20.0.0.2
>> by ct_dnat, and then when go to next table, the nw_dst will be
>> 20.0.0.0/24, but actually from the openflow-trace after
>> ct_dnat(20.0.0.2), the nw_dst is still 172.16.0.0/24 in the next routing
>> table, does there's something wrong or I miss anything in the ct dnat? it
>> is using the ovs 2.8.1 kernel conntrack, where should I looked? Thanks
>> much.
>>
>>
>> # lflow trace
>> ct_snat /* assuming no un-snat entry, so no change */
>> -
>>  4. lr_in_dnat (ovn-northd.c:5007): ip && ip4.dst == 172.16.0.131 &&
>> inport == "lrp-640d04" && is_chassis_resident("cr-lrp-640d04"), priority
>> 100, uuid 5d67b33f
>> ct_dnat(20.0.0.2);
>>
>> ct_dnat(ip4.dst=20.0.0.2)
>> -
>>  5. lr_in_ip_routing (ovn-northd.c:4140): ip4.dst == 20.0.0.0/24,
>> priority 49, uuid e869d362
>> ip.ttl--;
>> reg0 = ip4.dst;
>> reg1 = 20.0.0.1;
>> eth.src = fa:16:3e:b5:99:71;
>> outport = "lrp-82f211";
>> flags.loopback = 1;
>> next;
>>
>> # corresponding openflow trace
>> 12. ip,reg14=0x1,metadata=0x3,nw_dst=172.16.0.131, priority 100, cookie
>> 0x5d67b33f
>> ct(commit,table=13,zone=NXM_NX_REG11[0..15],nat(dst=20.0.0.2))
>> nat(dst=20.0.0.2)
>>  -> A clone of the packet is forked to recirculate. The forked
>> pipeline will be resumed at table 13.
>>
>> Final flow: unchanged
>> Megaflow: recirc_id=0x19,eth,ip,in_port=0,nw_dst=172.16.0.131,nw_frag=no
>> Datapath actions: ct(commit,zone=7,nat(dst=20.0.0.2)),recirc(0x1a)
>>
>> 
>> ===
>> recirc(0x1a) - resume conntrack with default ct_state=trk|new (use
>> --ct-next to customize)
>> 
>> ===
>>
>> Flow: recirc_id=0x1a,ct_state=new|trk,eth,icmp,reg11=0x7,reg12=0x3
>> ,reg14=0x1,metadata=0x3,vlan_tci=0x,dl_src=00:00:00:00:
>> 00:00,dl_dst=fa:16:3e:2e:ea:e9,nw_src=172.16.0.2,nw_dst=
>> 172.16.0.131,nw_tos=0,nw_ecn=0,nw_ttl=32,icmp_type=0,icmp_code=0
>>
>> bridge("br-ex")
>> ---
>> thaw
>> Resuming from table 13
>> 13. ip,metadata=0x3,nw_dst=172.16.0.0/16, priority 33, cookie 0x9e4db527
>> dec_ttl()
>> move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127]
>>  -> NXM_NX_XXREG0[96..127] is now 0xac100083
>> load:0xac100082->NXM_NX_XXREG0[64..95]
>> set_field:fa:16:3e:2e:ea:e9->eth_src
>> set_field:0x1->reg15
>> load:0x1->NXM_NX_REG10[0]
>> resubmit(,14)
>>
>>
>> # openflow table
>>  cookie=0x5d67b33f, duration=4600.548s, table=12, n_packets=3,
>> n_bytes=294, priority=100,ip,reg14=0x1,metadata=0x3,nw_dst=172.16.0.131
>> actions=ct(commit,table=13,zone=NXM_NX_REG11[0..15],nat(dst=20.0.0.2))
>>  cookie=0xe869d362, duration=4600.551s, table=13, n_packets=3,
>> n_bytes=294, priority=49,ip,metadata=0x3,nw_dst=20.0.0.0/24
>> actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:
>> 0x1401->NXM_NX_XXREG0[64..95],set_field:fa:16:3e:b5:99:7
>> 1->eth_src,set_field:0x3->reg15,load:0x1->NXM_NX_REG10[0],resubmit(,14)
>>  cookie=0x9e4db527, duration=4600.547s, table=13, n_packets=0, n_bytes=0,
>> priority=33,ip,metadata=0x3,nw_dst=172.16.0.0/16
>> actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:
>> 

Re: [ovs-discuss] Extremely slow tcp/udp connection ovs 2.6.1 , 4.4.0-87 Ubuntu 14.04

[Guru Shetty]

On 2 November 2017 at 13:07, kevin parrikar 
wrote:

> Hello All,
> I am running OVS 2.6.1 on Ubuntu 14.04 kernel 4.4.0-87-generic with
> Openstack Mitaka release with OVS firewall driver(contrack )
>
>
> MTU is set to 9000 on both the physical nics and icmp is success with ping
> -Mdo -s 8000 flag
> how ever tcp and udp streams are too slow.
>
>
If you are using tunnels, reduce the MTU of the inner packet by the amount
of tunnel header.


> TCP
>
> iperf -c 192.168.111.202
> 
> Client connecting to 192.168.111.202, TCP port 5001
> TCP window size: 92.6 KByte (default)
> 
> [  3] local 192.168.111.199 port 44228 connected with 192.168.111.202 port
> 5001
> [ ID] Interval   Transfer Bandwidth
> [  3]  0.0-927.7 sec   175 KBytes  1.54 Kbits/sec
>
> UDP
>
> iperf -s -u
> 
> Server listening on UDP port 5001
> Receiving 1470 byte datagrams
> UDP buffer size:  122 KByte (default)
> 
> [  3] local 192.168.111.202 port 5001 connected with 192.168.111.199 port
> 45028
> [ ID] Interval   Transfer BandwidthJitter   Lost/Total
> Datagrams
> [  3]  0.0-10.0 sec  1.25 MBytes  1.05 Mbits/sec   0.086 ms0/  893 (0%)
>
> Any idea where could be the issue.
>
> Regards,
> Kevin
>
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] why ct_snat in gateway router without recirc_table

[Guru Shetty]

On 1 November 2017 at 03:05, Wei Li  wrote:

> Hello everyone
>
> In https://github.com/openvswitch/ovs/blob/master/ovn/lib/
> actions.c?utf8=%E2%9C%93#L833
>
> } else if (snat && ep->is_gateway_router) {
> /* For performance reasons, we try to prevent additional
>  * recirculations.  ct_snat which is used in a gateway router
>  * does not need a recirculation.  ct_snat(IP) does need a
>  * recirculation.  ct_snat in a distributed router needs
>  * recirculation regardless of whether an IP address is
>  * specified.
>  * XXX Should we consider a method to let the actions specify
>  * whether an action needs recirculation if there are more use
>  * cases?. */
> ct->recirc_table = NX_CT_RECIRC_NONE;
> }
>
> but in https://github.com/openvswitch/ovs/blob/master/ovn/northd/
> ovn-northd.8.xml?utf8=%E2%9C%93#L1390
>
> 
>   If the Gateway router has been configured to force SNAT any
>   previously DNATted packets to B, a priority-110 flow
>   matches ip  ip4.dst == B with
>   an action ct_snat; next;.
> 
>
>
> Action "ct_snat" already include "resubmit next table", why delete it and
> add a "next" action?
>
> What is the difference between "ct_snat without recirc_table and next" and
> "ct_snat with recirc_table"?
>

A single recirculation means that the first packet of a flow would need to
go to the userspace (ovs-vswitchd) twice. You add more recirculations, and
the penalty linearly increases. This makes it expensive. In a gateway
router, we want to avoid the number of recirculations to prevent
unnecessary penalty.


>
>
> Thanks in advance
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS bridge on boot in Debian

[Guru Shetty]

On 17 October 2017 at 14:17, Omar Ramadan <orama...@fb.com> wrote:

> Hey Guru,
>
>
> I am trying to get the NetworkManager to bring up my gtp-vport using
>

I would avoid adding NetworkManager to the mix till you are comfortable
with everything else. It is just trouble.

> /etc/network/interfaces.d/br0 but it isn't getting added. This is my
> config:
>
>
> allow-ovs br0
>
> iface br0 inet dhcp
>
> ovs_type OVSBridge
>
> ovs_ports eth0 gre0 gtp0
>
>
> allow-br0 eth0
>
> iface eth0 inet manual
>
> ovs_bridge br0
>
> ovs_type OVSPort
>
>
> allow-br0 gre0
>
> iface gre0 inet manual
>
> ovs_bridge br0
>
> ovs_type OVSTunnel
>
> ovs_tunnel_type gre
>
> ovs_tunnel_options options:remote_ip=182.168.60.141 options:key=1
>
>
> allow-br0 gtp0
>
> iface gtp inet manual
>
> ovs_bridge br0
>
> ovs_type OVSTunnel
>
> ovs_tunnel_type gtp
>
> ovs_tunnel_options options:remote_ip=flow options:key=flow
>
>
> So the bridge is set up, and eth0 and gre0 are added. The gtp0 device is
> not and there don't seem to be any errors mentioning gtp-vport that I can
> find. I can also add the gtp-vport manually without issues:
>
>
> ovs-vsctl add-port br0 gtp-vport -- set interface gtp-vport
> ofport_request=4 type=gtp option:remote_ip=flow options:key=flow
>
>
> Do I need to register new a ovs_tunnel_type somewhere for it to work? Any
> way to increase logging here?
>

You can add a "set -x" to the top of
/usr/share/openvswitch/scripts/ifupdown.sh

And then run ifup and ifdown.


>
> Best,
> Omar
>
> --
> *From:* Guru Shetty <g...@ovn.org>
> *Sent:* Friday, October 13, 2017 10:46 AM
>
> *To:* Omar Ramadan
> *Cc:* ovs-discuss@openvswitch.org
> *Subject:* Re: [ovs-discuss] OVS bridge on boot in Debian
>
>
>
> On 12 October 2017 at 16:54, Omar Ramadan <orama...@fb.com> wrote:
>
>> A related question: What is the best way to configure a set of
>> controllers? Can I specify a set of controllers for my bridge to use in a
>> similar fashion in networking?
>>
> The detailed documentation is here:
> https://github.com/openvswitch/ovs/blob/master/debian/openvswitch-switch.
> README.Debian
>
> You can in effect do anything you want via the "ovs_extra" option. It
> takes ovs-vsctl's datatabase manupulation commands.
> e.g:
> ovs_extra add-port br0 p1 -- set-manager ptcp:3332:192.168.1.2 -- blah
>
>
>
>> --
>> *From:* ovs-discuss-boun...@openvswitch.org <
>> ovs-discuss-boun...@openvswitch.org> on behalf of Omar Ramadan <
>> orama...@fb.com>
>> *Sent:* Thursday, October 12, 2017 4:47:10 PM
>>
>> *To:* Guru Shetty
>> *Cc:* ovs-discuss@openvswitch.org
>> *Subject:* [Potential Spoof] Re: [ovs-discuss] OVS bridge on boot in
>> Debian
>>
>>
>> Looks like I was missing the kernel module. Added "openvswitch-datapath-dkms"
>> and it works now.
>>
>>
>> Thanks!
>> --
>> *From:* ovs-discuss-boun...@openvswitch.org <
>> ovs-discuss-boun...@openvswitch.org> on behalf of Omar Ramadan <
>> orama...@fb.com>
>> *Sent:* Thursday, October 12, 2017 4:31:24 PM
>> *To:* Guru Shetty
>> *Cc:* ovs-discuss@openvswitch.org
>> *Subject:* [Potential Spoof] Re: [ovs-discuss] OVS bridge on boot in
>> Debian
>>
>>
>> Hi Guru, Ben,
>>
>>
>> Thanks for the responses. I originally did a "make install" though I
>> realized there may be some packaging postinst scripts that may need to be
>> run for it to work. I built and installed openvswitch-common and
>> openvswitch-switch.
>>
>>
>> "ifup --allow=ovs br0" still fails to find br0 but I've made progress
>> nonetheless in the networking journal
>>
>> vagrant@magma-dev:/etc/network$ sudo journalctl -u networking
>> Oct 12 23:27:29 magma-dev ovs-vsctl[2127]: ovs|1|vsctl|INFO|Called as
>> ovs-vsctl --timeout=5 -- --may-exist add-port br0 eth0 --
>> Oct 12 23:27:29 magma-dev networking[1875]: ovs-vsctl: Error detected
>> while setting up 'eth0'.  See ovs-vswitchd log for details.
>> Oct 12 23:27:29 magma-dev networking[1875]: ovs-vsctl: The default log
>> directory is "/var/log/openvswitch".
>> Oct 12 23:27:29 magma-dev ovs-vsctl[2202]: ovs|1|vsctl|INFO|Called as
>> ovs-vsctl --timeout=5 -- --may-exist add-port br0 eth0 --
>>
>> vagrant@magma-dev:/var/log/openvswitch$ sudo less ovs-vswitchd.l

Re: [ovs-discuss] OVS bridge on boot in Debian

[Guru Shetty]

On 12 October 2017 at 16:54, Omar Ramadan <orama...@fb.com> wrote:

> A related question: What is the best way to configure a set of
> controllers? Can I specify a set of controllers for my bridge to use in a
> similar fashion in networking?
>
The detailed documentation is here:
https://github.com/openvswitch/ovs/blob/master/debian/openvswitch-switch.README.Debian

You can in effect do anything you want via the "ovs_extra" option. It takes
ovs-vsctl's datatabase manupulation commands.
e.g:
ovs_extra add-port br0 p1 -- set-manager ptcp:3332:192.168.1.2 -- blah



> --
> *From:* ovs-discuss-boun...@openvswitch.org <ovs-discuss-bounces@
> openvswitch.org> on behalf of Omar Ramadan <orama...@fb.com>
> *Sent:* Thursday, October 12, 2017 4:47:10 PM
>
> *To:* Guru Shetty
> *Cc:* ovs-discuss@openvswitch.org
> *Subject:* [Potential Spoof] Re: [ovs-discuss] OVS bridge on boot in
> Debian
>
>
> Looks like I was missing the kernel module. Added "openvswitch-datapath-dkms"
> and it works now.
>
>
> Thanks!
> --
> *From:* ovs-discuss-boun...@openvswitch.org <ovs-discuss-bounces@
> openvswitch.org> on behalf of Omar Ramadan <orama...@fb.com>
> *Sent:* Thursday, October 12, 2017 4:31:24 PM
> *To:* Guru Shetty
> *Cc:* ovs-discuss@openvswitch.org
> *Subject:* [Potential Spoof] Re: [ovs-discuss] OVS bridge on boot in
> Debian
>
>
> Hi Guru, Ben,
>
>
> Thanks for the responses. I originally did a "make install" though I
> realized there may be some packaging postinst scripts that may need to be
> run for it to work. I built and installed openvswitch-common and
> openvswitch-switch.
>
>
> "ifup --allow=ovs br0" still fails to find br0 but I've made progress
> nonetheless in the networking journal
>
> vagrant@magma-dev:/etc/network$ sudo journalctl -u networking
> Oct 12 23:27:29 magma-dev ovs-vsctl[2127]: ovs|1|vsctl|INFO|Called as
> ovs-vsctl --timeout=5 -- --may-exist add-port br0 eth0 --
> Oct 12 23:27:29 magma-dev networking[1875]: ovs-vsctl: Error detected
> while setting up 'eth0'.  See ovs-vswitchd log for details.
> Oct 12 23:27:29 magma-dev networking[1875]: ovs-vsctl: The default log
> directory is "/var/log/openvswitch".
> Oct 12 23:27:29 magma-dev ovs-vsctl[2202]: ovs|1|vsctl|INFO|Called as
> ovs-vsctl --timeout=5 -- --may-exist add-port br0 eth0 --
>
> vagrant@magma-dev:/var/log/openvswitch$ sudo less ovs-vswitchd.log
> 2017-10-12T23:27:31.123Z|00112|ofproto|ERR|failed to open datapath br0:
> No such file or directory
> 2017-10-12T23:27:31.123Z|00113|bridge|ERR|failed to create bridge br0: No
> such file or directory
>
> What could be missing?
>
> Best,
> Omar
>
> --
> *From:* Guru Shetty <g...@ovn.org>
> *Sent:* Thursday, October 12, 2017 10:50:38 AM
> *To:* Omar Ramadan
> *Cc:* ovs-discuss@openvswitch.org
> *Subject:* Re: [ovs-discuss] OVS bridge on boot in Debian
>
>
>
> On 12 October 2017 at 10:29, Omar Ramadan <orama...@fb.com> wrote:
>
>> Hi list,
>>
>>
>> I am using OVS 2.7.90 with Debian 8.7 and want to configure the switch
>> to be loaded on system initialization. I have installed the service
>> "openvswitch-switch" and added the following in /etc/network/interfaces
>>
>
> How did you install OVS 2.7.90? By 'make install' or via debian packages?
>
>
>>
>> allow-ovs br0
>>
>> iface br0 inet dhcp
>>
>> ovs_type OVSBridge
>>
>> ovs_ports eth0
>>
>>
>> allow-br0 eth0
>>
>> iface eth0 inet manual
>>
>> ovs_bridge br0
>>
>> ovs_type OVSPort
>>
>>
>> I am still unable to load br0 with ifup.
>>
>>
>> vagrant@magma-dev:/etc/network/interfaces.d$ sudo ifup br0
>>
>> Lets try with:
> ifup --allow=ovs br0
>
>
>
>> Cannot find device "br0"
>>
>> Bind socket to interface: No such device
>>
>>
>> exiting.
>>
>> Failed to bring up br0.
>>
>>
>> How do these interfaces get set up? Is there anyway to debug this? I've
>> built this package from source, so I want to make sure I am not missing
>> dependencies. Also should I be adding any additional systemctl units or
>> should adding "openvswitch-switch" be enough?
>>
>>
>> Best,
>> Omar
>>
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddiscuss=DwMFaQ=5VD0RTtNlTh3ycd41b3MUw=07s_Z0lQVjg7gmpzZt5Yog=cIvIKPE2b3yN4d3z9aOIwbQM0etdwuEs_AYVr7Q2Clo=-hNIrnwJO4HaR86DPjqOcRpQS_6pBzteYzzhFAFf3yU=>
>>
>>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS bridge on boot in Debian

[Guru Shetty]

On 12 October 2017 at 10:29, Omar Ramadan  wrote:

> Hi list,
>
>
> I am using OVS 2.7.90 with Debian 8.7 and want to configure the switch to
> be loaded on system initialization. I have installed the service
> "openvswitch-switch" and added the following in /etc/network/interfaces
>

How did you install OVS 2.7.90? By 'make install' or via debian packages?


>
> allow-ovs br0
>
> iface br0 inet dhcp
>
> ovs_type OVSBridge
>
> ovs_ports eth0
>
>
> allow-br0 eth0
>
> iface eth0 inet manual
>
> ovs_bridge br0
>
> ovs_type OVSPort
>
>
> I am still unable to load br0 with ifup.
>
>
> vagrant@magma-dev:/etc/network/interfaces.d$ sudo ifup br0
>
> Lets try with:
ifup --allow=ovs br0



> Cannot find device "br0"
>
> Bind socket to interface: No such device
>
>
> exiting.
>
> Failed to bring up br0.
>
>
> How do these interfaces get set up? Is there anyway to debug this? I've
> built this package from source, so I want to make sure I am not missing
> dependencies. Also should I be adding any additional systemctl units or
> should adding "openvswitch-switch" be enough?
>
>
> Best,
> Omar
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] About ovs-docker

[Guru Shetty]

It looks like you already figured it out.

On 19 July 2017 at 07:28, Zekeriya Akgül  wrote:

> Hi,
> I am student on Necmettin Erbakan Universty in Turkey.And working on
> communication between dpdk powered openvswitch and docker.And some issues
> occured about communication between docker and other hosts.
>
> I explained my problem in this post:
> https://superuser.com/questions/1231090/connected-with-open-
> v-switch-connection-issue-between-docker-container-and-othe
>
> Please response this post or response me by e-mail.
>
> Thank you!
> 
> Zekeriya AKGÜL
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] How to set private-key and certificate on a running ovsdb-server?

[Guru Shetty]

On 9 June 2017 at 20:28, Arunkumar Rg  wrote:

> HI All,
>
> Forgot to mention, my query pertains to hardware_vtep schema based DB.
>

hardware_vtep schema does not have the SSL table. ovsdb-server does take
multiple databases as arguments. So one idea (I haven't tried it) would be
to pass open_vswitch database to ovsdb-server along with vtep database and
then ask ovsdb-server to read from SSL table of the open_vswitch database.
You could also potentially propose to add the SSL table to the VTEP schema
and hopefully the stakeholders will have something to say.


>
> Thanks,
> Arun.
>
> On Fri, Jun 9, 2017 at 9:53 PM, Arunkumar Rg 
> wrote:
>
>> Hi All,
>>
>> Usually, when I start a ovsdb-server daemon, I would specify the
>> private-key and certificate along with it. But if I want to specify
>> that(private-key and certificate) when the ovsdb-server daemon is running,
>> what should I do??
>>
>> I'm aware ovs-appctl helps in configuring the ovsdb-server in runtime.
>> But I could not find what option in ovs-appctl has to be used to do this.
>> If some one could provide a detailed command line to do this, it would be
>> helpful.
>>
>> Thanks,
>> Arun.
>>
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN knob to control floating IP NAT action

[Guru Shetty]

On 24 April 2017 at 18:49, Hexin Wang <hexin.w...@nutanix.com> wrote:

> If I were to qualify the NAT action based on some route lookup instead of
> outport, is there any bit/register available for me to carry the nat
> decision down in the pipeline?
>

I think I no longer understand what we are talking about. It is very easy
to miss context when writing. It looks like, you are a little more familiar
now with what OVN supports. And it is likely that you want to do something
else.

ovn-nb is a database. There are details in 'man ovn-nb'. It currently lets
users add NAT rules on a router. It also lets users add static routes on a
router to decide where to send the packet next. ovn-nbctl has a few
shortcut commands like lr-nat-add for common cases. But, there are also the
basic database commands where you can create/set/remove/.. database entries
anyway you like.

So please try again to frame your question without depending on previous
mails for context. With a clear example.


>
> Thanks.
>
> Hexin
>
> From: <ovs-discuss-boun...@openvswitch.org> on behalf of Hexin Wang
> Date: Monday, April 24, 2017 at 2:57 PM
> To: Guru Shetty
>
> Cc: "ovs-discuss@openvswitch.org"
> Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action
>
> Hi Guru,
>
> Thanks. You probably referred to the unit test "ovn -- DNAT and SNAT on
> distributed router - E/W" in tests/system-ovn.at? Is there anyway for me
> to configure route based dnat_and_snat from ovn-nbctl? Specifically can I
> qualify the following command with some prefix routes?
>
>   ovn-nbctl lr-nat-add R1 dnat_and_snat   
> 
>
> Or maybe there is another way to achieve the same functionality?
>
> Regards,
>
> Hexin
>
> From: Guru Shetty
> Date: Monday, April 24, 2017 at 12:44 PM
> To: Hexin Wang
> Cc: "ovs-discuss@openvswitch.org"
> Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action
>
>
>
> On 24 April 2017 at 11:39, Hexin Wang <hexin.w...@nutanix.com> wrote:
>
>> Hi Guru,
>>
>> Let me try with the following use cases.
>> 1. No floating IP is used for east-west routing traffic.
>> E.g. VM1 <-> VM2: Private IPs are used. No NAT applied.
>>
>> 2. Floating IP is used for south-north default route to internet traffic.
>> E.g. VM originated internet traffic: SNAT is applied to change source IP
>> to floating IP. UNSNAT is applied to change destination IP back to private
>> IP.
>>
>> Yes. There are examples in tests/system-traffic.at
>
>
>
>> Thanks.
>>
>> Hexin
>>
>> From: Guru Shetty
>> Date: Monday, April 24, 2017 at 11:34 AM
>> To: Hexin Wang
>> Cc: "ovs-discuss@openvswitch.org"
>> Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action
>>
>>
>>
>> On 24 April 2017 at 11:31, Hexin Wang <hexin.w...@nutanix.com> wrote:
>>
>>> Hi,
>>>
>>> Is there any knob in OVN to control when floating IP will be applied in
>>> the distributed NAT? Specifically:
>>>
>>>1. If the destination IP is part of some private layer3 domain, the
>>>usual private IP is used to to reach the destination in the private 
>>> layer3
>>>domain.
>>>2. If the destination IP is not part of the private layer3 domain
>>>but part of the public layer3 domain, the public IP (I.e. Floating IP) is
>>>used to replace the private IP address of the source packet.
>>>
>>> I don't understand what you mean above. Please re-phrase with the
>> direction of the packet.
>>
>>
>>> Does OVN support this behavior today?
>>>
>>> Thanks.
>>>
>>> Hexin
>>>
>>> ___
>>> discuss mailing list
>>> disc...@openvswitch.org
>>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>>
>>>
>>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN knob to control floating IP NAT action

[Guru Shetty]

On 24 April 2017 at 11:39, Hexin Wang <hexin.w...@nutanix.com> wrote:

> Hi Guru,
>
> Let me try with the following use cases.
> 1. No floating IP is used for east-west routing traffic.
> E.g. VM1 <-> VM2: Private IPs are used. No NAT applied.
>
> 2. Floating IP is used for south-north default route to internet traffic.
> E.g. VM originated internet traffic: SNAT is applied to change source IP
> to floating IP. UNSNAT is applied to change destination IP back to private
> IP.
>
> Yes. There are examples in tests/system-traffic.at



> Thanks.
>
> Hexin
>
> From: Guru Shetty
> Date: Monday, April 24, 2017 at 11:34 AM
> To: Hexin Wang
> Cc: "ovs-discuss@openvswitch.org"
> Subject: Re: [ovs-discuss] OVN knob to control floating IP NAT action
>
>
>
> On 24 April 2017 at 11:31, Hexin Wang <hexin.w...@nutanix.com> wrote:
>
>> Hi,
>>
>> Is there any knob in OVN to control when floating IP will be applied in
>> the distributed NAT? Specifically:
>>
>>1. If the destination IP is part of some private layer3 domain, the
>>usual private IP is used to to reach the destination in the private layer3
>>domain.
>>2. If the destination IP is not part of the private layer3 domain but
>>part of the public layer3 domain, the public IP (I.e. Floating IP) is used
>>to replace the private IP address of the source packet.
>>
>> I don't understand what you mean above. Please re-phrase with the
> direction of the packet.
>
>
>> Does OVN support this behavior today?
>>
>> Thanks.
>>
>> Hexin
>>
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN knob to control floating IP NAT action

[Guru Shetty]

On 24 April 2017 at 11:31, Hexin Wang  wrote:

> Hi,
>
> Is there any knob in OVN to control when floating IP will be applied in
> the distributed NAT? Specifically:
>
>1. If the destination IP is part of some private layer3 domain, the
>usual private IP is used to to reach the destination in the private layer3
>domain.
>2. If the destination IP is not part of the private layer3 domain but
>part of the public layer3 domain, the public IP (I.e. Floating IP) is used
>to replace the private IP address of the source packet.
>
> I don't understand what you mean above. Please re-phrase with the
direction of the packet.


> Does OVN support this behavior today?
>
> Thanks.
>
> Hexin
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] [ovs-dev] An OVN plugin for libnetwork

[Guru Shetty]

Did you have a look at the couple we have here?
http://docs.openvswitch.org/en/latest/howto/docker/


On 12 April 2017 at 09:07, Hui Kang  wrote:

>
> Hi All,
> Please checkout the libnetwork plugin for OVN at
> https://github.com/huikang/libnetwork-ovn-plugin.
> Comment and PR are welcome. Thanks.
>
>
> - Hui
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ovs-vsctl adding dpdk ports hangs

[Guru Shetty]

On 23 March 2017 at 22:36, Shivaram Mysore 
wrote:

> One more data point:
>
> I *CNTRL-C* the command ovs-vsctl add-port
>
> ^C2017-03-24T05:25:30Z|2|fatal_signal|WARN|terminating with signal 2
> (Interrupt)
>
>
> # *ovs-vsctl show*
> 0a0e3abd-c1de-40fd-bc14-9a8edb89982d
> Bridge "ovs-br0"
> Port "ovs-br0"
> Interface "ovs-br0"
> type: internal
> Port "dpdk-p0"
> Interface "dpdk-p0"
> type: dpdk
> options: {dpdk-devargs=":82:00.0"}
>
> Looks like port is created.
>
> I see add-port and del-port is very very slow - basically hangs and I have
> to CNTRL-C.  Nothing in the logs.  I am not sure what is causing this.  I
> never had any issues without DPDK.
>

In non-DPDK OVS, it is usually a signal that ovs-vswitchd is not running.


>
> Thanks
>
>
> On Thu, Mar 23, 2017 at 10:26 PM, Shivaram Mysore <
> shivaram.mys...@gmail.com> wrote:
>
>> Hello,
>>
>> I just built OVS 2.7 with DPDK 17.02 and installed the same on Ubuntu
>> 16.10.  Adding a DPDK port to the OVS bridge hangs.  *Any thoughts?*
>> (Note: I have overridden the openvswitch.ko and other *.ko with the built
>> ones using depmod config)
>>
>> # *uname -r*
>> 4.8.0-39-generic
>>
>> # */usr/local/src/dpdk-17.02/usertools/dpdk-devbind.py --status*
>>
>> Network devices using DPDK-compatible driver
>> 
>> :82:00.0 'I350 Gigabit Network Connection' drv=igb_uio unused=igb
>> :82:00.1 'I350 Gigabit Network Connection' drv=igb_uio unused=igb
>> :82:00.2 'I350 Gigabit Network Connection' drv=igb_uio unused=igb
>> :82:00.3 'I350 Gigabit Network Connection' drv=igb_uio unused=igb
>> :83:00.0 'I350 Gigabit Network Connection' drv=igb_uio unused=igb
>> :83:00.1 'I350 Gigabit Network Connection' drv=igb_uio unused=igb
>> :83:00.2 'I350 Gigabit Network Connection' drv=igb_uio unused=igb
>> :83:00.3 'I350 Gigabit Network Connection' drv=igb_uio unused=igb
>>
>>
>> # *ovs-vsctl add-br ovs-br0 -- set bridge ovs-br0 datapath_type=netdev*
>>
>> # *ovs-vsctl show*
>> 0a0e3abd-c1de-40fd-bc14-9a8edb89982d
>> Bridge "ovs-br0"
>> Port "ovs-br0"
>> Interface "ovs-br0"
>> type: internal
>>
>> # *ovs-vsctl add-port ovs-br0 dpdk-p0 -- set Interface dpdk-p0 type=dpdk
>> options:dpdk-devargs=:82:00.0*
>> *> hangs*
>>
>> # *tail -f /usr/local/var/log/openvswitch/ovs-vswitchd.log*
>>
>> 2017-03-24T05:11:45.518Z|00065|dpif_netdev|INFO|Created 1 pmd threads on
>> numa node 0
>> 2017-03-24T05:11:45.518Z|00066|dpif_netdev|INFO|Created 1 pmd threads on
>> numa node 1
>>
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Reinstall OVS from git repo

[Guru Shetty]

You are likely installing from source. So do a 'make uninstall' to see
whether the previous binaries have disappeared. You can follow it by 'make
install' and see that new binaries have been placed.

On 21 March 2017 at 18:44, 蘇于倫 <yulunsu.eed...@g2.nctu.edu.tw> wrote:

> Hi Guru,
>
> It shows only one instance.
> Does it make sense if I have re-installed OVS?
>
> Ethan
>
>
>
> 2017年3月22日 01:04，"Guru Shetty" <g...@ovn.org>寫道：
>
>
>
> On 21 March 2017 at 09:01, 蘇于倫 <yulunsu.eed...@g2.nctu.edu.tw> wrote:
>
>> Hi everyone,
>>
>> I'd like to confirm which steps should I do to completely remove current
>> OVS if I want to re-install OVS with modified C code in git repo ?
>>
>> Currently what my reinstall_ovs.sh does for old OVS removal is:
>> sudo /usr/local/share/openvswitch/scripts/ovs-ctl stop
>> sudo rm /usr/local/etc/openvswitch/conf.db
>> ps aux | awk '/[o]vs-vswitchd/ {print $2}'
>> rm -rf ovs/
>>
>> Are the steps above sufficient to completely remove OVS installation?
>> After I run the re-install script, the code modification does not take
>> effect. I modified in-band.c that output port of hidden flow is assigned
>> to be the port number I want 0x1 for eth0. However, the hidden
>> flows still show NORMAL action.
>> Appreciate comments and suggestion!
>>
>
> Does 'find /usr -name ovs-vsctl' show 2 instances?
>
>
>> thanks in advance
>>
>> Regards.
>> Ethan
>>
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Reinstall OVS from git repo

[Guru Shetty]

On 21 March 2017 at 09:01, 蘇于倫  wrote:

> Hi everyone,
>
> I'd like to confirm which steps should I do to completely remove current
> OVS if I want to re-install OVS with modified C code in git repo ?
>
> Currently what my reinstall_ovs.sh does for old OVS removal is:
> sudo /usr/local/share/openvswitch/scripts/ovs-ctl stop
> sudo rm /usr/local/etc/openvswitch/conf.db
> ps aux | awk '/[o]vs-vswitchd/ {print $2}'
> rm -rf ovs/
>
> Are the steps above sufficient to completely remove OVS installation?
> After I run the re-install script, the code modification does not take
> effect. I modified in-band.c that output port of hidden flow is assigned
> to be the port number I want 0x1 for eth0. However, the hidden
> flows still show NORMAL action.
> Appreciate comments and suggestion!
>

Does 'find /usr -name ovs-vsctl' show 2 instances?


> thanks in advance
>
> Regards.
> Ethan
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Open vSwitch with SSL Open vSwitch 2.6.0 documentation

[Guru Shetty]

Please send your mails in plain text.

Did you run the "req" command in the same directory. You need to do
something like this:
https://github.com/openvswitch/ovn-kubernetes/blob/master/vagrant/provisioning/setup-master.sh#L66

On 19 February 2017 at 23:29, 冷月无声 <645363...@qq.com> wrote:

> Dear Sir or Madam,
> I'm  configuring OVS for SSL according to the instructions of
> http://docs.openvswitch.org/en/latest/howto/ssl/
> when I executed the command "$ ovs-pki self-sign sc"(
> http://docs.openvswitch.org/en/latest/howto/ssl/#
> switch-key-generation-with-self-signed-certificates) , something unexpected
> happened. The information prompts me that "sc-req.pem does not exist".
> What should I do now? Could you please help me?
>
> 、
>
> Looking forward to your reply.
>
> Zhang Zhaozeng
> Feb. 20th.  2016
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>


2E01F60A@ADC8BE2B.F09AAA58
Description: Binary data
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Geneve Tunnel between Containers on Single Host using OVS Overlay n/w

[Guru Shetty]

On 22 February 2017 at 09:53, Sanjeev Maheve 
wrote:

> Hello Teams,
>I am using openvswitch for connecting Docker containers
> on multiple hosts using OVS (overlay networks - Geneve encapsulation). I
> have a requirement to connect Docker containers within Single host using
> GENEVE tunnel interface - I am wondering if it is possible to address such
> a use-case using Openvswitch overlay networking? If yes, I would appreciate
> any help in this regard - please share the details.
>

Never mind. I did not read your question correctly. Your question is
whether one can use geneve tunnels in the same host. I think we can, if you
use network namespaces to look like 2 separate hosts.


>
> Thanks and Regards,
> Sanjeev
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Geneve Tunnel between Containers on Single Host using OVS Overlay n/w

[Guru Shetty]

On 22 February 2017 at 09:53, Sanjeev Maheve 
wrote:

> Hello Teams,
>I am using openvswitch for connecting Docker containers
> on multiple hosts using OVS (overlay networks - Geneve encapsulation). I
> have a requirement to connect Docker containers within Single host using
> GENEVE tunnel interface - I am wondering if it is possible to address such
> a use-case using Openvswitch overlay networking? If yes, I would appreciate
> any help in this regard - please share the details.
>

Have you read this?
http://docs.openvswitch.org/en/latest/howto/docker/

The above uses geneve tunnels.


>
> Thanks and Regards,
> Sanjeev
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Looking for good examples of conntrack / NAT in openvswitch

[Guru Shetty]

On 4 January 2017 at 10:48, Joo Yong-Seok <joo.yongs...@gmail.com> wrote:

> Thanks... there are good examples But, I am very beginner and if I can
> get some explanation of all these or if there is any good tutorial for
> D-NAT / conntrack, it would be great
>

I am not aware of any. One needs to be comfortable with OVS and ovs-ofctl
to understand most of these. You can also read 'man ovs-ofctl' to read
about more details around 'ct' action.


>
> Best regards
>
> - yongseok
>
> On Wed, Jan 4, 2017 at 8:42 AM, Guru Shetty <g...@ovn.org> wrote:
>
>>
>>
>> On 4 January 2017 at 08:37, Joo Yong-Seok <joo.yongs...@gmail.com> wrote:
>>
>>> Happy New Year!
>>>
>>> I am urgently looking for the conntrack / NAT flow examples - anything
>>> would be good and I googled it but other than manual page - I didn't see
>>> many things - I specially want to find some D-NAT implementation with
>>> conntrack and NAT flows.
>>>
>>
>> Have a look at the examples here: tests/system-traffic.at
>>
>>
>>
>>>
>>> Could you share your examples? or let me know any useful web site for
>>> this?
>>>
>>> I am not using any controllers and want to configure it by using
>>> ovs-ofctl command.
>>>
>>> Best regards,
>>>
>>> - yongseok
>>>
>>> ___
>>> discuss mailing list
>>> disc...@openvswitch.org
>>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>>
>>>
>>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Flow-based VXLAN Tunnel Performance

[Guru Shetty]

* Firstly, getting 10 Gbps for stock vxlan is surprising. Are you using
vxlan hardware offload capable NICs?
* Such drastic performance difference is not expected.
* Give a very simple example of how you are using flow based VXLAN. i.e the
actual flow.
* What is the kernel module that you are using? Is it from upstream linux?
Or is it the one from OVS repo?
* What version of OVS are you using? Does the performance characteristic
change with different OVS version?


On 16 December 2016 at 09:52, Michael Ben-Ami via discuss <
ovs-discuss@openvswitch.org> wrote:

> Anybody have any comments here? I'll even take "that's a dumb question
> read the FAQ".
>
> On Thu, Dec 8, 2016 at 6:27 PM, Michael Ben-Ami 
> wrote:
>
>> Hello,
>>
>> We are seeing drastically decreased performance using the similar setups
>> (same hardware) for statically-configured vxlan interfaces vs. flow-based
>> tunnels. Around 10Gb/s down to 2.5 Gb/s using vanilla iperf.
>>
>> Is this expected?
>>
>> Can it be improved?
>>
>> I can provide more technical detail if needed.
>> Apologies if discussed already, I couldn't find anything.
>>
>> Thanks,
>> Michael
>>
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Openvswitch flow(or rule) to implement CAPTIVE-PORTAL (or HTTP redirect)

[Guru Shetty]

On 6 December 2016 at 20:01, Joo Yong-Seok  wrote:

> Hello,
>
> Is there any good example for openvswitch flow/rules for captive-portal?
> Which means,
>
> - We should perform DNAT (with captive-portal web server IP) for outbound
> HTTP traffic
> - When responses are back, we should do proper NAT again.
>
> The issue, is, http packets' DIP from client, it's not fixed. It can be
> google, yahoo, facebook and anything. But, all of http packet should be
> redirected to specific web-server and response should be received on client
> side properly.
>

OVS flows can only look up to L4. So if you know the L4 ports (ex: 80) that
you want redirected to your captive-portal, it should be possible.


>
> Thanks in advance.
>
> Best regards,
>
> - yongseok
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] [ovn] ovn-trace ct_actions not implemented

[Guru Shetty]

ct_lb is tricky. I guess, the default should be to just pick the first
option.

On 30 November 2016 at 08:24, Ben Pfaff  wrote:

> One initial, trivial, step might be to just have every ct_next respond
> that the flow is established.  Then at least it would be possible to see
> how packets flow through the system in the normal case.
>
> I noticed that you were getting DHCP-related errors from ovn-trace.  I
> have a patch out that fixes that:
> https://patchwork.ozlabs.org/patch/685627/
> It hasn't attracted any reviews yet; I hope it does soon.
>
> On Wed, Nov 30, 2016 at 06:48:17AM +, Michael Kashin wrote:
> > Sorry, replying to all now.
> >
> > I'm doing POC testing on a miniature OpenStack environment with a single
> > controller and two compute nodes. I want to be able to examine lflows
> from
> > any node (usually its the controller) to see the end-to-end datapath,
> > including potential drops by ct ACLs, NAT and LB actions. Currently, as
> > I've said, I can only examine L2 flows.
> > I can definitely see a benefit in doing the live flow debugging from the
> > operational standpoint. However, in my case, simply providing ct metadata
> > as command line options would be more than enough.
> > Cheers,
> > Michael
> >
> > On 30 Nov 2016 6:03 a.m., "Ben Pfaff"  wrote:
> >
> > > On Tue, Nov 29, 2016 at 08:20:50PM -0800, Justin Pettit wrote:
> > > >
> > > > > On Nov 29, 2016, at 5:28 PM, Ben Pfaff  wrote:
> > > > >
> > > > > It's "not yet".  I'd like to implement them, but I'm not sure how
> to do
> > > > > it because connection-tracking state, for any given connection, is
> > > > > embedded in the kernel of some hypervisor, which may not be one
> that
> > > > > ovn-trace is running on (if ovn-trace is even running on a
> hypervisor).
> > > > >
> > > > > One option would be to supply connection-tracking metadata on the
> > > > > ovn-trace command line, e.g. something like --ct=est,rel or
> --ct=new.
> > > > > Then ct_next could simply set ct_state to the specified values.
> This
> > > > > would allow testing given scenarios.
> > > >
> > > > What about using the existing conntrack entries by running
> "ovs-appctl
> > > > dpctl/dump-conntrack" by default?  That might be helpful for live
> > > > debugging and seems like a reasonable default.  It does seem like it
> > > > would be helpful to be able to specify values for testing what-if
> > > > scenarios, too.  I would imagine we'd need the ability to specify
> > > > multiple zones on the command-line in case a single flow crosses
> > > > multiple zones.
> > >
> > > I think our proposals cover two important special cases.
> > >
> > > Michael, what problem are you trying to solve?
> > >
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss