On Wed, Dec 23, 2020 at 12:40 PM Han Zhou wrote:
>
> On Tue, Dec 22, 2020 at 6:05 AM Numan Siddique wrote:
> >
> > Hi Han,
> >
> > Can you please take a look at this patch ? Does this change in
> > behavior fine with you ?\
> >
> > Thanks
> > Numan
> >
>
> Hi Numan,
>
> I am concerned with changi
Signed-off-by: Lorenzo Bianconi
---
northd/ovn-northd.8.xml | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index 1f0f71f34..4ff5b9816 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -631,7
>
> Hi Lorenzo,
Hi Mark,
>
> One note for the whole series is that there seems to be some
> inconsistency with the acronym "bfd". For instance, in patch 3, there is
> a function called "bpf_monitor_need_update()" that I assume was supposed
> to be "bfd_monitor_need_update()". In patch 4, the comm
[...]
> >
> >
> >
> > +
> > +
> > +For each BFD port the two following priorirty-110 flows are
> > added
>
> s/priorirty/priority/
ack, I will fix in in v6.
Regards,
Lorenzo
>
> > +to manage BFD traffic:
> > +
> > +
> > +
>
> Hi Lorenzo, see below for some findings.
Hi Mark,
thx for the fast review.
>
> On 12/22/20 3:54 PM, Lorenzo Bianconi wrote:
> > Introduce the capability to transmit BFD packets in ovn-controller.
> > Introduce BFD tables in nb/sb dbs in order to configure BFD parameters
> > (e.g. min_tx, min
From: Tonghao Zhang
The same icmp packet may traverse conntrack module more than once.
Or same icmp packets traverse contranck module in orderly.
Don't change stats to CS_ESTABLISHED before receiving reply or related packets.
Fixes: b269a1229df2 ("conntrack: Track ICMP type and code.")
Cc: Dani
tc-policy, just like hw-offload, is protected by ovsthread_once_start()
in netdev_set_flow_api_enabled() so lets document that changing it
requires a restart in order for it to have effect.
Signed-off-by: Marcelo Ricardo Leitner
---
vswitchd/vswitch.xml | 3 ++-
1 file changed, 2 insertions(+),
_nss_clear_database() runs `certutil` in order to get a list
of certificates currently loaded in NSS. This fails with error:
"ovs-monitor-ipsec | ERR | Failed to clear NSS database.
startswith first arg must be bytes or a tuple of bytes, not str"
Modify subprocess.Popen() to write in 'text' mode
On 21 Dec 2020, at 11:10, Mark Gray wrote:
In the libreswan case, 'ovs-monitor-ipsec' sets
'left' to '%defaultroute' which will use the local address
of the default route interface as the source IP address. In
multihomed environments, this may not be correct if the user
wants to specify what
On 16 Dec 2020, at 13:04, Mark Gray wrote:
> Connections are added to IPsec using a connection name
> that is determined from the OVS port name and the tunnel
> type.
>
> GRE connections take the form:
> -
> Other connections take the form:
> -in-
> -out-
>
> The regex '|' operator parses
On 16 Dec 2020, at 13:04, Mark Gray wrote:
> Check for pidfile before attempting 'exit'. If pidfile does
> not exist, we cannot cleanly exit so kill process.
>
> Signed-off-by: Mark Gray
Reviewed and tested.
Acked-by: Eelco Chaudron
___
dev maili
On 16 Dec 2020, at 13:04, Mark Gray wrote:
When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
active ipsec connections, /etc/ipsec.conf, certs/keys). In some
use-cases, we may want to exit and maintain state so that ipsec
connectivity is maintained. One example of this is du
On 16 Dec 2020, at 13:04, Mark Gray wrote:
Signed-off-by: Mark Gray
---
ipsec/ovs-monitor-ipsec.in | 10 +++---
utilities/ovs-ctl.in | 8
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index cac42d7
On 21 Dec 2020, at 14:12, Mark Gray wrote:
> As 'ovs-vswitchd' does not understand IPsec tunnel options, it
> gives a warning message. This can be safely suppressed.
>
> Signed-off-by: Mark Gray
Reviewed and tested.
Acked-by: Eelco Chaudron
___
d
_nss_clear_database() runs `certutil` in order to get a list
of certificates currently loaded in NSS. This fails with error:
"ovs-monitor-ipsec | ERR | Failed to clear NSS database.
startswith first arg must be bytes or a tuple of bytes, not str"
Modify subprocess.Popen() to write in 'text' mode
Fix ovn-trace core dump with unknown logical port
Fixes: 4735d397a400 ("ovn-trace: New utility")
Signed-off-by: Lorenzo Bianconi
---
utilities/ovn-trace.c | 29 +
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/utilities/ovn-trace.c b/utilities/ovn-tra
On 23 Dec 2020, at 17:01, Mark Gray wrote:
> _nss_clear_database() runs `certutil` in order to get a list
> of certificates currently loaded in NSS. This fails with error:
>
> "ovs-monitor-ipsec | ERR | Failed to clear NSS database.
> startswith first arg must be bytes or a tuple of bytes, not
Fix the following ovn-trace warning triggered by controller_event:
1|ovntrace|WARN|trigger_event(event = "empty_lb_backends", meter = "",
vip = "192.168.0.100:80", protocol = "tcp",
load_balancer =
"2c5462a7-b6ca-4b02-86c9-b9
On 21 Dec 2020, at 12:42, Mark Gray wrote:
> In Libreswan case, 'ovs-monitor-ipsec' incorrectly configures
> 'leftcert' and 'rightcert' names for self-signed certificates.
> This patch resolves that.
>
> Signed-off-by: Mark Gray
Reviewed and tested.
Acked-by: Eelco Chaudron
___
On Wed, Dec 16, 2020 at 07:04:32AM -0500, Mark Gray wrote:
> Connections are added to IPsec using a connection name
> that is determined from the OVS port name and the tunnel
> type.
>
> GRE connections take the form:
> -
> Other connections take the form:
> -in-
> -out-
>
> The regex '|' o
On Wed, Dec 16, 2020 at 07:04:33AM -0500, Mark Gray wrote:
> Check for pidfile before attempting 'exit'. If pidfile does
> not exist, we cannot cleanly exit so kill process.
>
> Signed-off-by: Mark Gray
> ---
> utilities/ovs-ctl.in | 6 +-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
On Wed, Dec 16, 2020 at 07:04:34AM -0500, Mark Gray wrote:
> When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
> active ipsec connections, /etc/ipsec.conf, certs/keys). In some
> use-cases, we may want to exit and maintain state so that ipsec
> connectivity is maintained. One exa
On 23/12/2020 19:09, Flavio Leitner wrote:
> On Wed, Dec 16, 2020 at 07:04:34AM -0500, Mark Gray wrote:
>> When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
>> active ipsec connections, /etc/ipsec.conf, certs/keys). In some
>> use-cases, we may want to exit and maintain state so
On Mon, Dec 21, 2020 at 08:12:33AM -0500, Mark Gray wrote:
> As 'ovs-vswitchd' does not understand IPsec tunnel options, it
> gives a warning message. This can be safely suppressed.
>
> Signed-off-by: Mark Gray
> ---
Acked-by: Flavio Leitner
___
dev
Add handle_bfd_msg() action to parse BFD packets received by the
controller. handle_bfd_msg() logic is currently empty and it will be
implemented adding BFD state machine in the following patches.
Signed-off-by: Lorenzo Bianconi
---
controller/pinctrl.c | 15 +++
include/ovn/actions
Introduce BFD protocol in ovn-controller according to RFC5880 [0]
We added BFD implementation in ovn since layered protocols usually request to
enable it on ovn entities (e.g. logical router ports) while ovs implementation
relies on physical entities (e.g. ovs interfaces).
Moreover we would establi
Introduce the capability to transmit BFD packets in ovn-controller.
Introduce BFD tables in nb/sb dbs in order to configure BFD parameters
(e.g. min_tx, min_rx, ..) for ovn-controller.
Signed-off-by: Lorenzo Bianconi
---
controller/ovn-controller.c | 1 +
controller/pinctrl.c| 297
Introduce rx demand mode support according to RFC5880 [0].
Demand mode on tx side is not supported yet.
https://tools.ietf.org/html/rfc5880
Signed-off-by: Lorenzo Bianconi
---
controller/pinctrl.c | 105 ---
1 file changed, 68 insertions(+), 37 deletions(-
Introduce BFD state machine for BFD packet parsing
according to RFC880 https://tools.ietf.org/html/rfc5880.
Introduce BFD logical flows in ovn-northd.
Signed-off-by: Lorenzo Bianconi
---
NEWS| 2 +
controller/pinctrl.c| 329 +++-
nort
Introduce the bfd reference in logical_router_static_router table
in order to check if the next-hop is properly running using the BFD
protocol. The CMS is supposed to populate bfd column with the proper
reference otherwise the BFD status is set to admin_down.
Add BFD tests in system-ovn.at.
Signed
On Wed, Dec 23, 2020 at 11:01:33AM -0500, Mark Gray wrote:
> _nss_clear_database() runs `certutil` in order to get a list
> of certificates currently loaded in NSS. This fails with error:
>
> "ovs-monitor-ipsec | ERR | Failed to clear NSS database.
> startswith first arg must be bytes or a tuple o
31 matches
Mail list logo
