Hi All,
I'm trying to set up OF flows on OVS that will modify packets just before
egress on certain ports (but not other ports).
As part of a generic vSwitch (not just OVS) performance test suite I'd like to
be able to add certain packet modification actions (dec_ttl, push vlan tag,
modify src/dst ip etc) to arbitrary existing flow table configurations. i.e the
code to add the rules determining the routing packets between ports would be
largely independent of the code that inserted the rules modifying packets.
The test suite will support several different arrangements of VMs but always
with two physical ports. It seems simplest to apply any frame-modifications
only to packets destined for egress on the physical ports where they return to
the traffic generator. Doing packet modification at ingress would possibly
require further configuration changes to VM interfaces or VNFs which make the
code to just 'turn on' packet modification much more complicated.
I thought that by using separate tables for routing and packet-modification
along with write_actions in order to select an egress port without actually
sending the packet until after any possible frame mod had been completed would
look like this:
#start from a clean slate
ovs-ofctl del-flows br0
#table0 pre-route (empty in this example) ovs-ofctl add-flow br0
"table=0,priority=1 actions=goto_table:1"
#table1 routing
#In this example everything coming in on port1 is egressing on port2 and
vice-versa but #there could any number of egress ports involved here. I'm
writing the egress port into the metadata in #order to share the selected
egress port with table#2 add-flow br0 "table=1,priority=1,in_port=1
actions=write_actions(output:2),write_metadata:2,goto_table:2" ovs-ofctl
add-flow br0 "table=1,priority=1,in_port=2
actions=write_actions(output:1),write_metadata:1,goto_table:2"
#table2 post-route
#I'd like any code that wants to modify a pkt before egress to only have to
#add an entry here #If a test wants to modify everything egressing on port 2 it
just adds the #appropriate high priority line to table#2 - it doesn't have to
know or care #about the routing set up in table#1 ovs-ofctl add-flow br0
"table=2,priority=1000,metadata=2 actions=push_vlan:0x8100,exit"
ovs-ofctl add-flow br0 "table=2,priority=1 actions=exit" # << I expect this
to egress the pkt on the port set up in table#1
My first problem is:
ovs-ofctl add-flow br0 "table=1,priority=1,in_port=1
actions=write_actions(output:2),write_metadata:2,goto_table:2"
ovs-ofctl: none of the usable flow formats (OXM,OpenFlow11) is among the
allowed flow formats (OpenFlow10,NXM)
This sounds like OF version mismatches, but despite much messing about with
--flow_format options for ofctl and ovs-vsctl set bridge br0
protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13 I could not get rid of
this error.
Another funny is that goto_table & write_metadata both work (or at least are
accepted) separately but not together!
$ ovs-ofctl add-flow br0 "table=1,priority=1,in_port=2 actions=goto_table:2"
$ ovs-ofctl add-flow br0 "table=1,priority=1,in_port=2
actions=write_metadata:1"
$ ovs-ofctl add-flow br0 "table=1,priority=1,in_port=2
actions=write_metadata:1,goto_table:2" OFPT_ERROR (xid=0x6):
NXBRC_UNENCODABLE_ERROR
I'd appreciate any help. I feel that what I want to do is possible but it's
turning out to be much more difficult than expected. I am also using dpdk
enabled ports if that makes a difference.
$ ovs-vsctl show
9ce3fe3f-568c-44fe-9d8b-94585311ccca
Bridge "br0"
Port "dpdk0"
Interface "dpdk0"
type: dpdk
Port "dpdk1"
Interface "dpdk1"
type: dpdk
Port "br0"
Interface "br0"
type: internal
Kindest Regards,
Billy O'Mahony
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
