On Tue, Nov 01, 2016 at 02:39:28AM +0800, Hunt Xu wrote: > At the very beginning I was just trying to modify packets ingressing from an > access port, using "mod_vlan_vid" & "NORMAL" to change the VLAN vid, expecting > them to be then switched to the ports which carries the dest VLAN. However, > I failed. > > I used "ovs-appctl ofproto/trace" to debug, then got a "disallowed VLAN VID > for this input port, dropping" message. This happens when I use "mod_vlan_vid" > or "strip_vlan" before "normal", to change a packet's VLAN VID to a value > other than the tag property of an access port, or to a value not specified in > the trunks column of a trunk port. > > By navigating the source code I find that there is a check about VLAN VID > when translating the NORMAL action, preventing packets with changed VLAN VID > to be switched to new VLANs which the originated port doesn't carry. > > This puzzles me. It seems to me that if a packet's VLAN VID is changed before > entering the "normal" processing, it should be considered as a packet on the > new VLAN and switched to ports on that VLAN, instead of the current behavior > of being dropped. Although the FAQ says the configuration of VLANs in the > OpenvSwitch database only affects "normal switching", it is not clear that > what is the behavior when we combine other OpenFlow actions with "NORMAL". > > I also find that there is a similar check when mirroring packets. Given that > when working with OpenFlow, an access port can in fact receive/send packets > with VLAN VID different from its tag, a trunk port can also receive/send > packets with VLAN VID that it doesn't trunks, and VLAN can be selected when > doing mirroring. Such a check seems to be redundant. It only prevents packets > which are not handled by the "normal switching" from being mirrored. > > In this series, patch 1 removes the vlan check in the translation of the > NORMAL action, when a packet's VLAN VID is supposed to be changed before > entering the "normal switching", making packets whose VLAN VID are changed can > be switched to the dest VLAN despite of the VLANs configuration of the > originated port. Patch 2 removes the vlan check when mirroring packets. > > However, if the current behavior is considered correct by design, I am sorry > for the misunderstanding and please ignore this series.
Thank you for your contribution! OVS has always implemented "normal" to do switching in one particular way, according to a particular philosophy of how VLANs, etc. should be implemented. The philosophy that this series proposes may be equally reasonable and valid, but it changes established behavior in backward-incompatible ways. For that reason it would be likely to surprise some of our users and break their setups, so it's hard to imagine implementing it. I have a few specific comments on patch 1; I'll follow up there. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
