These are indeed two different use case. The pure termination of the GTP-u
tunnel can be done by adding support for a GTP-u tunnel vport, which should be
straightforward now that we have support for L3 tunneling fully upstreamed in
in OVS and based on the GTP tunnel support in the Linux kernel.
For more flexible use cases that match on GTP-u header fields and only
conditionally decapsulate packets, we would like to have support for
adding/removing the GTP-u header in the OpenFlow pipeline. This use case will
be shortly be possible to implement based on the packet type-aware pipeline
(PTAP) and generic encap/decap (EXT-382) infrastructure that we are currently
PTAP: commit 3d4b2e6eb74 and following
For such use cases three things will have to be added on top:
1. A generic UDP tunnel vport (as already supported by the Linux kernel, I
understand) to terminate the UDP transport tunnel and deliver a GTP-u packet to
the PTAP OpenFlow pipeline. (There are also other interesting use cases for
such a tunnel vport, e.g. MPLS over UDP.)
2. Support for GTP-u match fields in ofproto and datapaths
3. Support for generic encap and decap actions for the GTP-u packet type.
The current work on support for NSH tunnels can be seen as an example for items
2. and 3.
We would be very happy to see the PTAP and encap/decap infrastructure be
applied to additional use cases.
I currently don't see a possibility to match on GTP-u headers in OVS without
first terminating the UDP transport tunnel.
> -----Original Message-----
> From: ovs-dev-boun...@openvswitch.org
> [mailto:ovs-dev-boun...@openvswitch.org] On Behalf Of Amar Padmanabhan
> Sent: Friday, 14 July, 2017 19:23
> To: Joe Stringer <j...@ovn.org>; Wieger IJntema <wieger.ijntema....@gmail.com>
> Cc: ovs dev <d...@openvswitch.org>; Harald Welte <lafo...@gnumonks.org>;
> Pablo Neira Ayuso <pa...@netfilter.org>
> Subject: Re: [ovs-dev] [PATCH v1 0/2] Add GTP vport based on upstream datapath
> Yeah, we are looking at tunnel termination in OVS, i.e. GGSN or PGW. I think
> what you mention Weiger is about an on-path device that
> also does some classification like some of the 5G proposals. I think Yi is
> also looking at it but that is not directly related to this patch set.
> - Amar
> On 7/14/17, 10:01 AM, "Joe Stringer" <j...@ovn.org> wrote:
> On 14 July 2017 at 04:53, Wieger IJntema <wieger.ijntema....@gmail.com>
> >> ovs-vsctl add-port br0 gtp-vport -- set interface gtp-vport \
> >> ofport_request=2 type=gtp option:remote_ip=flow options:key=flow
> >> ovs-ofctl add-flow br0
> >> "in_port=2,tun_src=192.168.60.141,tun_id=123, \
> >> actions=set_field:02:00:00:00:00:00->eth_src, \
> >> set_field:ff:ff:ff:ff:ff:ff->eth_dst,LOCAL"
> > I just want to be sure. But this implicates that the incomming packet is
> > already decapusulated by the kernel and it has attached metadata like
> > tunnel_id etc.
> > a nicer solution would be that you can already match on tunnel_id
> before it
> > is getting encapsulated. Then you can chose later if it needa
> > or just forward the packet.
> > I'm not sure if it is a possibility?
> I wonder if we're actually discussing two different use cases? I think
> that Jiannan & co are interested in GGSN functionality, whereas if my
> understanding serves me right what you're proposing sounds more like
> SGSN functionality. This approach is specifically for the edge of the
> GTP-tunnelled network so it's always wanting to perform encap/decap.
> For this particular use case, the proposed approach has a couple of
> nice attributes. Firstly, the tunneling follows the same model as all
> of the existing tunneling code so it fits quite well without needing
> to solve new problems for a new tunnel protocol type. Secondly, the
> kernel can deal with filtering GTP-C traffic out of the stream to
> forward to the appropriate GTP daemon, which means that OVS doesn't
> need to be taught how to understand that traffic or forward it to
> another program.
> dev mailing list
dev mailing list