Okay, thanks for your response. 2017-04-18 23:49 GMT+08:00 Ben Pfaff <[email protected]>:
> On Tue, Apr 18, 2017 at 10:29:50AM -0400, Eric Garver wrote: > > On Tue, Apr 18, 2017 at 12:17:17PM +0800, Dickens Yeh wrote: > > > Thanks for your response. > > > I know that if I have to match multiple vlan tags, it have to pop the > outer > > > vlan. > > > But I think my question are not the matching vlan tags in multiple > vlan, my > > > question is matching the first vlan tag and the correct ethertype that > > > OpenFlow Spec defined ( the ethertype after all vlan tags ), not the > case > > > that match multiple vlan tags in a single flow entry. > > > > > > For example, that packet header like > > > ffffffffffff000000000012 8100 00d0 8060 001080006040001000000000012c0a > > > 80202000000000000c0a80302 > > > In the view of ethernet, the ethertype should be 8100, that's not a > problem. > > > In the view of openflow spec match, the ethertype should be 0806 ( ARP > ), > > > the ethertype match after vlan tags > > > In the view of OVS match, the etherype is 0806, the result is matching > with > > > spec. > > > > > > Then, if the packet header like > > > ffffffffffff000000000012 88a8 00c0 8100 00d0 8060 > > > 001080006040001000000000012c0a80202000000000000c0a80302 > > > In the view of ethernet, the ethertype should be 88a8, the same result > with > > > one vlan tag. > > > In the view of openflow spec match, the ethertype should be 0806 ( ARP > ) > > > In the view of OVS match, the ethertype is 8100, not 0806. > > > > This is true if vlan-limit == 1, which is the default. > > If vlan-limit > 1, then dl_type would be 0x0806. As I indicated earlier, > > vlan-limit is new with 802.1ad support. > > > > > I think the result is strange, but I don't know that it's an issue or > > > something else. > > > > Strange or not, it's this way because OVS used to only support a single > > VLAN tag. It didn't know how to keep looking for the "true" Ethertype. > > It's also a security risk if OVS skips over VLAN tags and indicates the > innermost Ethertype, because it means that the controller has no way to > tell that it's forwarding a packet with additional VLANs that might have > arbitrary semantics to the receivers. On the other hand, with a VLAN > Ethertype when the maximum number of VLANs is surpassed, the controller > can detect and drop such packets. >
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
