OVS doesn't handle this case well. I don't think it will do what you want.
On Mon, Oct 09, 2017 at 11:59:13PM +0200, Juraj Markotic wrote: > yes, we are already using that one to send packet across 2 OVS connected > via GRE tunnels and when switched out, will remove GRE header. > Imagine situation where SPAN traffic from some other switch is being sent > as replica traffic to OVS inport (one can be configured as GRE port for > that matter). Packets coming to OVs inport are mostly GRE traffic with > varying src/dst ip in GRE haders since this is replica traffic from > network. This is not traffic directed to ip configured on that exact OVS > (which is receiving it). > Would OVS just drop this receiving traffic or will remove header without > checking and be switch it as configured (i.e. via openflow rule) ? > I guess we'd need to check. > > jm > > > On Mon, Oct 9, 2017 at 11:14 PM, Ben Pfaff <[email protected]> wrote: > > > GRE and tunnels are implemented in terms of ports, so if you send a > > packet received on a GRE port to a non-tunnel port, it strips the > > header. > > > > On Mon, Oct 09, 2017 at 10:45:10PM +0200, Juraj Markotic wrote: > > > I will check on about GTP ongoing activities (I saw some actitvities on > > > providing capabilities to match on GTP-C/GTP-U packets). > > > maybe dumb question, but any pointer on how to remove GRE header (or > > VXLAN > > > for that matter) when switching packet from IN port to OUT port and > > switch > > > out only internal packet/payload ? > > > thanks, > > > jm > > > > > > > > > On Mon, Oct 9, 2017 at 10:13 PM, Ben Pfaff <[email protected]> wrote: > > > > > > > OVS doesn't support GTP yet, but I know that there's some ongoing work > > > > on it. > > > > > > > > GRE and VXLAN should be fine. > > > > > > > > If you need GTP support, maybe the best thing to do would be to help > > out > > > > the folks who are working on it. > > > > > > > > On Mon, Oct 09, 2017 at 09:35:42PM +0200, Juraj Markotic wrote: > > > > > Hello, > > > > > thanks for feedback. > > > > > I know OVS can truncate payload and that in can modify mac/IPs in > > header > > > > > (i.e. like doing NAT). > > > > > I also know OVS can deencapsulate GRE (of VXLAN) when packet is > > arriving > > > > on > > > > > tunnel OVS interface (done automatically). > > > > > But I was not aware that OVS can remove tunnel headers when switching > > > > > incoming GTP/GRE/VXLAN header and extract inside packet (with > > totally new > > > > > src/dst ip) and send it out. > > > > > Can you share some OVS cli example for such ? > > > > > we have network packet broker (NPB) with OVS, so if NPB is delivering > > > > > tunnel packets, it would be great if we could remove tunnel headers > > > > before > > > > > delivering it to the (monitoring) tool on outgoing port. > > > > > > > > > > thanks, > > > > > jm > > > > > > > > > > On Mon, Oct 9, 2017 at 6:31 PM, Ben Pfaff <[email protected]> wrote: > > > > > > > > > > > On Sun, Oct 08, 2017 at 11:19:17PM +0200, Juraj Markotic wrote: > > > > > > > we would need some functionality on manipulating packets when > > packet > > > > is > > > > > > > exiting outgoing OVS port. > > > > > > > I.e. some actions could be: change/anonymize mac/IPs for > > src/dst, or > > > > > > remove > > > > > > > some tunnel header (vxlan, gtp, gre), truncate the payload etc. > > > > > > > > > > > > OVS has actions for modifying headers and it can decapsulate > > tunnels > > > > and > > > > > > truncate payloads. > > > > > > > > > > > > > So, one option can be to write some code than can be attached to > > OVS > > > > to > > > > > > > packet exiting out port (i.e. some lua scripts for manipulation). > > > > > > > > > > > > Lua isn't needed. You can use OpenFlow. > > > > > > > > > > > > _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
