Hi, I've observed a bit of an anomaly when decapsulating VXLAN traffic that is inside a VLAN (using Open vSwitch version 2.10.90).
I create a VXLAN port on a bridge and added a rule to match this tunnel and egress to a different port: ovs-vsctl add-port br0 vx2 -- set interface vx2 type=vxlan option:remote_ip=10.0.0.2 option:key=123 option:csum=true ofport_request=100 ovs-ofctl add-flow -OOpenFlow13 br0 in_port=100,tcp,actions=1 I configure a VLAN port on the host and assign it the IP end point address of the tunnel. e.g. ip link add link eth1 name eth1.20 type vlan id 20 ip address add 10.0.0.1 dev eth1.20 The following scenarios occur when sending in traffic: 1. vxlan traffic over vlan id 20 - matches and decapsulated 2. vxlan traffic with no outer vlan - matches and decapsulated 3. vxlan traffic over vlan id 21 - does not match However, if I add and up another vlan port with id 21 (while making no other changes to IP addresses etc.) I see (3) now matching and decapsulating. Is this behaviour intended? It seems like there should be tighter coupling between the incoming port/VLAN and the tunnel endpoint IP? If this behaviour is not harmful, it might be sufficient to just document it. For reference, this is the kernel rule installed in all tests (note: includes no reference to outer VLAN): recirc_id(0),tunnel(tun_id=0x7b,src=10.0.0.2,dst=10.0.0.1,flags(-df-csum+key)),in_port(3),eth(),eth_type(0x0800),ipv4(proto=6,frag=no),packets:60, bytes:7546, used:0.000s, flags:SFPR., actions:2 Thanks, John _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
