Re: [ovs-discuss] OVS not forwarding packets

[abhishek jain]

Hi Ben.

Thanks..

You really have been helpful source for me and i really appreciate it.
For your suggestion of upgrading the kernel module,i'll test and let you
know the report..


Regards..
Abhishek Jain


On Tue, Oct 1, 2013 at 8:46 PM, Ben Pfaff  wrote:

> On Tue, Oct 01, 2013 at 12:34:02PM +0530, abhishek jain wrote:
> > I am trying IPFIX with OVS version 1.11. and not able to forward packets
> > after enabling IPFIX on OVS.Following are the logs after enabling IPFIX
> on
> > OVS..
> >
> >
> > 2013-10-01T05:37:25Z|00259|dpif|WARN|Dropped 37 log messages in last 148
> > seconds (most recently, 147 seconds ago) due to excessive rate
> > > 2013-10-01T05:37:25Z|00260|dpif|WARN|system@ovs-system: failed to
> > put[modify][zero] (Numerical result out of range)
>
> You probably need to upgrade your kernel module.  I think that you're
> probably using a version too old to handle the userspace action that
> IPFIX uses.
>
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

[ovs-discuss] Fwd: 802.1ag CFM in OVS

[Aman Sharma]

Hi All,

I am trying to test CFM Link monitoring in the openvswitch.

My Test Setup is given Below:

Linux_Machine_1 ---OVS_switch_1 --OVS-switch_2
Linux_machine_2

In this, I am using four Machines having Openvswitch installed in it. Here
are My scenarios :

1. Firstly run the CFM in the linux_machine_1 and Linux_machine_2 using the
command :

Linux_machine_1:  ovs-vsctl set Interface eth0 cfm_mpid=4000

Linux_machine_2:  ovs-vsctl set Interface eth0 cfm_mpid=5000

And I am using Unique MPID  on all the machines.

So ,In this case if the link between the OVS_switch_1 and OVS_switch_2 goes
down then it shows a message on both the linux machine that link is down in
the network.

It shows like this :
Received no CCM from RMP 2000 in the last 6954ms
2013-10-02T05:50:52Z|00031|cfm|INFO|eth0: CFM faults changed from [] to
[recv].
This is fine.

2. Secondly run the CFM on both the linux machine and both the OVS-switches
using the same command having different MPIDS. Then if the link between the
OVS_switch_1 and OVS_switch_2 goes down then the message not goes to the
both Linux machines.It Means that the ENdpoints are not aware of the Link
failure . I think it should not happen or it is some configuration error.
Or it may be that the OVS switches should act as MIP Maintenance
Intermediate point.If yes then what is the configuration for the same.
And in this CCM packets only goes to the next connected port of the
machine.So how the last endpoint gets aware about the link failure in the
network.

Please solve my query regarding this.
Thanks for help in advance.


Thanks & regards
Aman Sharma
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] How to read L2 MAC tables

[Morgan Yang]

Hi Justin:

Thanks. Is it possible to dump the flows into the ovsdb so if I have a backup 
ovs instance,, it can just load the flow information? Or, is it expected to 
have redundant openflow controllers to do that? 

Much Thanks
Morgan Yang

-Original Message-
From: Justin Pettit [mailto:jpet...@nicira.com] 
Sent: Wednesday, October 02, 2013 7:06 PM
To: Morgan Yang
Cc: discuss@openvswitch.org
Subject: Re: [ovs-discuss] How to read L2 MAC tables

Who is populating the MAC table?  If it's your controller (as it appears in 
your output), then that's the best way.  If you're using the OVS's "normal" 
action, then "ovs-appctl fdb/show ".

--Justin


On Oct 2, 2013, at 7:03 PM, Morgan Yang  wrote:

> Hi All:
>  
> Is it possible to dump just the L2 MAC table for a bridge in OVS? Also, is it 
> possible to see flows via "dump-flows" without running an openflow 
> controller? Right now, I have to run a POX controller to see the L2 and flow 
> info via "ovs-ofctl dump-flows"

>  
> # ovs-ofctl dump-flows ovsfabric0
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=10.466s, table=0, n_packets=6, n_bytes=588, 
> idle_timeout=10, hard_timeout=30, idle_age=5, 
> priority=65535,icmp,in_port=2,vlan_tci=0x,dl_src=52:54:00:da:d3:a0
> ,dl_dst=00:00:50:a4:5e:d8,nw_src=80.1.11.1,nw_dst=80.2.1.1,nw_tos=0,ic
> mp_type=8,icmp_code=0 actions=output:1 cookie=0x0, duration=11.483s, 
> table=0, n_packets=7, n_bytes=686, idle_timeout=10, hard_timeout=30, 
> idle_age=5, 
> priority=65535,icmp,in_port=1,vlan_tci=0x,dl_src=00:00:50:a4:5e:d8
> ,dl_dst=52:54:00:da:d3:a0,nw_src=80.2.1.1,nw_dst=80.1.11.1,nw_tos=0,ic
> mp_type=0,icmp_code=0 actions=output:2 cookie=0x0, duration=6.432s, 
> table=0, n_packets=1, n_bytes=42, idle_timeout=10, hard_timeout=30, 
> idle_age=6, 
> priority=65535,arp,in_port=2,vlan_tci=0x,dl_src=52:54:00:da:d3:a0,
> dl_dst=00:00:50:a4:5e:d8,arp_spa=80.1.11.1,arp_tpa=80.2.1.1,arp_op=2 
> actions=output:1 cookie=0x0, duration=6.433s, table=0, n_packets=1, 
> n_bytes=60, idle_timeout=10, hard_timeout=30, idle_age=6, 
> priority=65535,arp,in_port=1,vlan_tci=0x,dl_src=00:00:50:a4:5e:d8,
> dl_dst=52:54:00:da:d3:a0,arp_spa=80.2.1.1,arp_tpa=80.1.11.1,arp_op=1 
> actions=output:2
>  
> Much Thanks
> Morgan Yang
> ___
> discuss mailing list
> discuss@openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss

___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] How to read L2 MAC tables

[Justin Pettit]

Who is populating the MAC table?  If it's your controller (as it appears in 
your output), then that's the best way.  If you're using the OVS's "normal" 
action, then "ovs-appctl fdb/show ".

--Justin


On Oct 2, 2013, at 7:03 PM, Morgan Yang  wrote:

> Hi All:
>  
> Is it possible to dump just the L2 MAC table for a bridge in OVS? Also, is it 
> possible to see flows via “dump-flows” without running an openflow 
> controller? Right now, I have to run a POX controller to see the L2 and flow 
> info via “ovs-ofctl dump-flows”
>  
> # ovs-ofctl dump-flows ovsfabric0
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=10.466s, table=0, n_packets=6, n_bytes=588, 
> idle_timeout=10, hard_timeout=30, idle_age=5, 
> priority=65535,icmp,in_port=2,vlan_tci=0x,dl_src=52:54:00:da:d3:a0,dl_dst=00:00:50:a4:5e:d8,nw_src=80.1.11.1,nw_dst=80.2.1.1,nw_tos=0,icmp_type=8,icmp_code=0
>  actions=output:1
> cookie=0x0, duration=11.483s, table=0, n_packets=7, n_bytes=686, 
> idle_timeout=10, hard_timeout=30, idle_age=5, 
> priority=65535,icmp,in_port=1,vlan_tci=0x,dl_src=00:00:50:a4:5e:d8,dl_dst=52:54:00:da:d3:a0,nw_src=80.2.1.1,nw_dst=80.1.11.1,nw_tos=0,icmp_type=0,icmp_code=0
>  actions=output:2
> cookie=0x0, duration=6.432s, table=0, n_packets=1, n_bytes=42, 
> idle_timeout=10, hard_timeout=30, idle_age=6, 
> priority=65535,arp,in_port=2,vlan_tci=0x,dl_src=52:54:00:da:d3:a0,dl_dst=00:00:50:a4:5e:d8,arp_spa=80.1.11.1,arp_tpa=80.2.1.1,arp_op=2
>  actions=output:1
> cookie=0x0, duration=6.433s, table=0, n_packets=1, n_bytes=60, 
> idle_timeout=10, hard_timeout=30, idle_age=6, 
> priority=65535,arp,in_port=1,vlan_tci=0x,dl_src=00:00:50:a4:5e:d8,dl_dst=52:54:00:da:d3:a0,arp_spa=80.2.1.1,arp_tpa=80.1.11.1,arp_op=1
>  actions=output:2
>  
> Much Thanks
> Morgan Yang
> ___
> discuss mailing list
> discuss@openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss

___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

[ovs-discuss] How to read L2 MAC tables

[Morgan Yang]

Hi All:

Is it possible to dump just the L2 MAC table for a bridge in OVS? Also, is it 
possible to see flows via "dump-flows" without running an openflow controller? 
Right now, I have to run a POX controller to see the L2 and flow info via 
"ovs-ofctl dump-flows"


# ovs-ofctl dump-flows ovsfabric0

NXST_FLOW reply (xid=0x4):

cookie=0x0, duration=10.466s, table=0, n_packets=6, n_bytes=588, 
idle_timeout=10, hard_timeout=30, idle_age=5, 
priority=65535,icmp,in_port=2,vlan_tci=0x,dl_src=52:54:00:da:d3:a0,dl_dst=00:00:50:a4:5e:d8,nw_src=80.1.11.1,nw_dst=80.2.1.1,nw_tos=0,icmp_type=8,icmp_code=0
 actions=output:1

cookie=0x0, duration=11.483s, table=0, n_packets=7, n_bytes=686, 
idle_timeout=10, hard_timeout=30, idle_age=5, 
priority=65535,icmp,in_port=1,vlan_tci=0x,dl_src=00:00:50:a4:5e:d8,dl_dst=52:54:00:da:d3:a0,nw_src=80.2.1.1,nw_dst=80.1.11.1,nw_tos=0,icmp_type=0,icmp_code=0
 actions=output:2

cookie=0x0, duration=6.432s, table=0, n_packets=1, n_bytes=42, idle_timeout=10, 
hard_timeout=30, idle_age=6, 
priority=65535,arp,in_port=2,vlan_tci=0x,dl_src=52:54:00:da:d3:a0,dl_dst=00:00:50:a4:5e:d8,arp_spa=80.1.11.1,arp_tpa=80.2.1.1,arp_op=2
 actions=output:1

cookie=0x0, duration=6.433s, table=0, n_packets=1, n_bytes=60, idle_timeout=10, 
hard_timeout=30, idle_age=6, 
priority=65535,arp,in_port=1,vlan_tci=0x,dl_src=00:00:50:a4:5e:d8,dl_dst=52:54:00:da:d3:a0,arp_spa=80.2.1.1,arp_tpa=80.1.11.1,arp_op=1
 actions=output:2

Much Thanks
Morgan Yang
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Flow miss/Packet order question

[Jesse Gross]

On Wed, Oct 2, 2013 at 4:49 AM, Dmitry Fleytman  wrote:
>
> On Apr 30, 2012, at 20:15 PM, Ben Pfaff  wrote:
>
>> I think that your explanation stems from a misunderstanding.  Yes, if
>> an OpenFlow controller uses a reactive model, then it cannot avoid the
>> problem.  However, I think that Joji is raising a different issue, one
>> that is an implementation detail within Open vSwitch and that
>> controllers have no power to avoid.
>>
>> Let me explain in detail.  When a packet arrives for which there is no
>> kernel flow, the kernel sends it to userspace.  Userspace sends the
>> packet and sets up a kernel flow.  In the meantime, more packets might
>> have arrived and been queued to userspace.  Userspace will send these
>> packets, but any packets that arrive after the kernel flow is set up
>> will be forwarded directly by the kernel before those queued to
>> userspace go out.
>>
>
>
> This is exactly the problem we face while going for KVM paravirtualized 
> network driver for Windows (NetKVM) certification.
> There are a few automated tests that send bursts of packets and wait for the 
> same packets and the same order on the other side.
>
> We have a POC patches (pretty dirty) that solve the problem (below). The idea 
> is simple - when datapath makes upcall it queues packets in kernel until user 
> mode completes processing and downloads a new flow. It looks like overkill to 
> queue packets per datapath, queueing per vport will be enough, but it was 
> easier to implement this way and it proves the concept as well. Still, it is 
> obvious there is performance and scaling impact so another ideas are highly 
> welcome.
>
> What do you think? Should we go for this solution and prepare clean patches 
> for submission?

I think in order to fully solve the problem you actually need to queue
per flow, rather than per port or per datapath. Otherwise, you end up
serializing to one flow setup at a time, which is probably a bigger
problem in practice than the one this is trying to solve.

It's not entirely clear to me that the general solution is really
worth the extra complexity for situations beyond the WHQL test so
there might be a bandaid for that particular problem. Do you know
exactly what it is doing?
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Open vswitch and an existing vlan

[Ben Pfaff]

On Wed, Oct 02, 2013 at 04:11:10PM -0400, Maxwell Bottiger wrote:
> I'm working off the the tutorial in the open vswitch VLANS cookbook.  I've
> followed the directions as best I could, but I still don't have things
> quite working correctly.  To start with, here is my configuration:
> 
> d70e42a8-1b7e-433d-a2c2-921e3c720e8e
> Bridge "bridge0"
> Port "tap1"
> tag: 2
> Interface "tap1"
> Port "eth1"
> tag: 666
> trunks: [2, 6]
> Interface "eth1"
> Port "tap0"
> tag: 6
> Interface "tap0"
> Port "bridge0"
> Interface "bridge0"
> type: internal
> ovs_version: "1.4.3"
> 
> 
> I have eth1 of my workstation connected to the trunked port on one of my
> switches.  The trunk VLAN is 666 on this setup.  I have two tap interfaces
> defined, one should be on VLAN 6, the other on VLAN 2.  The desired outcome
> is to have a virtual machine on tap0 connect straight through to VLAN6, and
> a vm on tap1 connect directly through to the other resources on VLAN2.  I'm
> not sure if having a trunk with an odd PVID is throwing me off, or if
> there's something more I need to set.  I looked at eth1 with wireshark, and
> I can see traffic from all the other VLANs, so I'm pretty sure that
> connection is solid.  I saw in other emails in the archive that people
> often wanted to see the ovs-ofctl output, so I'll include that too.

Did you actually configure eth1 as native-tagged or native-untagged?
"ovs-vsctl show" doesn't display that, so I can't tell.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] How to implement OVS in GENI and in Mininet

[Bob Lantz]

In Mininet you don't have to do anything - the switches *are* OVS switches by 
default.

For GENI, you should look at the GENI documentation, but I would consider using 
real OpenFlow hardware switches rather than OVS (and making tunnels to it from 
whatever other nodes you want to talk to it.)

-Bob

On Oct 2, 2013, at 9:59 AM, Iraola  wrote:

> Dear all,
> 
> I'm new in OVS, and I have a basic question. I would like to create a network 
> in GENI, with some OVS switches connecting some PCs.
> 
> How could I give to the nodes (that I want them to be a switch) the OVS 
> personality? In other words, how could I put OVS in one of those nodes?
> 
> Moreover, I'm trying to simulate the same network with Mininet: how could I 
> put a OVS switch in the network?
> 
> Thank you,
> 
> Inigo Iraola
> College of Technology
> University of Houston 
> 
> ___
> discuss mailing list
> discuss@openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss

___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

[ovs-discuss] Open vswitch and an existing vlan

[Maxwell Bottiger]

Hello,

I'm working off the the tutorial in the open vswitch VLANS cookbook.  I've
followed the directions as best I could, but I still don't have things
quite working correctly.  To start with, here is my configuration:

d70e42a8-1b7e-433d-a2c2-921e3c720e8e
Bridge "bridge0"
Port "tap1"
tag: 2
Interface "tap1"
Port "eth1"
tag: 666
trunks: [2, 6]
Interface "eth1"
Port "tap0"
tag: 6
Interface "tap0"
Port "bridge0"
Interface "bridge0"
type: internal
ovs_version: "1.4.3"


I have eth1 of my workstation connected to the trunked port on one of my
switches.  The trunk VLAN is 666 on this setup.  I have two tap interfaces
defined, one should be on VLAN 6, the other on VLAN 2.  The desired outcome
is to have a virtual machine on tap0 connect straight through to VLAN6, and
a vm on tap1 connect directly through to the other resources on VLAN2.  I'm
not sure if having a trunk with an odd PVID is throwing me off, or if
there's something more I need to set.  I looked at eth1 with wireshark, and
I can see traffic from all the other VLANs, so I'm pretty sure that
connection is solid.  I saw in other emails in the archive that people
often wanted to see the ovs-ofctl output, so I'll include that too.

OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:001b21cbbbcd
n_tables:255, n_buffers:256
features: capabilities:0xc7, actions:0xfff
 1(eth1): addr:00:1b:21:cb:bb:cd
 config: 0
 state:  0
 current:1GB-FD COPPER AUTO_NEG
 advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
 supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
 2(tap0): addr:d6:f4:0f:aa:d8:ce
 config: 0
 state:  0
 current:10MB-FD COPPER
 3(tap1): addr:1e:a4:bd:31:42:35
 config: 0
 state:  LINK_DOWN
 current:10MB-FD COPPER
 LOCAL(bridge0): addr:00:1b:21:cb:bb:cd
 config: 0
 state:  0
OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0


Any insight would be appreciated.  I think I'm running out of ideas to
google.

-Max
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] port mirroring on openvswitch

[Ben Pfaff]

On Wed, Oct 02, 2013 at 11:40:47PM +0530, Shyam Goud wrote:
> On 02/10/13 01:22, Ben Pfaff wrote:
> >Please don't drop the list.
> >
> >On Tue, Oct 01, 2013 at 09:44:28PM +0530, Shyam Goud wrote:
> >>'qvo5271d2db-df' port is attached to my Service VM's eth0.
> >>
> >>- I am able to see traffic on mirrored ovs-port 'qvo5271d2db-df'
> >>
> >>- But I failed to see the same traffic on my Service VM's eth0. It
> >>- should be seen on corresponding attached interface right ?
> >You configured qvo5271d2db-df as the output port.  Why you do think
> >that packets sent out qvo5271d2db-df should also be visible on eth0?
> >
> eth0 of the service VM is attached to qvo5271d2db-df.

Oh, you mean in the guest.  I didn't understand that before.

I agree that if qvo5271d2db-df on the host is tied to eth0 in the
guest, then I would expect the packets to be visible on eth0 in the
guest.  But I'm not sure how OVS could be getting in the way there.

> Also, please help with these ovs clis,
> 1. to see full config details of a particular ovs-port.

ovs-vsctl list port 
ovs-vsctl list interface 

> 2. packet rx/tx stats on a particular ovs-port

For a port that is a network device like this I usually use ifconfig.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] port mirroring on openvswitch

[Shyam Goud]

On 02/10/13 01:22, Ben Pfaff wrote:

Please don't drop the list.

On Tue, Oct 01, 2013 at 09:44:28PM +0530, Shyam Goud wrote:

'qvo5271d2db-df' port is attached to my Service VM's eth0.

- I am able to see traffic on mirrored ovs-port 'qvo5271d2db-df'

- But I failed to see the same traffic on my Service VM's eth0. It
- should be seen on corresponding attached interface right ?

You configured qvo5271d2db-df as the output port.  Why you do think
that packets sent out qvo5271d2db-df should also be visible on eth0?


eth0 of the service VM is attached to qvo5271d2db-df.
Please Correct me if I am wrong, what ever packets received on ovs-port 
should also be seen on the attached port right ?


Also, please help with these ovs clis,
1. to see full config details of a particular ovs-port.
2. packet rx/tx stats on a particular ovs-port

Thanks,
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

[ovs-discuss] Handling Fragmented traffic--any ideas

[Ritesh Rekhi]

Thx , will change subject

Ritesh

-Original Message-
From: Ben Pfaff [mailto:b...@nicira.com] 
Sent: Wednesday, October 02, 2013 9:55 AM
To: Ritesh Rekhi
Cc: discuss@openvswitch.org
Subject: Re: [ovs-discuss] changing MSS value in TCP syn

It's not my area.  Someone else will have to speak up.

On Wed, Oct 02, 2013 at 01:58:01PM +, Ritesh Rekhi wrote:
> Hi Ben,
> 
> Please let me know your thoughts on this.
> 
> Thx
> Ritesh
> 
> -Original Message-
> From: discuss-boun...@openvswitch.org 
> [mailto:discuss-boun...@openvswitch.org] On Behalf Of Ritesh Rekhi
> Sent: Tuesday, October 01, 2013 10:15 AM
> To: Ben Pfaff
> Cc: discuss@openvswitch.org
> Subject: Re: [ovs-discuss] changing MSS value in TCP syn
> 
> Hi Ben,
> 
> Thanks for replying.I have a problem for which I am searching solution. Hence 
> this question.
> 
> Let me explain.
> 
> I have a Openvswitch where I have flows which sends TCP source-port 80 or 
> tcp-dest-port 80 out to a middle Box. This setup is working fine except for 
> fragmented traffic, when there is fragmented traffic head fragment which has 
> the port info will still go to middle box but rest of fragments don't go to 
> middle box and this is the source of  problem which I am trying to solve by 
> reducing MSS so that there is no fragmentation.
> 
> Do you know a way to come around this problem.
> 
> Thx for all your help again.
> Ritesh
> 
> -Original Message-
> From: Ben Pfaff [mailto:b...@nicira.com] 
> Sent: Tuesday, October 01, 2013 8:03 AM
> To: Ritesh Rekhi
> Cc: discuss@openvswitch.org
> Subject: Re: [ovs-discuss] changing MSS value in TCP syn
> 
> On Tue, Oct 01, 2013 at 02:22:26PM +, Ritesh Rekhi wrote:
> > Is it possible to change MSS in TCP syn using in openvswitch ovs -ofctl 
> > command?
> 
> No.
> ___
> discuss mailing list
> discuss@openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

[ovs-discuss] How to implement OVS in GENI and in Mininet

[Iraola]

Dear all,

I'm new in OVS, and I have a basic question. I would like to create a
network in GENI , with some OVS switches connecting some
PCs.

How could I give to the nodes (that I want them to be a switch) the OVS
personality? In other words, how could I put OVS in one of those nodes?

Moreover, I'm trying to simulate the same network with Mininet: how could I
put a OVS switch in the network?

Thank you,

Inigo Iraola
College of Technology
University of Houston
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] changing MSS value in TCP syn

[Ben Pfaff]

It's not my area.  Someone else will have to speak up.

On Wed, Oct 02, 2013 at 01:58:01PM +, Ritesh Rekhi wrote:
> Hi Ben,
> 
> Please let me know your thoughts on this.
> 
> Thx
> Ritesh
> 
> -Original Message-
> From: discuss-boun...@openvswitch.org 
> [mailto:discuss-boun...@openvswitch.org] On Behalf Of Ritesh Rekhi
> Sent: Tuesday, October 01, 2013 10:15 AM
> To: Ben Pfaff
> Cc: discuss@openvswitch.org
> Subject: Re: [ovs-discuss] changing MSS value in TCP syn
> 
> Hi Ben,
> 
> Thanks for replying.I have a problem for which I am searching solution. Hence 
> this question.
> 
> Let me explain.
> 
> I have a Openvswitch where I have flows which sends TCP source-port 80 or 
> tcp-dest-port 80 out to a middle Box. This setup is working fine except for 
> fragmented traffic, when there is fragmented traffic head fragment which has 
> the port info will still go to middle box but rest of fragments don't go to 
> middle box and this is the source of  problem which I am trying to solve by 
> reducing MSS so that there is no fragmentation.
> 
> Do you know a way to come around this problem.
> 
> Thx for all your help again.
> Ritesh
> 
> -Original Message-
> From: Ben Pfaff [mailto:b...@nicira.com] 
> Sent: Tuesday, October 01, 2013 8:03 AM
> To: Ritesh Rekhi
> Cc: discuss@openvswitch.org
> Subject: Re: [ovs-discuss] changing MSS value in TCP syn
> 
> On Tue, Oct 01, 2013 at 02:22:26PM +, Ritesh Rekhi wrote:
> > Is it possible to change MSS in TCP syn using in openvswitch ovs -ofctl 
> > command?
> 
> No.
> ___
> discuss mailing list
> discuss@openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS not forwarding

[Ben Pfaff]

abhishek jain  sent an almost identical question
yesterday:
http://openvswitch.org/pipermail/discuss/2013-October/011407.html
I responded:
http://openvswitch.org/pipermail/discuss/2013-October/011422.html


On Tue, Oct 1, 2013 at 12:00 AM, sonia verma wrote:

> Hi all..
>
>
> I am trying IPFIX with OVS version 1.11. and not able to forward packets
> after enabling IPFIX on OVS.Following are the logs after enabling IPFIX on
> OVS..
>
>
> 2013-10-01T05:37:25Z|00259|dpif|WARN|Dropped 37 log messages in last 148
> seconds (most recently, 147 seconds ago) due to excessive rate
> > 2013-10-01T05:37:25Z|00260|dpif|WARN|system@ovs-system: failed to
> put[modify][zero] (Numerical result out of range)
> in_port(2),eth(src=e0:db:55:a0:e1:13,dst=00:27:13:b7:2f:74),eth_type(0x0800),ipv4(src=
> 192.168.1.200/0.0.0.0,dst=192.168.1.54/0.0.0.0,proto=1/0,tos=0/0,ttl=128/0,frag=no/0xff),icmp(type=8/0,code=0/0),
> packets:0, bytes:0, used:never,
> actions:sample(sample=100.0%,actions(userspace(pid=4294962366,ipfix))),4
> > 2013-10-01T05:37:25Z|00261|dpif|WARN|system@ovs-system: failed to
> put[modify][zero] (Numerical result out of range)
> in_port(4),eth(src=00:27:13:b7:2f:74,dst=e0:db:55:a0:e1:13),eth_type(0x0800),ipv4(src=
> 192.168.1.54/0.0.0.0,dst=192.168.1.200/0.0.0.0,proto=1/0,tos=0/0,ttl=64/0,frag=no/0xff),icmp(type=0/0,code=0/0),
> packets:0, bytes:0, used:never,
> actions:sample(sample=100.0%,actions(userspace(pid=4294962363,ipfix))),2
>
>
> WHAT DOES IT MEAN
>
> Thanks..
> Sonia
>
> ___
> discuss mailing list
> discuss@openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
>
>


-- 
"I don't normally do acked-by's.  I think it's my way of avoiding
getting blamed when it all blows up."   Andrew Morton
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] OVS not forwarding

[Gurucharan Shetty]

What does
dmesg | grep "Open vSwitch"
say?

On Tue, Oct 1, 2013 at 12:00 AM, sonia verma  wrote:
> Hi all..
>
>
> I am trying IPFIX with OVS version 1.11. and not able to forward packets
> after enabling IPFIX on OVS.Following are the logs after enabling IPFIX on
> OVS..
>
>
> 2013-10-01T05:37:25Z|00259|dpif|WARN|Dropped 37 log messages in last 148
> seconds (most recently, 147 seconds ago) due to excessive rate
>> 2013-10-01T05:37:25Z|00260|dpif|WARN|system@ovs-system: failed to
>> put[modify][zero] (Numerical result out of range)
>> in_port(2),eth(src=e0:db:55:a0:e1:13,dst=00:27:13:b7:2f:74),eth_type(0x0800),ipv4(src=192.168.1.200/0.0.0.0,dst=192.168.1.54/0.0.0.0,proto=1/0,tos=0/0,ttl=128/0,frag=no/0xff),icmp(type=8/0,code=0/0),
>> packets:0, bytes:0, used:never,
>> actions:sample(sample=100.0%,actions(userspace(pid=4294962366,ipfix))),4
>> 2013-10-01T05:37:25Z|00261|dpif|WARN|system@ovs-system: failed to
>> put[modify][zero] (Numerical result out of range)
>> in_port(4),eth(src=00:27:13:b7:2f:74,dst=e0:db:55:a0:e1:13),eth_type(0x0800),ipv4(src=192.168.1.54/0.0.0.0,dst=192.168.1.200/0.0.0.0,proto=1/0,tos=0/0,ttl=64/0,frag=no/0xff),icmp(type=0/0,code=0/0),
>> packets:0, bytes:0, used:never,
>> actions:sample(sample=100.0%,actions(userspace(pid=4294962363,ipfix))),2
>
>
> WHAT DOES IT MEAN
>
> Thanks..
> Sonia
>
> ___
> discuss mailing list
> discuss@openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
>
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] changing MSS value in TCP syn

[Ritesh Rekhi]

Hi Ben,

Please let me know your thoughts on this.

Thx
Ritesh

-Original Message-
From: discuss-boun...@openvswitch.org [mailto:discuss-boun...@openvswitch.org] 
On Behalf Of Ritesh Rekhi
Sent: Tuesday, October 01, 2013 10:15 AM
To: Ben Pfaff
Cc: discuss@openvswitch.org
Subject: Re: [ovs-discuss] changing MSS value in TCP syn

Hi Ben,

Thanks for replying.I have a problem for which I am searching solution. Hence 
this question.

Let me explain.

I have a Openvswitch where I have flows which sends TCP source-port 80 or 
tcp-dest-port 80 out to a middle Box. This setup is working fine except for 
fragmented traffic, when there is fragmented traffic head fragment which has 
the port info will still go to middle box but rest of fragments don't go to 
middle box and this is the source of  problem which I am trying to solve by 
reducing MSS so that there is no fragmentation.

Do you know a way to come around this problem.

Thx for all your help again.
Ritesh

-Original Message-
From: Ben Pfaff [mailto:b...@nicira.com] 
Sent: Tuesday, October 01, 2013 8:03 AM
To: Ritesh Rekhi
Cc: discuss@openvswitch.org
Subject: Re: [ovs-discuss] changing MSS value in TCP syn

On Tue, Oct 01, 2013 at 02:22:26PM +, Ritesh Rekhi wrote:
> Is it possible to change MSS in TCP syn using in openvswitch ovs -ofctl 
> command?

No.
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
___
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Re: [ovs-discuss] Flow miss/Packet order question

[Dmitry Fleytman]

On Apr 30, 2012, at 20:15 PM, Ben Pfaff  wrote:

> I think that your explanation stems from a misunderstanding.  Yes, if
> an OpenFlow controller uses a reactive model, then it cannot avoid the
> problem.  However, I think that Joji is raising a different issue, one
> that is an implementation detail within Open vSwitch and that
> controllers have no power to avoid.
> 
> Let me explain in detail.  When a packet arrives for which there is no
> kernel flow, the kernel sends it to userspace.  Userspace sends the
> packet and sets up a kernel flow.  In the meantime, more packets might
> have arrived and been queued to userspace.  Userspace will send these
> packets, but any packets that arrive after the kernel flow is set up
> will be forwarded directly by the kernel before those queued to
> userspace go out.
> 


This is exactly the problem we face while going for KVM paravirtualized network 
driver for Windows (NetKVM) certification.
There are a few automated tests that send bursts of packets and wait for the 
same packets and the same order on the other side.

We have a POC patches (pretty dirty) that solve the problem (below). The idea 
is simple - when datapath makes upcall it queues packets in kernel until user 
mode completes processing and downloads a new flow. It looks like overkill to 
queue packets per datapath, queueing per vport will be enough, but it was 
easier to implement this way and it proves the concept as well. Still, it is 
obvious there is performance and scaling impact so another ideas are highly 
welcome.

What do you think? Should we go for this solution and prepare clean patches for 
submission?

Regards,
Dmitry Fleytman

=
Patch for kernel part:

---
 datapath.c |  149 +++-
 datapath.h |8 +++
 2 files changed, 155 insertions(+), 2 deletions(-)

diff --git a/datapath.c b/datapath.c
index 22e30ef..19bb7c4 100644
--- a/datapath.c
+++ b/datapath.c
@@ -210,11 +210,27 @@ void ovs_dp_process_received_packet(struct vport *p, 
struct sk_buff *skb)
int error;
int key_len;
 
+#ifdef REORDER_HACK
+   unsigned long flags;
+   spin_lock_irqsave(&dp->pending_list_lock, flags);
+
+   if(dp->has_pending_upcalls) {
+   *((struct vport **)&skb->cb) = p;
+   skb_queue_head(&dp->pending_skb_list, skb);
+   spin_unlock_irqrestore(&dp->pending_list_lock, flags);
+   return;
+   }
+
+#endif //REORDER_HACK
+
stats = this_cpu_ptr(dp->stats_percpu);
 
/* Extract flow from 'skb' into 'key'. */
error = ovs_flow_extract(skb, p->port_no, &key, &key_len);
if (unlikely(error)) {
+#ifdef REORDER_HACK
+   spin_unlock_irqrestore(&dp->pending_list_lock, flags);
+#endif //REORDER_HACK
kfree_skb(skb);
return;
}
@@ -224,6 +240,11 @@ void ovs_dp_process_received_packet(struct vport *p, 
struct sk_buff *skb)
if (unlikely(!flow)) {
struct dp_upcall_info upcall;
 
+#ifdef REORDER_HACK
+   dp->has_pending_upcalls = 1;
+   spin_unlock_irqrestore(&dp->pending_list_lock, flags);
+#endif //REORDER_HACK
+
upcall.cmd = OVS_PACKET_CMD_MISS;
upcall.key = &key;
upcall.userdata = NULL;
@@ -238,15 +259,77 @@ void ovs_dp_process_received_packet(struct vport *p, 
struct sk_buff *skb)
 
stats_counter = &stats->n_hit;
ovs_flow_used(OVS_CB(skb)->flow, skb);
+
+#ifdef REORDER_HACK
+   spin_unlock_irqrestore(&dp->pending_list_lock, flags);
+#endif //REORDER_HACK
+
ovs_execute_actions(dp, skb);
 
 out:
+
/* Update datapath statistics. */
u64_stats_update_begin(&stats->sync);
(*stats_counter)++;
u64_stats_update_end(&stats->sync);
 }
 
+#ifdef REORDER_HACK
+
+static
+int __ovs_dp_process_pending_packet(struct vport *p, struct sk_buff *skb)
+{
+   struct datapath *dp = p->dp;
+   struct sw_flow *flow;
+   struct dp_stats_percpu *stats;
+   struct sw_flow_key key;
+   u64 *stats_counter;
+   int error;
+   int key_len;
+   int res = 1;
+
+   stats = this_cpu_ptr(dp->stats_percpu);
+
+   /* Extract flow from 'skb' into 'key'. */
+   error = ovs_flow_extract(skb, p->port_no, &key, &key_len);
+   if (unlikely(error)) {
+   kfree_skb(skb);
+   return res;
+   }
+
+   /* Look up flow. */
+   flow = ovs_flow_tbl_lookup(rcu_dereference(dp->table), &key, key_len);
+   if (unlikely(!flow)) {
+   struct dp_upcall_info upcall;
+
+   upcall.cmd = OVS_PACKET_CMD_MISS;
+   upcall.key = &key;
+   upcall.userdata = NULL;
+   upcall.pid = p->upcall_pid;
+   ovs_dp_upcall(dp, skb, &upcall);
+   consume_skb(skb);
+   stats_counter = &stats->n