Ok,I will do not added new taas port and mark the destination port as
taas port. And do a limitation that vswitch do not receive any packets
from taas port.
Thanks.
Russell Bryant <russ...@ovn.org>
2017/09/12 05:38
收件人: Gao Zhenyu <sysugaozhe...@gmail.com>,
抄送: "wang.qianyu" <wang.qia...@zte.com.cn>, Takashi YAMAMOTO
<yamam...@ovn.org>, ovs dev <d...@openvswitch.org>, xurong00037997
<xu.r...@zte.com.cn>, zhou.huij...@zte.com.cn
主题: Re: 答复: Re: [ovs-dev] 答复: Re: 答复: Re: 答复: Re:
[PATCH v2] ovn: Support for taas(tap-as-a-service) function
I was wondering the same ... it seems odd to make it both the mirror
destination and a regular port at the same time.
On Sun, Sep 10, 2017 at 9:13 PM, Gao Zhenyu <sysugaozhe...@gmail.com>
wrote:
A application may link to this destination port for collecting/analysing
mirror traffic. How to distinguish a packet whether it's regular traffic
or mirror traffic if destination port receives both regular traffic and
mirror traffic?
Thanks
Zhenyu Gao
2017-09-09 11:10 GMT+08:00 <wang.qia...@zte.com.cn>:
If destination port only receive mirrored traffic, this function do not
need add port with new type of taas. In this situation, the mirror flag is
needed.
But, I think, destination port receive both mirrored traffic and regular
traffic may be more flexible.
Thanks
Takashi YAMAMOTO <yamam...@ovn.org>
2017/09/08 20:54
收件人: Russell Bryant <russ...@ovn.org>,
抄送: wang.qia...@zte.com.cn, ovs dev <d...@openvswitch.org
>, zhou.huij...@zte.com.cn, xurong00037997 <xu.r...@zte.com.cn>
主题: Re: [ovs-dev] 答复: Re: 答复: Re: 答复: Re: [PATCH
v2] ovn: Support for taas(tap-as-a-service) function
On Wed, Sep 6, 2017 at 3:57 AM, Russell Bryant <russ...@ovn.org> wrote:
What if a mirror port *only* receives mirrored packets? If the only
packets it ever receives are mirrored packets, a new flag would not be
necessary.
Do you intend for the port to operate as both a regular port *and* to
receive a mirror of traffic for another port?
in taas, a destination port is supposed to receive both of mirrored
traffic and regular traffic.
(i haven't looked at this implementation yet)
On Thu, Aug 24, 2017 at 10:31 PM, <wang.qia...@zte.com.cn> wrote:
> I know your mean.
> The receiver need to distinguish the traffic is regular or mirror. This
> may need some special flow table to deal with it.
>
> Thanks
>
>
>
> *Gao Zhenyu <sysugaozhe...@gmail.com <sysugaozhe...@gmail.com>>*
>
> 2017/08/25 10:12
>
> 收件人: wang.qia...@zte.com.cn,
> 抄送: ovs dev <d...@openvswitch.org>, Russell Bryant <
> russ...@ovn.org>, xurong00037997 <xu.r...@zte.com.cn>,
> zhou.huij...@zte.com.cn
> 主题: Re: 答复: Re: [ovs-dev] 答复: Re: [PATCH v2] ovn:
Support
> for taas(tap-as-a-service) function
>
>
> I mean for regular packet, ovs should not add the geneve option, the
new
> geneve option is only for mirror traffic.
>
> Did you meant some mirror traffic has mirror flag and some would not
have?
>
> Thanks
> Zhenyu Gao
>
> 2017-08-25 9:44 GMT+08:00 <*wang.qia...@zte.com.cn*
> <wang.qia...@zte.com.cn>>:
> Hi zhenyu,
> Thanks for your opinion.
> The mirror flag is not always exist, so I do not think add a new geneve
> option is a good idea.
>
> Thanks.
>
>
> *Gao Zhenyu <**sysugaozhe...@gmail.com* <sysugaozhe...@gmail.com>*>*
>
> 2017/08/25 09:34
>
> 收件人: *wang.qia...@zte.com.cn* <wang.qia...@zte.com.cn
>,
> 抄送: Russell Bryant <*russ...@ovn.org* <russ...@ovn.org
>>,
> ovs dev <*d...@openvswitch.org* <d...@openvswitch.org>>,
> *zhou.huij...@zte.com.cn* <zhou.huij...@zte.com.cn>, xurong00037997 <
> *xu.r...@zte.com.cn* <xu.r...@zte.com.cn>>
> 主题: Re: [ovs-dev] 答复: Re: [PATCH v2] ovn: Support
for
> taas(tap-as-a-service) function
>
>
>
> Although adding a new geneve option is more complicate but I think it
> still worth having that.
> Once the destination chassis found that geneve option, it can tag the
> mirror flag on packet. And it make the whole process looks same no
matter
> on same chassis or not.
>
> Thanks
> Zhenyu Gao
>
> 2017-08-25 9:15 GMT+08:00 <*wang.qia...@zte.com.cn*
> <wang.qia...@zte.com.cn>>:
> Hi Russell,
>
> Thanks for your review.
>
> When the mirror destination is in other chassis, the mirror flag which
> used to mark the packet need be transmitted to the destination chassis.
>
> We could use the inport, geneve option or new type of out port to
indicate
> the packet as a mirrored packet.
>
> When we use inport to indicate the flag, this may need use inport as the
> match field in the egress pipeline, I think this may conflict with the
> egress pipeline.
>
> If use geneve option to deliver the mirror flag, this may be more
> complicated. So, I add a new type of port as the destination of mirror
> flow. The port types of mirror and taas corresponding to configurations
of
> tap-flow and tap-service.
>
> Thanks.
>
>
>
>
>
> Russell Bryant <*russ...@ovn.org* <russ...@ovn.org>>
> 2017/08/25 04:44
>
> 收件人: *wang.qia...@zte.com.cn* <wang.qia...@zte.com.cn
>,
> 抄送: ovs dev <*d...@openvswitch.org* <d...@openvswitch.org>>,
> *zhou.huij...@zte.com.cn* <zhou.huij...@zte.com.cn>,
> xurong00037997 <*xu.r...@zte.com.cn* <xu.r...@zte.com.cn>>
> 主题: Re: [ovs-dev] [PATCH v2] ovn: Support for
> taas(tap-as-a-service) function
>
>
> Sorry for the delay in getting back to this ...
>
> On Tue, Aug 15, 2017 at 4:28 AM, <*wang.qia...@zte.com.cn*
> <wang.qia...@zte.com.cn>> wrote:
> > Taas was designed to provide tenants and service providers a means of
> > monitoring the traffic flowing in their Neutron provisioned virtual
> > networks. It is useful for network trouble-shooting, security and
> > analytics. The taas presentations could be found from
> >
>
> *
https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst*
> <
https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst
>
>
> > , and the api reference could be found from
> >
>
> *
https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst*
> <
https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst
>
>
> >
> > To support taas function, this patch add two type of
logica_switch_port,
> > "mirror" and "taas". port with type "mirror" is used as inport for
> monitor
> > flow in logica_switch, and port with type "taas" is used as outport
for
> > monitor flow in logica_switch.
> >
> > The ovn-controller will make the relations of the ports in tap_service
> and
> > tap_flow to mirror port and taas port.
> >
> > Signed-off-by: wang qianyu <*wang.qia...@zte.com.cn*
> <wang.qia...@zte.com.cn>>
>
> > diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
> > index 31303a8..5fdd045 100644
> > --- a/ovn/ovn-nb.xml
> > +++ b/ovn/ovn-nb.xml
> > @@ -301,6 +301,20 @@
> > <dd>
> > A port to a logical switch on a VTEP gateway.
> > </dd>
> > +
> > + <dt><code>mirror</code></dt>
> > + <dd>
> > + A port indicate the inport of mirrored flows. The user
need
> > to
> > + create this port in the logical_switch. This port should
> one
> > to
> > + one correspondence with the the tap_flows
> > + </dd>
> > +
> > + <dt><code>taas</code></dt>
> > + <dd>
> > + A port indicate the outport of mirrored flows. The user
> need
> > to
> > + create this port in logical_switch. This port should one
to
> > + one correspondence with the the tap_service.
> > + </dd>
> > </dl>
> > </column>
> > </group>
> > @@ -445,6 +459,61 @@
> > interface, in bits.
> > </column>
> > </group>
> > +
> > + <group title="Options for mirror ports">
> > + <p>
> > + These options apply when <ref column="type"/> is
> > + <code>mirror</code>.
> > + </p>
> > +
> > + <column name="options" key="source-port">
> > + Required. The <ref column="name"/> of the <ref
> > + table="Logical_switch_Port"/> that indicates where the
> > + cloned flows come from.
> > + </column>
> > +
> > + <column name="options" key="taas-port">
> > + Required. The <ref column="name"/> of the <ref
> > + table="Logical_switch_Port"/> with type taas.
> > + </column>
> > +
> > + <column name="options" key="direction">
> > + <p>
> > + This option indicates whitch
> direction(from-port/to-port/all)
> > of
> > + packet will be cloned to the taas-port. The directions
are
> > defined
> > + as follow:
> > + </p>
> > + <dl>
> > + <dt><code>from-port</code></dt>
> > + <dd>
> > + The packets from this port will be cloned to specified
> > mirror
> > + port.
> > + </dd>
> > + <dt><code>to-port</code></dt>
> > + <dd>
> > + The packets to this port will be cloned to specified
> mirror
> > + port.
> > + </dd>
> > + <dt><code>both</code></dt>
> > + <dd>
> > + The packets both from and to this port will be cloned
to
> > + specified mirror port.
> > + </dd>
> > + </dl>
> > + </column>
> > + </group>
> > +
> > + <group title="Options for taas ports">
> > + <p>
> > + These options apply when <ref column="type"/> is
> > <code>taas</code>.
> > + </p>
> > +
> > + <column name="options" key="target-port">
> > + Required. The <ref column="name"/> of the <ref
> > + table="Logical_switch_Port"/> that indicates where the
> > + cloned flows come to.
> > + </column>
> > + </group>
> > </group>
> >
> > <group title="Containers">
>
> I'm having a hard time understanding this schema. Could you expand on
> why both a "mirror" and "taas" port type was needed?
>
> I was hoping for only a single new port type, "mirror" for example,
> with options to specify what port it is receiving a mirror of traffic
> for.
>
> Does something like that not express everything needed here?
>
> --
> Russell Bryant
>
>
> _______________________________________________
> dev mailing list
> *d...@openvswitch.org* <d...@openvswitch.org>
> *https://mail.openvswitch.org/mailman/listinfo/ovs-dev*
> <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>
>
>
>
--
Russell Bryant
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
--
Russell Bryant
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
