Re: [ovs-discuss] communication between two ovs bridges

2017-03-10 Thread Scott Lowe 
Please see my reply inline, prefixed by [SL].


On 03/10/2017 10:07 AM, David Gabriel wrote:
> Thanks for help.
> In fact, I am in the second case you mentionned about openstack
> configuration.
> My objective is not using patch ports but ensuring the communication
> between the two ovs bridges I created in my toplogy.
> Shall I set new route to force using the ovs bridge in each VM or not ?


[SL] Because there are a lot of different configurations that can
support VLAN-backed networks in OpenStack, I think it's probably best
for you to take up this question on one of the OpenStack mailing lists
(or IRC---try #openstack on Freenode). There are a great many variables
involved (Are you using Nova-Network or Neutron? If Neutron, which
plugin? Which hypervisor? etc.) that will make it difficult for users of
this mailing list to assist.


> kind regards.
> 
> 2017-03-09 17:38 GMT+01:00 Scott Lowe  >:
> 
> Please see my reply inline, prefixed by [SL].
> 
> 
> On 03/09/2017 03:12 AM, David Gabriel wrote:
> > Thanks for your reply.
> > What do you suggest to ensure the communication between the VMs using my
> > topology.
> > It is possible to create it based on openstack.
> > Any help is welcome.
> 
> 
> [SL] Based on the information provided, I'm guessing that you want to
> run OVS inside a guest VM that is running on an OpenStack-managed
> hypervisor. If that is the case, then a lot will depend on how your
> OpenStack installation is configured:
> 
> - If you are using OpenStack Neutron with another SDN solution
> underneath, that solution may not support NICs running in promiscuous
> mode, which I believe would be required in order to run OVS in a VM on
> top of OpenStack.
> 
> - If you are using OpenStack Neutron with VLAN-backed networks, then you
> may be fine running OVS in a guest VM.
> 
> If your primary interest is simply using patch ports to connect 2 OVS
> bridges, then I'd suggest running them in a single VM.
> 
> I'm afraid we'll need more information in order to be able to help you.
> 
> 
> > Thanks in advance.
> > Best regards
> >
> > 2017-03-08 20:54 GMT+01:00 Scott Lowe  
> > >>:
> >
> > On 03/08/2017 10:12 AM, David Gabriel wrote:
> >> Dears,
> >>
> >> I have defined two ovs bridges, each one of them is deployed in one
> >> Virtual Machine (VM) based on this simple topology:
> >> Internet - OVS1 LAN OVS2
> -Internet
> >> I used the following commands for OVS1:
> >> ovs-vsctl add-br mybridge1
> >> ifconfig mybridge1 up
> >> ovs-vsctl add-port eth1 mybridge1 //eth0 is dedicated for Internet
> >> ifconfig eth1 0
> >> ovs-vsctl add-port eth1 mybridge1
> >> ovs-vsctl set-controller mybridge tcp:AddressOfController:6633
> >>
> >> Then I added a patch port for each bridge based on this tutorial
> >>
> >>
> 
>  
> 
> >>
> 
>  
> >>
> >> ovs-vsctl add-port mybridge1 patch2-1
> >> ovs-vsctl set interface patch2-1 type=patch
> >> ovs-vsctl set interface patch2-1 options:peer=patch2-1
> >>
> >> Then I tried to make the ping between the two VMs but it fails !
> >> Could you please tell me how to fix this problem.
> >
> >
> > It's my understanding that patch ports should only be used to connect
> > OVS bridges running on the same system. Since your bridges are across
> > two different VMs, using a patch port here won't work.


-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] communication between two ovs bridges

2017-03-10 Thread David Gabriel 
Thanks for help.
In fact, I am in the second case you mentionned about openstack
configuration.
My objective is not using patch ports but ensuring the communication
between the two ovs bridges I created in my toplogy.
Shall I set new route to force using the ovs bridge in each VM or not ?

kind regards.

2017-03-09 17:38 GMT+01:00 Scott Lowe :

> Please see my reply inline, prefixed by [SL].
>
>
> On 03/09/2017 03:12 AM, David Gabriel wrote:
> > Thanks for your reply.
> > What do you suggest to ensure the communication between the VMs using my
> > topology.
> > It is possible to create it based on openstack.
> > Any help is welcome.
>
>
> [SL] Based on the information provided, I'm guessing that you want to
> run OVS inside a guest VM that is running on an OpenStack-managed
> hypervisor. If that is the case, then a lot will depend on how your
> OpenStack installation is configured:
>
> - If you are using OpenStack Neutron with another SDN solution
> underneath, that solution may not support NICs running in promiscuous
> mode, which I believe would be required in order to run OVS in a VM on
> top of OpenStack.
>
> - If you are using OpenStack Neutron with VLAN-backed networks, then you
> may be fine running OVS in a guest VM.
>
> If your primary interest is simply using patch ports to connect 2 OVS
> bridges, then I'd suggest running them in a single VM.
>
> I'm afraid we'll need more information in order to be able to help you.
>
>
> > Thanks in advance.
> > Best regards
> >
> > 2017-03-08 20:54 GMT+01:00 Scott Lowe  > >:
> >
> > On 03/08/2017 10:12 AM, David Gabriel wrote:
> >> Dears,
> >>
> >> I have defined two ovs bridges, each one of them is deployed in one
> >> Virtual Machine (VM) based on this simple topology:
> >> Internet - OVS1 LAN OVS2 -Internet
> >> I used the following commands for OVS1:
> >> ovs-vsctl add-br mybridge1
> >> ifconfig mybridge1 up
> >> ovs-vsctl add-port eth1 mybridge1 //eth0 is dedicated for Internet
> >> ifconfig eth1 0
> >> ovs-vsctl add-port eth1 mybridge1
> >> ovs-vsctl set-controller mybridge tcp:AddressOfController:6633
> >>
> >> Then I added a patch port for each bridge based on this tutorial
> >>
> >>  bridges-with-patch-ports/
> >>  bridges-with-patch-ports/>>
> >> ovs-vsctl add-port mybridge1 patch2-1
> >> ovs-vsctl set interface patch2-1 type=patch
> >> ovs-vsctl set interface patch2-1 options:peer=patch2-1
> >>
> >> Then I tried to make the ping between the two VMs but it fails !
> >> Could you please tell me how to fix this problem.
> >
> >
> > It's my understanding that patch ports should only be used to connect
> > OVS bridges running on the same system. Since your bridges are across
> > two different VMs, using a patch port here won't work.
>
>
> --
> Scott
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS supported hardware switches

2017-03-10 Thread Ben Pfaff 
On Fri, Mar 10, 2017 at 11:14:55AM +0530, Shravan S K wrote:
> We are looking to buy a few OpenFlow-enabled switches. What advantages can
> be achieved by a hardware switch that also supports OVS?
> And can a hardware openflow L2 switch perform L3,L4 based openflow
> forwarding - can I inspect L3,L4 layers and take a decision based on them ?

It's hard to tell.  No one ever comes to us and says that they base
their switch on OVS.  You have to guess.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS supported hardware switches

2017-03-10 Thread Raymond Burkholder 
Mellanox has been working with switchdev and openvswitch and have been 
upstreaming some work to the kernel to make what you have asked about to work 
with their spectrum switches.  Maybe I can get confirmation from them later 
today to share some of their roadmap.  Looks pretty good so far.  I am going to 
attempt a distributed OpenFlow/OVS controller which might be able to make use 
of their underlying hardware.

 

Disclosure:  I am an interested user and thought this might be appropriate for 
this list.

 

From: ovs-discuss-boun...@openvswitch.org 
[mailto:ovs-discuss-boun...@openvswitch.org] On Behalf Of Shravan S K
Sent: Friday, March 10, 2017 01:45
To: ovs-discuss@openvswitch.org
Subject: [ovs-discuss] OVS supported hardware switches

 

Hello,

We are looking to buy a few OpenFlow-enabled switches. What advantages can be 
achieved by a hardware switch that also supports OVS?

And can a hardware openflow L2 switch perform L3,L4 based openflow forwarding - 
can I inspect L3,L4 layers and take a decision based on them ?



-- 
This message has been scanned for viruses and 
dangerous content by   MailScanner, and is 
believed to be clean. 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] OVS datapath actions implementation

2017-03-10 Thread Robert Wojciechowicz 
Hi,

my knowledge about OVS openflow/datapath actions implementation is quite
limited, so I'd like to ask you for help.
Basically my problem boils down to how to share with `sample` action
some data, which is available just after execution of action `ct` (NAT
translation in my case).

TL;DR
Details:

There is already available patch, which introduces NAT support 
in OVS userspace:

https://mail.openvswitch.org/pipermail/ovs-dev/2017-February/32.html

I'm playing with this patch, because I'd like to expose via sFlow 
following data:

"""
/* Extended NAT Data
   Packet header records report addresses as seen at the sFlowDataSource.
   The extended_nat structure reports on translated source and/or destination
   addesses for this packet. If an address was not translated it should
   be equal to that reported for the header. */
/* opaque = flow_data; enterprise = 0; format = 1007 */

struct extended_nat {
 address src_address;/* Source address */
 address dst_address;/* Destination address */
}
"""

As can be seen `src_address` and `dst_address` should contain ip addresses
translated by NAT.

In case of many-to-one Source NAT translation:

ovs-ofctl add-flow br0 
idle_timeout=0,in_port=2,ip,action="ct(commit,zone=1,nat(src=10.0.0.2)),1"

there is no problem, because sFlow `src_address` can be taken from the action 
definition `src` attribute.

However in many-to-many Source NAT translation:

ovs-ofctl add-flow br0 
idle_timeout=0,in_port=2,ip,action="ct(commit,zone=1,nat(src=10.0.0.1-10.0.0.255)),1"

from the action definition can be taken only specified range of ip addresses. 
Unfortunately the eventually selected ip address for translation 
is not available here.

OVS sFlow monitoring is composed from `sample` and `userspace` actions.
So having sFlow and NAT enabled following actions are involved:

# ovs-appctl dpctl/dump-flows
[...] 
actions:sample(sample=1.0%,actions(userspace(pid=0,sFlow(vid=0,pcp=0,output=2147483649),actions))),
ct(commit,zone=1,nat(src=10.0.0.1-10.0.0.255)),2

`sample` action is executed always before `ct`, so the NAT translation 
is not visible in sFlow upcall.
When I changed the order and `ct` was executed before `sample` 
then in sFlow upcall there was received the packet after NAT translation, 
so there was lost original source IP address.

The only idea I came up with is to execute `sample` action after `ct` (NAT),
but this `sample` action should take as input original packet before 
NAT translation and translated ip address by NAT in `user_action_cookie`.

If you have any suggestions or some other idea how to approach 
this problem please share with me.

Br,
Robert

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss