Re: [ovs-discuss] HA OVN "Central" as a kubernetes service

[aginwala]

Hi:

Adding the ML too. Folks from k8s can comment on the same to see if ovn-k8s
repo needs an update in the documentation for you to get the setup working
when using their specs as is without any code changes in addition to using
your own custom ovn images, etc. I am getting mail failure when adding
ovn-k8s google group as I think I don't have permission to post there. Also
the yaml specs and raft scripts have good comments which can give you a
clear idea too.

Also cc'd Girish who can comment further.


Also things like volumes(PV) for ovn central dedicated nodes, monitoring,
backing up ovn db,  etc. needs to be considered so that when the pod is
restarted or ovn version is upgraded, cluster settings are retained and
cluster health stats are also taken into consideration.


I got the design aspect of it sorted a week ago and had internal review too
cc Han as we do not use ovn as CNI too including some pending
containerizing items for ovn global dbs and ovn interconnect controller to
use for ovn interconnect. However, it's pending testing in k8s with all the
specs/tweaks due to some other priorities. As the approach taken by ovn-k8s
is succinct and already tested, it shouldn't be a bottleneck.

I agree that overall documentation needs to be consolidated on both ovn-k8s
side or ovn repo.

On Mon, Jul 6, 2020 at 9:49 AM Brendan Doyle 
wrote:

> Hi,
>
> I've been trying to follow the instructions at
> https://github.com/ovn-org/ovn-kubernetes
> to set up an OVN "Central/Master" high availability (HA).  I want to
> deploy and manage that
> cluster as a Kubernetes service .
>
> I can find lots of stuff on "ovn-kube" but this seems to be using OVN as
> a  kubernetes CNI instead of
> Flannel etc.  But this is not what I want to do, I have a kubernetes
> cluster using Flannel as the CNI,
> now  I want to deploy a HA OVN "Central" as a kubernetes service. Kind
> of like how you can deploy
> a MySQL cluster in kubernetes using a SatefulSet deployment.
>
> I have found this:
> https://github.com/ovn-org/ovn-kubernetes#readme
>
> But it is not clear to me if this is how to setup OVN as a kubernetes
> CNI or it's how to setup a HA OVN central as kubernetes service.
>
> I did try he steps in the READMe above, but they did not seem to work, then
> I have just seen that there is a ovnkube-db-raft.yaml file, this seems more
> promising as it does use a StatefulSet, but I can find no documentation
> on this
> file.
>
> Thanks
>
> Brendan
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] openvswitch port number changes when VM restart

[Ben Pfaff]

On Fri, Jun 12, 2020 at 02:13:11PM +0800, 张志博 wrote:
> openvswitch port number changes when VM restart.

It's a pretty vague question.  Can you be more specific?
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] HA OVN "Central" as a kubernetes service

[Girish Moodalbail]

Hello Brendan,

After you run the './daemonset.sh` script, there will be two DB related
yaml files in `dist/yaml` folder. The ovnkube-db.yaml brings up standalone
OVN DBs, whilst the ovnkube-db-raft brings up the OVN Clustered DBs. Please
do `kubectl apply -f $HOME/work/src/
github.com/ovn-org/ovn-kubernetes/dist/yaml/ovnkube-db-raft.yaml
`.

Furthermore, if you read that YAML file the node selector is set to nodes
with label `k8s.ovn.org/ovnkube-db=true`. So, you will need to annotate at
least 3 nodes with that label.

HTH

Regards,
~Girish

On Mon, Jul 6, 2020 at 8:37 AM Brendan Doyle 
wrote:

> So I've tried the steps in
> https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d
> :
>
> cd $HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/images
> ./daemonset.sh --image=docker.io/ovnkube/ovn-daemonset-u:latest \
> --net-cidr=192.168.0.0/16 --svc-cidr=172.16.1.0/24 \
> --gateway-mode="local" \
> --k8s-apiserver=https://$MASTER_IP:6443
>
>
> # Create OVN namespace, service accounts, ovnkube-db headless service, 
> configmap, and policies
> kubectl create -f 
> $HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/yaml/ovn-setup.yaml
>
> # Run ovnkube-db deployment.
> kubectl create -f 
> $HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/yaml/ovnkube-db.yaml
>
> # Run ovnkube-master deployment.
> kubectl create -f 
> $HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/yaml/ovnkube-master.yaml
>
> # Run ovnkube daemonset for nodes
> kubectl create -f 
> $HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/yaml/ovnkube-node.yaml
>
>
> And I see nothing in my k8 cluster, seems like it does nothing
>
> [root@ca-rain01 yaml]#  kubectl create -f ovnkube-master.yaml
> deployment "ovnkube-master" created
> [root@ca-rain01 yaml]# kubectl delete deployment ovnkube-master
> Error from server (NotFound): deployments.extensions "ovnkube-master" not 
> found
>
> Has anybody got this working, or used any other means to deploy an OVN 
> cluster as a K8 Statefulset?
>
>
> Brendan
>
>
>
>
> On 06/07/2020 12:33, Brendan Doyle wrote:
>
> Hi,
>
> So I'm really confused by what you have pointed me to here. As stated I do
> NOT
> want to use OVN as a CNI. I have a k8s cluster that use flannel as the
> CNI. I simply
> want to create an OVN "central" cluster as a Stateful set in my *existing*
> K8
> config.
>
> This repo:
>
> https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d
>
> Seems to be for setting up a K8s cluster to use OVN as the CNI??
> Have you tried this?
> What IP do the ovn-controllers use to reach the OVN "central cluster?
> It seems to use an OVN docker image from docker.io, I want to use my own
> OVN src
> Do I use/modify the dist/images/Dockerfile in this repo? that has loads of
> references to CNI
> like I said I don't want to use OVN as the CNI??
>
>
> The instructions here
> https://github.com/ovn-org/ovn/blob/d6b56b1629d5984ef91864510f918e232efb89de/Documentation/intro/install/general.rst
> seem more promising, if not a little confusing:
>
> IN the section "Starting OVN Central services in containers"
>
> Export following variables in .env and place it under project root:
>
> $ OVN_BRANCH=
> $ OVN_VERSION=
> $ DISTRO=
> $ KERNEL_VERSION=
> $ GITHUB_SRC=
> $ DOCKER_REPO=
>
>
> Does it mean create a file called ".env" and place it in the toplevel dir
> of the cloned ovn repo?
> Or does it mean just add these to you shell environment (i.e put them in
> .bashrc)?
>
> Then we have:
>
> 1)
>
> Start OVN containers using below command:
>
> $ docker run -itd --net=host --name=ovn-nb \
>   : ovn-nb-tcp
>
> $ docker run -itd --net=host --name=ovn-sb \
>   : ovn-sb-tcp
>
> $ docker run -itd --net=host --name=ovn-northd \
>   : ovn-northd-tcp
>
> followed by
>
> 2)
>
> $ docker run -e "host_ip=" -e "nb_db_port=" -itd \
>   --name=ovn-nb-raft --net=host --privileged : \
>   ovn-nb-cluster-create
>
> $ docker run -e "host_ip=" -e "sb_db_port=" -itd \
>   --name=ovn-sb-raft --net=host --privileged : \
>   ovn-sb-cluster-create
>
> $ docker run -e "OVN_NB_DB=tcp::6641,tcp::6641,\
>   tcp::6641" -e "OVN_SB_DB=tcp::6642,tcp::6642,\
>   tcp::6642" -itd --name=ovn-northd-raft : \
>   ovn-northd-cluster
>
> Does it mean do 1), then 2) or does it mean do 1) for non HA OVN central
> *OR* 2)
> for HA/clustered OVN Central?
>
> It's not clear
>
> Thanks
>
>
>
>
>
>
> On 25/06/2020 17:36, aginwala wrote:
>
> Hi:
>
> There are a couple of options as I have been exploring this too:
>
> 1. Upstream ovn-k8s patches (
> https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d)
> uses statefulset and headless service for starting ovn central raft cluster
> with 3 replicas. Cluster startup code and pod specs are pretty neat that
> addresses most of the doubts.
>
> OVN components have been containerized too to start them in pods. You can
> also refer 

Re: [ovs-discuss] HA OVN "Central" as a kubernetes service

[aginwala]

On Mon, Jul 6, 2020 at 4:33 AM Brendan Doyle 
wrote:

> Hi,
>
> So I'm really confused by what you have pointed me to here. As stated I do
> NOT
> want to use OVN as a CNI. I have a k8s cluster that use flannel as the
> CNI. I simply
> want to create an OVN "central" cluster as a Stateful set in my *existing*
> K8
> config.
>
> This repo:
>
> https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d
>
> Seems to be for setting up a K8s cluster to use OVN as the CNI??
> Have you tried this?
> What IP do the ovn-controllers use to reach the OVN "central cluster?
> It seems to use an OVN docker image from docker.io, I want to use my own
> OVN src
> Do I use/modify the dist/images/Dockerfile in this repo? that has loads of
> references to CNI
> like I said I don't want to use OVN as the CNI??
>
> A pre-req for running ovn central as a k8s app is containerize ovn central
components. Hence, you need to start your own containers using docker.
Either you follow the approach from ovn-k8s repo as to how to build ovn
images or refer to the docker instructions in ovn repo. Since this app (ovn
central) will run behind a k8s service, ovn-controller should point to the
service ip of ovn central k8s app. k8s folks can comment on how to build
image that is in k8s pod specs e.g
http://docker.io/ovnkube/ovn-daemonset:latest

>
> The instructions here
> https://github.com/ovn-org/ovn/blob/d6b56b1629d5984ef91864510f918e232efb89de/Documentation/intro/install/general.rst
> seem more promising, if not a little confusing:
>
> IN the section "Starting OVN Central services in containers"
>
> Export following variables in .env and place it under project root:
>
> $ OVN_BRANCH=
> $ OVN_VERSION=
> $ DISTRO=
> $ KERNEL_VERSION=
> $ GITHUB_SRC=
> $ DOCKER_REPO=
>
>
> Does it mean create a file called ".env" and place it in the toplevel dir
> of the cloned ovn repo?
> Or does it mean just add these to you shell environment (i.e put them in
> .bashrc)?
>
> You can just export OVN_BRANCH=xx in your shell for all variables and
build your containers with desired distro/version using make build
>
> Then we have:
>
> 1)
>
> Start OVN containers using below command:
>
> $ docker run -itd --net=host --name=ovn-nb \
>   : ovn-nb-tcp
>
> $ docker run -itd --net=host --name=ovn-sb \
>   : ovn-sb-tcp
>
> $ docker run -itd --net=host --name=ovn-northd \
>   : ovn-northd-tcp
>
> followed by
>
> 2)
>
> $ docker run -e "host_ip=" -e "nb_db_port=" -itd \
>   --name=ovn-nb-raft --net=host --privileged : \
>   ovn-nb-cluster-create
>
> $ docker run -e "host_ip=" -e "sb_db_port=" -itd \
>   --name=ovn-sb-raft --net=host --privileged : \
>   ovn-sb-cluster-create
>
> $ docker run -e "OVN_NB_DB=tcp::6641,tcp::6641,\
>   tcp::6641" -e "OVN_SB_DB=tcp::6642,tcp::6642,\
>   tcp::6642" -itd --name=ovn-northd-raft : \
>   ovn-northd-cluster
>
> Does it mean do 1), then 2) or does it mean do 1) for non HA OVN central
> *OR* 2)
> for HA/clustered OVN Central?
>
> Doc says Start OVN containers in cluster mode using below command on
node2 and node3 to make them join the peer using below command:. Hence, you
can even play with just docker on 3 nodes where you run step1 on node1 that
creates cluster and do the join-cluster on rest two nodes to give you a
clear idea before moving to pod in k8s. Not sure if you need more details
to update doc. We can always improvise. Upstream ovn-k8s does the same for
pods where e.g. ovn-kube0 pod creates a cluster and rest two pods joins

> It's not clear
>
> Thanks
>
>
>
>
>
>
> On 25/06/2020 17:36, aginwala wrote:
>
> Hi:
>
> There are a couple of options as I have been exploring this too:
>
> 1. Upstream ovn-k8s patches (
> https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d)
> uses statefulset and headless service for starting ovn central raft cluster
> with 3 replicas. Cluster startup code and pod specs are pretty neat that
> addresses most of the doubts.
>
> OVN components have been containerized too to start them in pods. You can
> also refer to
> https://github.com/ovn-org/ovn/blob/d6b56b1629d5984ef91864510f918e232efb89de/Documentation/intro/install/general.rst
>  for the same and use them to make it work in pod specs too.
>
>
> 2. Write a new ovn operator similar to etcd operator
> https://github.com/coreos/etcd-operator which just takes the count of
> raft replicas and does the job in the background.
>
> I also added ovn-k8s group so they can comment on any other ideas too.
> Hope it helps.
>
>
>
> On Thu, Jun 25, 2020 at 7:15 AM Brendan Doyle 
> wrote:
>
>> Hi,
>>
>> So I'm trying to find information on setting up an OVN "Central/Master"
>> high availability (HA)
>> Not as Active-Backup with Pacemaker, but as a cluster. But I want to
>> deploy and manage that
>> cluster as a Kubernetes service .
>>
>> I can find lots of stuff on "ovn-kube" but this seems to be using OVN as
>> a  kubernetes CNI instead of
>> Flannel etc.  But this is not what I want to do, I 

Re: [ovs-discuss] different flow actions overlap

[Luca Mancini]

Yes bridge specific is exactly what I’m looking for.
I’ll look both into this and the other reply to the other post you gave me, on 
adding an additional parameter to the action. This sounds like a pretty big 
obstacle but it should be my last.

Thanks!


From: Ben Pfaff
Sent: Monday, July 6, 2020 21:37
To: Luca Mancini
Cc: ovs-discuss@openvswitch.org
Subject: Re: [ovs-discuss] different flow actions overlap

I don't recommend multiple ovs-vswitchd processes.

It sounds like you want the action's effects to be specific to a bridge.
So, implement it so that it's specific to a bridge.  Lots of actions
have bridge-specific state.  The MAC-learning table is bridge-specific,
for example.

On Mon, Jul 06, 2020 at 07:03:50PM +, Luca Mancini wrote:
>
> " different bridges implemented by a single ovs-vswitchd process, then 
> whether they are distinct would depend on how you implemented the action.”
> Yes, this is it.
> So basically my action is “shared” by all the flows that call it since there 
> is only one ovs-vswitchd process, wasn’t expecting this behavior to be 
> honest. Is having multiple ovs-vswitchd processes a valid solution instead of 
> hard coding my way though this?
>
>
> From: Ben Pfaff
> Sent: Monday, July 6, 2020 20:44
> To: Luca Mancini
> Cc: ovs-discuss@openvswitch.org
> Subject: Re: [ovs-discuss] different flow actions overlap
>
> What do you mean by "two different switches"?  If you are talking about
> two different ovs-vswitchd processes, then yes of course they would be
> independent.  If you are talking about different bridges implemented by
> a single ovs-vswitchd process, then whether they are distinct would
> depend on how you implemented the action.
>
> On Mon, Jul 06, 2020 at 05:53:22PM +, Luca Mancini wrote:
> > Hi Ben,
> > I feel like I'm missing something, my action simply stores 5 packets, but 
> > shouldn't two "buffering" flows installed on two different switches be 2 
> > separate instances of that action, i.e. both store 5 different packets? 
> > What happens is 2 switches that use that buffering action (in two separate 
> > flows) add the packets to the same buffer.
> >
> > From: Ben Pfaff
> > Sent: Monday, July 6, 2020 18:33
> > To: Luca Mancini
> > Cc: ovs-discuss@openvswitch.org
> > Subject: Re: [ovs-discuss] different flow actions overlap
> >
> > On Mon, Jul 06, 2020 at 11:08:16AM +, Luca Mancini wrote:
> > > Hello,
> > >
> > > I have two different flows on the same switch:
> > >
> > > ovs-ofctl add-flow s1 
> > > in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.4,action=buffer:3
> > > ovs-ofctl add-flow s1 
> > > in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.2,action=buffer:2
> > >
> > > these flows are supposed to buffer packets meant for the destination 
> > > specified by nw_dst, and send the whole buffer as a new packet through 
> > > the port specified (3 or 2) . My problem is that the packets that hit the 
> > > different flows end up in the same buffer, shouldn’t hitting a different 
> > > flow create a new instance of that action?
> > >
> > > If it helps diagnose the issue, the buffer action is implemented in 
> > > ofproto-dpif-xlate.c, so only works in userspace.
> >
> > This seems like an odd question.  "buffer" is an action that you
> > invented and implemented, I think, so it can only do what you made it
> > do.  If it's not doing what you want, then maybe your code has a bug?
> >
> > I don't know what an "instance" of an action is.
> >
>

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Question concerning GRE-encapsulated traffic *in* OpenStack provider VLAN network

[Ben Pfaff]

On Fri, Jun 26, 2020 at 10:10:47AM +, Loschwitz,Martin Gerhard wrote:
> Folks,
> 
> I’m contacting you to find out if a behaviour I see is expected behaviour or 
> actual misdemeanour in Open vSwitch and/or OVN. I have an OpenStack setup 
> here that uses OVN. I have configured several VLAN-based provider networks. 
> What I want to do is use a GRE-tunnel *inside* one of these VLAN networks. On 
> the target compute node, I see that traffic enters the physical host but is 
> not forwarded to the bridge to which the VM is connected. I can see that the 
> flows for that are missing in the flow table.
> 
> I fully understand that OVN supports Geneve only, but in this case, I want my 
> *tenants* to be able to use GRE encapsulation in a provider network. Is this 
> supposed to work and this is either a bug or a misconfiguration? And if it is 
> not expected to work, what are possible alternatives?

I'm surprised this doesn't work.  I'd expect it to work.  At a guess,
I'd suspect MTU issues, especially if you see that it sometimes works
for connection setup.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Linux Foundation slideshare - OVS 2017

[Ben Pfaff]

Thanks for working on this.

Access to the Dropbox folder would be ideal.  If we get the slides from
that then we can drop the whole issue with SlideShare.

On Fri, Jul 03, 2020 at 10:30:39AM -0400, Emily Ruf wrote:
> Two updates:
> 
> We have access the openvswi...@linuxfoundation.org account and this is what 
> is attached to the SlideShare account. This is good news because we can now 
> communicate with them as an authorized account. Unfortunately, we still don’t 
> have an answer as to why one presentation has shut down the other 
> presentations.
> 
> We’ve been able to locate the source of the original files, which was a 
> Dropbox folder. I don’t yet have access but have requested it. With today 
> being a holiday, we may not get access until next week.
> 
> I’m OOO much of next week and may not have email access. I’ve copied my 
> colleague Rachel who will pitch in where possible. She’s looped into the 
> Dropbox access request.
> 
> Thanks for your patience while we get to the bottom of this!
> 
> Emily
> 
> Emily Ruf, CMP
> Event Manager
> The Linux Foundation
> 
> M: 512-745-1456
> E: e...@linuxfoundation.org
> 
> 
> 
> > On Jul 1, 2020, at 11:46 AM, Ben Pfaff  wrote:
> > 
> > Thanks!
> > 
> > On Wed, Jul 01, 2020 at 11:37:19AM -0400, Trishan de Lanerolle wrote:
> >> Hi Ben,
> >> Emily is chasing this down with Cassandra.
> >> Trishan
> >> 
> >> 
> >> On Wed, Jul 1, 2020 at 11:32 AM Ben Pfaff  wrote:
> >> 
> >>> Are you able to log into this LF_OpenvSwitch account?  If not, who is?
> >>> Linux Foundation never provided me the account details.  And
> >>> SlideShare/LinkedIn/Microsoft refuses to help.
> >>> 
> >>> Searching my email for the account name LF_OpenvSwitch, Cassandra RJ
> >>>  originally created the SlideShare.  I
> >>> remember there has been some turnover in Linux Foundation event
> >>> management, but if Cassandra is still there then I guess I should have
> >>> been talking to her the whole time!
> >>> 
> >>> On Tue, Jun 30, 2020 at 07:59:46AM -0700, Ben Pfaff wrote:
>  That's fine.  Please ask them.
>  
>  I'm furious with SlideShare.  They won't tell me who claimed to own this
>  set of slides or what it is alleged to infringe, yet the only way
>  they'll let it go back up is to assert under penalty of perjury that the
>  allegations, whatever they are (and without knowing what they are), are
>  false, and to give an opportunity to the person or company who asserted
>  it, whoever it is (without knowing who it is), to file a lawsuit.
>  
>  Whenever the other slides go back up, if they do, the first thing to do
>  is to download them, then put them up somewhere else.  SlideShare (and
>  their owners LinkedIn, and *their* owners Microsoft) cannot be trusted
>  with the simple task of hosting a file.
>  
>  On Tue, Jun 30, 2020 at 10:43:05AM -0400, Emily Ruf wrote:
> > Ben,
> > 
> > We received a response from LinkedIn. I’ve looked back in our records
> >>> and the presentation was from Rohith Basavaraja with Ericsson.
> > 
> > My suggestion is to request them take down this one presentation since
> >>> we can’t view it to determine if there is a copyright issue or not. If you
> >>> agree, I will respond.
> > 
> > 
> > "We've received a notice of Copyright Infringement concerning the
> >>> following content you have posted:
> > 
> > URL:
> >>> http://www.slideshare.net/LF_OpenvSwitch/lfovs17troubleshooting-the-data-plane-in-ovs-82280329
> >>> <
> >>> http://www.slideshare.net/LF_OpenvSwitch/lfovs17troubleshooting-the-data-plane-in-ovs-82280329
>  
> > Title:  LF_OVS_17_Trouble-shooting the Data Plane in OVS
> > 
> > Due to the posting of alleged infringing content in violation of our
> >>> Copyright Policy, User Agreement, and Professional Community Policies, we
> >>> have permanently suspended your account effective immediately.
> > 
> > If you believe that removal or disablement of the content described
> >>> above was a result of a mistake or misidentification of the material to be
> >>> removed or disabled, you may submit a Counter-Notice as described in our
> >>> copyright policy: https://www.linkedin.com/help/linkedin/ask/TS-CNRCCI <
> >>> https://www.linkedin.com/help/linkedin/ask/TS-CNRCCI>
> > 
> > Upon receipt of your Counter-Notice, we may repost or allow you to
> >>> repost the content after 10-14 business days, pending the filing of a
> >>> lawsuit by the claimant. Any assertions made by you in submitting a
> >>> Counter-Notice are under penalty of perjury."
> > 
> > Emily Ruf, CMP
> > Event Manager
> > The Linux Foundation
> > 
> > M: 512-745-1456
> > E: e...@linuxfoundation.org
> > 
> > 
> >> On Jun 29, 2020, at 11:10 PM, Emily Ruf 
> >>> wrote:
> >> 
> >> Ben,
> >> 
> >> I have also opened in internal support ticket to see what other
> >>> options we have to access the account.
> 

Re: [ovs-discuss] different flow actions overlap

[Ben Pfaff]

I don't recommend multiple ovs-vswitchd processes.

It sounds like you want the action's effects to be specific to a bridge.
So, implement it so that it's specific to a bridge.  Lots of actions
have bridge-specific state.  The MAC-learning table is bridge-specific,
for example.

On Mon, Jul 06, 2020 at 07:03:50PM +, Luca Mancini wrote:
> 
> " different bridges implemented by a single ovs-vswitchd process, then 
> whether they are distinct would depend on how you implemented the action.”
> Yes, this is it.
> So basically my action is “shared” by all the flows that call it since there 
> is only one ovs-vswitchd process, wasn’t expecting this behavior to be 
> honest. Is having multiple ovs-vswitchd processes a valid solution instead of 
> hard coding my way though this?
> 
> 
> From: Ben Pfaff
> Sent: Monday, July 6, 2020 20:44
> To: Luca Mancini
> Cc: ovs-discuss@openvswitch.org
> Subject: Re: [ovs-discuss] different flow actions overlap
> 
> What do you mean by "two different switches"?  If you are talking about
> two different ovs-vswitchd processes, then yes of course they would be
> independent.  If you are talking about different bridges implemented by
> a single ovs-vswitchd process, then whether they are distinct would
> depend on how you implemented the action.
> 
> On Mon, Jul 06, 2020 at 05:53:22PM +, Luca Mancini wrote:
> > Hi Ben,
> > I feel like I'm missing something, my action simply stores 5 packets, but 
> > shouldn't two "buffering" flows installed on two different switches be 2 
> > separate instances of that action, i.e. both store 5 different packets? 
> > What happens is 2 switches that use that buffering action (in two separate 
> > flows) add the packets to the same buffer.
> >
> > From: Ben Pfaff
> > Sent: Monday, July 6, 2020 18:33
> > To: Luca Mancini
> > Cc: ovs-discuss@openvswitch.org
> > Subject: Re: [ovs-discuss] different flow actions overlap
> >
> > On Mon, Jul 06, 2020 at 11:08:16AM +, Luca Mancini wrote:
> > > Hello,
> > >
> > > I have two different flows on the same switch:
> > >
> > > ovs-ofctl add-flow s1 
> > > in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.4,action=buffer:3
> > > ovs-ofctl add-flow s1 
> > > in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.2,action=buffer:2
> > >
> > > these flows are supposed to buffer packets meant for the destination 
> > > specified by nw_dst, and send the whole buffer as a new packet through 
> > > the port specified (3 or 2) . My problem is that the packets that hit the 
> > > different flows end up in the same buffer, shouldn’t hitting a different 
> > > flow create a new instance of that action?
> > >
> > > If it helps diagnose the issue, the buffer action is implemented in 
> > > ofproto-dpif-xlate.c, so only works in userspace.
> >
> > This seems like an odd question.  "buffer" is an action that you
> > invented and implemented, I think, so it can only do what you made it
> > do.  If it's not doing what you want, then maybe your code has a bug?
> >
> > I don't know what an "instance" of an action is.
> >
> 
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Multiple instances of the same action

[Ben Pfaff]

On Thu, Jul 02, 2020 at 01:14:04PM +, Luca Mancini wrote:
> I was wondering if there is a way to have multiple  instances of the same 
> action. For example I implemented a Buffering action as detailed previously in
> https://mail.openvswitch.org/pipermail/ovs-discuss/2020-June/050197.html
> so my question is, is there a way to install two different flows on the same 
> switch, which both use the same BUFFER action, in order to buffer separately 
> without packets overlapping.
> For example:
> 
> h1—s1---s2—h3
>  |   |
>h2h4
> 
> I install 2 flows to use the action: BUFFER for packets from h1 to h3
> and from h2 to h4, without having packets from the first flow buffered
> with packets from the second flow. It’s probably some special property
> that the action should have, but I can’t seem to find it

Oh, now I see that you asked about instances before.

I'd suggest just adding another parameter to the action that could be
used to partition one "instance" from another.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] different flow actions overlap

[Luca Mancini]

" different bridges implemented by a single ovs-vswitchd process, then whether 
they are distinct would depend on how you implemented the action.”
Yes, this is it.
So basically my action is “shared” by all the flows that call it since there is 
only one ovs-vswitchd process, wasn’t expecting this behavior to be honest. Is 
having multiple ovs-vswitchd processes a valid solution instead of hard coding 
my way though this?


From: Ben Pfaff
Sent: Monday, July 6, 2020 20:44
To: Luca Mancini
Cc: ovs-discuss@openvswitch.org
Subject: Re: [ovs-discuss] different flow actions overlap

What do you mean by "two different switches"?  If you are talking about
two different ovs-vswitchd processes, then yes of course they would be
independent.  If you are talking about different bridges implemented by
a single ovs-vswitchd process, then whether they are distinct would
depend on how you implemented the action.

On Mon, Jul 06, 2020 at 05:53:22PM +, Luca Mancini wrote:
> Hi Ben,
> I feel like I'm missing something, my action simply stores 5 packets, but 
> shouldn't two "buffering" flows installed on two different switches be 2 
> separate instances of that action, i.e. both store 5 different packets? What 
> happens is 2 switches that use that buffering action (in two separate flows) 
> add the packets to the same buffer.
>
> From: Ben Pfaff
> Sent: Monday, July 6, 2020 18:33
> To: Luca Mancini
> Cc: ovs-discuss@openvswitch.org
> Subject: Re: [ovs-discuss] different flow actions overlap
>
> On Mon, Jul 06, 2020 at 11:08:16AM +, Luca Mancini wrote:
> > Hello,
> >
> > I have two different flows on the same switch:
> >
> > ovs-ofctl add-flow s1 
> > in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.4,action=buffer:3
> > ovs-ofctl add-flow s1 
> > in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.2,action=buffer:2
> >
> > these flows are supposed to buffer packets meant for the destination 
> > specified by nw_dst, and send the whole buffer as a new packet through the 
> > port specified (3 or 2) . My problem is that the packets that hit the 
> > different flows end up in the same buffer, shouldn’t hitting a different 
> > flow create a new instance of that action?
> >
> > If it helps diagnose the issue, the buffer action is implemented in 
> > ofproto-dpif-xlate.c, so only works in userspace.
>
> This seems like an odd question.  "buffer" is an action that you
> invented and implemented, I think, so it can only do what you made it
> do.  If it's not doing what you want, then maybe your code has a bug?
>
> I don't know what an "instance" of an action is.
>

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] different flow actions overlap

[Ben Pfaff]

What do you mean by "two different switches"?  If you are talking about
two different ovs-vswitchd processes, then yes of course they would be
independent.  If you are talking about different bridges implemented by
a single ovs-vswitchd process, then whether they are distinct would
depend on how you implemented the action.

On Mon, Jul 06, 2020 at 05:53:22PM +, Luca Mancini wrote:
> Hi Ben,
> I feel like I'm missing something, my action simply stores 5 packets, but 
> shouldn't two "buffering" flows installed on two different switches be 2 
> separate instances of that action, i.e. both store 5 different packets? What 
> happens is 2 switches that use that buffering action (in two separate flows) 
> add the packets to the same buffer.
> 
> From: Ben Pfaff
> Sent: Monday, July 6, 2020 18:33
> To: Luca Mancini
> Cc: ovs-discuss@openvswitch.org
> Subject: Re: [ovs-discuss] different flow actions overlap
> 
> On Mon, Jul 06, 2020 at 11:08:16AM +, Luca Mancini wrote:
> > Hello,
> >
> > I have two different flows on the same switch:
> >
> > ovs-ofctl add-flow s1 
> > in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.4,action=buffer:3
> > ovs-ofctl add-flow s1 
> > in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.2,action=buffer:2
> >
> > these flows are supposed to buffer packets meant for the destination 
> > specified by nw_dst, and send the whole buffer as a new packet through the 
> > port specified (3 or 2) . My problem is that the packets that hit the 
> > different flows end up in the same buffer, shouldn’t hitting a different 
> > flow create a new instance of that action?
> >
> > If it helps diagnose the issue, the buffer action is implemented in 
> > ofproto-dpif-xlate.c, so only works in userspace.
> 
> This seems like an odd question.  "buffer" is an action that you
> invented and implemented, I think, so it can only do what you made it
> do.  If it's not doing what you want, then maybe your code has a bug?
> 
> I don't know what an "instance" of an action is.
> 
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] [ovs-dev] OVS 2.12/2.13 compilation on Ubuntu Bionic

[Ilya Maximets]

On 6/29/20 8:45 PM, Gregory Rose wrote:
> 
> 
> On 6/26/2020 4:57 AM, Maciej Jozefczyk wrote:
>> Hello!
>>
>> I would like to kindly ask You if there is a possibility to cherry-pick
>> patch [1] to stable branches OVS 2.12, OVS 2.13 and release new tags for it?
>>
>> Without this patch we're now unable to compile OVS 2.12 in OpenStack
>> Neutron stable releases CI, because it recently started to fail on Ubuntu
>> Bionic with an error:
>>
>> 2020-06-24 14:50:13.975917 | primary |
>> /opt/stack/new/ovs/datapath/linux/geneve.c: In function
>> ‘geneve_get_v6_dst’:
>> 2020-06-24 14:50:13.975993 | primary |
>> /opt/stack/new/ovs/datapath/linux/geneve.c:966:15: error: ‘const
>> struct ipv6_stub’ has no member named ‘ipv6_dst_lookup’
>> 2020-06-24 14:50:13.976026 | primary |   if
>> (ipv6_stub->ipv6_dst_lookup(geneve->net, gs6->sock->sk, , fl6)) {
>> 2020-06-24 14:50:13.976049 | primary |    ^
>> 2020-06-24 14:50:14.010809 | primary | scripts/Makefile.build:285:
>> recipe for target '/opt/stack/new/ovs/datapath/linux/geneve.o' failed
>>
>> The same happens for OVN 2.13. For now this blocks your CI pipelines.
>>
>> Can I ask You to backport this patch?

This patch is actually on branch-2.12 and branch-2.13.
The only thing that is missing is a new stable release (tags).
We're going to release new stable versions on all previous branches soon.

Best regards, Ilya Maximets.

>>
>> Thanks,
>> Maciej
>>
>> [1]
>> https://github.com/openvswitch/ovs/commit/5519e384f6a17f564fef4c5eb39e471e16c77235
>>
>>
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
> 
> Adding OVS Dev list where maybe the maintainers might see this sooner.
> 
> - Greg
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] different flow actions overlap

[Luca Mancini]

Hi Ben,
I feel like I'm missing something, my action simply stores 5 packets, but 
shouldn't two "buffering" flows installed on two different switches be 2 
separate instances of that action, i.e. both store 5 different packets? What 
happens is 2 switches that use that buffering action (in two separate flows) 
add the packets to the same buffer.

From: Ben Pfaff
Sent: Monday, July 6, 2020 18:33
To: Luca Mancini
Cc: ovs-discuss@openvswitch.org
Subject: Re: [ovs-discuss] different flow actions overlap

On Mon, Jul 06, 2020 at 11:08:16AM +, Luca Mancini wrote:
> Hello,
>
> I have two different flows on the same switch:
>
> ovs-ofctl add-flow s1 
> in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.4,action=buffer:3
> ovs-ofctl add-flow s1 
> in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.2,action=buffer:2
>
> these flows are supposed to buffer packets meant for the destination 
> specified by nw_dst, and send the whole buffer as a new packet through the 
> port specified (3 or 2) . My problem is that the packets that hit the 
> different flows end up in the same buffer, shouldn’t hitting a different flow 
> create a new instance of that action?
>
> If it helps diagnose the issue, the buffer action is implemented in 
> ofproto-dpif-xlate.c, so only works in userspace.

This seems like an odd question.  "buffer" is an action that you
invented and implemented, I think, so it can only do what you made it
do.  If it's not doing what you want, then maybe your code has a bug?

I don't know what an "instance" of an action is.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] different flow actions overlap

[Ben Pfaff]

On Mon, Jul 06, 2020 at 11:08:16AM +, Luca Mancini wrote:
> Hello,
> 
> I have two different flows on the same switch:
> 
> ovs-ofctl add-flow s1 
> in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.4,action=buffer:3
> ovs-ofctl add-flow s1 
> in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.2,action=buffer:2
> 
> these flows are supposed to buffer packets meant for the destination 
> specified by nw_dst, and send the whole buffer as a new packet through the 
> port specified (3 or 2) . My problem is that the packets that hit the 
> different flows end up in the same buffer, shouldn’t hitting a different flow 
> create a new instance of that action?
> 
> If it helps diagnose the issue, the buffer action is implemented in 
> ofproto-dpif-xlate.c, so only works in userspace.

This seems like an odd question.  "buffer" is an action that you
invented and implemented, I think, so it can only do what you made it
do.  If it's not doing what you want, then maybe your code has a bug?

I don't know what an "instance" of an action is.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VPNaas support for OVN

[Numan Siddique]

+Daniel Alvarez Sanchez   If he has any comments from
the openstack side.

Also this can be discussed in the opendev ML.

Thanks
Numan


On Mon, Jul 6, 2020 at 7:16 PM Engelmann Florian <
florian.engelm...@everyware.ch> wrote:

> Hi Benjamin,
>
>
> I am very interested in this topic as well. We do use Openstack VPNaaS and
> we would like to migrate to OVN. But as long as OVN does not provide VPNaaS
> compatibility or VPNaaS get's extended to support OVN we are stuck.
>
> All the best,
> Florian
>
> EveryWare AG
> Florian Engelmann
> Cloud Platform Architect
> Zurlindenstrasse 52a
> CH-8003 Zürich
>
> T  +41 44 466 60 00
> F  +41 44 466 60 10
>
> florian.engelm...@everyware.ch
> www.everyware.ch
>
> 
> From: discuss  on behalf of Benjamin
> Reichel 
> Sent: Monday, July 6, 2020 3:26 PM
> To: ovs-discuss@openvswitch.org
> Subject: [ovs-discuss] VPNaas support for OVN
>
> Hi everyone,
>
> I may placed my question in the wrong mailing list:
> https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmail.openvswitch.org%2fmailman%2flistinfo%2fovs%2ddev=53f59695-c89f-4baf-92f3-6d4f53b05163=fa814cae8e3b5ad76c4a1e4edb2cf50eb4885306-c57e6e8b3ec79ccaf4f6fd349a97694adae6a8fa
> . Let's try again.
> Does OVN support VPNaas? If not, is there any roadmap for it or some WIP?
>
> Thanks, Benjamin
> ___
> discuss mailing list
> disc...@openvswitch.org
>
> https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmail.openvswitch.org%2fmailman%2flistinfo%2fovs%2ddiscuss=53f59695-c89f-4baf-92f3-6d4f53b05163=fa814cae8e3b5ad76c4a1e4edb2cf50eb4885306-3a1f2e1a87171055dda42db85cc90fa4a1832d3c
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] HA OVN "Central" as a kubernetes service

[Brendan Doyle]

So I've tried the steps in 
https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d:


|cd $HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/images 
./daemonset.sh --image=docker.io/ovnkube/ovn-daemonset-u:latest \ 
--net-cidr=192.168.0.0/16 --svc-cidr=172.16.1.0/24 \ 
--gateway-mode="local" \ --k8s-apiserver=https://$MASTER_IP:6443|



|# Create OVN namespace, service accounts, ovnkube-db headless service, 
configmap, and policies kubectl create -f 
$HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/yaml/ovn-setup.yaml 
# Run ovnkube-db deployment. kubectl create -f 
$HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/yaml/ovnkube-db.yaml 
# Run ovnkube-master deployment. kubectl create -f 
$HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/yaml/ovnkube-master.yaml 
# Run ovnkube daemonset for nodes kubectl create -f 
$HOME/work/src/github.com/ovn-org/ovn-kubernetes/dist/yaml/ovnkube-node.yaml 
And I see nothing in my k8 cluster, seems like it does nothing 
[root@ca-rain01 yaml]# kubectl create -f ovnkube-master.yaml deployment 
"ovnkube-master" created [root@ca-rain01 yaml]# kubectl delete 
deployment ovnkube-master Error from server (NotFound): 
deployments.extensions "ovnkube-master" not found Has anybody got this 
working, or used any other means to deploy an OVN cluster as a K8 
Statefulset? Brendan |




On 06/07/2020 12:33, Brendan Doyle wrote:

Hi,

So I'm really confused by what you have pointed me to here. As stated 
I do NOT
want to use OVN as a CNI. I have a k8s cluster that use flannel as the 
CNI. I simply
want to create an OVN "central" cluster as a Stateful set in my 
*existing* K8

config.

This repo:
https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d

Seems to be for setting up a K8s cluster to use OVN as the CNI??
Have you tried this?
What IP do the ovn-controllers use to reach the OVN "central cluster?
It seems to use an OVN docker image from docker.io, I want to use my 
own OVN src
Do I use/modify the dist/images/Dockerfile in this repo? that has 
loads of references to CNI

like I said I don't want to use OVN as the CNI??


The instructions here 
https://github.com/ovn-org/ovn/blob/d6b56b1629d5984ef91864510f918e232efb89de/Documentation/intro/install/general.rst

seem more promising, if not a little confusing:

IN the section "Starting OVN Central services in containers"


Export following variables in .env and place it under project root:

$ OVN_BRANCH=
$ OVN_VERSION=
$ DISTRO=
$ KERNEL_VERSION=
$ GITHUB_SRC=
$ DOCKER_REPO=


Does it mean create a file called ".env" and place it in the toplevel 
dir of the cloned ovn repo?
Or does it mean just add these to you shell environment (i.e put them 
in .bashrc)?


Then we have:

1)


Start OVN containers using below command:

$ docker run -itd --net=host --name=ovn-nb \
   : ovn-nb-tcp

$ docker run -itd --net=host --name=ovn-sb \
   : ovn-sb-tcp

$ docker run -itd --net=host --name=ovn-northd \
   : ovn-northd-tcp

followed by

2)

$ docker run -e "host_ip=" -e "nb_db_port=" -itd \
   --name=ovn-nb-raft --net=host --privileged : \
   ovn-nb-cluster-create

$ docker run -e "host_ip=" -e "sb_db_port=" -itd \
   --name=ovn-sb-raft --net=host --privileged : \
   ovn-sb-cluster-create

$ docker run -e "OVN_NB_DB=tcp::6641,tcp::6641,\
   tcp::6641" -e "OVN_SB_DB=tcp::6642,tcp::6642,\
   tcp::6642" -itd --name=ovn-northd-raft : \
   ovn-northd-cluster
Does it mean do 1), then 2) or does it mean do 1) for non HA OVN 
central *OR* 2)

for HA/clustered OVN Central?

It's not clear

Thanks






On 25/06/2020 17:36, aginwala wrote:

Hi:

There are a couple of options as I have been exploring this too:

1. Upstream ovn-k8s patches 
(https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d) 
uses statefulset and headless service for starting ovn central raft 
cluster with 3 replicas. Cluster startup code and pod specs are 
pretty neat that addresses most of the doubts.


OVN components have been containerized too to start them in pods. You 
can also refer to 
https://github.com/ovn-org/ovn/blob/d6b56b1629d5984ef91864510f918e232efb89de/Documentation/intro/install/general.rst 
 for the same and use them to make it work in pod specs too.



2. Write a new ovn operator similar to etcd operator 
https://github.com/coreos/etcd-operator which just takes the count of 
raft replicas and does the job in the background.


I also added ovn-k8s group so they can comment on any other ideas 
too. Hope it helps.




On Thu, Jun 25, 2020 at 7:15 AM Brendan Doyle 
mailto:brendan.do...@oracle.com>> wrote:


Hi,

So I'm trying to find information on setting up an OVN
"Central/Master"
high availability (HA)
Not as Active-Backup with Pacemaker, but as a cluster. But I want to
deploy and manage that
cluster as a Kubernetes service .

I can find lots of stuff on "ovn-kube" but this seems to be using
OVN as
a  kubernetes 

[ovs-discuss] PVP Performance on Cascade Lake server

[Malvika Gupta]

Hi everyone,

I am testing the PVP performance of OvS-DPDK on the Cascade Lake server. It is 
running the latest Ubuntu 20.04 and Linux kernel version 5.4.0-39-generic. I am 
using DPDK version 19.11 and the latest OvS master branch from Github. The grub 
command line parameters is as follows:
ro default_hugepagesz=1G hugepagesz=1G hugepages=24 isolcpus=12-71 
nohz_full=12-71 rcu_nocbs=12-71 intel_iommu=on intel_pstate=disable 
intel_idle.max_cstate=0 processor.max_cstate=0 security=selinux selinux=1 
vt.handoff=1

The test environment setup for PVP scenario is as follows:
DPDK configuration for OvS
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:dpdk-init=true
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:hw-offload=false
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:max-idle=50
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:dpdk-lcore-mask=0x02
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:dpdk-socket-mem=2048
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:n-rxq=1
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:n-txq=1
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:pmd-cpu-mask=0x1100 
[This is an isolated CPU]

I am performing the PVP testing under two scenarios, EMC Disabled and EMC 
insertion for every flow and configure the setup accordingly:
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:emc-insert-inv-prob=0
sudo ./ovs-vsctl --no-wait set Open_vSwitch . other_config:emc-insert-inv-prob=1

PHY-VM-PHY Configuration
I have configured it exactly as shown in Using Open vSwitch with 
DPDK guide. The Guest VM 
installed is Ubuntu 18.04 and the XML file used to launch the VM is as follows:



  virt_ubuntu_vm

  80849065-dfc1-4f98-bc8a-794cf2566999

  

http://libosinfo.org/xmlns/libvirt/domain/1.0;>

  http://ubuntu.com/ubuntu/20.04"/>



  

  4194304

  4194304

  



  





  

  4

  

4096











  

  

hvm



  

  





  

  





  



  

  destroy

  restart

  destroy

  

/usr/bin/qemu-system-x86_64



  

  

  

  







  

  

  

  



  

  





  

  

  

  



  

  



  



Once the VM has booted, I follow the steps of the DPDK vHost User Ports 
guide - allocate 
hugepages to the Guest VM, install DPDK, bind the vhost-user interfaces to a 
vfio-pci driver (as opposed to the uio driver shown in the guide) and run the 
IO forwarding mode in the testpmd application.

I had 2 questions mainly:

  1.  For 1 flow, 1K flows an 10K flows, what performance numbers should I 
expect to see with my current system and OvS-DPDK configuration?
  2.  Is this configuration correct to achieve the best (high throughput) PVP 
performance on the Cascade Server? If not, then what should I do differently in 
order to achieve it?

I would really appreciate any input or suggestions from Intel folks as well as 
other community members. Please let me know if you need any more information 
from my side.

Thank you for your time,
Malvika
IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VPNaas support for OVN

[Engelmann Florian]

Hi Benjamin,


I am very interested in this topic as well. We do use Openstack VPNaaS and we 
would like to migrate to OVN. But as long as OVN does not provide VPNaaS 
compatibility or VPNaaS get's extended to support OVN we are stuck.

All the best,
Florian

EveryWare AG
Florian Engelmann
Cloud Platform Architect
Zurlindenstrasse 52a
CH-8003 Zürich

T  +41 44 466 60 00
F  +41 44 466 60 10

florian.engelm...@everyware.ch
www.everyware.ch


From: discuss  on behalf of Benjamin 
Reichel 
Sent: Monday, July 6, 2020 3:26 PM
To: ovs-discuss@openvswitch.org
Subject: [ovs-discuss] VPNaas support for OVN

Hi everyone,

I may placed my question in the wrong mailing list: 
https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmail.openvswitch.org%2fmailman%2flistinfo%2fovs%2ddev=53f59695-c89f-4baf-92f3-6d4f53b05163=fa814cae8e3b5ad76c4a1e4edb2cf50eb4885306-c57e6e8b3ec79ccaf4f6fd349a97694adae6a8fa
 . Let's try again.
Does OVN support VPNaas? If not, is there any roadmap for it or some WIP?

Thanks, Benjamin
___
discuss mailing list
disc...@openvswitch.org
https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmail.openvswitch.org%2fmailman%2flistinfo%2fovs%2ddiscuss=53f59695-c89f-4baf-92f3-6d4f53b05163=fa814cae8e3b5ad76c4a1e4edb2cf50eb4885306-3a1f2e1a87171055dda42db85cc90fa4a1832d3c


smime.p7s
Description: S/MIME cryptographic signature
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] VPNaas support for OVN

[Benjamin Reichel]

Hi everyone, 

I may placed my question in the wrong mailing list: 
https://mail.openvswitch.org/mailman/listinfo/ovs-dev . Let's try again.
Does OVN support VPNaas? If not, is there any roadmap for it or some WIP?

Thanks, Benjamin 
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] HA OVN "Central" as a kubernetes service

[Brendan Doyle]

Hi,

So I'm really confused by what you have pointed me to here. As stated I 
do NOT
want to use OVN as a CNI. I have a k8s cluster that use flannel as the 
CNI. I simply
want to create an OVN "central" cluster as a Stateful set in my 
*existing* K8

config.

This repo:
https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d

Seems to be for setting up a K8s cluster to use OVN as the CNI??
Have you tried this?
What IP do the ovn-controllers use to reach the OVN "central cluster?
It seems to use an OVN docker image from docker.io, I want to use my own 
OVN src
Do I use/modify the dist/images/Dockerfile in this repo? that has loads 
of references to CNI

like I said I don't want to use OVN as the CNI??


The instructions here 
https://github.com/ovn-org/ovn/blob/d6b56b1629d5984ef91864510f918e232efb89de/Documentation/intro/install/general.rst

seem more promising, if not a little confusing:

IN the section "Starting OVN Central services in containers"


Export following variables in .env and place it under project root:

$ OVN_BRANCH=
$ OVN_VERSION=
$ DISTRO=
$ KERNEL_VERSION=
$ GITHUB_SRC=
$ DOCKER_REPO=


Does it mean create a file called ".env" and place it in the toplevel 
dir of the cloned ovn repo?
Or does it mean just add these to you shell environment (i.e put them in 
.bashrc)?


Then we have:

1)


Start OVN containers using below command:

$ docker run -itd --net=host --name=ovn-nb \
   : ovn-nb-tcp

$ docker run -itd --net=host --name=ovn-sb \
   : ovn-sb-tcp

$ docker run -itd --net=host --name=ovn-northd \
   : ovn-northd-tcp

followed by

2)

$ docker run -e "host_ip=" -e "nb_db_port=" -itd \
   --name=ovn-nb-raft --net=host --privileged : \
   ovn-nb-cluster-create

$ docker run -e "host_ip=" -e "sb_db_port=" -itd \
   --name=ovn-sb-raft --net=host --privileged : \
   ovn-sb-cluster-create

$ docker run -e "OVN_NB_DB=tcp::6641,tcp::6641,\
   tcp::6641" -e "OVN_SB_DB=tcp::6642,tcp::6642,\
   tcp::6642" -itd --name=ovn-northd-raft : \
   ovn-northd-cluster
Does it mean do 1), then 2) or does it mean do 1) for non HA OVN central 
*OR* 2)

for HA/clustered OVN Central?

It's not clear

Thanks






On 25/06/2020 17:36, aginwala wrote:

Hi:

There are a couple of options as I have been exploring this too:

1. Upstream ovn-k8s patches 
(https://github.com/ovn-org/ovn-kubernetes/commit/a07b1a01af7e37b15c2e5f179ffad2b9f25a083d) 
uses statefulset and headless service for starting ovn central raft 
cluster with 3 replicas. Cluster startup code and pod specs are pretty 
neat that addresses most of the doubts.


OVN components have been containerized too to start them in pods. You 
can also refer to 
https://github.com/ovn-org/ovn/blob/d6b56b1629d5984ef91864510f918e232efb89de/Documentation/intro/install/general.rst 
 for the same and use them to make it work in pod specs too.



2. Write a new ovn operator similar to etcd operator 
https://github.com/coreos/etcd-operator which just takes the count of 
raft replicas and does the job in the background.


I also added ovn-k8s group so they can comment on any other ideas too. 
Hope it helps.




On Thu, Jun 25, 2020 at 7:15 AM Brendan Doyle 
mailto:brendan.do...@oracle.com>> wrote:


Hi,

So I'm trying to find information on setting up an OVN
"Central/Master"
high availability (HA)
Not as Active-Backup with Pacemaker, but as a cluster. But I want to
deploy and manage that
cluster as a Kubernetes service .

I can find lots of stuff on "ovn-kube" but this seems to be using
OVN as
a  kubernetes CNI instead of
Flannel etc.  But this is not what I want to do, I have a kubernetes
cluster using Flannel as the CNI,
now  I want to deploy a HA OVN "Central" as a kubernetes service.
Kind
of like how you can deploy
a MySQL cluster in kubernetes using a SatefulSet deployment.

I have found this:
https://github.com/ovn-org/ovn-kubernetes#readme

But it is not clear to me if this is how to setup OVN as a kubernetes
CNI or it's how to setup a HA
OVN central as kubernetes service.

Can anybody comment, has anyone done this?


I guess I could run an OVN central as standalone and use a kubernetes
deployment with 3
  replica sets and "export" as a NodePort service. And have a
floating/VIP on my kubernetes
nodes. And direct ovn-controllers to the VIP. So only the pod that
holds
the VIP would service
requests. This would work and give HA, but you don't get the
performance
of an OVN
clustered Database Model, where each OVN central could service
requests.




Thanks


Rdgs
Brendan

___
discuss mailing list
disc...@openvswitch.org 
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss



___
discuss mailing list
disc...@openvswitch.org

[ovs-discuss] different flow actions overlap

[Luca Mancini]

Hello,

I have two different flows on the same switch:

ovs-ofctl add-flow s1 
in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.4,action=buffer:3
ovs-ofctl add-flow s1 
in_port=1,dl_type=2048,nw_proto=17,nw_dst=10.0.0.2,action=buffer:2

these flows are supposed to buffer packets meant for the destination specified 
by nw_dst, and send the whole buffer as a new packet through the port specified 
(3 or 2) . My problem is that the packets that hit the different flows end up 
in the same buffer, shouldn’t hitting a different flow create a new instance of 
that action?

If it helps diagnose the issue, the buffer action is implemented in 
ofproto-dpif-xlate.c, so only works in userspace.

Thanks,
Luca

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss