Re: [ovs-discuss] ovs-ofctl broken when getting table features reply

[Ben Pfaff]

Oh, I see.  I'm glad I was able to help.

On Fri, Jan 22, 2021 at 10:21:21AM +0800, Dickens Yeh wrote:
> Thanks for helping me.
> 
> I find the section in OF1.3.2 spec, and re-check with pcap file as you said.
> I think I was missed the important message: "table features message missing
> required property",
> but only focus on "received bad reply: (***only uses 512 bytes out of
> 7056***)".
> 
> Thanks.
> 
> best wishes,
> Dickens Yeh
> 
> 
> 
> 
> 
> Ben Pfaff  於 2021年1月22日 週五 上午6:44寫道：
> 
> > OK, I figured out the problem.
> >
> > Property 10, OFPTFPT_WILDCARDS, is missing.  OF1.3 section 7.3.5.5.2
> > says that it's mandatory: "If a specific property does not have any
> > capability (for example no Set-Field support), a property with an empty
> > list must be included in the property list."  I think that OVS is
> > correctly rejecting this set of table features.
> >
> > On Fri, Jan 08, 2021 at 01:00:36PM +0800, Dickens Yeh wrote:
> > > Hi Ben,
> > > Thanks for your reply.
> > >
> > > I can open it with Wireshark, decode as 'OpenFlow', and it shows info as
> > > following(also in attachment file):
> > > OFPT_HELLO,
> > > OFPT_MULTIPART_REQUEST, OFPMP_FLOW
> > > OFPT_MULTIPART_REPLY, OFPMP_FLOW
> > > OFPT_HELLO,
> > > OFPT_MULTIPART_REUQEST, OFPMP_TABLE_FEATURES
> > > OFPT_MULTIPART_REPLY, OFPMP_TABLE_FEATURES
> > >
> > > I also use your command to parse pcap file, I don't know why it shows
> > > "OFPST_FLOW request" but there is no "OFPST_FLOW reply" message.
> > > Maybe it cannot show the MULTIPART reply message, and the table features
> > > reply didn't show with the same reason.
> > >
> > > best wishes,
> > > Dickens Yeh
> > >
> > >
> > >
> > > Ben Pfaff  於 2021年1月8日 週五 上午3:36寫道：
> > >
> > > > On Mon, Jan 04, 2021 at 11:13:53AM +0800, Dickens Yeh wrote:
> > > > > Hi,
> > > > > When I using the ovs-ofctl utility tool to dump flows from a
> > > > > non-openvswitch switch without --no-names parameter, and I got error
> > > > > message.
> > > > >
> > > > > cmd:
> > > > >
> > > > > ~/openvswitch-2.13.1/utilities/ovs-ofctl -O OpenFlow13 dump-flows
> > tcp:
> > > > > 192.168.17.166:6644
> > > > >
> > > > > msg:
> > > > > 2020-12-31T10:12:22Z|1|ofp_table|WARN|table features message
> > missing
> > > > > required property
> > > > > ovs-ofctl: received bad reply: (***only uses 512 bytes out of
> > 7056***)
> > > > >   04 50 02 00 00 00 00 00-6e 6f 76 69 5f 74 61 62
> > > > |.P..novi_tab|
> > > > > 0010  6c 65 5f 32 00 00 00 00-00 00 00 00 00 00 00 00
> > > > |le_2|
> > > > > ...
> > > > >
> > > > > I also attached the pcap file, please tell me if the switch should be
> > > > fixed
> > > > > with the reply messages.
> > > >
> > > > I ran "ovs-ofctl ofp-parse-pcap dump-error.pcap 6644" and got only the
> > > > following output:
> > > >
> > > > 192.168.13.141.52476 > 192.168.17.166.6644:
> > > > OFPT_HELLO (OF1.3) (xid=0x1):
> > > >  version bitmap: 0x04
> > > >
> > > > 192.168.13.141.52476 > 192.168.17.166.6644:
> > > > OFPST_FLOW request (OF1.3) (xid=0x2):
> > > >
> > > > 192.168.13.141.52478 > 192.168.17.166.6644:
> > > > OFPT_HELLO (OF1.3) (xid=0x3):
> > > >  version bitmap: 0x04
> > > >
> > > > 192.168.13.141.52478 > 192.168.17.166.6644:
> > > > OFPST_TABLE_FEATURES request (OF1.3) (xid=0x4):
> > > >
> > > > I don't think the table features reply is in the pcap.
> > > >
> >
> >
> >
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ovs-ofctl broken when getting table features reply

[Dickens Yeh]

Thanks for helping me.

I find the section in OF1.3.2 spec, and re-check with pcap file as you said.
I think I was missed the important message: "table features message missing
required property",
but only focus on "received bad reply: (***only uses 512 bytes out of
7056***)".

Thanks.

best wishes,
Dickens Yeh





Ben Pfaff  於 2021年1月22日 週五 上午6:44寫道：

> OK, I figured out the problem.
>
> Property 10, OFPTFPT_WILDCARDS, is missing.  OF1.3 section 7.3.5.5.2
> says that it's mandatory: "If a specific property does not have any
> capability (for example no Set-Field support), a property with an empty
> list must be included in the property list."  I think that OVS is
> correctly rejecting this set of table features.
>
> On Fri, Jan 08, 2021 at 01:00:36PM +0800, Dickens Yeh wrote:
> > Hi Ben,
> > Thanks for your reply.
> >
> > I can open it with Wireshark, decode as 'OpenFlow', and it shows info as
> > following(also in attachment file):
> > OFPT_HELLO,
> > OFPT_MULTIPART_REQUEST, OFPMP_FLOW
> > OFPT_MULTIPART_REPLY, OFPMP_FLOW
> > OFPT_HELLO,
> > OFPT_MULTIPART_REUQEST, OFPMP_TABLE_FEATURES
> > OFPT_MULTIPART_REPLY, OFPMP_TABLE_FEATURES
> >
> > I also use your command to parse pcap file, I don't know why it shows
> > "OFPST_FLOW request" but there is no "OFPST_FLOW reply" message.
> > Maybe it cannot show the MULTIPART reply message, and the table features
> > reply didn't show with the same reason.
> >
> > best wishes,
> > Dickens Yeh
> >
> >
> >
> > Ben Pfaff  於 2021年1月8日 週五 上午3:36寫道：
> >
> > > On Mon, Jan 04, 2021 at 11:13:53AM +0800, Dickens Yeh wrote:
> > > > Hi,
> > > > When I using the ovs-ofctl utility tool to dump flows from a
> > > > non-openvswitch switch without --no-names parameter, and I got error
> > > > message.
> > > >
> > > > cmd:
> > > >
> > > > ~/openvswitch-2.13.1/utilities/ovs-ofctl -O OpenFlow13 dump-flows
> tcp:
> > > > 192.168.17.166:6644
> > > >
> > > > msg:
> > > > 2020-12-31T10:12:22Z|1|ofp_table|WARN|table features message
> missing
> > > > required property
> > > > ovs-ofctl: received bad reply: (***only uses 512 bytes out of
> 7056***)
> > > >   04 50 02 00 00 00 00 00-6e 6f 76 69 5f 74 61 62
> > > |.P..novi_tab|
> > > > 0010  6c 65 5f 32 00 00 00 00-00 00 00 00 00 00 00 00
> > > |le_2|
> > > > ...
> > > >
> > > > I also attached the pcap file, please tell me if the switch should be
> > > fixed
> > > > with the reply messages.
> > >
> > > I ran "ovs-ofctl ofp-parse-pcap dump-error.pcap 6644" and got only the
> > > following output:
> > >
> > > 192.168.13.141.52476 > 192.168.17.166.6644:
> > > OFPT_HELLO (OF1.3) (xid=0x1):
> > >  version bitmap: 0x04
> > >
> > > 192.168.13.141.52476 > 192.168.17.166.6644:
> > > OFPST_FLOW request (OF1.3) (xid=0x2):
> > >
> > > 192.168.13.141.52478 > 192.168.17.166.6644:
> > > OFPT_HELLO (OF1.3) (xid=0x3):
> > >  version bitmap: 0x04
> > >
> > > 192.168.13.141.52478 > 192.168.17.166.6644:
> > > OFPST_TABLE_FEATURES request (OF1.3) (xid=0x4):
> > >
> > > I don't think the table features reply is in the pcap.
> > >
>
>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ovs-ofctl broken when getting table features reply

[Ben Pfaff]

OK, I figured out the problem.

Property 10, OFPTFPT_WILDCARDS, is missing.  OF1.3 section 7.3.5.5.2
says that it's mandatory: "If a specific property does not have any
capability (for example no Set-Field support), a property with an empty
list must be included in the property list."  I think that OVS is
correctly rejecting this set of table features.

On Fri, Jan 08, 2021 at 01:00:36PM +0800, Dickens Yeh wrote:
> Hi Ben,
> Thanks for your reply.
> 
> I can open it with Wireshark, decode as 'OpenFlow', and it shows info as
> following(also in attachment file):
> OFPT_HELLO,
> OFPT_MULTIPART_REQUEST, OFPMP_FLOW
> OFPT_MULTIPART_REPLY, OFPMP_FLOW
> OFPT_HELLO,
> OFPT_MULTIPART_REUQEST, OFPMP_TABLE_FEATURES
> OFPT_MULTIPART_REPLY, OFPMP_TABLE_FEATURES
> 
> I also use your command to parse pcap file, I don't know why it shows
> "OFPST_FLOW request" but there is no "OFPST_FLOW reply" message.
> Maybe it cannot show the MULTIPART reply message, and the table features
> reply didn't show with the same reason.
> 
> best wishes,
> Dickens Yeh
> 
> 
> 
> Ben Pfaff  於 2021年1月8日 週五 上午3:36寫道：
> 
> > On Mon, Jan 04, 2021 at 11:13:53AM +0800, Dickens Yeh wrote:
> > > Hi,
> > > When I using the ovs-ofctl utility tool to dump flows from a
> > > non-openvswitch switch without --no-names parameter, and I got error
> > > message.
> > >
> > > cmd:
> > >
> > > ~/openvswitch-2.13.1/utilities/ovs-ofctl -O OpenFlow13 dump-flows tcp:
> > > 192.168.17.166:6644
> > >
> > > msg:
> > > 2020-12-31T10:12:22Z|1|ofp_table|WARN|table features message missing
> > > required property
> > > ovs-ofctl: received bad reply: (***only uses 512 bytes out of 7056***)
> > >   04 50 02 00 00 00 00 00-6e 6f 76 69 5f 74 61 62
> > |.P..novi_tab|
> > > 0010  6c 65 5f 32 00 00 00 00-00 00 00 00 00 00 00 00
> > |le_2|
> > > ...
> > >
> > > I also attached the pcap file, please tell me if the switch should be
> > fixed
> > > with the reply messages.
> >
> > I ran "ovs-ofctl ofp-parse-pcap dump-error.pcap 6644" and got only the
> > following output:
> >
> > 192.168.13.141.52476 > 192.168.17.166.6644:
> > OFPT_HELLO (OF1.3) (xid=0x1):
> >  version bitmap: 0x04
> >
> > 192.168.13.141.52476 > 192.168.17.166.6644:
> > OFPST_FLOW request (OF1.3) (xid=0x2):
> >
> > 192.168.13.141.52478 > 192.168.17.166.6644:
> > OFPT_HELLO (OF1.3) (xid=0x3):
> >  version bitmap: 0x04
> >
> > 192.168.13.141.52478 > 192.168.17.166.6644:
> > OFPST_TABLE_FEATURES request (OF1.3) (xid=0x4):
> >
> > I don't think the table features reply is in the pcap.
> >


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] watch_group liveness check for OVS groups

[Ben Pfaff]

On Thu, Jan 21, 2021 at 08:20:16PM +0100, Alexander Constantinescu wrote:
> I have not been able to find much documentation surrounding watch_group,
> the only doc I've been basing myself on is:
> http://www.openvswitch.org/support/dist-docs/ovs-ofctl.8.html

OVS follows the OpenFlow standard here, so reading up on its definitions
is probably what you should do.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] watch_group liveness check for OVS groups

[Ben Pfaff]

On Thu, Jan 21, 2021 at 08:20:16PM +0100, Alexander Constantinescu wrote:
> Hi,
> 
> TL;DR: I am wondering if there's any specific action/convention that needs
> to be defined for groups which are referenced by a watch_group, as to have
> the liveness check correctly working? FYI: I can't use a liveness check on
> a dedicated OVS port in this case.
> 
> I have not been able to find much documentation surrounding watch_group,
> the only doc I've been basing myself on is:
> http://www.openvswitch.org/support/dist-docs/ovs-ofctl.8.html
> 
> I am working on a POC where the goal of my work is to load balance packets
> between two nexthops for packets matching a given flow. Essentially, I have
> this flow which gets hit:
> 
>  cookie=0x0, duration=12657.001s, table=100, n_packets=1423,
> n_bytes=113190, priority=100,ip,reg0=0x5d41f9 actions=group:2
> 
> for which I have the following groups defined:
> 
>  
> group_id=3,type=select,bucket=weight:100,actions=ct(commit),move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.19.0.2->tun_dst,output:vxlan0
> 
> group_id=2,type=select,bucket=weight:100,watch_group:3,actions=group:3,bucket=weight:100,watch_group:4,actions=group:4
>  
> group_id=4,type=select,bucket=weight:100,actions=ct(commit),move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.19.0.4->tun_dst,output:vxlan0
> 
> Group 2 thus load balances between group 3 (which forwards packets to
> nexthop 172.19.0.2) and 4 (corresponding to nexthop 172.19.0.4) in an equal
> way.
> 
> The load balancing works, however the watch_group does not seem to have any
> impact, and what I mean by that is: if I shutdown the nodes corresponding
> to either of my nexthops, group 2 will still try to send packets to the
> nexthop (node) which I've just shut down.

I think that the problem is that groups 3 and 4 don't have any liveness
criteria defined, so they are always considered live.  Try adding a
watch_port to each of them.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] watch_group liveness check for OVS groups

[Alexander Constantinescu]

Hi,

TL;DR: I am wondering if there's any specific action/convention that needs
to be defined for groups which are referenced by a watch_group, as to have
the liveness check correctly working? FYI: I can't use a liveness check on
a dedicated OVS port in this case.

I have not been able to find much documentation surrounding watch_group,
the only doc I've been basing myself on is:
http://www.openvswitch.org/support/dist-docs/ovs-ofctl.8.html

I am working on a POC where the goal of my work is to load balance packets
between two nexthops for packets matching a given flow. Essentially, I have
this flow which gets hit:

 cookie=0x0, duration=12657.001s, table=100, n_packets=1423,
n_bytes=113190, priority=100,ip,reg0=0x5d41f9 actions=group:2

for which I have the following groups defined:

 
group_id=3,type=select,bucket=weight:100,actions=ct(commit),move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.19.0.2->tun_dst,output:vxlan0

group_id=2,type=select,bucket=weight:100,watch_group:3,actions=group:3,bucket=weight:100,watch_group:4,actions=group:4
 
group_id=4,type=select,bucket=weight:100,actions=ct(commit),move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.19.0.4->tun_dst,output:vxlan0

Group 2 thus load balances between group 3 (which forwards packets to
nexthop 172.19.0.2) and 4 (corresponding to nexthop 172.19.0.4) in an equal
way.

The load balancing works, however the watch_group does not seem to have any
impact, and what I mean by that is: if I shutdown the nodes corresponding
to either of my nexthops, group 2 will still try to send packets to the
nexthop (node) which I've just shut down.

Honestly, I don't expect OVS to be able to determine the liveness of my
group based off of what I've writtenbut I don't have any better idea of
what to do. I am unable to tell if there's a specific action / convention
that needs to be defined for groups which are referenced by a watch_group.

Thanks in advance for any help!
-- 

Best regards,


Alexander Constantinescu

Software Engineer, Openshift SDN

Red Hat 

acons...@redhat.com

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] change configuration of VLAN access port

[Ben Pfaff]

On Wed, Jan 20, 2021 at 05:25:49PM +0100, Matthias Waehlisch wrote:
> Hi,
> 
>   i'm wondering how to change the VLAN setting of an access-port 
> without deleting the port.
> 
>   when i already added a port to a switch (ovs-vsctl add-port ...), and 
> and want to change the VLAN setting via "ovs-vsctl add-port ..." (e.g., 
> to change the VLAN the port is assigned to), i get an error message that 
> ovs-vsctl: cannot create a port xyz because a port named xyz exists on 
> bridge br0.
> 
>   i can execute "ovs-vsctl set PORT_NAME tag=10" but then all Ethernet 
> frames are tagged.

ovs-vsctl clear port $name tag
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] cells v2 routing question

[Pedro Sousa]

Hi Numan,

you're right, I upgraded to ussuri and now I see the commands, however in
the second site, which is an openstack cell, I don't see the bd, I only see
an ovn-controller and ovn-metadata running on compute nodes.

My understanding is that BD is on the central site only, and cell is
connected to it.

However, I want to create a provider network on the central site and that
this network is routable from the primary site and reachable on the second
site, which is a cell.

My question is if this is possible.

Thanks

On Wed, Jan 20, 2021 at 5:41 AM Numan Siddique  wrote:

>
>
> On Tue, Jan 19, 2021 at 10:41 PM Pedro Sousa  wrote:
>
>> Hi Numan,
>>
>> I'm trying to follow the howto but I can't seem to find  ovn-ic-nbctl
>> and  ovn-ic-sbctl commands.
>>
>> I'm using *openstack train* deployed with tripleo running containers:
>>
>>
>> *tripleotraincentos8/centos-binary-ovn-controller:current-tripleo
>>  kolla_start
>> ovn_controllertripleotraincentos8/centos-binary-ovn-northd:current-tripleo
>>  /bin/bash /usr/lo... ovn-dbs-bundle-podman-0*
>>
>> Any hint where those commands might be or do I need to rebuild the
>> container with it?
>>
>
> What version of OVN does it have ? ovn-ic is available since OVN 20.03.
>
> Maybe it is not packaged in the openstack train OVN version. I'd suggest
> to check out the OVN packages in the latest RDO
> or building it yourself.
>
> Thanks
> Numan
>
> Thanks
>>
>>
>>
>> On Mon, Jan 18, 2021 at 5:00 PM Numan Siddique  wrote:
>>
>>>
>>>
>>> On Mon, Jan 18, 2021 at 10:25 PM Pedro Sousa  wrote:
>>>
 Hi there,

 I'm using OVN with ovs in openstack train in 2 geographically distant
 sites, using cells v2 segregation.

 I configured a provider(external) VLAN network with floating ips on
 primary AZ site but I can only reach vms that run on that AZ, the remote
 vms on the secondary AZ are unreacheable.

 Is it possible using OVN routing, to reach the remote site vms from the
 primary site?

 Or do I need to use different provider networks for each AZ?

>>>
>>> Hi Pedro,
>>>
>>> You have 2 separate OVN based deployments and you want to interconnect
>>> them ?
>>>
>>> If so, OVN has an interconnection feature for this. You can check this
>>> out - https://docs.ovn.org/en/latest/tutorials/ovn-interconnection.html
>>>
>>> Thanks
>>> Numan
>>>
>>>
 Thanks
 ___
 discuss mailing list
 disc...@openvswitch.org
 https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

>>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] change configuration of VLAN access port

[Tonghao Zhang]

On Thu, Jan 21, 2021 at 8:13 AM Matthias Waehlisch
 wrote:
>
>
> ... i was able to change the configuration using "ovs-vsctl set port
> xyz vlan_mode=native-untagged" but the virtual switch still sends
> packets that include a vlan tag on the access port instead of removing
> the tag. this is quite confusing ...
>
>
>
>
> thanks
>   matthias
>
> On Wed, 20 Jan 2021, Matthias Waehlisch wrote:
>
> > Hi,
> >
> >   i'm wondering how to change the VLAN setting of an access-port
> > without deleting the port.
> >
> >   when i already added a port to a switch (ovs-vsctl add-port ...), and
> > and want to change the VLAN setting via "ovs-vsctl add-port ..." (e.g.,
> > to change the VLAN the port is assigned to), i get an error message that
> > ovs-vsctl: cannot create a port xyz because a port named xyz exists on
> > bridge br0.
> >
> >   i can execute "ovs-vsctl set PORT_NAME tag=10" but then all Ethernet
> > frames are tagged.
Hi
the doc about vlan, may help you use the vlan. Thanks.
https://docs.openvswitch.org/en/latest/faq/vlan/
> >
> > thanks
> >   matthias
> >
> >
> > ps: if this is not the right list, any hint where to ask is highly
> > appreciated!
> >
> >
>
>
> --
> Matthias Waehlisch
> .  Freie Universitaet Berlin, Computer Science
> .. http://www.cs.fu-berlin.de/~waehl
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss



-- 
Best regards, Tonghao
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss