Re: [ovs-discuss] [EXT] Re: How to match on the physical and logical ingress ports
Hi Please see https://opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.3.5.pdf Section 7.2.3.9 .This link uses the term "logical" Please see https://www.man7.org/linux/man-pages/man7/ovs-fields.7.html. This link uses the term "virtual". The context is GRE tunneling Shukri -Original Message- From: Ben Pfaff Sent: Thursday, July 1, 2021 1:37 PM To: Dr. Shukri George Abdallah Cc: ovs-discuss@openvswitch.org Subject: [EXT] Re: [ovs-discuss] How to match on the physical and logical ingress ports On Thu, Jul 01, 2021 at 02:51:13PM +, Dr. Shukri George Abdallah wrote: > When the physical ingress port is different than the logical ingress > port, using the ovs-ofctl utility, how can one match on the physical > and logical ingress ports? How are you defining "physical" and "logical" ingress ports here? Out of context, it's not clear. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] MAC Learning not working correctly in a ring network with STP enabled
Pinging the group again with this issue. Has anyone been able to get MAC learning to work in a ring topology? I tried enabling secure mode as well as STP in a standalone mode, but haven't been able to get it to work. Thanks in advance for your response. Thanks, Usha From: Seshadri, Usha (US) Sent: Sunday, June 27, 2021 10:15 PM To: ovs-discuss@openvswitch.org Subject: MAC Learning not working correctly in a ring network with STP enabled Hi, I am working with OpenvSwitch 2.12.0 binaries install. I have configured an overlay VXLAN network as shown below and I used the tutorials to setup MAC learning. The figure shows the IP address and the corresponding MAC address of the terminals connected to OVS. STP is enabled on all 4 OVS instances. Without configuring the link between OVS-1 and OVS-4, MAC learning works great. But once that link is connected to form a ring network, MAC learning on the switches seem to get confused and certain ports/ MAC address mapping is wrong. The table below shows the relevant information from the dump-flows from the MAC learning table. The notes column provides more details regarding the discrepancies. Another observation is STP is blocked on port 6 of OVS-2 whereas from OVS-3, port 7 has it as STP-FORWARD. Shouldn't OVS-3 have port 7 blocked as well? Port 6 on OVS-2 is the only blocked port on the entire network. [cid:image002.jpg@01D76E81.5CD24680] OVS Instance Correct Mapping of port to MAC address Incorrect Mapping of port to MAC address Notes OVS-4 dl_dst=6a:6d:0c:f6:f5:83 actions=load:0x4->NXM_NX_REG0[0..15] dl_dst=86:cf:71:7e:50:59 actions=load:0x5->NXM_NX_REG0[0..15] dl_dst=32:09:e2:3d:6c:dc actions=load:0x5->NXM_NX_REG0[0..15] dl_dst=6a:6d:0c:f6:f5:83 actions=load:0x5->NXM_NX_REG0[0..15] dl_dst=86:cf:71:7e:50:59 actions=load:0x5->NXM_NX_REG0[0..15] dl_dst=32:09:e2:3d:6c:dc actions=load:0x5->NXM_NX_REG0[0..15] Terminal 4 MAC is now on the wrong port. OVS-4 learns terminal 1's MAC on port 5 even though OVS-2 and OVS-3 direct link is STP-blocked. OVS-3 dl_dst=6a:6d:0c:f6:f5:83 actions=load:0x5->NXM_NX_REG0[0..15] dl_dst=86:cf:71:7e:50:59 actions=load:0x7->NXM_NX_REG0[0..15] dl_dst=6a:6d:0c:f6:f5:83 actions=load:0x7->NXM_NX_REG0[0..15] dl_dst=86:cf:71:7e:50:59 actions=load:0x7->NXM_NX_REG0[0..15] Terminal 4 MAC is now on the wrong port. OVS-3 doesn't realize port 6 on OVS-2 is blocked. OVS-2 dl_dst=6a:6d:0c:f6:f5:83 actions=load:0x6->NXM_NX_REG0[0..15] dl_dst=32:09:e2:3d:6c:dc actions=load:0x6->NXM_NX_REG0[0..15] dl_dst=6a:6d:0c:f6:f5:83 actions=load:0x5->NXM_NX_REG0[0..15] Missing MAC learning for 32:09... for Terminal 3. OVS-1 dl_dst=86:cf:71:7e:50:59 actions=load:0x5->NXM_NX_REG0[0..15] dl_dst=32:09:e2:3d:6c:dc actions=load:0x6->NXM_NX_REG0[0..15] dl_dst=86:cf:71:7e:50:59 actions=load:0x8->NXM_NX_REG0[0..15] dl_dst=6a:6d:0c:f6:f5:83 actions=load:0x8->NXM_NX_REG0[0..15] Terminal 1 MAC is now on the wrong port. Missing MAC learning for 32:09... for Terminal 3. Is STP causing problems with MAC learning? I appreciate any feedback on this issue. Thanks, Usha ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] How to match on the physical and logical ingress ports
On Thu, Jul 01, 2021 at 02:51:13PM +, Dr. Shukri George Abdallah wrote: > When the physical ingress port is different than the logical ingress > port, using the ovs-ofctl utility, how can one match on the physical > and logical ingress ports? How are you defining "physical" and "logical" ingress ports here? Out of context, it's not clear. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] [EXT] Re: How to match on the physical and logical ingress ports
No.
I want to write flow rules using the ovs-ofctl utility to match traffic coming
through specific physical ports and logical ports and to treat each traffic
flow using different action clauses.
Thanks
Shukri
From: Peter Phaal
Sent: Thursday, July 1, 2021 11:58 AM
To: Dr. Shukri George Abdallah
Cc: ovs-discuss@openvswitch.org
Subject: [EXT] Re: [ovs-discuss] How to match on the physical and logical
ingress ports
Is this what you are looking for?
% ovs-vsctl --format json --columns name,ofport,ifindex list Interface
{"data":[["br2",65534,10],["eth0",1,2],["br1",65534,9],["vm",2,11],["gre0",1,0]],"headings":["name","ofport","ifindex"]}
On Jul 1, 2021, at 7:51 AM, Dr. Shukri George Abdallah
mailto:sabdal...@mitre.org>> wrote:
Hi
When the physical ingress port is different than the logical ingress port,
using the ovs-ofctl utility, how can one match on the physical and logical
ingress ports?
thanks
Shukri George Abdallah
Lead Network Researcher
L110 – Infra & Networking Innovation Center
Office – (703) 983-2470
Cell- (703) 282-0152
Mail Stop – J500
MITRE | Solving Problems for a Safer World™
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] How to match on the physical and logical ingress ports
Is this what you are looking for?
% ovs-vsctl --format json --columns name,ofport,ifindex list Interface
{"data":[["br2",65534,10],["eth0",1,2],["br1",65534,9],["vm",2,11],["gre0",1,0]],"headings":["name","ofport","ifindex"]}
> On Jul 1, 2021, at 7:51 AM, Dr. Shukri George Abdallah
> wrote:
>
> Hi
>
> When the physical ingress port is different than the logical ingress port,
> using the ovs-ofctl utility, how can one match on the physical and logical
> ingress ports?
>
> thanks
>
> Shukri George Abdallah
> Lead Network Researcher
> L110 – Infra & Networking Innovation Center
> Office – (703) 983-2470
> Cell- (703) 282-0152
> Mail Stop – J500
> MITRE | Solving Problems for a Safer World™
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] How to match on the physical and logical ingress ports
Hi When the physical ingress port is different than the logical ingress port, using the ovs-ofctl utility, how can one match on the physical and logical ingress ports? thanks Shukri George Abdallah Lead Network Researcher L110 - Infra & Networking Innovation Center Office - (703) 983-2470 Cell- (703) 282-0152 Mail Stop - J500 MITRE | Solving Problems for a Safer World(tm) ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] [External] : Re: Is this a bug in the "Egress Loopback table" or am I missing something
On 30/06/2021 18:44, Numan Siddique wrote: On Wed, Jun 30, 2021 at 10:54 AM Brendan Doyle wrote: OK so the simple 1 line change to northd.c in: [ovs-dev,v8,1/6] northd: Swap src and dst eth addresses in router egress loop. fixes the problem, can access all external networks, and the haripin between 10.68.49.185 <-> 10.68.49.185 works. Thumbs up for me on this patch! Thanks for testing out. I applied that patch to the main branch and backported to branch-21.06. Thanks Numan Great - thanks On 30/06/2021 10:11, Brendan Doyle wrote: So If I do : ovn-nbctl add logical_router_port lr1-ls1_external networks "10.68.49.185/32 10.68.49.184/32" Then the hairpin works and I have connectivity between 10.68.49.185 <-> 10.68.49.185 But This patch also look promising: [ovs-dev,v8,1/6] northd: Swap src and dst eth addresses in router egress loop. I'll try adding this, and incrementally the other patches in the series. Brendan On 29/06/2021 22:40, Numan Siddique wrote: On Tue, Jun 29, 2021 at 5:06 PM Brendan Doyle wrote: On 29/06/2021 21:38, Numan Siddique wrote: On Tue, Jun 29, 2021 at 4:13 PM Brendan Doyle wrote: Hi, With a very simple notwork (two VMs on different chassis), 1 subnet, single LS and LR/Gateway. The two VMs can ping each other using their Logical IPs. Each has an "External IP", and each can be accessed from an external network on that external IP. BUT they can't ping each other using their external IPs. I would have expected that either: a) The packets are sent on the external net then hairpinned back to the OVN gateway by the external net router. b) They are hairpinned by OVN. It seems that OVN attempts the latter, but does not succeed. The details, NB network, and pkt trace are as follows: ovn-nbctl show switch 2710eebe-f2b3-49e4-bcd6-dcfa48ed6470 (ls1_external) port ln-ls1_external type: localnet addresses: ["unknown"] port ls1_external-lr1 type: router router-port: lr1-ls1_external switch ff909b16-d863-4e3d-a10b-2f0010f17b23 (ls1) port 47433b54-ac10-42f1-ae84-cc6fbb580297 addresses: ["52:54:00:be:06:16 192.16.1.6"] port 00bff7c0-2e2d-41ba-9485-3b5fa9801365 addresses: ["52:54:00:e6:4f:46 192.16.1.5"] port ls1-lr1 type: router router-port: lr1-ls1 router 63e1b6a2-327f-4a24-b0c9-3a0e951beb2b (lr1) port lr1-ls1_external mac: "40:44:00:00:01:a0" networks: ["253.255.80.10/16"] gateway chassis: [ca-rain06 ca-rain17 ca-rain05] port lr1-ls1 mac: "40:44:00:00:01:30" networks: ["192.16.1.1/24"] nat f4675661-f4cc-4f7c-b534-ca75e090ed74 external ip: "10.68.49.184" logical ip: "192.16.1.5" type: "dnat_and_snat" nat f5592262-5fbd-4cef-8773-903875ba34d6 external ip: "10.68.49.185" logical ip: "192.16.1.6" type: "dnat_and_snat" Why don't the external ips belong to the subnet - 253.255.80.10/16 ? i.e to the network of ls1_external ? The 253.255.80.10/16 network is an internal "underlay" Network. An infra structure network of the rack product. The "External IPs", are IPs belonging to networks outside the rack. So in Normal case traffic destined for a VM from outside the rack, would send to the VM "External IP", that arrives at the rack physical uplink router, and is sent across the rack physical network (253.255.0.0/16) to the OVN Gateway, which DNATs and send to the VM Logical IP (reverse on traffic from VM to destination outside the rack). I'm pretty sure if you change the external_ips from 10.68.49.184 and 10.68.49.185 to the ones belonging to 253.255.80.10/16, it would work. We can't do that, these are different address spaces in different physical networks. I could try adding the 10.68.49.184/185 IPs to the "networks" table in lr1-ls1_external I'd suggest trying out with these patches once ? - https://urldefense.com/v3/__https://patchwork.ozlabs.org/project/ovn/list/?series=247106__;!!ACWV5N9M2RV99hQ!ZKO2z-ifCaUA-TPeLm7ZP9V7hkX8tZSv4HE4-Ogo2BhBcLfSbibLIh4xDsIiqu4xmH8$ Ok, will do, are they in master, as I'm running with a fairly recent build (maybe two weeks old) The patches are still under review and may not apply cleanly with the tip. You can access it from here too - https://urldefense.com/v3/__https://github.com/ovsrobot/ovn/commits/series_247106__;!!ACWV5N9M2RV99hQ!e3YISaySCgi6qg3Y-8_gdx0IN_FeVsl5onOgkxhBhhgp_69r8PTAROpeu3yG3eaPN0c$ Thanks Numan Thanks Numan ovn-nbctl lr-route-list lr1 IPv4 Routes 0.0.0.0/0 253.255.0.1 dst-ip lr1-ls1_external ovn-trace --detailed ls1 'inport == "47433b54-ac10-42f1-ae84-cc6fbb580297" && eth.dst == 40:44:00:00:01:30 && eth.src == 52:54:00:be:06:16 && ip4.src == 192.16.1.6 && ip4.dst == 10.68.49.184 && ip.ttl == 64 && icmp4.type == 8' #
Re: [ovs-discuss] Inactivity Probe configuration not taking effect in OVS 2.14.0
Hi Ben,
I have two questions,
1. When is this patch going to be released ?
2. Do we have any documentation for building modules from patch?
On 28/06/21, 10:25 PM, "Ben Pfaff" wrote:
I recommend trying the patches that I posted:
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_pipermail_ovs-2Ddev_2021-2DJune_383783.html=DwIDaQ=s883GpUCOChKOHiocYtGcg=jK9phexdherJTNL6qWfkjyz7vNK2P5VYFIeRp9Vdy5s=0Y5dlQZ6-TXyNkmMDUiCUN6JaZJeIf_W69zr7CdJ_3A=7gXiz2Z8l7MPXHoqsyHwzyX4sozNLZM5RFJam3PSMRA=
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_pipermail_ovs-2Ddev_2021-2DJune_383784.html=DwIDaQ=s883GpUCOChKOHiocYtGcg=jK9phexdherJTNL6qWfkjyz7vNK2P5VYFIeRp9Vdy5s=0Y5dlQZ6-TXyNkmMDUiCUN6JaZJeIf_W69zr7CdJ_3A=GZqZu8jql-ra0ik1wyfKSM4p6uNSvycyhJnMkTtIJTc=
On Tue, Jun 15, 2021 at 07:24:06AM +, Saurabh Deokate wrote:
> Hi Ben,
>
> Here is the output for ovs-vsctl list controller
>
> [root@172-31-64-26-aws-eu-central-1c ~]# ovs-vsctl list controller
> _uuid : eb56176a-ad32-4eb0-9cd8-7ab3bd448a68
> connection_mode : out-of-band
> controller_burst_limit: []
> controller_queue_size: []
> controller_rate_limit: []
> enable_async_messages: []
> external_ids : {}
> inactivity_probe : 0
> is_connected : true
> local_gateway : []
> local_ip : []
> local_netmask : []
> max_backoff : []
> other_config : {}
> role : other
> status : {last_error="Connection refused", sec_since_connect="42606",
sec_since_disconnect="42614", state=ACTIVE}
> target : "tcp:127.0.0.1:6653"
> type : []
>
> Let me know if you need any other details.
>
> ~Saurabh.
>
> On 11/06/21, 4:03 AM, "Ben Pfaff" wrote:
>
> On Mon, Jun 07, 2021 at 02:51:58PM +, Saurabh Deokate wrote:
> > Hi Team,
> >
> > We are seeing an issue in OVS 2.14.0 after moving from 2.8.0. We
first set the controller on the bridge and then set inactivity probe for our
controller to 0 to disable new connection attempts by ovs. After this we start
our controller to serve request. But in the new version of OVS somehow we still
see inactivity probe kicking in after every 5s and trying to reconnect. This
issue is triggered when we are in the middle of handling a packet in our
controller (i.e. OFController) which is blocked for almost 40s.
> >
> >
> > Kernel version: CentOS Linux release 7.9.2009
> > Output of ovs-vsctl list controller command shows inactivity_probe: 0
> >
> > Below is the snippet from ovs-vswitchd.log
> >
> >
021-05-11T22:32:55.378Z|00608|rconn|INFO|br0.uvms<->tcp:127.0.0.1:6653:
connected
> >
2021-05-11T22:33:05.382Z|00609|connmgr|INFO|br0.uvms<->tcp:127.0.0.1:6653: 44
flow_mods 10 s ago (44 adds)
> >
2021-05-11T22:33:05.386Z|00610|rconn|ERR|br0.uvms<->tcp:127.0.0.1:6653: no
response to inactivity probe after 5 seconds, disconnecting
> >
2021-05-11T22:33:06.406Z|00611|rconn|INFO|br0.uvms<->tcp:127.0.0.1:6653:
connecting...
> >
2021-05-11T22:33:06.438Z|00612|rconn|INFO|br0.uvms<->tcp:127.0.0.1:6653:
connected
> >
2021-05-11T22:33:16.438Z|00613|rconn|ERR|br0.uvms<->tcp:127.0.0.1:6653: no
response to inactivity probe after 5 seconds, disconnecting
> >
2021-05-11T22:33:17.921Z|00614|rconn|INFO|br0.uvms<->tcp:127.0.0.1:6653:
connecting...
> >
2021-05-11T22:33:18.108Z|00615|rconn|INFO|br0.uvms<->tcp:127.0.0.1:6653:
connected
> >
2021-05-11T22:33:28.110Z|00616|rconn|ERR|br0.uvms<->tcp:127.0.0.1:6653: no
response to inactivity probe after 5 seconds, disconnecting
> >
2021-05-11T22:33:29.433Z|00617|rconn|INFO|br0.uvms<->tcp:127.0.0.1:6653:
connecting...
> >
2021-05-11T22:33:29.933Z|00618|rconn|INFO|br0.uvms<->tcp:127.0.0.1:6653:
connected
> >
> >
> > Can you please help us find out what could be wrong with this
configuration and what is the expected behaviour from ovs switch when the
receiver on the controller is blocked for long.
>
> Hmm, I can't reproduce this with current OVS. I do see a problem with
> the fail-open implementation; I'll see a patch for that.
>
> Can you show the output of "ovs-vsctl list controller"?
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
