Re: [ovs-discuss] Help- How to configure OVS on vsphere environment

[Raymond Burkholder via discuss]

On 4/20/23 03:39, Eldhose Mathew wrote:

Hey Ray, thank for your response,

if we can't change the vDS option keeping vDS can we configure OVS on 
esxi hosts? If yes, how do we configure OVS on esxi hosts?
  my requirement is to get the PG (portgroup)  with VXLAN capabilities 
in the vcenter,


nothing in ESXi/vsphere/vcenter/vmware is interchangeable

some third party products may do so, but I certainly wouldn't attempt 
such a feat


if you really want to run OVS, then build a VM, run it there, and hook 
everything up to that instead


but at that point, I'd build my own non-vsphere/non-esxi host instead.

because if you want VXLAN capability, you'll also want/require FRR to 
get you the EVPN side of things -- and to do that, you really want host 
level access, something not possible with the platform you are inquiring 
about


Or. go the NSX route, but that won't get you vxlan, it will get you 
geneve -- last time I checked, anyway





On Thu, Apr 20, 2023 at 10:14 AM Raymond Burkholder via discuss 
mailto:ovs-discuss@openvswitch.org>> wrote:


On 4/19/23 07:47, Eldhose Mathew via discuss wrote:

 > I am looking to configure Open vSwitch (OVS) on the vSphere
environment
 > to replace vSphere Distributed Switch (vDS). Can someone help me
find a
 > reference wiki to guide me on how to configure OVS on ESXi hosts?

Is that even possible?  vDS is entrenched in the whole configuration &
monitoring aspect of ESXi.

I suggest ignore that self flagellation and go with a Proxmox solution
and install your OVS/FRR directly there.  Far less painful.



___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Help- How to configure OVS on vsphere environment

[Raymond Burkholder via discuss]

On 4/19/23 07:47, Eldhose Mathew via discuss wrote:

I am looking to configure Open vSwitch (OVS) on the vSphere environment 
to replace vSphere Distributed Switch (vDS). Can someone help me find a 
reference wiki to guide me on how to configure OVS on ESXi hosts?


Is that even possible?  vDS is entrenched in the whole configuration & 
monitoring aspect of ESXi.


I suggest ignore that self flagellation and go with a Proxmox solution 
and install your OVS/FRR directly there.  Far less painful.








Thank you in advance,


Regards

Eldhose Mathew,


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Hardware compatibility

[Raymond Burkholder via discuss]

On 4/10/23 06:52, Tom Jay via discuss wrote:
I'm interested in trying OVS and would like to try the hardware 
features (hardware offloading). Is there a list of hardware that OVS 
is compatible with?


try the mellanox connectx5/6 cards.  Their web site describes how to get 
the various functions functional.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] newbie needs info and guidance about opesvswitch vs. virtual router/routing

[Raymond Burkholder via discuss]

On 2/19/23 11:56, Bilinmek Istemiyor wrote:

Hello,

Thank you for the response,  It is really  helpful and I really 
appreciated it. As seen from my post, networking, specifically SDN is 
not a specialty of mine. Thank you for the directions. From your 
reply, I understand that openvswitch does not handle routing or layer 
3 switching in itself, I need some external tools/settings to handle 
it.  I have several more questions, and I appreciate if you can 
provide your opinions about these. Please bare with me if they are 
really dumb questions because the information in the internet is 
overwhelming for me and I have difficulty to extract answers for these 
basic questions.


linux networking is powerful.  you'll need to go through a series of 
ah-hah! moments to understand what it can do.




I always thought mininet is a isolated simulation environment for some 
academic or research work and not for real environments. I hear that 
routers, switches with different topologies can be created with 
mininet easily. Is it possible to use it daily for the requirements 
that I presented previously? Will there be performance penalty against 
a setting if the same topology is created with other tools you 
specified, openvswitch, iproute2 etc?


mininet is an automation tool, which makes use of linux iproute2 command 
line tools.   it can be used for testing and education, and production 
if it meets the needs.


but before you try mininet, you should use the command line tools 
natively first.  then you'll understand how the other tools work.


https://baturin.org/docs/iproute2/#ip-netns  - look for the heading 
"Connect one namespace to another " - then use ip link to turn on 
interfaces, and ip addr to assign addreses within each namespace.


Once you can accomplish that, you'll have been introduced to the basics 
of links, addressing, and namespaces, which form the basis for much of 
linux networking.  And these are the tools which mininet abstracts so 
you don't have to run these commands individually all the time.


hence, no, there are no performance penalties for using the higher 
abstraction tools.




I have seen some blogs/post using openwrt as a virtual router or just 
using a linux box in a virtual machine as a static router. What do you 
think about this?


there is no need for any of these other tools, other than if you simply 
want to use their gui abstractions to perform what can be done natively 
under the hood.


Any old modern linux distribution/kernel will provide all these 
functions natively




I may be wrong but  if I understand correctly  that with openflow it 
is possible to do the routing or l3 switching without actually needing 
a router. I will be needing an openflow controller I presume along 
with openflow enabled switches, and some flows need to be programmed. 
Openvswicth does openflow but misses controller part to the best of my 
understanding. Are these statements correct? If so which tools should 
I use to do layer 3 switching with openflow.


openflow is, in effect, and some embellishments, a layer 2 switch. it 
can be controlled via command line arguments or via various and sundry 
openflow controllers.





You have not commented anything about open virtual networking (ovn). 
What do you think about it. It is not in proposed your set of 
solutions. I ask it even though it will be hard to use for me it since 
I have not encountered a package for arch linux.


ovn is one of those controllers, and can perform some rudimentary layer 
3 routing.  I'd learn openvswitch prior to getting into the intricacies 
of ovn.  It will then become more apparent as to the its use cases.


I would recommend learning basic iproute2/ovs prior to getting into ovn.



Which direction would you chose if you were me.  mininet, 
openflow/openvswitch, openswitch/openwrt/linuxboxrouter etc.


iproute2 (https://baturin.org/docs/iproute2), ovs for basic link and 
vlan management, mininet to create larger learning environments, then, 
well, lots of possible directions.




Thanks in advance


good luck

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] {Disarmed} Re: newbie needs info and guidance about opesvswitch vs. virtual router/routing

[Raymond Burkholder via discuss]

On 2/18/23 09:22, Bilinmek Istemiyor via discuss wrote:

Hello,

I am looking for a solution to create several virtual switches 
connected by a virtual router on a single linux pc. I would like to 
create a test, development  or similar environments  which has its own 
ip address space and use a single linux pc along with already 
available kvm/qemu/libvirt capability for the virtual machines or 
containers.




look at lxc/lxd - a linux kernel native namespace/process management 
solution


I have understood that openvswitch can create virtual switches as the 
name suggests, but I have not been able to find any instructions 
related to creating a virtual router. I have seen some posts routing 
the these switches' traffic with kernels network configuration, but I 
am more looking for virtual switches/routers and their virtual 
interfaces without messing my host routing settings often and manually.


you'll want to dive into the world of iproute2 - it is a series of tools 
for managing namespaces, interfaces, addressing, routing, tunnels, 


I will connect my custom build kvm/qemu containers or virtual machines 
to these enviroments. I have previously used vagrant, docker, proxmox 
but I do not want to use those tools since they have their specific 
attachments.


as mentioned earlier, iproute2 namespaces are dead simple, or use 
lxc/lxd for something a bit more segregated


My internet searches pointed me, open virtual networking (ovn) which 
claims to do virtual switches, routers etc and seems to be using 
openvswitch underneath. However ovn seems like it requires higher 
level of tooling or services such as openstack provides etc. I have 
not seen a proper package for that in arch linux as well which I am 
currently using.


To make long story short:

 *

Can I create several private network switches for such as
192.168.100.0/24 <http://192.168.100.0/24>, 192.168.101.0/24
<http://192.168.101.0/24>, 192.168.102.0/24
<http://192.168.102.0/24> for host, test, development etc. and
connect them to a virtual router and make these machines
accessible from my lan via *openvswitch* in a reqular linux box.

 *

If not, which toolset I can use to achive that. I am only
interested in the networking stack, and  I would like to be free
of any other stack or technology such as openstack, proxmox,
vagrant or docker which came as bundled with their services, image
types etc.



Your overall tooling would be comprised of (in increasing order of 
complexity and abstraction):


 * iproute2 (ip ns, ip link, ip addr, ip route, ) - native kernel
   network management
 o the trick is to use veth interfaces to link namespaced
   environments via the ip ns command
 * ifupdown or ifupdown2 - persisting network configurations across
   sessions
 * open vswitch and/or bridge - kernel switching solutions
 * mininet - a python tool for quickly building virtual networks on
   your pc (a high level tool using iproute2 functionality (ip ns,
   veth, etc))
 * frr - free range routing - actual routing protocols for advanced
   routing development

Hope this helps on your networking journey


Raymond Burkholder
https://blog.raymond.burkholder.net/index.php?/categories/67-Networks



___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] One question about AVX512 support

[Raymond Burkholder]

On 2022-06-02 10:26, Li Zhang wrote:

Hi Pai,

Thanks a lot. It helps.
These patches allow ovs to decide to disable or enable AVX512 if I
understand it correctly.
Is it recommended to enable AVX512?  AVX512 is enabled by default.
It is disabled in DPDK because it is experimental. I wonder if I
should disable it, it may cause performance worse.


Look at https://en.wikipedia.org/wiki/AVX-512

AVX512 is CPU model dependent.  Code will break if the instructions are 
run on a cpu without them.  Which is why they are typically not-compiled 
in.  Each environment will need to make that decision explicit.  If your 
environment supports the instructions, then I'd probably compile in for 
OVS & DPRK.  If you need code to transport all over the place, then best 
to disable them.





Thanks
Li

On Thu, Jun 2, 2022 at 4:00 PM Pai G, Sunil  wrote:

Hi Li,

The assumption of ovs being dependent on dpdk for avx512 might not be true.
I found these two commits below in ovs-2.14.2 which strips out the "-march" and 
"-mno-avx512f" flags exported by dpdk i.e removes dependency on DPDK. The reason for this 
is rightly mentioned below as well. Hope this helps.


commit bb8f0e2a810889241f1d886d160ccee9b96c4d63
Author: Ian Stokes 
Date:   Fri Jan 15 15:46:02 2021 +

 acinclude: Strip out -mno-avx512f provided by DPDK.

 DPDK forces '-mno-avx512f' flag for the application if the toolchain
 used to build DPDK had broken AVX512 support.

 DPDK forces '-mno-avx512f' flag for the application if the toolchain
 used to build DPDK had broken AVX512 support.  But OVS could be built
 with a completely different or fixed toolchain with correct avx512
 support.

 Fix that by stripping out `-mno-avx512f` as we already do for '-march'.
 This will allow the OVS to decide if the AVX512 can be used.

 Reordering of CFLAGS (i.e. adding DPDK flags before OVS ones) is not an
 option since autotools might reorder them back later and it's very
 unpredictable.

 Reported-at: https://github.com/openvswitch/ovs-issues/issues/201
 Signed-off-by: Ilya Maximets 
 Co-authored-by: Ilya Maximets 
 Signed-off-by: Ian Stokes 

commit e9f9104d6a83ce7efd702120171835991779
Author: Ian Stokes 
Date:   Fri Jan 15 14:54:04 2021 +

 acinclude: Strip out -march provided by DPDK.

 DPDK flags may include -march. Forcing -march could be
 considered too heavy a requirement when users compile OVS from
 source and could override user provided options.

 Resolve this by stripping -march from provided DPDK flags.

 Signed-off-by: Ian Stokes 



Thanks and Regards,
Sunil


-Original Message-
From: discuss  On Behalf Of Li Zhang
Sent: Thursday, June 2, 2022 6:35 PM
To: ovs-discuss@openvswitch.org
Subject: [ovs-discuss] One question about AVX512 support

Hi   all,

We are using openvswitch 2.14.2, and dpdk-19.11.4. I found avx512 is
enabled by default but it's disabled in DPDK. But I think ovs is dependent
on the dpdk library, right? But why does ovs work with
avx512  disabled in DPDK?

I am not quite sure about the relationship between OVS and DPDK, any
suggestions?

--

Best Regards
-Li
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss





___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Configure bond with Open vSwitch: bond ports are disabled, may_enable: false

[Raymond Burkholder]

On 7/11/21 2:41 PM, Thomas wrote:

Hello,

I have configured a bond + bridge + internal ports on Debian 10 (using
/etc/network/interfaces).

I fought this quite a bit a few years back (you might find my question 
in the list somewhere).  Not sure if it has improved, not sure if this 
the same problem, but I think I ended up creating the bonds natively, 
then hooked that interface into the bridge and then into ovs.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Openvswitch with LXC

[Raymond Burkholder]

On 2/4/21 12:41 AM, George Papathanail wrote:


I managed to attach the lxc interface to the ovs-bridge
sudoovs-vsctl show
8cd3e1a6-eaa9-4341-b5c8-677e381c8306Bridgeswitch0PortvethlQXvGc 
InterfacevethlQXvGc Portswitch0Interfaceswitch0type: internal 
ovs_version: "2.13.1"
The problem now is that the container did not take IP. P.S I only have 
one physical interface so I did not bind it with the bridge.


You need to remove your ip information from the physical interface, bind 
the physical interface to the bridge, assign the address info to the 
bridge (or other virtual interface).


This creates a common bridge between the 'outside' world and your 
container.  And provides local machine address to the outside world on 
that same sole physical interface
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Openvswitch with LXC

[Raymond Burkholder]

Pretty simple:

1) read the man page on lxc.container.conf
2) build one or two interface up/down files

Don't guarantee this works without a bit of extra massaging, but should 
be enough to get started:


# cat /etc/lxc/scripts/ovs.port.up.sh
#!/bin/bash
logger "lxc_name=${LXC_NAME}"
logger "lxc_config=${LXC_CONFIG_FILE}"
logger "values = $1 $2 $3 $4 $5"
logger "vlan=${VLAN} $5"
BRIDGE=ovsbr0
ovs-vsctl --may-exist add-br $BRIDGE
ovs-vsctl --may-exist add-port $BRIDGE $5
if [ "$VLAN" != "" ]; then
  ovs-vsctl set port $5 tag=$VLAN
  fi


There might be other tidbits at:
https://blog.raymond.burkholder.net/index.php?/categories/7-LXC


On 2/3/21 10:12 AM, George Papathanail wrote:
Hello everyone, I'm trying to connect LXC with Openvswitch and to have 
a setup like this:




I'm kindly asking for your input, or if there is a tutorial please let 
me know


Thank you in advance

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Can we add a wifi network interface to an OVS bridge?

[Raymond Burkholder]

On 8/21/20 7:38 AM, Jordan Sandri wrote:

Hello,
I would like to know if it is possible to add a wifi network interface 
to an OVS bridge? Let me explain first what I achieved.


If you are using hostapd, there is something you can build into it which 
will add the interface to ovs:


https://blog.raymond.burkholder.net/index.php?/archives/762-Using-Quilt-to-Patch-a-Debian-Package-hostapd.html


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] using OVS with FRR within eVPN environment

[Raymond Burkholder]

On 2019-07-04 1:30 a.m., Lee Wilson via discuss wrote:
The only way i have seen it done is as per below example.. This is a 
script i found on this forum which creates a veth between the kernel 
bridge and the ovs-switch.

... script cut out 

This works, though using veth seems like a bit of a hack.. Is there a 
better way to do this? Is anyone else using ovs with frr and evpn?


You may want to follow up on the FRR list.  There were some other 
experimental tie-ins to OVS via a different feature set.  I don't know 
if any progress has been made on this particular integration in order to 
bypass the 'hack' in the script.


Raymond



___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Open vSwitch openflow example

[Raymond Burkholder]

Your question is somewhat vague.  But for what it is worth, to provide 
an idea of what can be done, this is an extract from a bash script which 
maps the flows in each direction from one vlan on one port to another 
vlan on another port.


VLANA=$(ovs-vsctl get Interface {{ mapping.a.port }} ofport)
VLANZ=$(ovs-vsctl get Interface {{ mapping.z.port }} ofport)
ovs-ofctl add-flow {{ bridge.name }} 
priority=100,in_port=${VLANA},dl_vlan={{ mapping.a.vlan 
}},actions=mod_vlan_vid:{{ mapping.z.vlan }},output:${VLANZ}
ovs-ofctl add-flow {{ bridge.name }} 
priority=100,in_port=${VLANZ},dl_vlan={{ mapping.z.vlan 
}},actions=mod_vlan_vid:{{ mapping.a.vlan }},output:${VLANA}



But you mention you have an open flow controller, which may inject flows 
directly via the control channel.


If you would like more assistance, please let me know directly.

On 2019-07-04 2:58 p.m., Heim, Dennis wrote:


I am trying to do a vlan trunk from my open vSwitch when connected 
with an openflow controller. Does anyone have any examples of what an 
openflow rule should look like to do that?


*Dennis Heim | Domain Architect (Collaboration Labs)*

World Wide Technology, Inc. | +1 314-212-1814



___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OpenVSwitch looped topology without bonds/STP

[Raymond Burkholder]

On 2019-03-27 3:19 p.m., Colton Powell wrote:

Anyways, I was thinking the same thing as you: It seems I will have to disable 
STP + the default forwarding rules, and then write flows to get ARP, etc. 
working as intended. I just wanted to see if there was some other, simpler 
solution that perhaps I was missing here.


In the long run, the simpler way is to consider building layer 3 
networks, and using OVS for overlay layer 2 tasks.



As far as your questions go: Our control channel is in-band, and we are running 
all OVS-only switches. It’s a pretty straightforward setup, but evidently now 
I’m not sure it quite fulfills our needs.


hmmm, quite possibly, depending upon what your ultimate goals are.


Also, can you explain how in-band control cause more issues for us, rather than 
less?


In a nutshell, one of possibly several examples ... if you were to 
continue with the layer 2 concept, and thus being forced into disabling 
most flows and re-enabling them under coordinated control, you'll end up 
with issues of bootstrapping the links (possibly multiple hops) between 
the controller and OVS.


In addition, if you were to stick with spanning tree enabled, you'll 
have other issues for flow rules, as well as the controller:  if links 
break or go down, then spanning tree can take quite some time (measured 
in seconds) to re-converge, and in the meantime, other links may or may 
not go in and out of forwarding, causing all sorts of issues for 
forwarding as well as inbound control plane traffic.




Thanks again!

Colton
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OpenVSwitch looped topology without bonds/STP

[Raymond Burkholder]

On 2019-03-27 1:48 p.m., Colton Powell wrote:

The difficult part for us, however, is actually finding the paths to redirect 
on. Because we are currently using STP in our looped topology, OpenDaylight 
cannot find all links/paths in the network. Only links on the Spanning Tree are 
found (similarly, any link that would create a cycle/loop is not found).


Well actually, that is the way things are supposed to work.  I think 
that even if you could 'know about the link' and you could write a rule 
to redirect the flow, with STP enabled, the packets would get dropped 
anyway, which is the hard-wired nature of switches and spanning tree.



So, from the controller-side of things, we do not have visibility of all links 
in the network. As a result, we cannot optimally distribute traffic throughout 
the network, due to the fact that we do not have a complete view of all links 
in the network.


I would suggest thought that is only half correct.  I'd say that you do 
indeed have visibility to all 'forwarding links' on the network.



Therefore, we were either hoping to a) find a solution without STP or b) Use 
STP, but modify our OVS configuration, with the ultimate goal of achieving 
visibility of all links in the network.


If you want this to work, you would have to disable STP, and remove, by 
default, all forwarding and generation rules in OVS.  By removing STP, 
the switch will bring up all ports.  By removing all rules, including 
default rules, you prevent packet storms.


You'd have to somehow enable LLDP neighbor detection or similar.  LLDP, 
by nature, is not forwarded.


There is a bunch of IPv6 ND issues for which you'd have to manually 
insert rules.


In short, after disabling traffic, you then have to start adding rules 
to get the various non-transport protocols operating properly.


Then you can start inserting/removing your transport oriented rules.

Are you running OVS-only switches, or do you also have non-OVS switches 
with which to contend?


Is your control channel in-band or out-of-band?  If in-band, you 
probably will have even more problems with which to contend.



I hope that clarifies my intent a bit. Please let me know if I can provide any 
other information, and thanks again for your help.


Are you sure you want to design a network this way?  I think I see where 
you are going with this, but I think that road is littered with dead 
bodies.  That is, if your intention is to rely on a single instance of 
OpenDayLight to control all your switches, then you will have 
resiliency/redundancy/reliability issues.


There are a few hybrid solutions which make use of this style of 
mechanism (making the assumption that ALL switches are OVS controlled).


One style which comes to mind is the distributed controller style, which 
allows resiliency in the scenario of a central controller failure.  This 
scenario makes use of a two tier controller solution:  a) a controller 
on each switch maintaining local topology, link, and bandwidth state, 
with b) a central controller which has a global map of the network which 
the two tiers communicate iteratively for tuning traffic patterns.


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OpenVSwitch looped topology without bonds/STP

[Raymond Burkholder]

On 2019-03-27 12:12 p.m., Colton Powell wrote:
By default, having a looped topology causes issues with broadcast 
packets (such as ARP packets) being looped. I have read the Common 
Configuration Problems page, which says to use bonds or STP to solve 
this issue.
A looped infrastructure is generally frowned upon.  Layer 2 underlay 
networks are generally frowned upon.


Could you explain what you are trying to do?  There might be alternate 
better solutions.


Using a VxLAN or Geneve underlay between OVS instances might be better 
(which uses a more robust Layer 3 redundant, load balancing routing 
mechanism).


The OVN portion of OVS handles much of the mechanics for you.



However, bonds do not satisfy the requirements I wish to meet, and STP 
causes problems with OpenDaylight. When STP is enabled on the 
switches, OpenDaylight fails to detect all links in the topology. In 
particular, only the links along the spanning tree are detected, and 
any links that would otherwise cause a cycle are not detected. This 
makes it impossible to gather a complete view of the topology from the 
controller, meaning I cannot consider all paths throughout the network 
before installing flows onto the switches.


I have found some hacky workarounds for this, but they are definitely 
not ideal. Would anyone here have any insight as to how I can 
correctly configure my OpenVSwitches in a looped topology without 
using bonds or STP? Or is there perhaps another solution that I am not 
seeing?





___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Confused how to set up an STP loop topology on BPI switches

[Raymond Burkholder]

On 2019-01-09 8:33 a.m., Christopher Hannon wrote:
Thanks for your reply, I think I understand your point regarding 
hardware switching. Although wouldn't there need to be a layer 3 
connection somewhere to pull a packet from one vlan to the other? I 
guess I am not completely sure about how the vlans get connected 
together. Would this be in OVS?


Yes, then things become more of a layer 3 mechanism.  That is about all 
I've come up with when up against a lower level hardware switch.


Possibly in swconfig or the iproute2 or ethtool there is a mechanism to 
define them as access ports, each in their own vlan.  But VLAN ids are 
passed up in the skb structures, so  don't know if that would work.  
Maybe XDP performs operations before OVS picks up packets.  But that is 
getting deep into the weeds.


If you desire to use the default switch in OVS, then maybe very 
difficult.  I don't know if performing vlan pre-processing will help.  
Something along the lines of pushing/popping vlan tags as in


https://mail.openvswitch.org/pipermail/ovs-discuss/2018-October/047617.html

But if you use the openflow side of things and program in your own 
packet ops, you may get something closer.  But you won't have the STP 
side of things, unless you program that yourself as well.


On Tue, Jan 8, 2019 at 10:00 PM Raymond Burkholder <mailto:r...@oneunified.net>> wrote:


One solution might be to supply a unique vlan between each pair of
switches:

vlan 111 s1,sw2
vlan 112 sw2,sw3
vlan 114 sw3,sw4
vlan 115 sw4,sw1

I *think* the issue is that with the lan ports all in the same
vlan, the hardware switch is switching packets, and not passing
the packets up to ovs.  And if the hardware switch does not have
STP turned on, you will end up with the loop.

With the segregating vlans, packets should then be passed to OVS
for use in it's bridging functions.



___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] open vswitch / openflow includes for nicira extensions

[Raymond Burkholder]

I have been using header file definitions found in 
https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.4.1.pdf 
to build an open flow controller.


The controller communicates successfully with openvswitch.

But in tutorials such as 
https://github.com/openvswitch/ovs/blob/master/Documentation/tutorials/ovs-conntrack.rst, 
the command line examples use flow modifications using non-standard 
values and parameters.


Are these enumerations and structures available to controllers? If so, 
what header files would be included to access the enumerations and 
structures?


I've looked at files in /usr/include/openvswitch and 
/usr/include/openflow, but nothing is obvious for working with nicira 
extenstions.  Even searching through a cloned github repository of ovs 
doesn't yield a definition for something like CS_ESTABLISHED that I 
could follow through.  I see references, but I don't seem to see the 
original definition or enumeration.


Or is there a better way to build a controller to use the nicira extensions?
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Single nic server and ovn

[Raymond Burkholder]

On 2018-12-19 2:51 p.m., Vasiliy Tolstov wrote:

ср, 19 дек. 2018 г. в 22:31, Grant Taylor via discuss
:

On 12/18/2018 11:56 PM, Vasiliy Tolstov wrote:

Hi, i have some servers that have only one nic for network. As i
understand for ovn i need to add this interface to ovs bridge.
But for host access i need some ip address on server and also if ovs or
ovn is down or something else with this services i can't connect to server.



I know about that, but if ovs have panics/crushes or misconfigured i
can' get access to my server via ethernet

Then you use something like ILO or an ip based KVM for out  of band 
management.


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] external ovs c++ controller

[Raymond Burkholder]

On 2018-11-09 3:27 a.m., Boris Ouretskey wrote:
What would be the preferred API for controlling open switch bridges 
from c++ user space application. (both Windows and Linux version of 
ovs should be supported). the controller should run on both windows 
and linux also.
1. reverse engineering ovs-vsctl (or test controller) and use the same 
API it does.
RFC 7047, also see https://github.com/John-Lin/OVS-Cheat-Sheet for how 
the various ovs apps work together

2. use some open-source c++ openflow stack (if exists)
This controls the flows, and is probably the most efficient mechanism 
for controlling the flows

3. just run System("ovs-vsctl ...") from the application
two different commands sets would be required, and are probably less 
efficient due to the requirement for parsing text commands (ovs-vsctl 
for ports, ovs-ofctl for flows)
The application mostly opens and configures the ports. Controlling the 
openflow tables is of less priority.

In summary, two mechansims are involved.

The ovs database/schema deals with port configuration and management. 
RFC 7047 defines how one communicates with the database.


Flow control happens via the flow controller.  github has at least two 
c++ controllers, one of which is mine which I am slowly building up in 
capability.


Hope this helps.

Raymond
https://blog.raymond.burkholder.net/index.php?/categories/12-Open-vSwitch
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Basic OVS - VLAN translations

[Raymond Burkholder]

On 2018-10-26 7:26 p.m., Fred Licht via discuss wrote:

I am not able to find a basic document or instruction on how to best configure 
VLAN translation with OVS.  I would be using the LTS OVS 2.5.5.  Can someone 
point me to some good examples or provide one.
It comes down to these two lines for cli'ing the forward and reverse 
directions (should be relatively easy to decipher the important bits):


ovs-ofctl add-flow {{ bridge.name }} 
priority=100,in_port=${VLANA},dl_vlan={{ mapping.a.vlan 
}},actions=mod_vlan_vid:{{ mapping.z.vlan }},output:${VLANZ}
ovs-ofctl add-flow {{ bridge.name }} 
priority=100,in_port=${VLANZ},dl_vlan={{ mapping.z.vlan 
}},actions=mod_vlan_vid:{{ mapping.a.vlan }},output:${VLANA}



In the bigger context, these lines are pulled from one of my 
repositories, it is a SaltStack templated bash script (use with caution):


#!/bin/bash
{% set mapvlans = salt['pillar.get']( 'mapvlans' ) %}
{% if mapvlans is defined %}{% if mapvlans.one2one is defined %}
{% set bridges = mapvlans.one2one %}
{% for bridge in bridges %}
ovs-ofctl del-flows {{ bridge.name }}
{% set mappings = bridge.mappings %}{% for mapping in mappings %}
VLANA=$(ovs-vsctl get Interface {{ mapping.a.port }} ofport)
VLANZ=$(ovs-vsctl get Interface {{ mapping.z.port }} ofport)
ovs-ofctl add-flow {{ bridge.name }} 
priority=100,in_port=${VLANA},dl_vlan={{ mapping.a.vlan 
}},actions=mod_vlan_vid:{{ mapping.z.vlan }},output:${VLANZ}
ovs-ofctl add-flow {{ bridge.name }} 
priority=100,in_port=${VLANZ},dl_vlan={{ mapping.z.vlan 
}},actions=mod_vlan_vid:{{ mapping.a.vlan }},output:${VLANA}

{% endfor %}{# mapping #}
ovs-ofctl add-flow {{ bridge.name }} priority=0,actions=NORMAL
{% endfor %}{# bridges #}
{% endif %}{# one2one #}{% endif %}{# mapvlans #}
exit 0

Raymond Burkholder
https://blog.raymond.burkholder.net





___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS Faucet tutorial broken

[Raymond Burkholder]

On 2018-08-24 06:57 PM, Brad Cowie wrote:
On 25 August 2018 at 12:07, Ben Pfaff > wrote:


On Sat, Aug 25, 2018 at 11:09:41AM +1200, Brad Cowie wrote:
> By the way we can dynamically generate our openflow pipeline now such
> that tables are automatically sized (more important for real
hardware)
> and disable tables that aren't used (e.g. FIB tables are now turned
> off when routing disabled, ACL tables disabled when no ACLs have
been

On 25 August 2018 at 12:07, Ben Pfaff > wrote:


OVS does of course run on some hardware
switches; I don't know whether the vendors who customize it for their
hardware add support for OFPMP_TABLE_FEATURES so that it can configure
trade-offs, though I suspect they do not.


We are using Table Feature Messages (TFM as we call it in faucet) to 
drive 3 vendor
hardware switches today. I know at least one of them is using Open 
vSwitch under
he hood as the OpenFlow Agent (OFA) so I assume at least one vendor 
has modified

OVS to add support.


Are you able to name those vendors?  It would be of interest to evaluate 
capabilities.



Brad
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Problem openvswitch, openwrt e dhcp

[Raymond Burkholder]

On 07/23/2018 04:45 PM, Thomas William wrote:


controller ---> normal switch --> ap with openvswitch and openwrt -->server1


When I configure the eth0.2 interface on the openvswitch I lose the ip 
assigned by the external dhcp, and I can not recover, I've already tried 
to assign static but did not work for the controller accessing it remotely.


I am not familiar with openwrt config, and if you installed ovs as an 
add-on, there is an interaction which may not work with out some custom 
changes with hostapd (the wireless side of things).


I have wireless working with the changes discussed at:

http://blog.raymond.burkholder.net/index.php?/archives/762-Using-Quilt-to-Patch-a-Debian-Package.html

Your mileage may vary with your situation.



I do not know how to configure in openwrt for the eth0.2 interface to 
work on both openvswitch and remote access.



--
Raymond Burkholder
r...@oneunified.net
https://blog.raymond.burkholder.net
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VXLAN - MAC address learning/propagation through EVPN/FRR

[Raymond Burkholder]

On 06/12/2018 02:40 AM, Nicola Bucci wrote:

Would you be able to provide a fully functional example with configs? That 
would be awesome.


Rather than a fully functional config, here are some config extracts:

Part of a shell script to configure and connect the ovs/kernel bridges, 
vxlan interface, and regular vlan.  You define how you want to map local 
vlans to global vni numbering.


VNI=$1
NAME=$2
TYPE=$3
VLAN=$4
# kernel bridge, bring it up without spanning tree
brctl addbr br${NAME}
ip link set dev br${NAME} up
brctl stp br${NAME} off
# create vxlan interface, where VNI is tied to vni in FRR, lo is a loopback
# nolearning is on the same line, but line-wrapped in email
ip link add vx${NAME} type vxlan id ${VNI} dstport 4789 local ${lo} 
nolearning

# add the vxlan interface to kernel bridge, bring itup
brctl addif br${NAME} vx${NAME}
ip link set dev vx${NAME} up
# add a veth to tie kernel bridge to ovs
ip link add vo${NAME} type veth peer name vb${NAME}
# add veth to kernel bridge
brctl addif br${NAME} vb${NAME}
# add veth to ovs bridge
ovs-vsctl --if-exists del-port ovsbr0 vo${NAME}
ovs-vsctl add-port ovsbr0 vo${NAME} ${TYPE}=${VLAN}
# bring up both ends of veth
ip link set dev vo${NAME} up
ip link set dev vb${NAME} up
# container and kvm links are then added to the ovs bridge



Here is an extract from an FRR EVPN configuration in the BGP 
configuration file.  For this example, there are two FRR instances 
involved for sharing VNI information.  This configuration is for one of 
the two.  For scaling, you choose the import/export statements based 
upon selecting which instances the VNI needs to be associated (where the 
vlan needs to be 'stretched')


In my case, the relationships are defined in a separate master file, and 
I use SaltStack to build the specific configs for each instance.


The addresses in the RD/RT are the instance loopbacks.

  address-family l2vpn evpn
neighbor 10.20.3.2 activate
vni 1012
  rd 10.20.1.1:1012
  route-target export 10.20.1.1:1012
  route-target import 10.20.1.2:1012
exit-vni
vni 1101
  rd 10.20.1.1:1101
  route-target export 10.20.1.1:1101
  route-target import 10.20.1.2:1101
exit-vni
vni 1421
  rd 10.20.1.1:1421
  route-target export 10.20.1.1:1421
  route-target import 10.20.1.2:1421
exit-vni
advertise-all-vni
  exit-address-family

Some more reading material I have gathered:

https://blog.raymond.burkholder.net/index.php?/archives/799-EVPN-Reading-Material.html


Thanks


I hope the above is some value


Nico


--
Raymond Burkholder
r...@oneunified.net
https://blog.raymond.burkholder.net

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VXLAN - MAC address learning/propagation through EVPN/FRR

[Raymond Burkholder]

On 06/06/2018 01:50 AM, Nicola Bucci wrote:
Does anybody know if it's possible to feed the fdb information from OVS 
into EVPN with FRR?


FRR talks to the kernel bridging directly for the fdb information.  I 
have been thinking about writing a module for FRR to access OVS bridge 
information, but that is quite a bit of work.  There is a VNC interface 
with FRR which purportedly does something similar.


But, instead, even though it isn't the most the most performant, I use a 
veth between an OVS bridge/vlan and a regular linux bridge.


The linux bridge side of the link allows FRR/Zebra to see linux bridging 
info which is fed from the OVS side of things.


FRR/BGP/EVPN can then redistribute the learned MAC tables between hosts 
in order to maintain the layer 3 network.


Works like a charm for me.

If you need configs, I could work up an example for the iproute2/bridge 
commands as well as an RD based FRR config.


--
Raymond Burkholder
r...@oneunified.net
https://blog.raymond.burkholder.net

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Multiple dpdk-netdev datapath with OVS 2.9

[Raymond Burkholder]

On 05/07/2018 01:41 PM, alp.ars...@xflowresearch.com wrote:

What would you recommend as a controller, also would adding rules using a
controller be faster than "ovs-ofctl"? My application continuously add and
delete flows based on the traffic patterns, and it works fine if there is no
traffic flowing through the OVS, but as soon as I turn on the 40 G links,
the time to apply the rules starting hitting several seconds sometimes up to
100s. It keeps increasing as the existing number of flows increase.


Wouldn't it be better to run some sort of analysis to determine at what 
point your flow insertions start to fall behind?  Are you setting up 
many short lived flows?  Do you have jumbo flows?  Or some mixture?


Then figure out how many flows adjustments you need from testing.

Linux should be able to handle 10G.  40G, without a bunch of tuning and 
analysis and distribution, could be challenging.  And depends upon what 
stuff is being off-loaded, and what is calculated locally.


At that point, you have choices:

Ryu: python based controller with an established support base, but might 
be slow for your needs


Some Java based engines:  compiled and used by some bigger boys

Come C++ engines:  fast code, and maybe fast insertions (c++ and java 
would send messages which might bypass some of the ovs-ofctl parsing)


Some people diddle with certain functions directly (see past archives 
for several mentions)


Or maybe use P4 or eBPF to handle your packet handling?



Can an SDN controller solve this issue? Or is it an inherent OVS limitation
where it takes more time to add rules if more packets are going to the OF
classifier?



--
Raymond Burkholder
r...@oneunified.net
https://blog.raymond.burkholder.net

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] lacp to mellanox switch -- "COLLECTING NOT Enabled !! DISCARDING FRAME"

[Raymond Burkholder]

Hi Amit,

> Can you open a case at
> https://mymellanox.force.com/support/SupportLogin  and we will be happy
> to help you.

We have case# 00416594

> Are you running OpenFlow on the switch or only using the switch L2 with
> LAG/bond?

The switch is mlnxos.  We are only using switch L2 with LAG/bond.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] lacp to mellanox switch -- "COLLECTING NOT Enabled !! DISCARDING FRAME"

[Raymond Burkholder]

> > Based upon documentation, this should 'just' work, but well, it doesn't.
> The
> > two slave interfaces seem to always be disabled.  I have the following:
> >
> > # ovs-vsctl add-bond ovsbr0 bond_mlnx enp8s0f0 enp8s0f1 lacp=active
> > trunks=64,65
> 
> After sending that message, I read at the following that lacp mode is not
> supported and is problematic, and that I should use bond_mode=balance-tcp
> which does bring the interfaces up.
> 

After more digging, the Mellanox is dropping the lacp frames, so no sync is
happening.

Any Mellanox users on the list who are aware of the following?  And maybe
suggest an alternate setup?

I took a look at the ovs-vswitchd.conf.db lacp / bond parameters and saw no
knobs which might deal with something like this.

The key two lines from the following:

Jan 22 11:59:12 mlnx02 issd[3931]: TID 139885316582432: [issd.NOTICE]: LA:
LaHandleRxDataFrame: Port: 9:COLLECTING NOT Enabled !! DISCARDING FRAME

Jan 22 11:59:12 mlnx02 issd[3931]: TID 139885316582432: [issd.NOTICE]: LA:
LaHandleRxDataFrame: Port 9 FATAL ERROR :



Jan 22 11:57:32 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Config change ID 148:
requested by: user admin (System Administrator) via CLI, 2 item(s) changed
Jan 22 11:57:32 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Config change ID 148:
item 1: debug protocol to be logged in debug file added
Jan 22 11:57:32 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Config change ID 148:
item 2: debug protocol to be logged in debug file: Minimum trace level
initially set to 8
Jan 22 11:57:32 mlnx02 issd[3931]: TID 139884917987072: [issd.NOTICE]:
issd_mgmt_handle_event_request: Received event: /mgmtd/notify/dbchange
Jan 22 11:57:32 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Entering:
md_db_commit_apply
Jan 22 11:57:32 mlnx02 issd[3931]: TID 139884917987072: [issd.NOTICE]:
Handling change event for /log/config/debug/protocol/lacp
Jan 22 11:57:32 mlnx02 issd[3931]: TID 139884917987072: [issd.NOTICE]:
Handling change event for /log/config/debug/protocol/lacp/event
Jan 22 11:57:33 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
LaProcessLacpFrame:Dumping LACP frame received from lower layer...
Jan 22 11:57:34 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
LaProcessLacpFrame:Dumping LACP frame received from lower layer...
Jan 22 11:57:42 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Config change ID 149:
requested by: user admin (System Administrator) via CLI, 1 item(s) changed
Jan 22 11:57:42 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Config change ID 149:
item 1: debug protocol to be logged in debug file: Minimum trace level
changed from 8 to 10
Jan 22 11:57:42 mlnx02 issd[3931]: TID 139884917987072: [issd.NOTICE]:
issd_mgmt_handle_event_request: Received event: /mgmtd/notify/dbchange
Jan 22 11:57:42 mlnx02 issd[3931]: TID 139884917987072: [issd.NOTICE]:
Handling change event for /log/config/debug/protocol/lacp/event
Jan 22 11:57:42 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Entering:
md_db_commit_apply
Jan 22 11:57:43 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
LaProcessLacpFrame:Dumping LACP frame received from lower layer...
Jan 22 11:58:34 mlnx02 last message repeated 4 times
Jan 22 11:58:44 mlnx02 last message repeated 2 times
Jan 22 11:58:55 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Config change ID 150:
requested by: user admin (System Administrator) via CLI, 1 item(s) changed
Jan 22 11:58:55 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Config change ID 150:
item 1: debug protocol to be logged in debug file: Minimum trace level
changed from 10 to 65546
Jan 22 11:58:55 mlnx02 issd[3931]: TID 139884917987072: [issd.NOTICE]:
issd_mgmt_handle_event_request: Received event: /mgmtd/notify/dbchange
Jan 22 11:58:55 mlnx02 issd[3931]: TID 139884917987072: [issd.NOTICE]:
Handling change event for /log/config/debug/protocol/lacp/event
Jan 22 11:58:55 mlnx02 mgmtd[2828]: [mgmtd.NOTICE]: Entering:
md_db_commit_apply
Jan 22 11:58:56 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
TMR: Started Timer
Jan 22 11:59:04 mlnx02 last message repeated 41 times
Jan 22 11:59:04 mlnx02 issd[3931]: TID 139885316582432: [issd.NOTICE]: LA:
Called LaEnqueueControlFrame for Port 221
Jan 22 11:59:04 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
Called LaProcessLacpFrame for Port 221
Jan 22 11:59:04 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
LaProcessLacpFrame:Dumping LACP frame received from lower layer...
Jan 22 11:59:04 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
TMR: Timer Stopped SUCCESSFULLY
Jan 22 11:59:04 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
TMR: Started Timer
Jan 22 11:59:04 mlnx02 last message repeated 3 times
Jan 22 11:59:04 mlnx02 issd[3931]: TID 139885316582432: [issd.NOTICE]: LA:
Called LaEnqueueControlFrame for Port 61
Jan 22 11:59:04 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
Called LaProcessLacpFrame for Port 61
Jan 22 11:59:04 mlnx02 issd[3931]: TID 139884403714720: [issd.NOTICE]: LA:
LaProcessLacpFrame:Dumping LACP 

Re: [ovs-discuss] lacp to mellanox switch

[Raymond Burkholder]

 
> Based upon documentation, this should 'just' work, but well, it doesn't.
The
> two slave interfaces seem to always be disabled.  I have the following:
> 
> # ovs-vsctl add-bond ovsbr0 bond_mlnx enp8s0f0 enp8s0f1 lacp=active
> trunks=64,65

After sending that message, I read at the following that lacp mode is not
supported and is problematic, and that I should use bond_mode=balance-tcp
which does bring the interfaces up.

But doesn't bring up lacp on the other side.

So I am not sure what a proper configuration for the switch side it.

# ovs-vsctl add-bond ovsbr0 bond_mlnx enp8s0f0 enp8s0f1
bond_mode=balance-tcp
# ovs-appctl bond/show bond_mlnx
 bond_mlnx 
bond_mode: balance-tcp
bond may use recirculation: yes, Recirc-ID : 7
bond-hash-basis: 0
updelay: 0 ms
downdelay: 0 ms
next rebalance: 7098 ms
lacp_status: off
lacp_fallback_ab: false
active slave mac: 00:90:0b:68:eb:67(enp8s0f0)

slave enp8s0f0: enabled
active slave
may_enable: true

slave enp8s0f1: enabled
may_enable: true



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Ubuntu 16.04 Openvswitch bridge on bond

[Raymond Burkholder]

> I am attempting to setup a linux bond and create a openvswitch bridge that
> uses this bond0 on Ubuntu 16.04.03 using a cisco 2960 switch with
> openvswitch version 255.2.

Take a look at 

https://github.com/openvswitch/ovs/blob/master/debian/openvswitch-switch.REA
DME.Debian

It has a number of examples.

In addition, I have found that I need to create manual entries for bond
members to ensure that they come up (do this only if you find they don't
come up)



> 
> On the Ubuntu server I have configured
> 
> # /etc/modprobe.d/bonding.conf
> alias bond0 bonding
> options bonding mode=4 miimon=100 lacp_rate=1
> 
> # /etc/network/interfaces
> auto eno1
> iface eno1 inet manual
>   bond-master bond0
> 
> auto eno2
> iface eno2 inet manual
>   bond-master bond0
> 
> auto bond0
> allow-br0 bond0
> iface bond0 inet manual
>   bond-slaves eno1 eno2
>   ovs_bridge br0
>   ovs_type OVSPort
> 
> auto br0
> allow-ovs br0
> iface br0 inet static
>   address 192.168.0.8
>   netmask 255.255.255.0
>   gateway 192.168.0.1
>   dns-nameservers 192.168.0.1
>   ovs_type OVSBridge
>   ovs_ports br0
> 
> On the Cisco switch I have my LAN 192.168.0.1 connect to port G0/1 on
access
> port and created ether-channel and connected ports G0/7 and G0/8 to my
> Ubuntu server.  Vlan 1 to make things simple.
> 
> # show run
> interface Port-channel1
>  switchport mode access
> 
> interface GigabitEthernet0/7
>  switchport mode access
>  channel-protocol lacp
>  channel-group 1 mode active
> !
> interface GigabitEthernet0/8
>  switchport mode access
>  channel-protocol lacp
>  channel-group 1 mode active
> 
> From the switch I can see the LACP neighbours
> 
> Switch#show lacp neighbor
>   LACP portAdmin  Oper   Port
Port
> Port  Flags   Priority  Dev ID  AgekeyKeyNumber
> State
> Gi0/7 SA  255   a01d.48c7.7618  26s0x00x90x2
0x3D
> Gi0/8 SA  255   a01d.48c7.7618  25s0x00x90x1
0x3D
> 
> However, I am unable to get my Ubuntu server to be able to ping any
devices
> on my local network.  From my switch I can ping other devices my network
> apart from the Ubuntu server.
> 
> Could someone explain to me what I have missed with regards to this setup?
> 
> Thanks
> 
> Densha
> 
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> 
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] ovs-ofctl vs openflow 1.x vs ?

[Raymond Burkholder]

I've written some openflow controller code to submit openflow 
line-protocol based commands.


In looking at the ovs-fields document, there appears to be OVS functions 
available which are not available via openflow protocol commands.


Those extensions seem to be available in ovs-ofctl though.

Is there an API way of doing things instead of going through ovs-ofctl?  
Or are the NXM extensions available in one of the OpenFlow versions?  
For example, I've been programming via OF1.4.1 at this point (found at 
https://benpfaff.org/ofh/openflow-spec1.4.1.h).


From the ovs-fields document, there is NXM_NX_CONJ_ID (for conjunctive 
match fields), which shows as not being an openflow protocol based function.


IE, could flow tables be updated via JSON documents, like what is used 
to update the ovsdb?


Or am I missing something obvious?

--
Raymond Burkholder
r...@oneunified.net
https://blog.raymond.burkholder.net


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Wireless OVS

[Raymond Burkholder]

On 09/11/17 16:20, S hj wrote:



In MANET (mobile ad hoc networks), wireless nodes can communicate 
together without any access points.

Should I still consider hostapd for each wireless node in my simulation?


If you aren't running it, probably isn't needed.  I mention it only 
because you had used the word 'wireless'.  And there is a patch around 
for hostapd to talk properly to ovs.


I only run OVS on each node; however, it seems that I have to configure 
something to allow nodes to know about the mac address of each other


a quick google for 'manet arp' indicates something like:

https://www.ietf.org/mail-archive/web/manet/current/msg08124.html

So depending upon the devices you have, the bridging/repeater mode of 
your node(2) may have issues.


Maybe a manet mailing list might have an answer?


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] BFD with 'option : remote_ip = flow'

[Raymond Burkholder]

> On 16 Aug 2017, at 07:54, Vivek Srivastava V 
>  wrote:
> 
> No.  I hadn't heard of multi-hop BFD before, so I looked around a bit and 
> found RFC 5883.  That RFC, though, doesn't really provide a specification for 
> how to do this.  Is there a detailed specification somewhere else?
> 
> [Viveks] Unfortunately I also couldn't find any implementation specific 
> details about multihop BFD, other than RFC 5883 and some configuration 
> related info available on the net. What I could gather is that it is mostly 
> same as onehop BFD, with some additional considerations- 

Out of curiosity, would you be able to explain what your use case is?  I gather 
you don’t have a BFD partner on the ‘other end’ of the layer 2 link?  And that 
you are going across some sort of layer 3 network?  And if that is a multi-hop 
l3 network, don’t things get a bit dicey in terms of time-outs, possible 
changes in packet flows, etc?


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] How can I change OpenVSwitch

[Raymond Burkholder]

> 
> On 9 Jun 2017, at 11:41, Simone Aglianò <simoagli...@gmail.com> wrote:
> 
> I was looking for the cheapest and easiest way to have an OpenFlow switch to 
> run my experiment with Floodlight and Flowvisor. I think that the easiest and 
> cheapest way is run Open vSwitch on Linux operating system having an adapter 
> usb to multiple ethernet ports, isn´t it? I think to run it in linux virtual 
> machine what do you think about it?
> 

If you want hardware, the zodiac is probably cheapest.

For cheapest, as in free, run openvswitch on linux box, or in a linux virtual 
machine, and do the following to get openvswitch to talk to a controller (no 
usb stuff, no physical ethernet ports, … required, everything can be 
virtualized):

ip link set dev ova-system up  # I do this whether I need to or not
ovs-vsctl --may-exist add-br sw1
ip link set dev sw1 up
ovs-vsctl set bridge sw1 protocols=OpenFlow13
ovs-vsctl set-fail-mode sw1 secure
ovs-vsctl set-controller sw1 tcp:127.0.0.1:6653  # if controller is elsewhere, 
change the address to suit

Then to create test environment (creates namespace, creates veth pair, puts one 
end in a namespace, turns it up and assigns an ip address, and puts into a vlan 
[with ..n. is near, ..f. is far]):

ip netns add ns1
ip link add veth1n type veth peer name veth1f
ip link set up dev veth1n
ip link set veth1f netns ns1
ip netns exec ns1 ip addr add dev veth1f 10.0.0.1/24
ip netns exec ns1 ip link set dev veth1f up
ovs-vsctl --may-exist add-port sw1 veth1n tag=10

ip netns add ns2
ip link add veth2n type veth peer name veth2f
ip link set up dev veth2n
ip link set veth2f netns ns2
ip netns exec ns2 ip addr add dev veth2f 10.0.0.2/24
ip netns exec ns2 ip link set dev veth2f up
ovs-vsctl --may-exist add-port sw1 veth2n tag=10

Then to generate a packets through the switch:

ip netns exec ns1 ping 10.0.0.2

If you want to get extravagant, you can use mininet to create interesting 
virtual topologies for testing your controller.

http://mininet.org


> BTW, thank you for having referenced me OpenWrt projects.
> 
> On Fri, Jun 9, 2017 at 3:18 PM, Raymond Burkholder <r...@oneunified.net 
> <mailto:r...@oneunified.net>> wrote:
> 
>> On 9 Jun 2017, at 08:26, Simone Aglianò <simoagli...@gmail.com 
>> <mailto:simoagli...@gmail.com>> wrote:
>> 
>> I m interested also in a desktop switch with just 4 ports
>> 
>> On Fri, Jun 9, 2017 at 1:23 PM, Simone Aglianò <simoagli...@gmail.com 
>> <mailto:simoagli...@gmail.com>> wrote:
>> Does anyone know which is the cheapest switch with OpenFlow enabled or on 
>> which I can update the firmware or a Linux-based switch on which I can 
>> install OpenVSwitch?
> 
> I think at this point, you are actually asking two or more different 
> questions.  What is it that you are really looking for?  a) openvswitch 
> switching?  b) open flow based switching?  c) hardware accelerated 
> openvswitch?  d) openvswitch to handle open flow hardware acceleration? e) 
> hardware accelerated open flow?
> 
> Someone mentioned the Zodiac.  I believe that is an OpenFlow-only switch — 
> you don’t get to run openvswitch or linux on it.  You need to run a separate 
> controller to control the Zodiac.
> 
> If you want to run OpenvSwitch on something, you can use almost anything.  I 
> use devices from http://www.lannerinc.com <http://www.lannerinc.com/> (no 
> personal affiliation) to install Linux and run OpenvSwitch.  Forwarding 
> speeds are amazing, even if they are not hardware accelerated.
> 
> OpenvSwitch is a special animal:  it can be used to process-based switch 
> packets between ports.  And it can be used as an software based OpenFlow 
> switch.  it can run on anything you run linux and has multiple network ports.
> 
> You can take a look at the LEDE/openwrt projects — I think they use 
> openvswitch in some form for some of their routing/switching/security 
> elements.  That would get you a really inexpensive four port switch, running 
> linux, and some version of openvswitch.  Again, it depends, for what 
> combination of openvswitch/openflow/hardware acceleration are you looking?
> 
> If you can wait a bit more, the Mellanox guys are working through an 
> interesting concept of hardware accelerating Openvswitch through the linux tc 
> flower mechanism.  At that point, with mellanox hardware, you can then get 
> Openvswitch/openflow/hardware acceleration, all under one roof.
> 
> 
> 
>> 
>> Best regards,
>> Simone
>> 
>> On Fri, Jun 9, 2017 at 9:32 AM, Simone Aglianò <simoagli...@gmail.com 
>> <mailto:simoagli...@gmail.com>> wrote:
>> Thank you, but I didn't find it for Catalyst Switch 2960 24-TTL
>> 
>> On 8 Jun 2017 23:05, "Ian Pilcher&

Re: [ovs-discuss] How can I change OpenVSwitch

[Raymond Burkholder]

> On 9 Jun 2017, at 08:26, Simone Aglianò  wrote:
> 
> I m interested also in a desktop switch with just 4 ports
> 
> On Fri, Jun 9, 2017 at 1:23 PM, Simone Aglianò  > wrote:
> Does anyone know which is the cheapest switch with OpenFlow enabled or on 
> which I can update the firmware or a Linux-based switch on which I can 
> install OpenVSwitch?

I think at this point, you are actually asking two or more different questions. 
 What is it that you are really looking for?  a) openvswitch switching?  b) 
open flow based switching?  c) hardware accelerated openvswitch?  d) 
openvswitch to handle open flow hardware acceleration? e) hardware accelerated 
open flow?

Someone mentioned the Zodiac.  I believe that is an OpenFlow-only switch — you 
don’t get to run openvswitch or linux on it.  You need to run a separate 
controller to control the Zodiac.

If you want to run OpenvSwitch on something, you can use almost anything.  I 
use devices from http://www.lannerinc.com (no personal affiliation) to install 
Linux and run OpenvSwitch.  Forwarding speeds are amazing, even if they are not 
hardware accelerated.

OpenvSwitch is a special animal:  it can be used to process-based switch 
packets between ports.  And it can be used as an software based OpenFlow 
switch.  it can run on anything you run linux and has multiple network ports.

You can take a look at the LEDE/openwrt projects — I think they use openvswitch 
in some form for some of their routing/switching/security elements.  That would 
get you a really inexpensive four port switch, running linux, and some version 
of openvswitch.  Again, it depends, for what combination of 
openvswitch/openflow/hardware acceleration are you looking?

If you can wait a bit more, the Mellanox guys are working through an 
interesting concept of hardware accelerating Openvswitch through the linux tc 
flower mechanism.  At that point, with mellanox hardware, you can then get 
Openvswitch/openflow/hardware acceleration, all under one roof.



> 
> Best regards,
> Simone
> 
> On Fri, Jun 9, 2017 at 9:32 AM, Simone Aglianò  > wrote:
> Thank you, but I didn't find it for Catalyst Switch 2960 24-TTL
> 
> On 8 Jun 2017 23:05, "Ian Pilcher"  > wrote:
> On 06/07/2017 02:29 PM, Simone Aglianò wrote:
> Yes you have caught my question
> 
> http://lmgtfy.com/?q=cisco+catalyst+openflow 
> 
> 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] veth pair and MPLS

[Raymond Burkholder]

> I am attempting to create a test network using OVS bridges.  I created
> 8 namespaces that represent hosts.  I connected all of my bridges with
patch
> ports except between b4 and b5 which are connected via an veth
> pair.   This configuration works fine until I start adding MPLS labels
> at b2 and b6.  If I switch the veth pairs to patch ports my mpls setup
works.
> What am I missing why are my veth pairs not sending my mpls packets
> through.

Would you happen to have configs showing what you are attempting to
accomplish?  They help immensely in troubleshooting problems.  And many
times, when making something suitable for publication, a solution tends to
present itself!


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS supported hardware switches

[Raymond Burkholder]

Mellanox has been working with switchdev and openvswitch and have been 
upstreaming some work to the kernel to make what you have asked about to work 
with their spectrum switches.  Maybe I can get confirmation from them later 
today to share some of their roadmap.  Looks pretty good so far.  I am going to 
attempt a distributed OpenFlow/OVS controller which might be able to make use 
of their underlying hardware.

 

Disclosure:  I am an interested user and thought this might be appropriate for 
this list.

 

From: ovs-discuss-boun...@openvswitch.org 
[mailto:ovs-discuss-boun...@openvswitch.org] On Behalf Of Shravan S K
Sent: Friday, March 10, 2017 01:45
To: ovs-discuss@openvswitch.org
Subject: [ovs-discuss] OVS supported hardware switches

 

Hello,

We are looking to buy a few OpenFlow-enabled switches. What advantages can be 
achieved by a hardware switch that also supports OVS?

And can a hardware openflow L2 switch perform L3,L4 based openflow forwarding - 
can I inspect L3,L4 layers and take a decision based on them ?



-- 
This message has been scanned for viruses and 
dangerous content by   MailScanner, and is 
believed to be clean. 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] Talk Proprosal: OVN control of the black box.

[Raymond Burkholder]

> > > I went through Dustin Spinhirne's OVN Tutorial.  It helped immensely
> > > in understanding OVS/OVN interactions.  And also highlighted some of
> > > the shortcomings.
> > >
> > > Of many, two, possibly related, questions/ideas come to mind.  1)
> > > OVN seems to be more focused on the hypervisor side of things,
> 
> Do you mean, as opposed to container systems, or as opposed to something
> else?  OVN is meant to support both VMs and containers, in essentially the
> same way, so probably when we design the tutorial we should cover both.

Yes, I can see how it works with both containers and VMs.  Examples for both
might be useful, but if time is short, it isn't completely useful.  Veth
seems to be a common use scenario, but if something like macvlan or ipvlan
or others are alternate choices, examples with those might be useful.  I
havn't quite figured out use-cases for those, if they do exist.

But that wasn't quite where I was going.  I am using OVS in a routing /
switching use-case for the physical network.  I am trying to come up with an
appropriate controller solution for the openflow aspects of OVS when using
routers to connect hypervisors together.  I'll expand on this more below
where you ask a different question.

> 
> > > and 2) ecmp / routing still needs to be defined/implemented.
> 
> I guess that you do not mean this comment for logical networks, since OVN
> already supports logical routing and because ECMP does not really make
> sense at the logical level.

Yes, ECMP doesn't make sense at the logical level.  But at the physical
level it does.  Which I'll expand on for one of your other comments.

> 
> So I guess that you must be talking about ECMP and routing at the physical
> level.  What support do you think that we should add?  Or do you mean that
> we should explain in the tutorial how they interact with OVN?

The support I am thinking of adding is for OVN control of a physical
network.  Which couldn't be explained in a tutorial, because I don't think
that exists yet.

> 
> > > As a solution, I have been thinking along the lines of adding
> > > additional smarts to the OVN controller.
> > >
> > > In looking at techniques in Ryu where LLDP and link state can be
> > > communicated back to a controller so it effectively has an idea of
> > > the topology of the network.  It would be interesting to re-code the
> > > Ryu examples into an OVN/OVS context.
> > >
> > > The  topology meta-information could be used to perform some
> > > max-flow/min-cost calculations.  This information could be
> > > communicated back to the local OVN agent, which could be used to
> > > influence the routing/flow-control in the local OVS instance.
> > >
> > > This then gets OVN/OVS integrated into the over-all network, helps
> > > with over-all routing decisions (which is known to be lacking), and
> > > may help resolve some known resiliency/redundancy shortcomings.
> > >
> > > Is there general community interest in accepting such a solution?
> > > If so, I would be willing to start on working on details.  If there
> > > are members of the community who are familiar with the
> > > max-flow/min-cost calculations as they relate to network flow
> > > control, I would really like to hear from them about implementation
> gotchas, improvements, alternatives, 
> 
> Until now, OVN has not interacted much with the physical network.  It's

It is the 'until now'.  Maybe now is good to start thinking about that
interaction.  Unless the interaction is not appropriate and operators deal
with in a different way?

> generally considered as a black box.  The idea is that OVN simply
addresses a
> tunnel packet to an IP address and the physical network is responsible for
> delivering it to that IP address in a robust, efficient manner.  It sounds
like
> you'd like OVN to support being more tightly bound to the physical
network.

yes

> Probably, you should say more about how you want that to happen.  I do
> wonder whether it's really something that needs to be integrated into OVN
> at all, because I think that most of the possibilities could be
implemented
> without OVN's participation, but certainly that's just a question and not
a

How do you currently see that happening in networks of today?

> conclusion.

I think the key here is that I'm trying to build the innards of the 'black
box' you mention.  Ie, openvswitch supports openflow.  Openflow can be used
in the physical network to support packet routing/switching from one end of
the network to the other (the black box).  But openflow needs some kind of
controller.  Either a central one, or a distributed one, or a combo one
(central controller talking to distributed agents for each switch/router,
much like the OVN controller/agent scenario currently implemented for
virtualization).

I looked at a number of controllers:  frenetic, faucet, ryu, ...

Ryu came closest to meeting my needs, but would require quite a bit of work
to implement a controller/agent strategy.

But 

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

[Raymond Burkholder]

Try http://blog.spinhirne.com/p/blog-series.html for some OVN examples with 
ACL.  Does this get you closer?

 

 

Hello Everyone,

We are trying to experiment OVN ACLs on a native setup.(non-OpenStack and 
non-sandbox). We couldn't find any blog posts or documentation on how to do 
this.



 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss