On 5/26/17, 6:24 PM, "王志克" <wangzh...@jd.com> wrote:
Hi Darrell,
I indeed observed IP fragment scenario in our other product deployment, and
resulted some critical issue. Then I am
wondering how to handle it in OVS+DPDK alternative solution.
[Darrell]
I am not sure what critical means here; it varies widely based on several
considerations.
Maybe you just describe what the situation was and what happened.
Let me ask a few questions to draw that out.
Q1) Was that “other deployment” using kernel datapath and experienced a
transient input of fragmented
traffic from a Vxlan tunnel that the kernel could not handle due to lower
throughput for fragmented traffic
and/or kernel fragmentation thresholds used and ended up dropping those packets
(possibly retried with delay) ?
Or something else ?
Q2) Was the transient input of fragmented packets an intentional hack used to
trash other traffic
or just network misconfiguration or you have no clue ?
Typical cases are:
1) VxLan segmented packet reaches Vswitch and need to pop the VxLan header for
further handling. In kernel OVS, normally Linux kernel will reassemble it
before sending to OVS module. Since this happens in real world, we need to
handle it though the possibility of happening is quite low.
[Darrell]
It is possible that fragmented packets arrive from a Vxlan tunnel – that is
obvious.
2) Segmented packets go through conntrack. In kernel OVS, it will reuse
Kernel reassembly function to make reassembled packet go through conntrack.
[Darrell]
“2” is not a use case; it is simply a statement of what the kernel does when
faced with fragmented packets,
which is the topic of this thread.
FYI, there are several configuration parameters that determine the actual
behavior obtained. The effective behavior
could even be that the kernel drops all these fragments.
Above cases really happen in current product deployment, and we want to
keep it work when migrating to OVS+DPDK solution.
Br,
Wang Zhike
-邮件原件-
发件人: Darrell Ball [mailto:db...@vmware.com]
发送时间: 2017年5月27日 2:45
收件人: 王志克; Ben Pfaff; Darrell Ball
抄送: ovs-dev@openvswitch.org
主题: Re: 答复: [ovs-dev] Query for missing function
On 5/26/17, 2:00 AM, "王志克" <wangzh...@jd.com> wrote:
Hi Darrell, Ben,
Thanks for your reply. Glad to hear that we are approaching useful
candidate patch.
What is the plan for disassemble and fragment for OVS+DPDK? Like
1, received underlay vxlan fragmented packets,
2, received overlay fragmented packets that will go through conntrack
3, output packet with size > out_port_mtu
IP frag. is still on the radar:
I have a large dataset of information regarding IP frag usage from a widely
distributed virtualization product.
However, I would like know your usage requirements for IP frag ?
Do you want it for feature parity reasons with the kernel or does it solve
some problems you are facing; can you explain your specific needs ?
Br,
Wang zhike
-邮件原件-
发件人: Darrell Ball [mailto:db...@vmware.com]
发送时间: 2017年5月26日 9:45
收件人: Ben Pfaff; 王志克; Darrell Ball
抄送: ovs-dev@openvswitch.org
主题: Re: [ovs-dev] Query for missing function
On 5/25/17, 2:04 PM, "ovs-dev-boun...@openvswitch.org on behalf of Ben
Pfaff" <ovs-dev-boun...@openvswitch.org on behalf of b...@ovn.org> wrote:
On Wed, May 24, 2017 at 12:48:24PM +, 王志克 wrote:
> Reading the release note of DPDK section for OVS2.6, I note below:
>
> * Basic connection tracking for the userspace datapath (no
ALG,
>fragmentation or NAT support yet)
>
> I am wondering for the missing part (no ALG, fragmentation, NAT),
can
> I have the release plan for such feature? Or is there draft
version
> for trial?
I think that Darrell (CCed) is working on that for OVS 2.8. He has
posted patches before. I expect to see a revision of it pretty
soon.
NAT patches have been out for a while and a minor reversion will come
out next week along with a separate series for ftp alg support.
The NAT patches have been tested by a couple other folks, externally
and internally, as well.
___
dev mailing list
d...@openvswitch.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev=DwIGaQ=uilaK90D4TOVoH58JNXRgQ=BVhFA09CGX7JQ5Ih-uZnsw=ZRe75F1jCPHX