Thanks Darrell. I checked the OVS tree kernel module, it indeed does not drop
empty payload TCP packets.
Jing
From: Darrell Ball
Sent: Friday, May 3, 2019 3:34 PM
To: Zhang, Jing C. (Nokia - CA/Ottawa)
Cc: Han Zhou ; ovs-discuss@openvswitch.org
Subject: Re: FW: [ovs-discuss] OVS 2.9.0 native
Thanks for reconfirming Jing
Darrell
On Fri, May 3, 2019 at 3:02 PM Zhang, Jing C. (Nokia - CA/Ottawa) <
jing.c.zh...@nokia.com> wrote:
> The thing is, I don’t see empty TCP packet drops on DPDK computes, I
> nevertheless applied the patch HAN mentioned on DPDK computes, no
> difference.
>
>
>
The thing is, I don’t see empty TCP packet drops on DPDK computes, I
nevertheless applied the patch HAN mentioned on DPDK computes, no difference.
The issues we see is on OVS computes.
Jing
From: Darrell Ball
Sent: Friday, May 03, 2019 3:34 PM
To: Zhang, Jing C. (Nokia - CA/Ottawa)
Cc: Han
On Fri, May 3, 2019 at 10:44 AM Zhang, Jing C. (Nokia - CA/Ottawa) <
jing.c.zh...@nokia.com> wrote:
>
>1. The hybrid firewall refers to Linux bridge based firewall. To debug
>the issue, we switch the neutron OVS agent to use native firewall.
>
>
>
> [securitygroup]
>
>
Sorry, I overlooked your questions on dpdk computes. DPDK itself is find, VMs
are up and running.
Jing
From: Darrell Ball
Sent: Friday, May 3, 2019 11:55 AM
To: Zhang, Jing C. (Nokia - CA/Ottawa)
Cc: Han Zhou ; ovs-discuss@openvswitch.org
Subject: Re: FW: [ovs-discuss] OVS 2.9.0 native
1. The hybrid firewall refers to Linux bridge based firewall. To debug the
issue, we switch the neutron OVS agent to use native firewall.
[securitygroup]
#firewall_driver=iptables_hybrid
firewall_driver=openvswitch
# ovs-ofctl dump-flows br-int | grep ct_state
cookie=0xddb977285e2ba9b6,
couple corrections inline
On Fri, May 3, 2019 at 8:52 AM Darrell Ball wrote:
>
>
> On Fri, May 3, 2019 at 8:29 AM Zhang, Jing C. (Nokia - CA/Ottawa) <
> jing.c.zh...@nokia.com> wrote:
>
>>
>>1. This issue is with native OVS firewall where the data flows are
>>subject to conntrack rules,
On Fri, May 3, 2019 at 8:29 AM Zhang, Jing C. (Nokia - CA/Ottawa) <
jing.c.zh...@nokia.com> wrote:
>
>1. This issue is with native OVS firewall where the data flows are
>subject to conntrack rules, there is no issue for hybrid firewall
>
>
1/ Does 'native OVS firewall' mean either kernel
1. This issue is with native OVS firewall where the data flows are subject
to conntrack rules, there is no issue for hybrid firewall
1. Below is from DPDK compute:
# ovs-vsctl --no-wait get Open_vSwitch . other_config
# ovs-vsctl -- list bridge br-int | grep datapath
datapath_id
and jtbc, ovs-dpdk uses the userspace datapath
On Fri, May 3, 2019 at 8:24 AM Darrell Ball wrote:
> The node you are displaying below is running kernel datapath
>
> fyi: The fix Han pointed you to is for userspace datapath/conntrack
>
>
>
> On Fri, May 3, 2019 at 8:14 AM Zhang, Jing C. (Nokia -
The node you are displaying below is running kernel datapath
fyi: The fix Han pointed you to is for userspace datapath/conntrack
On Fri, May 3, 2019 at 8:14 AM Zhang, Jing C. (Nokia - CA/Ottawa) <
jing.c.zh...@nokia.com> wrote:
> We have both OVS and OVS-dpdk computes.
>
>
>
> Below is from
We have both OVS and OVS-dpdk computes.
Below is from OVS compute:
# ovs-vsctl --no-wait get Open_vSwitch . other_config
{}
# ovs-vsctl -- list bridge br-int | grep datapath
datapath_id : "aaf62aaf3546"
datapath_type : system
datapath_version: ""
From: Darrell Ball
Sent:
What do the following commands yield ?
sudo ovs-vsctl -- get bridge datapath_type
sudo ovs-vsctl --no-wait get Open_vSwitch . other_config
>
> *From: * on behalf of Han Zhou <
> zhou...@gmail.com>
> *Date: *Thursday, May 2, 2019 at 7:12 PM
> *To: *"Zhang, Jing C. (Nokia - CA/Ottawa)"
> *Cc:
13 matches
Mail list logo