Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

The thing is, I don’t see empty TCP packet drops on DPDK computes, I nevertheless applied the patch HAN mentioned on DPDK computes, no difference. The issues we see is on OVS computes. Jing From: Darrell Ball Sent: Friday, May 03, 2019 3:34 PM To: Zhang, Jing C. (Nokia - CA/Ottawa) Cc: Han

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

Thanks for reconfirming Jing Darrell On Fri, May 3, 2019 at 3:02 PM Zhang, Jing C. (Nokia - CA/Ottawa) < jing.c.zh...@nokia.com> wrote: > The thing is, I don’t see empty TCP packet drops on DPDK computes, I > nevertheless applied the patch HAN mentioned on DPDK computes, no > difference. > > >

[ovs-discuss] TSO in OVS-DPDK 2.11.0

Does OVS 2.11.0 support TSO in OVS-DPDK? Or are there any separate configurations to be done or patches to be applied? ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS 2.9.0 native firewall drops empty payload TCP packets continued

Thank you Han, I will check out this fix. From: Han Zhou Sent: Thursday, May 2, 2019 10:11 PM To: Zhang, Jing C. (Nokia - CA/Ottawa) Cc: ovs-discuss@openvswitch.org Subject: Re: [ovs-discuss] OVS 2.9.0 native firewall drops empty payload TCP packets continued On Thu, May 2, 2019 at 6:04 PM

Re: [ovs-discuss] TSO in OVS-DPDK 2.11.0

Basically, I want to run a VM2VM (same host) iperf test and thus want to enable TSO for the vhostuser backend. But, I am not able to figure out how can I turn ON this feature in guest VMs. ethtool is unable to change these fixed features. Either some change in domain XML or some change in OVS-DPDK

Re: [ovs-discuss] OVS 2.9.0 native firewall drops empty payload TCP packets continued

On 5/2/2019 6:03 PM, Zhang, Jing C. (Nokia - CA/Ottawa) wrote: We (our VNFs) continue to observe the same empty payload TCP (ACK) packet drop with native firewall (see original post below) after upgrading to Centos 7.6. This packet drop results in unacceptable TCP performance, by that native

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

On Fri, May 3, 2019 at 10:44 AM Zhang, Jing C. (Nokia - CA/Ottawa) < jing.c.zh...@nokia.com> wrote: > >1. The hybrid firewall refers to Linux bridge based firewall. To debug >the issue, we switch the neutron OVS agent to use native firewall. > > > > [securitygroup] > >

Re: [ovs-discuss] OVS GRE port selecting egress interface for tunnelled traffic

On 4/29/2019 12:21 AM, Aitor Zabala Orive wrote: Hi, We are currently working with OVS in order to be capable of routing traffic through different interfaces connecting to the internet. In order to maintain private ip addressing we are using gre tunnel OVS implementation. However, we are

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

We have both OVS and OVS-dpdk computes. Below is from OVS compute: # ovs-vsctl --no-wait get Open_vSwitch . other_config {} # ovs-vsctl -- list bridge br-int | grep datapath datapath_id : "aaf62aaf3546" datapath_type : system datapath_version: "" From: Darrell Ball Sent:

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

1. This issue is with native OVS firewall where the data flows are subject to conntrack rules, there is no issue for hybrid firewall 1. Below is from DPDK compute: # ovs-vsctl --no-wait get Open_vSwitch . other_config # ovs-vsctl -- list bridge br-int | grep datapath datapath_id

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

The node you are displaying below is running kernel datapath fyi: The fix Han pointed you to is for userspace datapath/conntrack On Fri, May 3, 2019 at 8:14 AM Zhang, Jing C. (Nokia - CA/Ottawa) < jing.c.zh...@nokia.com> wrote: > We have both OVS and OVS-dpdk computes. > > > > Below is from

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

and jtbc, ovs-dpdk uses the userspace datapath On Fri, May 3, 2019 at 8:24 AM Darrell Ball wrote: > The node you are displaying below is running kernel datapath > > fyi: The fix Han pointed you to is for userspace datapath/conntrack > > > > On Fri, May 3, 2019 at 8:14 AM Zhang, Jing C. (Nokia -

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

On Fri, May 3, 2019 at 8:29 AM Zhang, Jing C. (Nokia - CA/Ottawa) < jing.c.zh...@nokia.com> wrote: > >1. This issue is with native OVS firewall where the data flows are >subject to conntrack rules, there is no issue for hybrid firewall > > 1/ Does 'native OVS firewall' mean either kernel

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

couple corrections inline On Fri, May 3, 2019 at 8:52 AM Darrell Ball wrote: > > > On Fri, May 3, 2019 at 8:29 AM Zhang, Jing C. (Nokia - CA/Ottawa) < > jing.c.zh...@nokia.com> wrote: > >> >>1. This issue is with native OVS firewall where the data flows are >>subject to conntrack rules,

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

1. The hybrid firewall refers to Linux bridge based firewall. To debug the issue, we switch the neutron OVS agent to use native firewall. [securitygroup] #firewall_driver=iptables_hybrid firewall_driver=openvswitch # ovs-ofctl dump-flows br-int | grep ct_state cookie=0xddb977285e2ba9b6,

Re: [ovs-discuss] FW: OVS 2.9.0 native firewall drops empty payload TCP packets continued

Sorry, I overlooked your questions on dpdk computes. DPDK itself is find, VMs are up and running. Jing From: Darrell Ball Sent: Friday, May 3, 2019 11:55 AM To: Zhang, Jing C. (Nokia - CA/Ottawa) Cc: Han Zhou ; ovs-discuss@openvswitch.org Subject: Re: FW: [ovs-discuss] OVS 2.9.0 native