OVS VXLAN decap rule has full match on TTL for the outer headers?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Or Gerlitz <ogerlitz@mellanox.com>
To: Joe Stringer <joestringer@nicira.com>,
	Jesse Gross <jesse@nicira.com>,
	Haggai Eran <haggaie@mellanox.com>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
	Ilya Lesokhin <ilyal@mellanox.com>,
	Rony Efraim <ronye@mellanox.com>,
	Hadar Hen Zion <hadarh@mellanox.com>
Subject: OVS VXLAN decap rule has full match on TTL for the outer headers?
Date: Wed, 11 Nov 2015 16:47:36 +0200	[thread overview]
Message-ID: <56435508.9070802@mellanox.com> (raw)

Hi Joe/Jesse,

We've noticed that VXLAN decap rules set by OVS in the below trivial 
VXLAN config contain full match on TTL=64 for the outer headers, can you 
explain the reasoning behind it? is that justa typo in dumping the flow?

I also noticed that on my systems (upstream kernel 4.3.0-rc6+, veth 
emulating a VM network 192.168.52/24 and host network 192.168.31/24, ovs 
user-space 2.3.2) something is broken in the encap rule reporting, 
traffic goes fine (below)

I tried downgrading the ovs 2.0.90 and ovs-dpctl dump-flows crashes, the 
core dump (...) doesn't say much.

Is there a kernel patch that can assist here? if not, what user-space 
version you recommend to make that dumping work
better?

Or.

# ovs-vsctl show
0ea2d6c6-93d0-4e5d-ad99-d47213bb0bf1
     Bridge ovs-tun
         Port ovs-tun
             Interface ovs-tun
                 type: internal
         Port "vxlan0"
             Interface "vxlan0"
                 type: vxlan
                 options: {dst_port="4789", key="98", 
remote_ip="192.168.31.18"}
         Port "veth1"
             Interface "veth1"
     ovs_version: "2.3.2"

# ovs-dpctl show
system@ovs-system:
         lookups: hit:41456 missed:1364 lost:15
         flows: 4
         masks: hit:54475 total:6 hit/pkt:1.27
         port 0: ovs-system (internal)
         port 1: ovs-tun (internal)
         port 2: vxlan_sys_4789 (vxlan: df_default=false, ttl=0)
         port 3: veth1

# ovs-dpctl dump-flows

decap rule:

recirc_id(0),skb_priority(0),tunnel(tun_id=0x62,src=192.168.31.18,dst=192.168.31.17,tos=0x0,ttl=64,flags(key)),in_port(2),skb_mark(0),eth(src=9e:1e:90:87:27:1a,dst=ce:57:32:ec:06:1a),eth_type(0x0800),ipv4(src=192.168.52.18/0.0.0.0,dst=192.168.52.17/0.0.0.0,proto=1/0,tos=0/0,ttl=64/0,frag=no/0xff), 
packets:3, bytes:294, used:0.012s, actions:3

encap rule:

recirc_id(0),skb_priority(0),in_port(3),eth(src=ce:57:32:ec:06:1a,dst=9e:1e:90:87:27:1a),eth_type(0x0800),ipv4(src=192.168.52.17/0.0.0.0,dst=192.168.52.18/0.0.0.0,proto=1/0,tos=0/0x3,ttl=64/0,frag=no/0xff), 
packets:2, bytes:196, used:0.012s, actions:set(unspec(bad key length 8, 
expected -1)(00 00 00 00 00 00 00 62)),2


[root@r-dcs54 vxlan]# tcpdump -nnei veth0 icmp -c 2
16:41:06.037788 0e:35:5a:35:13:5c > 9e:1e:90:87:27:1a, ethertype IPv4 
(0x0800), length 98: 192.168.52.17 > 192.168.52.18: ICMP echo request, 
id 5946, seq 1566, length 64
16:41:06.037903 9e:1e:90:87:27:1a > 0e:35:5a:35:13:5c, ethertype IPv4 
(0x0800), length 98: 192.168.52.18 > 192.168.52.17: ICMP echo reply, id 
5946, seq 1566, length 64


[root@r-dcs54 vxlan]# tcpdump -nnei eth3 udp -c 2
16:40:56.037061 00:02:c9:e9:bf:32 > f4:52:14:01:da:82, ethertype IPv4 
(0x0800), length 148: 192.168.31.17.51757 > 192.168.31.18.4789: UDP, 
length 106
16:40:56.037121 f4:52:14:01:da:82 > 00:02:c9:e9:bf:32, ethertype IPv4 
(0x0800), length 148: 192.168.31.18.53633 > 192.168.31.17.4789: UDP, 
length 106

next             reply	other threads:[~2015-11-11 14:48 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-11 14:47 Or Gerlitz [this message]
2015-11-11 22:44 ` OVS VXLAN decap rule has full match on TTL for the outer headers? Jesse Gross
2015-11-12  6:34   ` Or Gerlitz
2015-11-13  8:14     ` Joe Stringer
2015-11-13 14:46       ` Or Gerlitz
2015-11-14  6:45         ` Joe Stringer
2015-11-19 15:40           ` Or Gerlitz
2015-11-29 13:37             ` Or Gerlitz
2015-12-02 18:01               ` Joe Stringer
2015-12-08 19:20                 ` Joe Stringer
2015-12-08 21:23                   ` Or Gerlitz
2015-12-09  0:22                     ` Joe Stringer
2015-12-10 21:06                       ` Or Gerlitz
2015-12-10 21:23                         ` Joe Stringer
2015-12-10 21:43                           ` Or Gerlitz
2015-12-10 23:53                             ` Joe Stringer
2015-11-29 13:06           ` Haggai Eran
2015-12-02 17:52             ` Joe Stringer
2015-12-02 18:04               ` Jesse Gross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56435508.9070802@mellanox.com \
    --to=ogerlitz@mellanox.com \
    --cc=hadarh@mellanox.com \
    --cc=haggaie@mellanox.com \
    --cc=ilyal@mellanox.com \
    --cc=jesse@nicira.com \
    --cc=joestringer@nicira.com \
    --cc=netdev@vger.kernel.org \
    --cc=ronye@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.