From: Ido Schimmel <idosch@idosch.org>
To: wenxu <wenxu@ucloud.cn>
Cc: netdev@vger.kernel.org, mlxsw@mellanox.com
Subject: Re: Problem about gre tunnel route offload in mlxsw
Date: Thu, 26 Dec 2019 09:49:14 +0200 [thread overview]
Message-ID: <20191226074914.GA30900@splinter> (raw)
In-Reply-To: <8bb9cc6b-bda1-5808-d88c-6e33076ac264@ucloud.cn>
On Thu, Dec 26, 2019 at 01:07:33PM +0800, wenxu wrote:
> Hi mlxsw team,
>
>
> I did a route test with gre tunnel and vrf.
>
> This test under current net-next tree with following script:
>
>
> ifconfig enp3s0np31 up
> ip a a dev enp3s0np31 172.168.152.247/24
>
> ip l add dev vrf11 type vrf table 11
> ifconfig vrf11 up
> ip l set dev enp3s0np11 master vrf11
> ifconfig enp3s0np11 10.0.7.1/24 up
> ip tunnel add name gre11 mode gre local 172.168.152.247 remote 172.168.152.73 key 11 tos inherit ttl inherit
> ip l set dev gre11 master vrf11
> ifconfig gre11 10.0.2.1/24 up
>
> ip l add dev vrf21 type vrf table 21
> ifconfig vrf21 up
> ip l set dev enp3s0np21 master vrf21
> ifconfig enp3s0np21 10.0.7.1/24 up
> ip tunnel add name gre21 mode gre local 172.168.152.247 remote 172.168.152.73 key 21 tos inherit ttl inherit
> ip l set dev gre21 master vrf21
> ifconfig gre21 10.0.2.1/24 up
>
>
> If there is only one tunnel. The route rule can be offloaded. But two tunnel only with different key can't be offloaded.
>
> If I add a new address 172.168.152.248 for tunnel source and change the gre21 to
>
> "ip tunnel add name gre21 mode gre local 172.168.152.248 remote 172.168.152.73 key 21 tos inherit ttl inherit"
>
> It's work.
>
> So it means dispatch based on tunnel key is not supported ?
Yes. See:
"No two tunnels that share underlay VRF shall share a local address
(i.e. dispatch based on tunnel key is not supported)"
https://github.com/Mellanox/mlxsw/wiki/L3-Tunneling#features-and-limitations
> It is a hardware limits or just software unsupported?
Software. In hardware you can perform decapsulation in the router or
using ACLs. mlxsw uses the former so the key is {tb_id, prefix}. With
ACLs it is possible to match on more attributes.
>
>
> And if a replace the gre device to vxlan device, the route can't be offloaded again only with one vxlan tunnel.
>
> "ip l add dev vxlan11 type vxlan local 172.168.152.247 remote 172.168.152.73 id 11 noudpcsum tos inherit ttl inherit dstport 4789"
>
> So currently the vxlan device can't work with routing?
Yes. We don't perform VXLAN encapsulation in the router, only in bridge.
See:
https://github.com/Mellanox/mlxsw/wiki/Virtual-eXtensible-Local-Area-Network-%28VXLAN%29
>
>
> BR
>
> wenxu
>
>
>
>
>
next prev parent reply other threads:[~2019-12-26 7:49 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-25 9:48 [PATCH net-next 0/5] netfilter: add indr block setup in nf_flow_table_offload wenxu
2019-12-25 9:48 ` [PATCH net-next 1/5] flow_offload: add TC_SETP_FT type in flow_indr_block_call wenxu
2019-12-25 9:48 ` [PATCH net-next 2/5] netfilter: nf_flow_table_offload: refactor nf_flow_table_offload_setup to support indir setup wenxu
2019-12-25 9:48 ` [PATCH net-next 3/5] netfilter: nf_flow_table_offload: add indr block setup support wenxu
2019-12-25 9:48 ` [PATCH net-next 4/5] netfilter: nf_flow_table_offload: add tunnel match offload support wenxu
2019-12-25 9:48 ` [PATCH net-next 5/5] netfilter: nf_flow_table_offload: add tunnel encap/decap action " wenxu
2019-12-26 1:46 ` [PATCH net-next 0/5] netfilter: add indr block setup in nf_flow_table_offload wenxu
2019-12-26 3:50 ` David Miller
2019-12-26 5:07 ` Problem about gre tunnel route offload in mlxsw wenxu
2019-12-26 7:49 ` Ido Schimmel [this message]
2019-12-26 8:22 ` wenxu
2019-12-26 9:22 ` Ido Schimmel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191226074914.GA30900@splinter \
--to=idosch@idosch.org \
--cc=mlxsw@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=wenxu@ucloud.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).