Add a boolean "layer3" configuration option for tunnel vports.
The layer3 option defaults to false for all ports except LISP.
GRE ports accept both true and false for "layer3".
A tunnel vport configured with layer3=true receives L3 packets.
which are then converted to Ethernet packets by pushing a dummy
Ethernet heder at the ingress of the OpenFlow pipeline. The
Ethernet header of a packet is stripped before sending to a
layer3 tunnel vport.
Presently a single GRE vport cannot carry both L2 and L3 packets.
But it is possible to create two GRE vports representing the same
GRE tunel, one with layer3=false, the other with layer3=true.
L2 packet from the tunnel are received on the first vport, L3
packets on the second. The controller must send packets to the
layer3 GRE vport to tunnel them without their Ethernet header.
Units tests have been added to check the L3 tunnel handling.
LISP tunnels are not yet supported by the netdev userspace datapath.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Yi Yang <yi.y.yang@intel.com>
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com>
Co-authored-by: Zoltan Balogh <zoltan.balogh@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
- Fedora Packaging:
* OVN services are no longer restarted automatically after upgrade.
- Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
+ - L3 tunneling:
+ * Add "layer3" options for tunnel ports that support non-Ethernet (L3)
+ payload (GRE).
+ * Transparently pop and push Ethernet headers at transmit/reception
+ of packets to/from L3 tunnels.
v2.7.0 - 21 Feb 2017
---------------------
*ip_tot_size = dp_packet_size(packet) - sizeof (struct eth_header);
memcpy(eth, header, size);
+ /* The encapsulated packet has type Ethernet. Adjust dp_packet. */
+ packet->packet_type = htonl(PT_ETH);
+ dp_packet_reset_offsets(packet);
+ packet->l3_ofs = sizeof (struct eth_header);
if (netdev_tnl_is_header_ipv6(header)) {
ip6 = netdev_tnl_ipv6_hdr(eth);
ovs_16aligned_be32 *options;
int hlen;
unsigned int ulen;
+ uint16_t greh_protocol;
greh = netdev_tnl_ip_extract_tnl_md(packet, tnl, &ulen);
if (!greh) {
return -EINVAL;
}
- if (greh->protocol != htons(ETH_TYPE_TEB)) {
- return -EINVAL;
- }
-
hlen = ulen + gre_header_len(greh->flags);
if (hlen > dp_packet_size(packet)) {
return -EINVAL;
options++;
}
+ /* Set the new packet type depending on the GRE protocol field. */
+ greh_protocol = ntohs(greh->protocol);
+ if (greh_protocol == ETH_TYPE_TEB) {
+ packet->packet_type = htonl(PT_ETH);
+ } else if (greh_protocol >= ETH_TYPE_MIN) {
+ /* Allow all GRE protocol values above 0x5ff as Ethertypes. */
+ packet->packet_type = PACKET_TYPE_BE(OFPHTN_ETHERTYPE, greh_protocol);
+ } else {
+ return -EINVAL;
+ }
+
return hlen;
}
greh = netdev_tnl_ip_build_header(data, params, IPPROTO_GRE);
- greh->protocol = htons(ETH_TYPE_TEB);
+ if (tnl_cfg->is_layer3) {
+ greh->protocol = params->flow->dl_type;
+ } else {
+ greh->protocol = htons(ETH_TYPE_TEB);
+ }
greh->flags = 0;
options = (ovs_16aligned_be32 *) (greh + 1);
tnl->tun_id = htonll(ntohl(get_16aligned_be32(&vxh->vx_vni)) >> 8);
tnl->flags |= FLOW_TNL_F_KEY;
+ packet->packet_type = htonl(PT_ETH);
dp_packet_reset_packet(packet, hlen + VXLAN_HLEN);
return packet;
tnl->metadata.present.len = opts_len;
tnl->flags |= FLOW_TNL_F_UDPIF;
+ packet->packet_type = htonl(PT_ETH);
dp_packet_reset_packet(packet, hlen);
return packet;
const char *name = netdev_get_name(dev_);
const char *type = netdev_get_type(dev_);
struct ds errors = DS_EMPTY_INITIALIZER;
- bool needs_dst_port, has_csum;
+ bool needs_dst_port, has_csum, optional_layer3;
uint16_t dst_proto = 0, src_proto = 0;
struct netdev_tunnel_config tnl_cfg;
struct smap_node *node;
has_csum = strstr(type, "gre") || strstr(type, "geneve") ||
strstr(type, "stt") || strstr(type, "vxlan");
+ optional_layer3 = !strcmp(type, "gre");
memset(&tnl_cfg, 0, sizeof tnl_cfg);
/* Add a default destination port for tunnel ports if none specified. */
if (!strcmp(type, "lisp")) {
tnl_cfg.dst_port = htons(LISP_DST_PORT);
+ tnl_cfg.is_layer3 = true;
}
if (!strcmp(type, "stt")) {
} else if (!strcmp(node->key, "egress_pkt_mark")) {
tnl_cfg.egress_pkt_mark = strtoul(node->value, NULL, 10);
tnl_cfg.set_egress_pkt_mark = true;
+ } else if (!strcmp(node->key, "layer3") && optional_layer3) {
+ if (!strcmp(node->value, "true")) {
+ tnl_cfg.is_layer3 = true;
+ }
} else {
ds_put_format(&errors, "%s: unknown %s argument '%s'\n",
name, type, node->key);
get_tunnel_config(const struct netdev *dev, struct smap *args)
{
struct netdev_vport *netdev = netdev_vport_cast(dev);
+ const char *type = netdev_get_type(dev);
struct netdev_tunnel_config tnl_cfg;
ovs_mutex_lock(&netdev->mutex);
if (tnl_cfg.dst_port) {
uint16_t dst_port = ntohs(tnl_cfg.dst_port);
- const char *type = netdev_get_type(dev);
if ((!strcmp("geneve", type) && dst_port != GENEVE_DST_PORT) ||
(!strcmp("vxlan", type) && dst_port != VXLAN_DST_PORT) ||
smap_add(args, "csum", "true");
}
+ if (tnl_cfg.is_layer3 && !strcmp("gre", type)) {
+ smap_add(args, "layer3", "true");
+ }
+
if (!tnl_cfg.dont_fragment) {
smap_add(args, "df_default", "false");
}
#include "openvswitch/vlog.h"
#include "unaligned.h"
#include "ofproto-dpif.h"
+#include "netdev-vport.h"
VLOG_DEFINE_THIS_MODULE(tunnel);
bool in_key_flow;
bool ip_src_flow;
bool ip_dst_flow;
+ bool is_layer3;
};
struct tnl_port {
tnl_port->match.ip_dst_flow = cfg->ip_dst_flow;
tnl_port->match.in_key_flow = cfg->in_key_flow;
tnl_port->match.odp_port = odp_port;
+ tnl_port->match.is_layer3 = netdev_vport_is_layer3(netdev);
map = tnl_match_map(&tnl_port->match);
existing_port = tnl_find_exact(&tnl_port->match, *map);
* Returns 0 if successful, otherwise a positive errno value. */
int
tnl_port_add(const struct ofport_dpif *ofport, const struct netdev *netdev,
- odp_port_t odp_port, bool native_tnl, const char name[]) OVS_EXCLUDED(rwlock)
+ odp_port_t odp_port, bool native_tnl, const char name[])
+ OVS_EXCLUDED(rwlock)
{
bool ok;
fat_rwlock_wrlock(&rwlock);
tnl_port = tnl_find_ofport(ofport);
if (!tnl_port) {
- changed = tnl_port_add__(ofport, netdev, odp_port, false, native_tnl, name);
+ changed = tnl_port_add__(ofport, netdev, odp_port, false, native_tnl,
+ name);
} else if (tnl_port->netdev != netdev
|| tnl_port->match.odp_port != odp_port
|| tnl_port->change_seq != netdev_get_change_seq(tnl_port->netdev)) {
}
/* Match on packet_type for tunneled packets.*/
wc->masks.packet_type = OVS_BE32_MAX;
-
}
}
match.in_key_flow = in_key_flow;
match.ip_dst_flow = ip_dst_flow;
match.ip_src_flow = ip_src == IP_SRC_FLOW;
+ match.is_layer3 = flow->packet_type != htonl(PT_ETH);
tnl_port = tnl_find_exact(&match, map);
if (tnl_port) {
} else {
ds_put_format(ds, ", key=%#"PRIx64, ntohll(match->in_key));
}
+ if (match->is_layer3) {
+ ds_put_cstr(ds, ", layer3");
+ }
ds_put_format(ds, ", dp port=%"PRIu32, match->odp_port);
}
options:remote_ip=2001:cafe::93 options:out_key=flow options:csum=true ofport_request=4\
-- add-port int-br t4 -- set Interface t4 type=geneve \
options:remote_ip=flow options:key=123 ofport_request=5\
+ -- add-port int-br t5 -- set Interface t5 type=gre \
+ options:remote_ip=2001:cafe::92 options:key=455 options:layer3=true ofport_request=6\
], [0])
AT_CHECK([ovs-appctl dpif/show], [0], [dnl
t2 2/4789: (vxlan: key=123, remote_ip=2001:cafe::92)
t3 4/4789: (vxlan: csum=true, out_key=flow, remote_ip=2001:cafe::93)
t4 5/6081: (geneve: key=123, remote_ip=flow)
+ t5 6/3: (gre: key=455, layer3=true, remote_ip=2001:cafe::92)
])
dnl First setup dummy interface IP address, then add the route
dnl Check decapsulation of GRE packet
AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6486dd60000000006a2f402001cafe0000000000000000000000922001cafe00000000000000000000008820006558000001c8fe71d883724fbeb6f4e1494a080045000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6486dd60000000006a2f402001cafe0000000000000000000000922001cafe00000000000000000000008820006558000001c8fe71d883724fbeb6f4e1494a080045000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
ovs-appctl time/warp 1000
AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port 3'], [0], [dnl
- port 3: rx pkts=1, bytes=98, drop=?, errs=?, frame=?, over=?, crc=?
+ port 3: rx pkts=2, bytes=196, drop=?, errs=?, frame=?, over=?, crc=?
])
-dnl Check GRE only accepts encapsulated Ethernet frames
-AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6486dd60000000006a2f402001cafe0000000000000000000000922001cafe00000000000000000000008820000800000001c8fe71d883724fbeb6f4e1494a080045000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+dnl Check decapsulation of L3GRE packet
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6486dd60000000005a2f402001cafe0000000000000000000000922001cafe00000000000000000000008820000800000001c745000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6486dd60000000005a2f402001cafe0000000000000000000000922001cafe00000000000000000000008820000800000001c745000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+ovs-appctl time/warp 1000
ovs-appctl time/warp 1000
-AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port 3'], [0], [dnl
- port 3: rx pkts=1, bytes=98, drop=?, errs=?, frame=?, over=?, crc=?
+AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port 6'], [0], [dnl
+ port 6: rx pkts=2, bytes=168, drop=?, errs=?, frame=?, over=?, crc=?
])
dnl Check decapsulation of Geneve packet with options
options:remote_ip=flow options:key=123 ofport_request=5\
-- add-port int-br t5 -- set Interface t5 type=geneve \
options:remote_ip=1.1.2.93 options:out_key=flow options:egress_pkt_mark=1234 ofport_request=6\
+ -- add-port int-br t6 -- set Interface t6 type=gre \
+ options:remote_ip=1.1.2.92 options:key=456 options:layer3=true ofport_request=7\
], [0])
AT_CHECK([ovs-appctl dpif/show], [0], [dnl
t3 4/4789: (vxlan: csum=true, out_key=flow, remote_ip=1.1.2.93)
t4 5/6081: (geneve: key=123, remote_ip=flow)
t5 6/6081: (geneve: egress_pkt_mark=1234, out_key=flow, remote_ip=1.1.2.93)
+ t6 7/3: (gre: key=456, layer3=true, remote_ip=1.1.2.92)
])
dnl First setup dummy interface IP address, then add the route
[Datapath actions: tnl_push(tnl_port(3),header(size=42,type=3,eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x0800),ipv4(src=1.1.2.88,dst=1.1.2.92,proto=47,tos=0,ttl=64,frag=0x4000),gre((flags=0x2000,proto=0x6558),key=0x1c8)),out_port(100))
])
+dnl Check L3GRE tunnel push
+AT_CHECK([ovs-ofctl add-flow int-br action=7])
+AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(2),eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:01),eth_type(0x0800),ipv4(src=1.1.3.88,dst=1.1.3.112,proto=47,tos=0,ttl=64,frag=no)'], [0], [stdout])
+AT_CHECK([tail -1 stdout], [0],
+ [Datapath actions: pop_eth,tnl_push(tnl_port(3),header(size=42,type=3,eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x0800),ipv4(src=1.1.2.88,dst=1.1.2.92,proto=47,tos=0,ttl=64,frag=0x4000),gre((flags=0x2000,proto=0x800),key=0x1c8)),out_port(100))
+])
+
dnl Check Geneve tunnel push
AT_CHECK([ovs-ofctl add-flow int-br "actions=set_field:1.1.2.92->tun_dst,5"])
AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(2),eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:00),eth_type(0x0800),ipv4(src=1.1.3.88,dst=1.1.3.112,proto=47,tos=0,ttl=64,frag=no)'], [0], [stdout])
dnl Check decapsulation of GRE packet
AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6408004500007e79464000402fba550101025c0101025820006558000001c8fe71d883724fbeb6f4e1494a080045000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6408004500007e79464000402fba550101025c0101025820006558000001c8fe71d883724fbeb6f4e1494a080045000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6408004500007e79464000402fba550101025c0101025820006558000001c8fe71d883724fbeb6f4e1494a080045000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
ovs-appctl time/warp 1000
AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port 3'], [0], [dnl
- port 3: rx pkts=1, bytes=98, drop=?, errs=?, frame=?, over=?, crc=?
+ port 3: rx pkts=3, bytes=294, drop=?, errs=?, frame=?, over=?, crc=?
])
-dnl Check GRE only accepts encapsulated Ethernet frames
-AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6408004500007e79464000402fba550101025c0101025820000800000001c8fe71d883724fbeb6f4e1494a080045000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+dnl Check decapsulation of L3GRE packet
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6408004500007079464000402fba630101025c0101025820000800000001c845000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6408004500007079464000402fba630101025c0101025820000800000001c845000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6408004500007079464000402fba630101025c0101025820000800000001c845000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+ovs-appctl time/warp 1000
ovs-appctl time/warp 1000
-AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port 3'], [0], [dnl
- port 3: rx pkts=1, bytes=98, drop=?, errs=?, frame=?, over=?, crc=?
+AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port 7'], [0], [dnl
+ port 7: rx pkts=3, bytes=252, drop=?, errs=?, frame=?, over=?, crc=?
+])
+
+dnl Check GREL3 only accepts non-fragmented packets?
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000001b213cab6408004500007e79464000402fba550101025c0101025820000800000001c8fe71d883724fbeb6f4e1494a080045000054ba200000400184861e0000011e00000200004227e75400030af3195500000000f265010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+
+AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port [[37]]' | sort], [0], [dnl
+ port 3: rx pkts=3, bytes=294, drop=?, errs=?, frame=?, over=?, crc=?
+ port 7: rx pkts=3, bytes=252, drop=?, errs=?, frame=?, over=?, crc=?
])
dnl Check decapsulation of Geneve packet with options
<dt><code>gre</code></dt>
<dd>
- An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4/IPv6
- tunnel.
+ Generic Routing Encapsulation (GRE) over IPv4/IPv6 tunnel,
+ configurable to encapsulate layer 2 or layer 3 traffic.
</dd>
<dt><code>vxlan</code></dt>
</group>
+ <group title="Tunnel Options: gre only">
+ <p>
+ <code>gre</code> interfaces support these options.
+ </p>
+
+ <column name="options" key="layer3" type='{"type": "boolean"}'>
+ <p>
+ By default, or if set to false, the tunnel carries L2 packets (with
+ an Ethernet header). If set to true, the tunnel carries L3 packets
+ (without an Ethernet header present).
+ </p>
+
+ <p>
+ A single GRE tunnel cannot carry both L2 and L3 packets, but the
+ same effect can be realized by creating two tunnels with different
+ <code>layer3</code> settings and otherwise the same configuration.
+ </p>
+ </column>
+ </group>
+
<group title="Tunnel Options: gre, geneve, and vxlan">
<p>
<code>gre</code>, <code>geneve</code>, and