Thanks for the quick review; I applied this to master.
On Tue, Mar 24, 2015 at 2:56 PM, Pritesh Kothari (pritkoth)
<pritk...@cisco.com> wrote:
> LGTM
>
> Acked-by: Pritesh Kothari <pritesh.koth...@cisco.com>
>
> Regards,
> Pritesh
>
> On Mar 24, 2015, at 12:38 PM, Jesse Gross <je...@nicira.com> wrote:
>
> The kernel module can already support outer UDP checksums for
> Geneve and VXLAN using the standard checksum flag in tunnel
> metadata. This makes userspace aware of the capability so that
> users can enable it on tunnel ports.
>
> There is a complication in that there is no way for userspace to
> probe or detect if the kernel does not support this capability
> in order to warn the user. In this case, connectivity will appear
> to function normally but packets will not be checksum protected.
> This is mainly an issue for VXLAN which has existed in the kernel
> for a some time without checksum support - while there are also
> a few kernel versions that support Geneve only without checksums,
> they are much less common.
>
> There isn't a particularly good solution to the compatibility
> issue without introducing a larger capabilities structure. However,
> UDP checksums are likely to be used only rarely at this point in
> time and the VXLAN spec (where the main problem lies) recommends
> against them. Therefore, this is considered to be an advanced user
> feature and we settle for just documenting the issue.
>
> Signed-off-by: Jesse Gross <je...@nicira.com>
> ---
> FAQ.md | 9 +++++++++
> NEWS | 1 +
> lib/netdev-vport.c | 3 ++-
> vswitchd/vswitch.xml | 26 +++++++++++++++-----------
> 4 files changed, 27 insertions(+), 12 deletions(-)
>
> diff --git a/FAQ.md b/FAQ.md
> index b112dfb..21d4e7a 100644
> --- a/FAQ.md
> +++ b/FAQ.md
> @@ -207,6 +207,7 @@ A: Support for tunnels was added to the upstream Linux
> kernel module
> |:--------:|:-------------:
> | GRE | 3.11
> | VXLAN | 3.12
> +| Geneve | 3.18
> | LISP | <not upstream>
>
> If you are using a version of the kernel that is older than the one
> @@ -216,6 +217,14 @@ A: Support for tunnels was added to the upstream Linux
> kernel module
> persist after doing this, check to make sure that the module that is
> loaded is the one you expect.
>
> +### Q: Why are UDP tunnel checksums not computed for VXLAN or Geneve?
> +
> +A: Generating outer UDP checksums requires kernel support that was not
> + part of the initial implementation of these protocols. If using the
> + upstream Linux Open vSwitch module, you must use kernel 4.0 or
> + newer. The out-of-tree modules from Open vSwitch release 2.4 and later
> + support UDP checksums.
> +
> ### Q: What features are not available when using the userspace datapath?
>
> A: Tunnel virtual ports are not supported, as described in the
> diff --git a/NEWS b/NEWS
> index b8ddc19..9f9dc4c 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -76,6 +76,7 @@ Post-v2.3.0
> - The default OpenFlow and OVSDB ports are now the IANA-assigned
> numbers. OpenFlow is 6653 and OVSDB is 6640.
> - Support for DPDK vHost.
> + - Support for outer UDP checksums in Geneve and VXLAN.
>
>
> v2.3.0 - 14 Aug 2014
> diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
> index 8e1b542..954ab9b 100644
> --- a/lib/netdev-vport.c
> +++ b/lib/netdev-vport.c
> @@ -426,7 +426,8 @@ set_tunnel_config(struct netdev *dev_, const struct smap
> *args)
> struct netdev_tunnel_config tnl_cfg;
> struct smap_node *node;
>
> - has_csum = strstr(type, "gre");
> + has_csum = strstr(type, "gre") || strstr(type, "geneve") ||
> + strstr(type, "vxlan");
> ipsec_mech_set = false;
> memset(&tnl_cfg, 0, sizeof tnl_cfg);
>
> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
> index e04aefc..81e8b3f 100644
> --- a/vswitchd/vswitch.xml
> +++ b/vswitchd/vswitch.xml
> @@ -2057,24 +2057,28 @@
>
> </group>
>
> - <group title="Tunnel Options: gre and ipsec_gre only">
> + <group title="Tunnel Options: gre, ipsec_gre, geneve, and vxlan">
> <p>
> - Only <code>gre</code> and <code>ipsec_gre</code> interfaces
> support
> - these options.
> + <code>gre</code>, <code>ipsec_gre</code>, <code>geneve</code>,
> and
> + <code>vxlan</code> interfaces support these options.
> </p>
>
> <column name="options" key="csum" type='{"type": "boolean"}'>
> <p>
> - Optional. Compute GRE checksums on outgoing packets. Default
> is
> - disabled, set to <code>true</code> to enable. Checksums
> present on
> - incoming packets will be validated regardless of this setting.
> + Optional. Compute encapsulation header (either GRE or UDP)
> + checksums on outgoing packets. Default is disabled, set to
> + <code>true</code> to enable. Checksums present on incoming
> + packets will be validated regardless of this setting.
> </p>
>
> - <p>
> - GRE checksums impose a significant performance penalty because they
> - cover the entire packet. The encapsulated L3, L4, and L7 packet
> - contents typically have their own checksums, so this additional
> - checksum only adds value for the GRE and encapsulated L2 headers.
> + <p>
> + When using the upstream Linux kernel module, computation of
> + checksums for <code>geneve</code> and <code>vxlan</code>
> requires
> + Linux kernel version 4.0 or higher. <code>gre</code> supports
> + checksums for all versions of Open vSwitch that support GRE.
> + The out of tree kernel module distributed as part of OVS
> + can compute all tunnel checksums on any kernel version that it
> + is compatible with.
> </p>
>
> <p>
> --
> 1.9.1
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>
>
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
