On Fri, Jan 29, 2016 at 12:02:04PM +0000, sourabh.ban...@wipro.com wrote: > Hi OVS Folk, > > I checked out OVS 2.5 branch code from git hub and building ovs 2.5 with DPDK > 2.2.0 on Centos OS 7, kernel 3.18.22 and its building successfully with below > commands: > > ./configure --with-dpdk=/home../DPDK/x86_64-ivshmem-linuxapp-gcc > > But I am not able to see Firewall (conntrack) related commands support. As > shown below: > > [root@Potasium ovs-branch-2.5]# ./utilities/ovs-ofctl add-flow br0 > table=1,in_port=2,ip,ct_state=+new,action=1 > OFPT_ERROR (xid=0x6): OFPBMC_BAD_MASK > NXT_FLOW_MOD (xid=0x6): > (***truncated to 64 bytes from 80***) > 00000000 01 04 00 50 00 00 00 06-00 00 23 20 00 00 00 0d |...P......# ....| > 00000010 00 00 00 00 00 00 00 00-01 00 00 00 00 00 80 00 |................| > 00000020 ff ff ff ff ff ff 00 00-00 18 00 00 00 00 00 00 |................| > 00000030 00 00 00 02 00 02 00 00-06 02 08 00 00 01 d3 08 |................| > > I am getting above highlighted error and no flow is getting added. I used > many options as specified in ovs-ofctl man page. > > Then I found below command to configure OVS with linux. > ./configure --with-dpdk=$DPDK_BUILD --with-linux=/lib/modules/`uname -r`/build > > It's building successfully but facing same issues while adding flows with > ovs-ofctl command using ct_state flags or ct. > > [root@Potasium ovs-branch-2.5]# ./ovs-branch-2.5/utilities/ovs-ofctl add-flow > br0 in_port=1,tcp,ct_state=+trk-new,actions=ct,output:2 > OFPT_ERROR (xid=0x4): OFPBMC_BAD_MASK > NXT_FLOW_MOD (xid=0x4): > (***truncated to 64 bytes from 112***) > 00000000 01 04 00 70 00 00 00 04-00 00 23 20 00 00 00 0d |...p......# ....| > 00000010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 80 00 |................| > 00000020 ff ff ff ff ff ff 00 00-00 1d 00 00 00 00 00 00 |................| > 00000030 00 00 00 02 00 01 00 00-06 02 08 00 00 00 0c 01 |................| > > So, my questions are: > How to confirm whether conntrack is built and running with OVS + DPDK? I can > see the netlink_conntrack.o file in /lib dir. > Is Conntrack running in user mode with OVS and dpdk? > Am I using the right commands of connection tracker?
The FAQ has feature support information: ### Q: Are all features available with all datapaths? A: Open vSwitch supports different datapaths on different platforms. Each datapath has a different feature set: the following tables try to summarize the status. Supported datapaths: * *Linux upstream*: The datapath implemented by the kernel module shipped with Linux upstream. Since features have been gradually introduced into the kernel, the table mentions the first Linux release whose OVS module supports the feature. * *Linux OVS tree*: The datapath implemented by the Linux kernel module distributed with the OVS source tree. Some features of this module rely on functionality not available in older kernels: in this case the minumum Linux version (against which the feature can be compiled) is listed. * *Userspace*: Also known as DPDK, dpif-netdev or dummy datapath. It is the only datapath that works on NetBSD and FreeBSD. * *Hyper-V*: Also known as the Windows datapath. The following table lists the datapath supported features from an Open vSwitch user's perspective. Feature | Linux upstream | Linux OVS tree | Userspace | Hyper-V | ----------------------|:--------------:|:--------------:|:---------:|:-------:| Connection tracking | 4.3 | 3.10 | NO | NO | Tunnel - LISP | NO | YES | NO | NO | Tunnel - STT | NO | 3.5 | NO | YES | Tunnel - GRE | 3.11 | YES | YES | YES | Tunnel - VXLAN | 3.12 | YES | YES | YES | Tunnel - Geneve | 3.18 | YES | YES | NO | QoS - Policing | YES | YES | NO | NO | QoS - Shaping | YES | YES | NO | NO | sFlow | YES | YES | YES | NO | Set action | YES | YES | YES | PARTIAL | NIC Bonding | YES | YES | YES | NO | Multiple VTEPs | YES | YES | YES | NO | **Notes:** * Only a limited set of flow fields is modifiable via the set action by the Hyper-V datapath. * The Hyper-V datapath only supports one physical NIC per datapath. This is why bonding is not supported. * The Hyper-V datapath can have at most one IP address configured as a tunnel endpoint. The following table lists features that do not *directly* impact an Open vSwitch user, e.g. because their absence can be hidden by the ofproto layer (usually this comes with a performance penalty). Feature | Linux upstream | Linux OVS tree | Userspace | Hyper-V | ----------------------|:--------------:|:--------------:|:---------:|:-------:| SCTP flows | 3.12 | YES | YES | YES | MPLS | 3.19 | YES | YES | NO | UFID | 4.0 | YES | YES | NO | Megaflows | 3.12 | YES | YES | NO | Masked set action | 4.0 | YES | YES | NO | Recirculation | 3.19 | YES | YES | NO | TCP flags matching | 3.13 | YES | YES | NO | Validate flow actions | YES | YES | N/A | NO | Multiple datapaths | YES | YES | YES | NO | Tunnel TSO - STT | N/A | YES | NO | YES | _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss