Re: [ovs-discuss] ARP traffic on port with tag options

Jerzy Borkowski via discuss Tue, 11 Feb 2025 10:41:00 -0800


On 11.02.2025 10:33, Adrián Moreno wrote:

On Fri, Jan 31, 2025 at 11:43:28PM +0100, Jerzy Borkowski via discuss wrote:

Hello,


I'm using OVS 3.3.0 (linuxmint newest release)
in switchdev mode in the following config :

   ConnectX4 card (PSID: MT_2190110032, tried several firmware versions).

The card is connected to a trunk port and accepts VLANs=100..117
IP subnet for VLAN=XXX is : 192.168.XXX.0/24

There are 32 VFs configured, and active VFs are in access port mode.
Port PVID varies with VF, like so:

47: ens1f0np0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
ovs-system state UP mode DEFAULT group default qlen 1000
     link/ether 50:xx:xx:xx:xx:58 brd ff:ff:ff:ff:ff:ff
     vf 0     link/ether 4a:55:42:4f:fe:02 brd ff:ff:ff:ff:ff:ff, vlan 101,
spoof checking off, link-state auto, trust off, query_rss off
     vf 1     link/ether 4a:55:42:4f:fe:06 brd ff:ff:ff:ff:ff:ff, vlan 100,
spoof checking off, link-state auto, trust off, query_rss off
     vf 2     link/ether 4a:55:42:4f:fe:0a brd ff:ff:ff:ff:ff:ff, vlan 101,
spoof checking off, link-state auto, trust off, query_rss off
     vf 3     link/ether 4a:55:42:4f:fe:0e brd ff:ff:ff:ff:ff:ff, vlan 106,
spoof checking off, link-state auto, trust off, query_rss off
     vf 4     link/ether 4a:55:42:4f:fe:12 brd ff:ff:ff:ff:ff:ff, vlan 108,
spoof checking off, link-state auto, trust off, query_rss off
     vf 5     link/ether 4a:55:42:4f:fe:16 brd ff:ff:ff:ff:ff:ff, vlan 110,
spoof checking off, link-state auto, trust off, query_rss off
     vf 6     link/ether 4a:55:42:4f:fe:1a brd ff:ff:ff:ff:ff:ff, vlan 111,
spoof checking off, link-state auto, trust off, query_rss off
     vf 7     link/ether 4a:55:42:4f:fe:1e brd ff:ff:ff:ff:ff:ff, vlan 113,
spoof checking off, link-state auto, trust off, query_rss off
     vf 8     link/ether 4a:55:42:4f:c6:03 brd ff:ff:ff:ff:ff:ff, vlan 101,
spoof checking off, link-state auto, trust off, query_rss off
     vf 9     link/ether 4a:55:42:4f:fe:26 brd ff:ff:ff:ff:ff:ff, vlan 113,
spoof checking off, link-state auto, trust off, query_rss off
     vf 10    link/ether 4a:55:42:4f:fe:2a brd ff:ff:ff:ff:ff:ff, vlan 110,
spoof checking off, link-state auto, trust off, query_rss off
     vf 11    link/ether 4a:55:42:4f:fe:2e brd ff:ff:ff:ff:ff:ff, vlan 101,
spoof checking off, link-state auto, trust off, query_rss off
     vf 12    link/ether 4a:55:42:4f:fe:32 brd ff:ff:ff:ff:ff:ff, vlan 101,
spoof checking off, link-state auto, trust off, query_rss off
     vf 13    link/ether 4a:55:42:4f:fe:36 brd ff:ff:ff:ff:ff:ff, vlan 111,
spoof checking off, link-state auto, trust off, query_rss off
     vf 14    link/ether 4a:55:42:4f:fe:3a brd ff:ff:ff:ff:ff:ff, vlan 113,
spoof checking off, link-state auto, trust off, query_rss off

In switchdev mode OVS vswitch works correctly with the above
config, excepting ARP traffic - all ARP requests from _all_ VLANS
are available on _all_ VFs (as untagged packets).

What is your OpenFlow configuration?

Thanks.
Adrián


Hi,

I did not configure any OpenFlow settings,
so it is default config as set by OVS
(clean LinuxMint/ubuntu O/S install + apt install openvswitch-switch)

In the meantime, I solved the puzzle by moving VLAN tagging from VF port
to OVS port. I'm not sure which setup is the preferred one : VLAN tag
mangling done by VF or by OVS port - in my use case, it is the latter.

After config changes, ip link reports :

6: ens1f0np0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq masterovs-system state UP mode DEFAULT group default qlen 1000

    link/ether 1c:34:da:68:7d:48 brd ff:ff:ff:ff:ff:ff

vf 0 link/ether 4a:55:42:4f:fe:02 brd ff:ff:ff:ff:ff:ff, spoofchecking off, link-state auto, trust off, query_rss off vf 1 link/ether 4a:55:42:4f:fe:06 brd ff:ff:ff:ff:ff:ff, spoofchecking off, link-state auto, trust off, query_rss off vf 2 link/ether 4a:55:42:4f:c6:03 brd ff:ff:ff:ff:ff:ff, spoofchecking off, link-state auto, trust off, query_rss off vf 3 link/ether 4a:55:42:4f:fe:0e brd ff:ff:ff:ff:ff:ff, spoofchecking off, link-state auto, trust off, query_rss off vf 4 link/ether 4a:55:42:4f:fe:12 brd ff:ff:ff:ff:ff:ff, spoofchecking off, link-state auto, trust off, query_rss off vf 5 link/ether 4a:55:42:4f:fe:16 brd ff:ff:ff:ff:ff:ff, spoofchecking off, link-state auto, trust off, query_rss off vf 6 link/ether 4a:55:42:4f:fe:1a brd ff:ff:ff:ff:ff:ff, spoofchecking off, link-state auto, trust off, query_rss off


and ovs-vsctl reports :

root@srwg1:~# ovs-vsctl show
cc8f8734-393f-4096-bd3b-e792bf89160e
    Bridge esw0
        Port esw0-vlan101
            tag: 101
            Interface esw0-vlan101
                type: internal
        Port ens1f0r5
            tag: 110
            Interface ens1f0r5
        Port ens1f0r2
            tag: 101
            Interface ens1f0r2
        Port tap0
            tag: 101
            Interface tap0
        Port ens1f0np0

trunks: [100, 101, 102, 103, 104, 105, 106, 107, 108, 109,110, 111, 112, 113, 114, 115, 116, 117, 118]

            Interface ens1f0np0
        Port ens1f0r7
            tag: 113
            Interface ens1f0r7
        Port ens1f0r1
            tag: 101
            trunks: [100, 106, 108, 111]
            Interface ens1f0r1
        Port esw0
            Interface esw0
                type: internal
        Port ens1f0r4
            tag: 110
            Interface ens1f0r4
        Port ens1f0r6
            tag: 101
            trunks: [111]
            Interface ens1f0r6
        Port ens1f0r3
            tag: 113
            Interface ens1f0r3
        Port ens1f0r0
            tag: 101
            Interface ens1f0r0
    ovs_version: "3.3.0"

With the above config, all L2/L3 traffic (including ARP) is
properly separated between VLANs.

Jurek


_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ARP traffic on port with tag options

Reply via email to