search

openvswitch / ovs-issues

Issue tracker repo for Open vSwitch
10 stars 3 forks source link

ipv4 tunnel to ipv6 tunnel #249

Open bessa opened 2 years ago

bessa commented 2 years ago

Hi, I'm using: OVS 2.17.0, built from source Kernel 5.16.11-051611-generic Datapath Kernel.

I got an issue when Receiving ingress packet tunneled over IPv4 example VXLAN Decapsulate then reEncapsulate the packet as IPv6 tunnel " Geneve, Vxlan, or Ip6gre". The issue is when using remote_ip=flow for ipv6 tunnel, it works if I set it fixed.

ovs-vsctl del-br br0
ovs-vsctl add-br br0 -- set Bridge br0 fail-mode=secure
ovs-ofctl mod-port br0 br0 up
ovs-vsctl add-port br0 vxlan1 -- set interface vxlan1 type=vxlan \
    options:remote_ip=flow options:local_ip=10.10.100.15 options:key=flow options:dst_port=4789
ovs-ofctl add-flow br0     "table=0,in_port=vxlan1,tun_id=100100 actions=resubmit(,1)"

#ovs-vsctl add-port br0 gre1 -- set Interface gre1 type=ip6gre options:remote_ip=fd00:bad:babe::ac10:6402  options:local_ip=fd00:bad:face:b00c:ee6:9eff:fedf:1 options:packet_type=legacy_l2
ovs-vsctl add-port br0 gre1 -- set Interface gre1 type=ip6gre options:remote_ip=flow  options:local_ip=fd00:bad:face:b00c:ee6:9eff:fedf:1 options:packet_type=legacy_l2

ovs-ofctl add-flow br0 "table=1, priority=10,tun_id=100100,ip,nw_src=192.168.16.0/24 actions=resubmit(,7)"
#ovs-ofctl add-flow br0 "table=7 priority=0,ip,nw_src=192.168.16.0/24 actions=output:gre1"
ovs-ofctl add-flow br0 "table=7 priority=0,ip,nw_src=192.168.16.0/24 actions=set_field:fd00:bad:babe::ac10:6401->tun_ipv6_dst,output:gre1"

when testing, I see the 

ovs-appctl ofproto/trace br0 in_port=vxlan1,tun_id=100100,ip,dl_src=0c:c9:d8:93:00:01,dl_dst=0c:03:dd:96:00:01,ip_src=192.168.16.1,ip_dst=192.168.16.2 -generate
Flow: ip,tun_id=0x18704,in_port=1,vlan_tci=0x0000,dl_src=0c:c9:d8:93:00:01,dl_dst=0c:03:dd:96:00:01,nw_src=192.168.16.1,nw_dst=192.168.16.2,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0

bridge("br0")
-------------
 0. tun_id=0x18704,in_port=1, priority 32768
    resubmit(,1)
 1. ip,tun_id=0x18704,nw_src=192.168.16.0/24, priority 10
    resubmit(,7)
 7. ip,nw_src=192.168.16.0/24, priority 0
    load:0xac106401->NXM_NX_TUN_IPV6_DST[0..63]
    load:0xfd000badbabe0000->NXM_NX_TUN_IPV6_DST[64..127]
    output:2
     -> output to kernel tunnel

Final flow: ip,tun_src=0.0.0.0,tun_dst=0.0.0.0,tun_ipv6_src=::,tun_ipv6_dst=fd00:bad:babe::ac10:6401,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=0,tun_erspan_ver=0,gtpu_flags=0,gtpu_msgtype=0,tun_flags=0,in_port=1,vlan_tci=0x0000,dl_src=0c:c9:d8:93:00:01,dl_dst=0c:03:dd:96:00:01,nw_src=192.168.16.1,nw_dst=192.168.16.2,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0
Megaflow: recirc_id=0,eth,ip,tun_id=0x18704,tun_ipv6_dst=::,in_port=1,nw_src=192.168.16.0/24,nw_ecn=0,nw_frag=no
Datapath actions: set(tunnel(ipv6_src=fd00:bad:face:b00c:ee6:9eff:fedf:1,ipv6_dst=fd00:bad:babe::ac10:6401,ttl=64,flags(df))),3

But when sending packet, tc filter action is drop

# tc f ls dev vxlan_sys_4789 root
filter ingress protocol ip pref 4 flower chain 0 
filter ingress protocol ip pref 4 flower chain 0 handle 0x1 
  eth_type ipv4
  ip_tos 0/0x3
  src_ip 192.168.16.1/24
  enc_dst_ip 10.10.100.15
  enc_src_ip 10.10.100.1
  enc_key_id 100100
  enc_dst_port 4789
  enc_tos 0
  ip_flags nofrag
  not_in_hw
    action order 1: gact action drop
     random type none pass val 0
     index 2 ref 1 bind 1
    cookie 776ec6d7ef4b2cf4afbf5e85f3b88b5c
    no_percpu

Many thanks.