| Message ID | 1513211938-8749-1-git-send-email-u9012063@gmail.com |
|---|---|
| Headers | show |
| Series | ERSPAN version 2 (type III) support | expand |
On Wed, 13 Dec 2017 16:38:54 -0800 William Tu <u9012063@gmail.com> wrote: > ERSPAN has two versions, v1 (type II) and v2 (type III). This patch > series add support for erspan v2 based on existing erspan v1 > implementation. The first patch refactors the existing erspan v1's > header structure, making it extensible to put additional v2's header. > The second and third patch introduces erspan v2's implementation to > ipv4 and ipv6 erspan, for both native mode and collect metadata mode. > Finally, test cases are added under the samples/bpf. > > Note: > ERSPAN version 2 has many features and this patch does not implement > all. One major use case of version 2 over version 1 is its timestamp > and direction. So the traffic collector is able to distinguish the > mirrorred traffic better. Other features such as SGT (security group > tag), FT (frame type) for carrying non-ethernet packet, and optional > subheader are not implemented yet. > > Example commandline for ERSPAN version 2: > ip link add dev ip6erspan11 type ip6erspan seq key 102 \ > local fc00:100::2 remote fc00:100::1 \ > erspan_ver 2 erspan_dir 1 erspan_hwid 17 > > The corresponding iproute2 patch: > https://marc.info/?l=linux-netdev&m=151321141525106&w=2 If this is accepted to net-next you will need to resubmit the iproute2 patch.
On Wed, Dec 13, 2017 at 5:54 PM, Stephen Hemminger <stephen@networkplumber.org> wrote: > On Wed, 13 Dec 2017 16:38:54 -0800 > William Tu <u9012063@gmail.com> wrote: > >> ERSPAN has two versions, v1 (type II) and v2 (type III). This patch >> series add support for erspan v2 based on existing erspan v1 >> implementation. The first patch refactors the existing erspan v1's >> header structure, making it extensible to put additional v2's header. >> The second and third patch introduces erspan v2's implementation to >> ipv4 and ipv6 erspan, for both native mode and collect metadata mode. >> Finally, test cases are added under the samples/bpf. >> >> Note: >> ERSPAN version 2 has many features and this patch does not implement >> all. One major use case of version 2 over version 1 is its timestamp >> and direction. So the traffic collector is able to distinguish the >> mirrorred traffic better. Other features such as SGT (security group >> tag), FT (frame type) for carrying non-ethernet packet, and optional >> subheader are not implemented yet. >> >> Example commandline for ERSPAN version 2: >> ip link add dev ip6erspan11 type ip6erspan seq key 102 \ >> local fc00:100::2 remote fc00:100::1 \ >> erspan_ver 2 erspan_dir 1 erspan_hwid 17 >> >> The corresponding iproute2 patch: >> https://marc.info/?l=linux-netdev&m=151321141525106&w=2 > > > If this is accepted to net-next you will need to > resubmit the iproute2 patch. Hi Stephen, Yes, I noticed that I forgot to update the iproute2 man page. Thanks William
From: William Tu <u9012063@gmail.com> Date: Wed, 13 Dec 2017 16:38:54 -0800 > ERSPAN has two versions, v1 (type II) and v2 (type III). This patch > series add support for erspan v2 based on existing erspan v1 > implementation. ... Series applied, thanks William.
ERSPAN has two versions, v1 (type II) and v2 (type III). This patch series add support for erspan v2 based on existing erspan v1 implementation. The first patch refactors the existing erspan v1's header structure, making it extensible to put additional v2's header. The second and third patch introduces erspan v2's implementation to ipv4 and ipv6 erspan, for both native mode and collect metadata mode. Finally, test cases are added under the samples/bpf. Note: ERSPAN version 2 has many features and this patch does not implement all. One major use case of version 2 over version 1 is its timestamp and direction. So the traffic collector is able to distinguish the mirrorred traffic better. Other features such as SGT (security group tag), FT (frame type) for carrying non-ethernet packet, and optional subheader are not implemented yet. Example commandline for ERSPAN version 2: ip link add dev ip6erspan11 type ip6erspan seq key 102 \ local fc00:100::2 remote fc00:100::1 \ erspan_ver 2 erspan_dir 1 erspan_hwid 17 The corresponding iproute2 patch: https://marc.info/?l=linux-netdev&m=151321141525106&w=2 William Tu (4): net: erspan: refactor existing erspan code net: erspan: introduce erspan v2 for ip_gre ip6_gre: add erspan v2 support samples/bpf: add erspan v2 sample code include/net/erspan.h | 152 ++++++++++++++++++++++++++++++++++++++--- include/net/ip6_tunnel.h | 3 + include/net/ip_tunnels.h | 5 +- include/uapi/linux/if_ether.h | 1 + include/uapi/linux/if_tunnel.h | 3 + net/ipv4/ip_gre.c | 124 +++++++++++++++++++++++++++------ net/ipv6/ip6_gre.c | 139 +++++++++++++++++++++++++++++++------ net/openvswitch/flow_netlink.c | 8 +-- samples/bpf/tcbpf2_kern.c | 77 ++++++++++++++++++--- samples/bpf/test_tunnel_bpf.sh | 38 ++++++++--- 10 files changed, 472 insertions(+), 78 deletions(-) -- A simple script to test it: #!/bin/bash # In the namespace NS0, create veth0 and ip6erspan00 # Out of the namespace, create veth1 and ip6erspan11 # Ping in and out of namespace using ERSPAN protocol set -ex function cleanup() { set +ex ip netns del ns0 ip link del ip6erspan11 ip link del veth1 } function main() { trap cleanup 0 2 3 9 ip netns add ns0 ip link add veth0 type veth peer name veth1 ip link set veth0 netns ns0 # non-namespace ip addr add dev veth1 fc00:100::2/96 if [ "$1" == "v1" ]; then echo "create IP6 ERSPAN v1 tunnel" ip link add dev ip6erspan11 type ip6erspan seq key 102 \ local fc00:100::2 remote fc00:100::1 \ erspan 123 erspan_ver 1 else echo "create IP6 ERSPAN v2 tunnel" ip link add dev ip6erspan11 type ip6erspan seq key 102 \ local fc00:100::2 remote fc00:100::1 \ erspan_ver 2 erspan_dir 1 erspan_hwid 17 fi ip addr add dev ip6erspan11 fc00:200::2/96 ip addr add dev ip6erspan11 10.10.200.2/24 # namespace: ns0 ip netns exec ns0 ip addr add fc00:100::1/96 dev veth0 if [ "$1" == "v1" ]; then ip netns exec ns0 \ ip link add dev ip6erspan00 type ip6erspan seq key 102 \ local fc00:100::1 remote fc00:100::2 \ erspan 123 erspan_ver 1 else ip netns exec ns0 \ ip link add dev ip6erspan00 type ip6erspan seq key 102 \ local fc00:100::1 remote fc00:100::2 \ erspan_ver 2 erspan_dir 1 erspan_hwid 7 fi ip netns exec ns0 ip addr add dev ip6erspan00 fc00:200::1/96 ip netns exec ns0 ip addr add dev ip6erspan00 10.10.200.1/24 ip link set dev veth1 up ip link set dev ip6erspan11 up ip netns exec ns0 ip link set dev ip6erspan00 up ip netns exec ns0 ip link set dev veth0 up } main $1 # Ping underlying ping6 -c 1 fc00:100::1 || true # ping overlay ping -c 3 10.10.200.1 exit 0 -- 2.7.4