diff mbox series

[ovs-dev,PATCHv4] tunnel: Add layer 2 IPv6 GRE encapsulation support.

Message ID 1561562527-54784-1-git-send-email-u9012063@gmail.com
State Superseded
Headers show
Series [ovs-dev,PATCHv4] tunnel: Add layer 2 IPv6 GRE encapsulation support. | expand

Commit Message

William Tu June 26, 2019, 3:22 p.m. UTC 
The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer 2 GRE
tunnel over IPv6, carrying inner ethernet packets and encap with GRE header
with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6 GRE, ip6gre,
is not supported yet.  I tested it by running:
  # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
under kernel 5.2 and for userspace:
  # make check TESTSUITEFLAGS='-k ip6gretap'

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Eli Britstein <elibr@mellanox.com>
Co-authored-by: Eli Britstein <elibr@mellanox.com>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>

---
v1-v2
 - rebase to master
v2-v3
  - update documentation suggested by Eli
v3-v4
  - squash Eli's documentation
---
 Documentation/faq/configuration.rst | 12 +++++++
 NEWS                                |  1 +
 datapath/linux/compat/ip6_gre.c     |  2 +-
 lib/dpif-netlink-rtnl.c             |  2 +-
 lib/dpif-netlink.c                  |  4 ++-
 lib/netdev-vport.c                  |  4 +--
 lib/tnl-ports.c                     |  3 +-
 tests/system-traffic.at             | 40 ++++++++++++++++++++++
 tests/tunnel-push-pop-ipv6.at       | 68 +++++++++++++++++++++++++++++++++++++
 vswitchd/vswitch.xml                | 32 ++++++++++-------
 10 files changed, 150 insertions(+), 18 deletions(-)

Comments

Ben Pfaff June 26, 2019, 6:59 p.m. UTC | #1 
On Wed, Jun 26, 2019 at 08:22:07AM -0700, William Tu wrote:
> The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer 2 GRE
> tunnel over IPv6, carrying inner ethernet packets and encap with GRE header
> with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6 GRE, ip6gre,
> is not supported yet.  I tested it by running:
>   # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
> under kernel 5.2 and for userspace:
>   # make check TESTSUITEFLAGS='-k ip6gretap'
> 
> Signed-off-by: William Tu <u9012063@gmail.com>
> Signed-off-by: Eli Britstein <elibr@mellanox.com>
> Co-authored-by: Eli Britstein <elibr@mellanox.com>
> Tested-by: Greg Rose <gvrose8192@gmail.com>
> Reviewed-by: Greg Rose <gvrose8192@gmail.com>

Thanks for working to generalize OVS tunnel support.

For IPv4 GRE, we use the "gre" tunnel type and then we use
options:packet_type to control whether the tunnel carries L2 or L3
packets.  Is there a reason that IPv6 GRE should be different?  That is,
why not just have an "ip6gre" type and then use options:packet_type to
control what packets flow through it?

(Actually, is there a reason why we should have a separate ip6gre at
all?  That is, why not just use "gre" and then control whether the outer
protocol is IPv4 or IPv6 based on whether the local and remote IPs are
IPv4 or IPv6?)

Thanks,

Ben.
Gregory Rose June 26, 2019, 10:21 p.m. UTC | #2 
On 6/26/2019 11:59 AM, Ben Pfaff wrote:
> On Wed, Jun 26, 2019 at 08:22:07AM -0700, William Tu wrote:
>> The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer 2 GRE
>> tunnel over IPv6, carrying inner ethernet packets and encap with GRE header
>> with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6 GRE, ip6gre,
>> is not supported yet.  I tested it by running:
>>    # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
>> under kernel 5.2 and for userspace:
>>    # make check TESTSUITEFLAGS='-k ip6gretap'
>>
>> Signed-off-by: William Tu <u9012063@gmail.com>
>> Signed-off-by: Eli Britstein <elibr@mellanox.com>
>> Co-authored-by: Eli Britstein <elibr@mellanox.com>
>> Tested-by: Greg Rose <gvrose8192@gmail.com>
>> Reviewed-by: Greg Rose <gvrose8192@gmail.com>
> Thanks for working to generalize OVS tunnel support.
>
> For IPv4 GRE, we use the "gre" tunnel type and then we use
> options:packet_type to control whether the tunnel carries L2 or L3
> packets.  Is there a reason that IPv6 GRE should be different?

Hi Ben,

unfortunately there is a reason that ipv6 gre is different and that is 
because it uses the ARPHRD_IP6GRE HW type.  That
is not currently supported by openvswitch so the best we can do for ipv6 
gre is support the L2 tap driver which uses
the ARPHRD_ETHER type.

Thanks,

- Greg

>    That is,
> why not just have an "ip6gre" type and then use options:packet_type to
> control what packets flow through it?
>
> (Actually, is there a reason why we should have a separate ip6gre at
> all?  That is, why not just use "gre" and then control whether the outer
> protocol is IPv4 or IPv6 based on whether the local and remote IPs are
> IPv4 or IPv6?)
>
> Thanks,
>
> Ben.
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Eli Britstein June 27, 2019, 6:31 a.m. UTC | #3 
On 6/27/2019 1:21 AM, Gregory Rose wrote:
>
> On 6/26/2019 11:59 AM, Ben Pfaff wrote:
>> On Wed, Jun 26, 2019 at 08:22:07AM -0700, William Tu wrote:
>>> The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer 
>>> 2 GRE
>>> tunnel over IPv6, carrying inner ethernet packets and encap with GRE 
>>> header
>>> with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6 
>>> GRE, ip6gre,
>>> is not supported yet.  I tested it by running:
>>>    # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
>>> under kernel 5.2 and for userspace:
>>>    # make check TESTSUITEFLAGS='-k ip6gretap'
>>>
>>> Signed-off-by: William Tu <u9012063@gmail.com>
>>> Signed-off-by: Eli Britstein <elibr@mellanox.com>
>>> Co-authored-by: Eli Britstein <elibr@mellanox.com>
>>> Tested-by: Greg Rose <gvrose8192@gmail.com>
>>> Reviewed-by: Greg Rose <gvrose8192@gmail.com>
>> Thanks for working to generalize OVS tunnel support.
>>
>> For IPv4 GRE, we use the "gre" tunnel type and then we use
>> options:packet_type to control whether the tunnel carries L2 or L3
>> packets.  Is there a reason that IPv6 GRE should be different?
>
> Hi Ben,
>
> unfortunately there is a reason that ipv6 gre is different and that is 
> because it uses the ARPHRD_IP6GRE HW type.  That
> is not currently supported by openvswitch so the best we can do for 
> ipv6 gre is support the L2 tap driver which uses
> the ARPHRD_ETHER type.
>
> Thanks,
>
> - Greg
>
>>    That is,
>> why not just have an "ip6gre" type and then use options:packet_type to
>> control what packets flow through it?
>>
>> (Actually, is there a reason why we should have a separate ip6gre at
>> all?  That is, why not just use "gre" and then control whether the outer
>> protocol is IPv4 or IPv6 based on whether the local and remote IPs are
>> IPv4 or IPv6?)

Hi Ben,

I had a similar comment in 
https://mail.openvswitch.org/pipermail/ovs-dev/2019-June/359940.html

The pro points are clear. The cons are that there are already 
"ip6erspan" separately from "erspan" (unless we do the same work to 
unite them too). Regarding "ip6gre" vs "ip6gretap", I thought it might 
be confusing as the type of the netdev is "ip6gretap" (for L2) and there 
is "ip6gre" type for L3. In IPv4 case, it is like this too 
("gre"/"gretap", but there is support for both, so "gre" is more user 
friendly). In IPv6 case, as William and Greg commented, L3 over IPv6 GRE 
is not supported (at least yet).

>>
>> Thanks,
>>
>> Ben.
>> _______________________________________________
>> dev mailing list
>> dev@openvswitch.org
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-dev&amp;data=02%7C01%7Celibr%40mellanox.com%7C5f70d74ebb2c4957c34608d6fa84b125%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636971845154020240&amp;sdata=31JdQkU5nYWoEadDd%2BfY7uVJREAy%2BXgsbsGl%2BS9hOlk%3D&amp;reserved=0 
>>
>
William Tu June 27, 2019, 2:23 p.m. UTC | #4 
On Wed, Jun 26, 2019 at 11:31 PM Eli Britstein <elibr@mellanox.com> wrote:
>
>
> On 6/27/2019 1:21 AM, Gregory Rose wrote:
> >
> > On 6/26/2019 11:59 AM, Ben Pfaff wrote:
> >> On Wed, Jun 26, 2019 at 08:22:07AM -0700, William Tu wrote:
> >>> The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer
> >>> 2 GRE
> >>> tunnel over IPv6, carrying inner ethernet packets and encap with GRE
> >>> header
> >>> with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6
> >>> GRE, ip6gre,
> >>> is not supported yet.  I tested it by running:
> >>>    # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
> >>> under kernel 5.2 and for userspace:
> >>>    # make check TESTSUITEFLAGS='-k ip6gretap'
> >>>
> >>> Signed-off-by: William Tu <u9012063@gmail.com>
> >>> Signed-off-by: Eli Britstein <elibr@mellanox.com>
> >>> Co-authored-by: Eli Britstein <elibr@mellanox.com>
> >>> Tested-by: Greg Rose <gvrose8192@gmail.com>
> >>> Reviewed-by: Greg Rose <gvrose8192@gmail.com>
> >> Thanks for working to generalize OVS tunnel support.
> >>
> >> For IPv4 GRE, we use the "gre" tunnel type and then we use
> >> options:packet_type to control whether the tunnel carries L2 or L3
> >> packets.  Is there a reason that IPv6 GRE should be different?
> >
> > Hi Ben,
> >
> > unfortunately there is a reason that ipv6 gre is different and that is
> > because it uses the ARPHRD_IP6GRE HW type.  That
> > is not currently supported by openvswitch so the best we can do for
> > ipv6 gre is support the L2 tap driver which uses
> > the ARPHRD_ETHER type.
> >
> > Thanks,
> >
> > - Greg
> >
> >>    That is,
> >> why not just have an "ip6gre" type and then use options:packet_type to
> >> control what packets flow through it?
> >>
> >> (Actually, is there a reason why we should have a separate ip6gre at
> >> all?  That is, why not just use "gre" and then control whether the outer
> >> protocol is IPv4 or IPv6 based on whether the local and remote IPs are
> >> IPv4 or IPv6?)
>
> Hi Ben,
>
> I had a similar comment in
> https://mail.openvswitch.org/pipermail/ovs-dev/2019-June/359940.html
>
> The pro points are clear. The cons are that there are already
> "ip6erspan" separately from "erspan" (unless we do the same work to
> unite them too). Regarding "ip6gre" vs "ip6gretap", I thought it might
> be confusing as the type of the netdev is "ip6gretap" (for L2) and there
> is "ip6gre" type for L3. In IPv4 case, it is like this too
> ("gre"/"gretap", but there is support for both, so "gre" is more user
> friendly). In IPv6 case, as William and Greg commented, L3 over IPv6 GRE
> is not supported (at least yet).
>

Or do we want to add support for ip6gre (L3)?
So we can use "ip6gre" and packet_type option to select L2 or L3.
--William
Ben Pfaff June 27, 2019, 2:51 p.m. UTC | #5 
On Wed, Jun 26, 2019 at 03:21:49PM -0700, Gregory Rose wrote:
> 
> On 6/26/2019 11:59 AM, Ben Pfaff wrote:
> > On Wed, Jun 26, 2019 at 08:22:07AM -0700, William Tu wrote:
> > > The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer 2 GRE
> > > tunnel over IPv6, carrying inner ethernet packets and encap with GRE header
> > > with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6 GRE, ip6gre,
> > > is not supported yet.  I tested it by running:
> > >    # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
> > > under kernel 5.2 and for userspace:
> > >    # make check TESTSUITEFLAGS='-k ip6gretap'
> > > 
> > > Signed-off-by: William Tu <u9012063@gmail.com>
> > > Signed-off-by: Eli Britstein <elibr@mellanox.com>
> > > Co-authored-by: Eli Britstein <elibr@mellanox.com>
> > > Tested-by: Greg Rose <gvrose8192@gmail.com>
> > > Reviewed-by: Greg Rose <gvrose8192@gmail.com>
> > Thanks for working to generalize OVS tunnel support.
> > 
> > For IPv4 GRE, we use the "gre" tunnel type and then we use
> > options:packet_type to control whether the tunnel carries L2 or L3
> > packets.  Is there a reason that IPv6 GRE should be different?
> 
> Hi Ben,
> 
> unfortunately there is a reason that ipv6 gre is different and that is
> because it uses the ARPHRD_IP6GRE HW type.  That
> is not currently supported by openvswitch so the best we can do for ipv6 gre
> is support the L2 tap driver which uses
> the ARPHRD_ETHER type.

I think that this is really an implementation detail.  Ideally, we would
abstract the interface provided to our users (the configuration in the
database, and the OpenFlow interface) from the implementation in the
datapath.  This seems doubly true because I don't know a reason why this
detail of the Linux kernel datapath would extend to other datapaths such
as the userspace datapath.
Ben Pfaff June 27, 2019, 2:51 p.m. UTC | #6 
On Thu, Jun 27, 2019 at 06:31:24AM +0000, Eli Britstein wrote:
> 
> On 6/27/2019 1:21 AM, Gregory Rose wrote:
> >
> > On 6/26/2019 11:59 AM, Ben Pfaff wrote:
> >> On Wed, Jun 26, 2019 at 08:22:07AM -0700, William Tu wrote:
> >>> The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer 
> >>> 2 GRE
> >>> tunnel over IPv6, carrying inner ethernet packets and encap with GRE 
> >>> header
> >>> with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6 
> >>> GRE, ip6gre,
> >>> is not supported yet.  I tested it by running:
> >>>    # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
> >>> under kernel 5.2 and for userspace:
> >>>    # make check TESTSUITEFLAGS='-k ip6gretap'
> >>>
> >>> Signed-off-by: William Tu <u9012063@gmail.com>
> >>> Signed-off-by: Eli Britstein <elibr@mellanox.com>
> >>> Co-authored-by: Eli Britstein <elibr@mellanox.com>
> >>> Tested-by: Greg Rose <gvrose8192@gmail.com>
> >>> Reviewed-by: Greg Rose <gvrose8192@gmail.com>
> >> Thanks for working to generalize OVS tunnel support.
> >>
> >> For IPv4 GRE, we use the "gre" tunnel type and then we use
> >> options:packet_type to control whether the tunnel carries L2 or L3
> >> packets.  Is there a reason that IPv6 GRE should be different?
> >
> > Hi Ben,
> >
> > unfortunately there is a reason that ipv6 gre is different and that is 
> > because it uses the ARPHRD_IP6GRE HW type.  That
> > is not currently supported by openvswitch so the best we can do for 
> > ipv6 gre is support the L2 tap driver which uses
> > the ARPHRD_ETHER type.
> >
> > Thanks,
> >
> > - Greg
> >
> >>    That is,
> >> why not just have an "ip6gre" type and then use options:packet_type to
> >> control what packets flow through it?
> >>
> >> (Actually, is there a reason why we should have a separate ip6gre at
> >> all?  That is, why not just use "gre" and then control whether the outer
> >> protocol is IPv4 or IPv6 based on whether the local and remote IPs are
> >> IPv4 or IPv6?)
> 
> Hi Ben,
> 
> I had a similar comment in 
> https://mail.openvswitch.org/pipermail/ovs-dev/2019-June/359940.html
> 
> The pro points are clear. The cons are that there are already 
> "ip6erspan" separately from "erspan" (unless we do the same work to 
> unite them too). Regarding "ip6gre" vs "ip6gretap", I thought it might 
> be confusing as the type of the netdev is "ip6gretap" (for L2) and there 
> is "ip6gre" type for L3. In IPv4 case, it is like this too 
> ("gre"/"gretap", but there is support for both, so "gre" is more user 
> friendly). In IPv6 case, as William and Greg commented, L3 over IPv6 GRE 
> is not supported (at least yet).

I'd like to separate the current limitations from the desired "user
interface".  I understand that we can't currently support the full
matrix of outer IPv4/IPv6 versus inner packet type.  I am not sure that
that is a good reason to distinguish them from a configuration point of
view, especially if we ultimately might support the full matrix.  If
your configuration is orthogonal, then as you add support for new cells
in the matrix, you actually *delete* documentation that describes
limitations; if it is not, then you have to add documentation that
describes the new way to configure whatever new cell you added.
Gregory Rose June 27, 2019, 4:10 p.m. UTC | #7 
On 6/27/2019 7:51 AM, Ben Pfaff wrote:
> On Wed, Jun 26, 2019 at 03:21:49PM -0700, Gregory Rose wrote:
>> On 6/26/2019 11:59 AM, Ben Pfaff wrote:
>>> On Wed, Jun 26, 2019 at 08:22:07AM -0700, William Tu wrote:
>>>> The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer 2 GRE
>>>> tunnel over IPv6, carrying inner ethernet packets and encap with GRE header
>>>> with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6 GRE, ip6gre,
>>>> is not supported yet.  I tested it by running:
>>>>     # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
>>>> under kernel 5.2 and for userspace:
>>>>     # make check TESTSUITEFLAGS='-k ip6gretap'
>>>>
>>>> Signed-off-by: William Tu <u9012063@gmail.com>
>>>> Signed-off-by: Eli Britstein <elibr@mellanox.com>
>>>> Co-authored-by: Eli Britstein <elibr@mellanox.com>
>>>> Tested-by: Greg Rose <gvrose8192@gmail.com>
>>>> Reviewed-by: Greg Rose <gvrose8192@gmail.com>
>>> Thanks for working to generalize OVS tunnel support.
>>>
>>> For IPv4 GRE, we use the "gre" tunnel type and then we use
>>> options:packet_type to control whether the tunnel carries L2 or L3
>>> packets.  Is there a reason that IPv6 GRE should be different?
>> Hi Ben,
>>
>> unfortunately there is a reason that ipv6 gre is different and that is
>> because it uses the ARPHRD_IP6GRE HW type.  That
>> is not currently supported by openvswitch so the best we can do for ipv6 gre
>> is support the L2 tap driver which uses
>> the ARPHRD_ETHER type.
> I think that this is really an implementation detail.  Ideally, we would
> abstract the interface provided to our users (the configuration in the
> database, and the OpenFlow interface) from the implementation in the
> datapath.  This seems doubly true because I don't know a reason why this
> detail of the Linux kernel datapath would extend to other datapaths such
> as the userspace datapath.

I agree - there is a lot we could do to improve the user interface for 
all the gre based tunnels, including
erspan.  I'll see if I can find some time to work on this.  Adding 
ARPHRD_IP6GRE support to the kernel datapath
has not been scoped yet (SFAIK) and given all the subtle dependencies 
that developed because our kernel datapath
has only supported ARPHRD_ETHER in the past I want to express caution.  
But if L3 ip6gre support in the kernel
datapath is important then we can look at it.

-  Greg
William Tu June 27, 2019, 5:28 p.m. UTC | #8 
On Thu, Jun 27, 2019 at 9:10 AM Gregory Rose <gvrose8192@gmail.com> wrote:
>
>
>
> On 6/27/2019 7:51 AM, Ben Pfaff wrote:
> > On Wed, Jun 26, 2019 at 03:21:49PM -0700, Gregory Rose wrote:
> >> On 6/26/2019 11:59 AM, Ben Pfaff wrote:
> >>> On Wed, Jun 26, 2019 at 08:22:07AM -0700, William Tu wrote:
> >>>> The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer 2 GRE
> >>>> tunnel over IPv6, carrying inner ethernet packets and encap with GRE header
> >>>> with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6 GRE, ip6gre,
> >>>> is not supported yet.  I tested it by running:
> >>>>     # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
> >>>> under kernel 5.2 and for userspace:
> >>>>     # make check TESTSUITEFLAGS='-k ip6gretap'
> >>>>
> >>>> Signed-off-by: William Tu <u9012063@gmail.com>
> >>>> Signed-off-by: Eli Britstein <elibr@mellanox.com>
> >>>> Co-authored-by: Eli Britstein <elibr@mellanox.com>
> >>>> Tested-by: Greg Rose <gvrose8192@gmail.com>
> >>>> Reviewed-by: Greg Rose <gvrose8192@gmail.com>
> >>> Thanks for working to generalize OVS tunnel support.
> >>>
> >>> For IPv4 GRE, we use the "gre" tunnel type and then we use
> >>> options:packet_type to control whether the tunnel carries L2 or L3
> >>> packets.  Is there a reason that IPv6 GRE should be different?
> >> Hi Ben,
> >>
> >> unfortunately there is a reason that ipv6 gre is different and that is
> >> because it uses the ARPHRD_IP6GRE HW type.  That
> >> is not currently supported by openvswitch so the best we can do for ipv6 gre
> >> is support the L2 tap driver which uses
> >> the ARPHRD_ETHER type.
> > I think that this is really an implementation detail.  Ideally, we would
> > abstract the interface provided to our users (the configuration in the
> > database, and the OpenFlow interface) from the implementation in the
> > datapath.  This seems doubly true because I don't know a reason why this
> > detail of the Linux kernel datapath would extend to other datapaths such
> > as the userspace datapath.
>
> I agree - there is a lot we could do to improve the user interface for
> all the gre based tunnels, including
> erspan.  I'll see if I can find some time to work on this.  Adding
> ARPHRD_IP6GRE support to the kernel datapath
> has not been scoped yet (SFAIK) and given all the subtle dependencies
> that developed because our kernel datapath
> has only supported ARPHRD_ETHER in the past I want to express caution.
> But if L3 ip6gre support in the kernel
> datapath is important then we can look at it.
>
> -  Greg
>
Thanks for the feedbacks.

Let me work on v5 to use 'ip6gre' with packet_type = L2,
instead of using 'ip6gretap' and document that L3 ip6gre is
not supported yet. Once we have L3 support, we user interface
can remain the same.

--William
Ben Pfaff July 5, 2019, 8:38 p.m. UTC | #9 
On Thu, Jun 27, 2019 at 09:10:06AM -0700, Gregory Rose wrote:
> 
> 
> On 6/27/2019 7:51 AM, Ben Pfaff wrote:
> > On Wed, Jun 26, 2019 at 03:21:49PM -0700, Gregory Rose wrote:
> > > On 6/26/2019 11:59 AM, Ben Pfaff wrote:
> > > > On Wed, Jun 26, 2019 at 08:22:07AM -0700, William Tu wrote:
> > > > > The patch adds ip6gretap support. Tunnel type 'ip6gretap' is a layer 2 GRE
> > > > > tunnel over IPv6, carrying inner ethernet packets and encap with GRE header
> > > > > with outer IPv6 header.  Encapsulation of layer 3 packet over IPv6 GRE, ip6gre,
> > > > > is not supported yet.  I tested it by running:
> > > > >     # make check-kernel TESTSUITEFLAGS='-k ip6gretap'
> > > > > under kernel 5.2 and for userspace:
> > > > >     # make check TESTSUITEFLAGS='-k ip6gretap'
> > > > > 
> > > > > Signed-off-by: William Tu <u9012063@gmail.com>
> > > > > Signed-off-by: Eli Britstein <elibr@mellanox.com>
> > > > > Co-authored-by: Eli Britstein <elibr@mellanox.com>
> > > > > Tested-by: Greg Rose <gvrose8192@gmail.com>
> > > > > Reviewed-by: Greg Rose <gvrose8192@gmail.com>
> > > > Thanks for working to generalize OVS tunnel support.
> > > > 
> > > > For IPv4 GRE, we use the "gre" tunnel type and then we use
> > > > options:packet_type to control whether the tunnel carries L2 or L3
> > > > packets.  Is there a reason that IPv6 GRE should be different?
> > > Hi Ben,
> > > 
> > > unfortunately there is a reason that ipv6 gre is different and that is
> > > because it uses the ARPHRD_IP6GRE HW type.  That
> > > is not currently supported by openvswitch so the best we can do for ipv6 gre
> > > is support the L2 tap driver which uses
> > > the ARPHRD_ETHER type.
> > I think that this is really an implementation detail.  Ideally, we would
> > abstract the interface provided to our users (the configuration in the
> > database, and the OpenFlow interface) from the implementation in the
> > datapath.  This seems doubly true because I don't know a reason why this
> > detail of the Linux kernel datapath would extend to other datapaths such
> > as the userspace datapath.
> 
> I agree - there is a lot we could do to improve the user interface for all
> the gre based tunnels, including
> erspan.  I'll see if I can find some time to work on this.  Adding
> ARPHRD_IP6GRE support to the kernel datapath
> has not been scoped yet (SFAIK) and given all the subtle dependencies that
> developed because our kernel datapath
> has only supported ARPHRD_ETHER in the past I want to express caution.  But
> if L3 ip6gre support in the kernel
> datapath is important then we can look at it.

I don't think it's important to add support for ARPHRD_IP6GRE.  I'm only
concerned about a consistent interface here, not about particular
feature support.
diff mbox series

Patch

diff --git a/Documentation/faq/configuration.rst b/Documentation/faq/configuration.rst
index cb2c6b4eca98..c9bcfa8a790d 100644
--- a/Documentation/faq/configuration.rst
+++ b/Documentation/faq/configuration.rst
@@ -212,6 +212,18 @@  Q: Does Open vSwitch support ERSPAN?
                 options:erspan_ver=2 options:erspan_dir=1 \
                 options:erspan_hwid=4
 
+Q: Does Open vSwitch support IPv6 GRE?
+
+    A: Yes. L2 tunnel interface GRE over IPv6 is supported.
+    L3 GRE tunnel over IPv6 is not supported.
+
+    ::
+
+        $ ovs-vsctl add-br br0
+        $ ovs-vsctl add-port br0 at_gretap0 -- \
+                set int at_gretap0 type=ip6gretap \
+                options:remote_ip=fc00:100::1
+
 Q: How do I connect two bridges?
 
     A: First, why do you want to do this?  Two connected bridges are not much
diff --git a/NEWS b/NEWS
index a38ab258fc6c..c7e84ed7931d 100644
--- a/NEWS
+++ b/NEWS
@@ -47,6 +47,7 @@  Post-v2.11.0
    - Linux datapath:
      * Support for the kernel versions 4.19.x and 4.20.x.
      * Support for the kernel version 5.0.x.
+   - Add L2 GRE tunnel over IPv6 support.
 
 
 v2.11.0 - 19 Feb 2019
diff --git a/datapath/linux/compat/ip6_gre.c b/datapath/linux/compat/ip6_gre.c
index ca4e66133570..ab50c72d0753 100644
--- a/datapath/linux/compat/ip6_gre.c
+++ b/datapath/linux/compat/ip6_gre.c
@@ -2550,7 +2550,7 @@  static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
 };
 
 static struct rtnl_link_ops ip6gre_tap_ops __read_mostly = {
-	.kind		= "ip6gre",
+	.kind		= "ip6gretap",
 	.maxtype	= RPL_IFLA_GRE_MAX,
 	.policy		= ip6gre_policy,
 	.priv_size	= sizeof(struct ip6_tnl),
diff --git a/lib/dpif-netlink-rtnl.c b/lib/dpif-netlink-rtnl.c
index 2e23a8c14fcf..d666f239aeed 100644
--- a/lib/dpif-netlink-rtnl.c
+++ b/lib/dpif-netlink-rtnl.c
@@ -104,7 +104,7 @@  vport_type_to_kind(enum ovs_vport_type type,
     case OVS_VPORT_TYPE_IP6ERSPAN:
         return "ip6erspan";
     case OVS_VPORT_TYPE_IP6GRE:
-        return "ip6gre";
+        return "ip6gretap";
     case OVS_VPORT_TYPE_NETDEV:
     case OVS_VPORT_TYPE_INTERNAL:
     case OVS_VPORT_TYPE_LISP:
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index ba80a0079181..fc1d1591975e 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -699,7 +699,7 @@  get_vport_type(const struct dpif_netlink_vport *vport)
         return "ip6erspan"; 
 
     case OVS_VPORT_TYPE_IP6GRE:
-        return "ip6gre";
+        return "ip6gretap";
 
     case OVS_VPORT_TYPE_UNSPEC:
     case __OVS_VPORT_TYPE_MAX:
@@ -730,6 +730,8 @@  netdev_to_ovs_vport_type(const char *type)
         return OVS_VPORT_TYPE_ERSPAN;
     } else if (!strcmp(type, "ip6erspan")) {
         return OVS_VPORT_TYPE_IP6ERSPAN;
+    } else if (!strcmp(type, "ip6gretap")) {
+        return OVS_VPORT_TYPE_IP6GRE;
     } else if (!strcmp(type, "ip6gre")) {
         return OVS_VPORT_TYPE_IP6GRE;
     } else if (!strcmp(type, "gre")) {
diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index 92a256af16ed..5a20415529eb 100644
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -1212,10 +1212,10 @@  netdev_vport_tunnel_register(void)
           },
           {{NULL, NULL, 0, 0}}
         },
-        { "ip6gre_sys",
+        { "ip6gretap_sys",
           {
               TUNNEL_FUNCTIONS_COMMON,
-              .type = "ip6gre",
+              .type = "ip6gretap",
               .build_header = netdev_gre_build_header,
               .push_header = netdev_gre_push_header,
               .pop_header = netdev_gre_pop_header
diff --git a/lib/tnl-ports.c b/lib/tnl-ports.c
index 17353046cc6e..62065c0027cd 100644
--- a/lib/tnl-ports.c
+++ b/lib/tnl-ports.c
@@ -172,7 +172,8 @@  tnl_type_to_nw_proto(const char type[])
         return IPPROTO_TCP;
     }
     if (!strcmp(type, "gre") || !strcmp(type, "erspan") ||
-        !strcmp(type, "ip6erspan") || !strcmp(type, "ip6gre")) {
+        !strcmp(type, "ip6erspan") || !strcmp(type, "ip6gre") ||
+        !strcmp(type, "ip6gretap")) {
         return IPPROTO_GRE;
     }
     if (!strcmp(type, "vxlan")) {
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index d23ee897b0b2..43056733794a 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -340,6 +340,46 @@  NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PI
 OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
+AT_SETUP([datapath - ping over ip6gretap tunnel])
+OVS_CHECK_KERNEL_EXCL(3, 10, 4, 15)
+OVS_CHECK_GRE()
+OVS_CHECK_ERSPAN()
+
+OVS_TRAFFIC_VSWITCHD_START()
+ADD_BR([br-underlay])
+
+AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"])
+AT_CHECK([ovs-ofctl add-flow br-underlay "actions=normal"])
+
+ADD_NAMESPACES(at_ns0)
+
+dnl Set up underlay link from host into the namespace using veth pair.
+ADD_VETH(p0, at_ns0, br-underlay, "fc00:100::1/96", [], [], nodad)
+AT_CHECK([ip addr add dev br-underlay "fc00:100::100/96" nodad])
+AT_CHECK([ip link set dev br-underlay up])
+
+dnl Set up tunnel endpoints on OVS outside the namespace and with a native
+dnl linux device inside the namespace.
+ADD_OVS_TUNNEL6([ip6gretap], [br0], [at_gretap0], [fc00:100::1], [10.1.1.100/24],
+                [])
+ADD_NATIVE_TUNNEL6([ip6gretap], [ns_gretap0], [at_ns0], [fc00:100::100],
+                   [10.1.1.1/24], [local fc00:100::1])
+
+OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 2 fc00:100::100])
+
+dnl First, check the underlay
+NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -w 2 fc00:100::100 | FORMAT_PING], [0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+dnl Okay, now check the overlay with different packet sizes
+NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+OVS_TRAFFIC_VSWITCHD_STOP
+AT_CLEANUP
+
+
 AT_SETUP([datapath - ping over erspan v1 tunnel])
 OVS_CHECK_KERNEL_EXCL(3, 10, 4, 15)
 OVS_CHECK_GRE()
diff --git a/tests/tunnel-push-pop-ipv6.at b/tests/tunnel-push-pop-ipv6.at
index cbdd5a32f719..07dd6ab504a0 100644
--- a/tests/tunnel-push-pop-ipv6.at
+++ b/tests/tunnel-push-pop-ipv6.at
@@ -1,5 +1,73 @@ 
 AT_BANNER([tunnel_push_pop_ipv6])
 
+AT_SETUP([tunnel_push_pop_ipv6 - ip6gretap])
+
+OVS_VSWITCHD_START([add-port br0 p0 -- set Interface p0 type=dummy ofport_request=1 other-config:hwaddr=aa:55:aa:55:00:00])
+AT_CHECK([ovs-vsctl add-br int-br -- set bridge int-br datapath_type=dummy], [0])
+AT_CHECK([ovs-vsctl add-port int-br t2 -- set Interface t2 type=ip6gretap \
+                       options:remote_ip=2001:cafe::92 ofport_request=2\
+                       ], [0])
+
+AT_CHECK([ovs-appctl dpif/show], [0], [dnl
+dummy@ovs-dummy: hit:0 missed:0
+  br0:
+    br0 65534/100: (dummy-internal)
+    p0 1/1: (dummy)
+  int-br:
+    int-br 65534/2: (dummy-internal)
+    t2 2/6: (ip6gretap: remote_ip=2001:cafe::92)
+])
+
+dnl First setup dummy interface IP address, then add the route
+dnl so that tnl-port table can get valid IP address for the device.
+AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/24], [0], [OK
+])
+AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 2001:cafe::92/24 br0], [0], [OK
+])
+
+AT_CHECK([ovs-ofctl add-flow br0 action=normal])
+
+dnl Check Neighbour discovery.
+AT_CHECK([ovs-vsctl -- set Interface p0 options:pcap=p0.pcap])
+
+AT_CHECK([ovs-appctl netdev-dummy/receive int-br 'in_port(2),eth(src=aa:55:aa:55:00:00,dst=f8:bc:12:ff:ff:ff),eth_type(0x0800),ipv4(src=1.1.3.92,dst=1.1.3.88,proto=1,tos=0,ttl=64,frag=no),icmp(type=0,code=0)'])
+AT_CHECK([ovs-pcap p0.pcap > p0.pcap.txt 2>&1])
+
+AT_CHECK([cat p0.pcap.txt | grep 92aa55aa55000086dd6000000000203aff2001cafe | uniq], [0], [dnl
+3333ff000092aa55aa55000086dd6000000000203aff2001cafe000000000000000000000088ff0200000000000000000001ff00009287004d48000000002001cafe0000000000000000000000920101aa55aa550000
+])
+
+dnl
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'in_port(1),eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:00),eth_type(0x86dd),ipv6(src=2001:cafe::92,dst=2001:cafe::88,label=0,proto=58,tclass=0,hlimit=255,frag=no),icmpv6(type=136,code=0),nd(target=2001:cafe::92,sll=00:00:00:00:00:00,tll=f8:bc:12:44:34:b6)'])
+
+AT_CHECK([ovs-appctl tnl/arp/show | tail -n+3 | sort], [0], [dnl
+2001:cafe::92                                 f8:bc:12:44:34:b6   br0
+])
+
+AT_CHECK([ovs-appctl tnl/ports/show |sort], [0], [dnl
+Listening ports:
+ip6gretap_sys (6) ref_cnt=1
+])
+
+dnl Check IPv6 GRE tunnel pop
+AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(1),eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:00),eth_type(0x86dd),ipv6(src=2001:cafe::92,dst=2001:cafe::88,label=0,proto=47,tclass=0x0,hlimit=64)'], [0], [stdout])
+AT_CHECK([tail -1 stdout], [0],
+  [Datapath actions: tnl_pop(6)
+])
+
+dnl Check IPv6 GRE tunnel push
+AT_CHECK([ovs-ofctl add-flow int-br action=2])
+AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(2),eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:01),eth_type(0x0800),ipv4(src=1.1.3.88,dst=1.1.3.112,proto=47,tos=0,ttl=64,frag=no)'], [0], [stdout])
+
+AT_CHECK([tail -1 stdout], [0],
+  [Datapath actions: clone(tnl_push(tnl_port(6),header(size=58,type=109,eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x86dd),ipv6(src=2001:cafe::88,dst=2001:cafe::92,label=0,proto=47,tclass=0x0,hlimit=64),gre((flags=0x0,proto=0x6558))),out_port(100)),1)
+])
+
+OVS_VSWITCHD_STOP
+AT_CLEANUP
+
 AT_SETUP([tunnel_push_pop_ipv6 - ip6erspan])
 
 OVS_VSWITCHD_START([add-port br0 p0 -- set Interface p0 type=dummy ofport_request=1 other-config:hwaddr=aa:55:aa:55:00:00])
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index bf4b6f8dc621..b7d81cdaa1cc 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -2561,10 +2561,16 @@ 
 
           <dt><code>gre</code></dt>
           <dd>
-            Generic Routing Encapsulation (GRE) over IPv4/IPv6 tunnel,
+            Generic Routing Encapsulation (GRE) over IPv4 tunnel,
             configurable to encapsulate layer 2 or layer 3 traffic.
           </dd>
 
+          <dt><code>ip6gretap</code></dt>
+          <dd>
+            Generic Routing Encapsulation (GRE) over IPv6 tunnel,
+            encapsulate layer 2 traffic.
+          </dd>
+
           <dt><code>vxlan</code></dt>
           <dd>
             <p>
@@ -2623,8 +2629,8 @@ 
     <group title="Tunnel Options">
       <p>
         These options apply to interfaces with <ref column="type"/> of
-        <code>geneve</code>, <code>gre</code>, <code>vxlan</code>,
-        <code>lisp</code> and <code>stt</code>.
+        <code>geneve</code>, <code>gre</code>, <code>ip6gretap</code>,
+        <code>vxlan</code>, <code>lisp</code> and <code>stt</code>.
       </p>
 
       <p>
@@ -2921,10 +2927,10 @@ 
         </column>
       </group>
 
-      <group title="Tunnel Options: gre, geneve, and vxlan">
+      <group title="Tunnel Options: gre, ip6gretap, geneve, and vxlan">
         <p>
-          <code>gre</code>, <code>geneve</code>, and
-          <code>vxlan</code> interfaces support these options.
+          <code>gre</code>, <code>ip6gretap</code>, <code>geneve</code>,
+          and <code>vxlan</code> interfaces support these options.
         </p>
 
         <column name="options" key="csum" type='{"type": "boolean"}'>
@@ -2938,8 +2944,9 @@ 
           <p>
             When using the upstream Linux kernel module, computation of
             checksums for <code>geneve</code> and <code>vxlan</code> requires
-            Linux kernel version 4.0 or higher. <code>gre</code> supports
-            checksums for all versions of Open vSwitch that support GRE.
+            Linux kernel version 4.0 or higher. <code>gre</code> and
+            <code>ip6gretap</code> support checksums for all versions of
+            Open vSwitch that support GRE.
             The out of tree kernel module distributed as part of OVS
             can compute all tunnel checksums on any kernel version that it
             is compatible with.
@@ -2951,10 +2958,11 @@ 
       <group title="Tunnel Options: IPsec">
         <p>
           Setting any of these options enables IPsec support for a given
-          tunnel.  <code>gre</code>, <code>geneve</code>, <code>vxlan</code>,
-          and <code>stt</code> interfaces support these options.  See the
-          <code>IPsec</code> section in the <ref table="Open_vSwitch"/> table
-          for a description of each mode.
+          tunnel.  <code>gre</code>, <code>ip6gretap</code>,
+          <code>geneve</code>, <code>vxlan</code> and <code>stt</code>
+          interfaces support these options.  See the <code>IPsec</code>
+          section in the <ref table="Open_vSwitch"/> table for a description
+          of each mode.
         </p>
         <column name="options" key="psk" type='{"type": "string"}'>
           <p>