# man ovs-vswitchd.conf.db
dot1q-tunnel
A dot1q-tunnel port is somewhat like an access port. Like an access port, it carries packets on the single VLAN specified in the tag column and this VLAN,
called the service VLAN, does not appear in an 802.1Q header for packets that ingress or egress on the port. The main difference lies in the behavior when
packets that include a 802.1Q header ingress on the port. Whereas an access port drops such packets, a dot1q-tunnel port treats these as double-tagged with
the outer service VLAN tag and the inner customer VLAN taken from the 802.1Q header. Correspondingly, to egress on the port, a packet outer VLAN (or only
VLAN) must be tag, which is removed before egress, which exposes the inner (customer) VLAN if one is present.
If cvlans is set, only allows packets in the specified customer VLANs.
other_config : qinq-ethtype: optional string, either 802.1ad or 802.1q
For a dot1q-tunnel port, this is the TPID for the service tag, that is, for the 802.1Q header that contains the service VLAN ID. Because packets that actually
ingress and egress a dot1q-tunnel port do not include an 802.1Q header for the service VLAN, this does not affect packets on the dot1q-tunnel port itself. Rather,
it determines the service VLAN for a packet that ingresses on a dot1q-tunnel port and egresses on a trunk port.
The value 802.1ad specifies TPID 0x88a8, which is also the default if the setting is omitted. The value 802.1q specifies TPID 0x8100.
# ovs-vsctl add-port br enp4s0f0_1 tag=1000 vlan-mode=dot1q-tunnel -- set Interface enp4s0f0_1 ofport_request=2
# ovs-vsctl set Port enp4s0f0_1 other_config:qinq-ethtype=802.1q
# ovs-vsctl set Port enp4s0f0_1 other_config:qinq-ethtype=802.1ad # default value
# ovs-vsctl show
f6e5c4c7-1613-4e8a-aab4-7369caa10dbd
Bridge br
Port br
Interface br
type: internal
Port "enp4s0f0"
Interface "enp4s0f0"
Port "enp4s0f0_1"
tag: 1000
Interface "enp4s0f0_1"
Port "enp4s0f0_0"
tag: 1000
Interface "enp4s0f0_0"
Port "enp4s0f0_2"
tag: 1000
Interface "enp4s0f0_2"
ovs_version: "2.11.90"
commit fed8962aff57f552163ef718cc1b0db582f2295e
Author: Eric Garver <[email protected]>
Date: Wed Mar 1 17:48:00 2017 -0500
Add new port VLAN mode "dot1q-tunnel"
- Example:
ovs-vsctl set Port p1 vlan_mode=dot1q-tunnel tag=100
Pushes another VLAN 100 header on packets (tagged and untagged) on
ingress, and pops it on egress.
- Customer VLAN check:
ovs-vsctl set Port p1 vlan_mode=dot1q-tunnel tag=100 cvlans=10,20
Only customer VLAN of 10 and 20 are allowed.
Co-authored-by: Xiao Liang <[email protected]>
Signed-off-by: Xiao Liang <[email protected]>
Signed-off-by: Eric Garver <[email protected]>
Signed-off-by: Ben Pfaff <[email protected]>
調用關係如下:
recv_upcalls
flow_extract
miniflow_extract
process_upcall
upcall_xlate(SLOW_PATH_UPCALL)
xlate_actions
do_xlate_actions(OFPACT_OUTPUT)
xlate_output_action(OFPP_NORMAL)
xlate_normal
xvlan_extract
xvlan_input_translate
如果虛擬機裏面已經帶了vlan tag,並且ovs的port配成了默認的access port,packet就會被drop。
2019-05-11T07:34:16.471Z|00038|ofproto_dpif_xlate(handler85)|WARN|dropping VLAN 5 tagged packet received on port enp4s0f0_1 configured as VLAN 1000 access port on bridge br while processing arp,in_port=2,dl_vlan=5,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=02:25:d0:14:01:02,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=1.1.14.1,arp_tpa=1.1.13.1,arp_op=1,arp_sha=02:25:d0:14:01:02,arp_tha=00:00:00:00:00:00
如果配成dot1q-tunnel模式就沒有問題。
17:13:24.846272 02:25:d0:13:01:02 > 02:25:d0:14:01:02, ethertype 802.1Q-QinQ (0x88a8), length 106: vlan 1000, p 0, ethertype 802.1Q, vlan 5, p 0, ethertype IPv4, 1.1.13.1 > 1.1.14.1: ICMP echo reply, id 10020, seq 117, length 64
0x0000: 0225 d014 0102 0225 d013 0102 88a8 03e8 .%.....%........
0x0010: 8100 0005 0800 4500 0054 fcc7 0000 4001 ......E..T....@.
0x0020: 60de 0101 0d01 0101 0e01 0000 e670 2724 `............p'$
0x0030: 0075 b4e3 d75c 0000 0000 9ae2 0c00 0000 .u...\..........
0x0040: 0000 1011 1213 1415 1617 1819 1a1b 1c1d ................
0x0050: 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d ...!"#$%&'()*+,-
0x0060: 2e2f 3031 3233 3435 3637 ./01234567
還需要注意的是rxvlan要設置爲off。