1418742 – Backport OVN checksum option to downstream OVS 2.6

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1418742 - Backport OVN checksum option to downstream OVS 2.6

Summary: Backport OVN checksum option to downstream OVS 2.6

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	openvswitch
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Timothy Redaelli
QA Contact:	qding
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-02-02 15:34 UTC by Numan Siddique
Modified:	2017-07-12 15:26 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-07-12 15:24:15 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Numan Siddique 2017-02-02 15:34:06 UTC

Description of problem:
The commit https://github.com/openvswitch/ovs/commit/924f0e9f43823fa6a46783c3140eaf1bfc5ac99c adds the option to enable or disable tunnel checksum offload and this needs to be backported to our internal builds.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Numan Siddique 2017-02-02 15:36:34 UTC

This patch is applicable for OVN which I missed in the description.

Comment 5 qding 2017-02-28 03:19:12 UTC

Hi Numan,

Can you please give some suggestions on verifying the BZ?

Thanks
QJ

Comment 6 Numan Siddique 2017-02-28 11:16:09 UTC

By default, the tunnel checksum is enabled by OVN. If you have two chassis and Geneve tunnel established between them, when you run ovs-vsctl show, you should see "csum=true" for the geneve port.

Eg.
$ovs-ovsctl show
 Port "ovn-96c3f0-0"
            Interface "ovn-96c3f0-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="192.0.2.6"}


You can enable or disable the tunnel checksum by running the below command on each chassis

sudo ovs-vsctl set open . external_ids:ovn-encap-csum=true/false

From OVN's perspective, setting the ovn-encap-csum value should get reflected in the tunnel port's option:csum value.

Comment 7 Lance Richardson 2017-02-28 12:55:04 UTC

(In reply to Numan Siddique from comment #6)
> By default, the tunnel checksum is enabled by OVN. If you have two chassis
> and Geneve tunnel established between them, when you run ovs-vsctl show, you
> should see "csum=true" for the geneve port.
> 
> Eg.
> $ovs-ovsctl show
>  Port "ovn-96c3f0-0"
>             Interface "ovn-96c3f0-0"
>                 type: geneve
>                 options: {csum="true", key=flow, remote_ip="192.0.2.6"}
> 
> 
> You can enable or disable the tunnel checksum by running the below command
> on each chassis
> 
> sudo ovs-vsctl set open . external_ids:ovn-encap-csum=true/false
> 
> From OVN's perspective, setting the ovn-encap-csum value should get
> reflected in the tunnel port's option:csum value.

This option controls whether the outer UDP checksum is computed for
Geneve tunnel encapsulation, another way to verify that this feature
is working correctly would be to inspect tcpdump packet captures to
see whether the outer UDP checksum for Geneve packets is always zero
(csum="false") versus always non-zero (csum="true").

Comment 8 qding 2017-03-08 05:54:12 UTC

No effect to change external_ids:ovn-encap-csum

[root@dell-per730-05 ovn]# rpm -q openvswitch
openvswitch-2.6.1-10.git20161206.el7fdp.x86_64
[root@dell-per730-04 ~]# rpm -qa | grep ovn
openvswitch-ovn-central-2.6.1-10.git20161206.el7fdp.x86_64
openvswitch-ovn-common-2.6.1-10.git20161206.el7fdp.x86_64
openvswitch-ovn-host-2.6.1-10.git20161206.el7fdp.x86_64
[root@dell-per730-04 ~]# 
[root@dell-per730-05 ovn]# ovs-vsctl set open . external_ids:ovn-encap-csum=false
[root@dell-per730-05 ovn]# ovs-vsctl get open . external_ids:ovn-encap-csum
"false"
[root@dell-per730-05 ovn]# ovs-vsctl show
06957b2a-8fb2-48e9-8f13-fef4eeb60cf1
    Bridge br-int
        fail_mode: secure
        Port "hv0_vm01_vnet1"
            Interface "hv0_vm01_vnet1"
        Port "hv0_vm01_vnet2"
            Interface "hv0_vm01_vnet2"
        Port br-int
            Interface br-int
                type: internal
        Port "ovn-4bd503-0"
            Interface "ovn-4bd503-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="192.168.1.86"}
        Port "hv0_vm00_vnet1"
            Interface "hv0_vm00_vnet1"
        Port "hv0_vm00_vnet2"
            Interface "hv0_vm00_vnet2"
    ovs_version: "2.6.1"
[root@dell-per730-05 ovn]#

Comment 9 Numan Siddique 2017-03-08 11:20:11 UTC

Strange.

I just verified it and it is working as expected.

[heat-admin@overcloud-novacompute-1 ~]$  rpm -q openvswitch
openvswitch-2.6.90-1.el7.centos.x86_64
[heat-admin@overcloud-novacompute-1 ~]$ rpm -q openvswitch-ovn-host
openvswitch-ovn-host-2.6.1-10.git20161206.el7.centos.x86_64

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-vsctl get open_vswitch . external_ids
{hostname="overcloud-novacompute-1.localdomain", ovn-bridge-mappings="datacentre:br-ex", ovn-encap-csum="true", ovn-encap-ip="182.16.0.10", ovn-encap-type=geneve, ovn-remote="tcp:182.16.0.24:6642", system-id="1169fc23-143a-4eb3-bbc3-2129c3945fd7"}
[heat-admin@overcloud-novacompute-1 ~]$ ovn-sbctl --db=tcp:182.16.0.24:6642 show
Chassis "4a1aaa24-a9a9-48a8-a1c9-1e19c8f636c7"
    hostname: "overcloud-novacompute-0.localdomain"
    Encap geneve
        ip: "182.16.0.16"
        options: {csum="true"}
    Port_Binding "65facc81-0356-4d05-aca1-3272310bf4d6"
    Port_Binding "d7de27d8-0457-42c4-b026-3ed48798fe5a"
Chassis "1169fc23-143a-4eb3-bbc3-2129c3945fd7"
    hostname: "overcloud-novacompute-1.localdomain"
    Encap geneve
        ip: "182.16.0.10"
        options: {csum="true"}
    Port_Binding "797c0c36-f888-4595-8804-98b9e35e11e0"
    Port_Binding "3ad7425e-a54b-482e-88ca-f98c56368b41"
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-vsctl set open_vswitch . external_ids:ovn-encap-csum=false
[heat-admin@overcloud-novacompute-1 ~]$ ovn-sbctl --db=tcp:182.16.0.24:6642 show
Chassis "4a1aaa24-a9a9-48a8-a1c9-1e19c8f636c7"
    hostname: "overcloud-novacompute-0.localdomain"
    Encap geneve
        ip: "182.16.0.16"
        options: {csum="false"}
    Port_Binding "65facc81-0356-4d05-aca1-3272310bf4d6"
    Port_Binding "d7de27d8-0457-42c4-b026-3ed48798fe5a"
Chassis "1169fc23-143a-4eb3-bbc3-2129c3945fd7"
    hostname: "overcloud-novacompute-1.localdomain"
    Encap geneve
        ip: "182.16.0.10"
        options: {csum="false"}
    Port_Binding "797c0c36-f888-4595-8804-98b9e35e11e0"
    Port_Binding "3ad7425e-a54b-482e-88ca-f98c56368b41"
[heat-admin@overcloud-novacompute-1 ~]$ 
[heat-admin@overcloud-novacompute-1 ~]$ 
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-vsctl show
ef47e930-a347-42ff-b5d3-b62774704fae
    Bridge br-int
        fail_mode: secure
        Port "tap797c0c36-f8"
            Interface "tap797c0c36-f8"
        Port br-int
            Interface br-int
                type: internal
        Port "vm1"
            Interface "vm1"
                type: internal
        Port "ovn-4a1aaa-0"
            Interface "ovn-4a1aaa-0"
                type: geneve
                options: {csum="false", key=flow, remote_ip="182.16.0.16"}
    ovs_version: "2.6.90"

Comment 10 qding 2017-03-10 08:23:53 UTC

(In reply to Numan Siddique from comment #9)
> 
> [heat-admin@overcloud-novacompute-1 ~]$  rpm -q openvswitch
> openvswitch-2.6.90-1.el7.centos.x86_64
> [heat-admin@overcloud-novacompute-1 ~]$ rpm -q openvswitch-ovn-host
> openvswitch-ovn-host-2.6.1-10.git20161206.el7.centos.x86_64
> 

We use different packages.
I get packages from http://download-node-02.eng.bos.redhat.com/brewroot/packages/openvswitch/2.6.1/10.git20161206.el7fdp/x86_64/
Can you please try with the packages?
And is kernel relevant? I use RHEL-7.3, kernel-3.10.0-514.el7.

Thanks.

Comment 11 qding 2017-03-14 12:28:39 UTC

Hi Numan,

Could you please help have a try as in Comment#10?

Thanks
QJ

Comment 12 Numan Siddique 2017-03-14 14:51:34 UTC

Hi QJ,

When I tested i used centos (with kernel 3.10.0-514.2...) and used the packages from the above link. I downloaded the src rpm and built myself.

I no longer have the  access to the setup where I tested it. I will test locally on my setup (with centos).

It would be great, if it is possible for you to give access to your setup.

Comment 13 Numan Siddique 2017-03-15 14:00:25 UTC

Hi QJ,

I tested locally with 2 VMs (running centos) and I could see that it's working 

Below are the details

Node 1
------

$ uname -a
Linux v_centos 3.10.0-514.2.2.el7.x86_64 #1 SMP Tue Dec 6 23:06:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q openvswitch-*
package openvswitch-2.6.1-10.git20161206.el7fdp.x86_64.rpm is not installed
package openvswitch-ovn-central-2.6.1-10.git20161206.el7fdp.x86_64.rpm is not installed
package openvswitch-ovn-common-2.6.1-10.git20161206.el7fdp.x86_64.rpm is not installed
package openvswitch-ovn-host-2.6.1-10.git20161206.el7fdp.x86_64.rpm is not installed

$ sudo ovs-vsctl set open . external_ids:ovn-encap-csum=true
[vagrant@v_centos ovs_rpms]$ sudo ovs-vsctl show
e62ca127-e486-428c-a201-50d8e3e015c8
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "ovn-fd902d-0"
            Interface "ovn-fd902d-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="10.70.1.2"}
    ovs_version: "2.6.1"

$ sudo ovn-sbctl show
Chassis "742ff26a-8025-44d9-954c-603f09042222"
    hostname: v_centos
    Encap geneve
        ip: "10.70.1.97"
        options: {csum="true"}
Chassis "fd902dd0-0951-48a4-a3e8-d4b6fdcdf3d6"
    hostname: s_centos
    Encap geneve
        ip: "10.70.1.2"
        options: {csum="true"}


Now if I set encap-csum to false on node 1, I see the below output

$ sudo ovs-vsctl set open . external_ids:ovn-encap-csum=false
[vagrant@v_centos ovs_rpms]$ sudo ovs-vsctl show
e62ca127-e486-428c-a201-50d8e3e015c8
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "ovn-fd902d-0"
            Interface "ovn-fd902d-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="10.70.1.2"}
    ovs_version: "2.6.1"

[vagrant@v_centos ovs_rpms]$ sudo ovn-sbctl show
Chassis "742ff26a-8025-44d9-954c-603f09042222"
    hostname: v_centos
    Encap geneve
        ip: "10.70.1.97"
        options: {csum="false"}
Chassis "fd902dd0-0951-48a4-a3e8-d4b6fdcdf3d6"
    hostname: s_centos
    Encap geneve
        ip: "10.70.1.2"
        options: {csum="true"}


# Now If I set encap-csum to false on the other node, I see the below output

Node 2
------
$ sudo ovs-vsctl set open . external_ids:ovn-encap-csum=false
$ sudo ovs-vsctl show
96d4a3d7-c2d9-4179-9c0b-6e5939544340
    Bridge br-int
        fail_mode: secure
        Port "ovn-742ff2-0"
            Interface "ovn-742ff2-0"
                type: geneve
                options: {csum="false", key=flow, remote_ip="10.70.1.97"}
        Port br-int
            Interface br-int
                type: internal
    ovs_version: "2.6.1"


Node 1
------
$ sudo ovn-sbctl show
Chassis "742ff26a-8025-44d9-954c-603f09042222"
    hostname: v_centos
    Encap geneve
        ip: "10.70.1.97"
        options: {csum="false"}
Chassis "fd902dd0-0951-48a4-a3e8-d4b6fdcdf3d6"
    hostname: s_centos
    Encap geneve
        ip: "10.70.1.2"
        options: {csum="false"}

$ sudo ovs-vsctl show
e62ca127-e486-428c-a201-50d8e3e015c8
    Bridge br-int
        fail_mode: secure
        Port "ovn-fd902d-0"
            Interface "ovn-fd902d-0"
                type: geneve
                options: {csum="false", key=flow, remote_ip="10.70.1.2"}
        Port br-int
            Interface br-int
                type: internal
    ovs_version: "2.6.1"


I suspect you are not setting encap-csum=false on the other node. 
Can you share me the output of "sudo ovn-sbctl show" ?

Thanks
Numan

Comment 14 qding 2017-03-16 02:29:58 UTC

Hi Numan,

I set it on both machines, but it still fails. The log for both machines are as below. You can use the machines with user(root) and passwd(redhat). Thanks.
dell-per730-04.rhts.eng.pek2.redhat.com
dell-per730-05.rhts.eng.pek2.redhat.com

[root@dell-per730-04 ~]# ovs-vsctl get open . external_ids:ovn-encap-csum
"false"
[root@dell-per730-04 ~]# ovn-sbctl show
Chassis "0d4c15f3-73a4-48f4-98fa-dfccad59f2e7"
    hostname: "dell-per730-04.rhts.eng.pek2.redhat.com"
    Encap geneve
        ip: "192.168.1.86"
        options: {csum="true"}
    Port_Binding "5473c488-1990-40bb-ba3a-ab68ea49b7b3"
    Port_Binding "hv1_vm00_vnet2"
    Port_Binding "hv1_vm00_vnet1"
Chassis "6df092f5-8b56-414b-8c5d-07580de1667a"
    hostname: "dell-per730-05.rhts.eng.pek2.redhat.com"
    Encap geneve
        ip: "192.168.1.182"
        options: {csum="true"}
    Port_Binding "hv0_vm00_vnet1"
    Port_Binding "hv0_vm01_vnet1"
    Port_Binding "hv0_vm01_vnet2"
    Port_Binding "hv0_vm00_vnet2"
[root@dell-per730-04 ~]# ovs-vsctl show
6c66ee7d-fd38-4540-963a-3a4d5896d42c
    Bridge br-int
        fail_mode: secure
        Port "ovn-6df092-0"
            Interface "ovn-6df092-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="192.168.1.182"}
        Port br-int
            Interface br-int
                type: internal
        Port "hv1_vm00_vnet1"
            Interface "hv1_vm00_vnet1"
        Port "vnet1"
            Interface "vnet1"
        Port "hv1_vm00_vnet2"
            Interface "hv1_vm00_vnet2"
    ovs_version: "2.6.1"
[root@dell-per730-04 ~]# 


[root@dell-per730-05 ~]# ovs-vsctl get open . external_ids:ovn-encap-csum
"false"
[root@dell-per730-05 ~]# ovs-vsctl show
dc842a50-d04d-4c91-bc91-dd50e5ae8f79
    Bridge br-int
        fail_mode: secure
        Port "ovn-0d4c15-0"
            Interface "ovn-0d4c15-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="192.168.1.86"}
        Port "hv0_vm01_vnet2"
            Interface "hv0_vm01_vnet2"
        Port "hv0_vm00_vnet2"
            Interface "hv0_vm00_vnet2"
        Port "hv0_vm01_vnet1"
            Interface "hv0_vm01_vnet1"
        Port br-int
            Interface br-int
                type: internal
        Port "hv0_vm00_vnet1"
            Interface "hv0_vm00_vnet1"
    ovs_version: "2.6.1"
[root@dell-per730-05 ~]#

Comment 15 Numan Siddique 2017-03-17 11:59:44 UTC

I logged into the machines and I found an issue with the machine - dell-per730-04. It was not configured with the IP address - 192.168.1.86 on the interface p5p1.
So I added the ip

#ip addr add 192.168.1.86/24 dev p5p1

It's working as expected.

Comment 16 qding 2017-03-20 02:11:59 UTC

(In reply to Numan Siddique from comment #15)
Thanks so much.

Comment 17 qding 2017-03-20 02:38:02 UTC

[root@dell-per730-04 ovn]# rpm -qa | grep openvswitch
openvswitch-ovn-central-2.6.1-10.git20161206.el7fdp.x86_64
openvswitch-ovn-common-2.6.1-10.git20161206.el7fdp.x86_64
openvswitch-ovn-host-2.6.1-10.git20161206.el7fdp.x86_64
openvswitch-2.6.1-10.git20161206.el7fdp.x86_64
[root@dell-per730-04 ovn]# 
[root@dell-per730-04 ovn]# ovs-vsctl show
a891e750-87ba-466d-b2db-89078c8dc0bf
    Bridge br-int
        fail_mode: secure
        Port "hv1_vm00_vnet2"
            Interface "hv1_vm00_vnet2"
        Port br-int
            Interface br-int
                type: internal
        Port "ovn-a3fd2e-0"
            Interface "ovn-a3fd2e-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="192.168.1.182"}
        Port "hv1_vm00_vnet1"
            Interface "hv1_vm00_vnet1"
    ovs_version: "2.6.1"
[root@dell-per730-04 ovn]# ovs-vsctl set open . external_ids:ovn-encap-csum=false
[root@dell-per730-04 ovn]# ovs-vsctl show
a891e750-87ba-466d-b2db-89078c8dc0bf
    Bridge br-int
        fail_mode: secure
        Port "hv1_vm00_vnet2"
            Interface "hv1_vm00_vnet2"
        Port br-int
            Interface br-int
                type: internal
        Port "ovn-a3fd2e-0"
            Interface "ovn-a3fd2e-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="192.168.1.182"}
        Port "hv1_vm00_vnet1"
            Interface "hv1_vm00_vnet1"
    ovs_version: "2.6.1"
[root@dell-per730-04 ovn]# ovs-vsctl show
a891e750-87ba-466d-b2db-89078c8dc0bf
    Bridge br-int
        fail_mode: secure
        Port "hv1_vm00_vnet2"
            Interface "hv1_vm00_vnet2"
        Port br-int
            Interface br-int
                type: internal
        Port "ovn-a3fd2e-0"
            Interface "ovn-a3fd2e-0"
                type: geneve
                options: {csum="false", key=flow, remote_ip="192.168.1.182"}
        Port "hv1_vm00_vnet1"
            Interface "hv1_vm00_vnet1"
    ovs_version: "2.6.1"
[root@dell-per730-04 ovn]# ovn-sbctl show
Chassis "a3fd2ed0-5839-43c5-9a1f-39ccb33d0a7e"
    hostname: "dell-per730-05.rhts.eng.pek2.redhat.com"
    Encap geneve
        ip: "192.168.1.182"
        options: {csum="false"}
    Port_Binding "hv0_vm00_vnet2"
    Port_Binding "hv0_vm01_vnet2"
    Port_Binding "hv0_vm01_vnet1"
    Port_Binding "hv0_vm00_vnet1"
Chassis "7e1361c0-8ccd-40a8-8b16-49463c55ea52"
    hostname: "dell-per730-04.rhts.eng.pek2.redhat.com"
    Encap geneve
        ip: "192.168.1.86"
        options: {csum="false"}
    Port_Binding "hv1_vm00_vnet2"
    Port_Binding "hv1_vm00_vnet1"
[root@dell-per730-04 ovn]# 


[root@dell-per730-04 ovn]# ovs-vsctl set open . external_ids:ovn-encap-csum=true
[root@dell-per730-04 ovn]# tshark -nV -c5 -i p5p1 host 192.168.1.86 and udp port 6081 -T fields -e udp.checksum
Running as user "root" and group "root". This could be dangerous.
Capturing on 'p5p1'
0x0000527d
0x0000a852
0x0000527d
0x0000a852
0x0000527d
5 packets captured
[root@dell-per730-04 ovn]# ovs-vsctl set open . external_ids:ovn-encap-csum=false
[root@dell-per730-04 ovn]# tshark -nV -c5 -i p5p1 host 192.168.1.86 and udp port 6081 -T fields -e udp.checksum
Running as user "root" and group "root". This could be dangerous.
Capturing on 'p5p1'
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
5 packets captured
[root@dell-per730-04 ovn]# ovs-vsctl set open . external_ids:ovn-encap-csum=true
[root@dell-per730-04 ovn]# tshark -nV -c5 -i p5p1 host 192.168.1.86 and udp port 6081 -T fields -e udp.checksum
Running as user "root" and group "root". This could be dangerous.
Capturing on 'p5p1'
0x0000527d
0x0000a852
0x0000527d
0x0000a852
0x0000527d
5 packets captured
[root@dell-per730-04 ovn]#

Note You need to log in before you can comment on or make changes to this bug.