lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 26 Dec 2019 13:07:33 +0800
From:   wenxu <wenxu@...oud.cn>
To:     netdev@...r.kernel.org
Subject: Problem about gre tunnel route offload in mlxsw

Hi mlxsw team,


I did a route test with gre tunnel and vrf.

This test under current net-next tree with following script:


ifconfig enp3s0np31 up
ip a a dev enp3s0np31 172.168.152.247/24

ip l add dev vrf11 type vrf table 11
ifconfig vrf11 up
ip l set dev enp3s0np11 master vrf11
ifconfig enp3s0np11 10.0.7.1/24 up
ip tunnel add name gre11 mode gre local 172.168.152.247 remote 172.168.152.73 key 11 tos inherit  ttl inherit
ip l set dev gre11 master vrf11
ifconfig gre11 10.0.2.1/24 up

ip l add dev vrf21 type vrf table 21
ifconfig vrf21 up
ip l set dev enp3s0np21 master vrf21
ifconfig enp3s0np21 10.0.7.1/24 up
ip tunnel add name gre21 mode gre local 172.168.152.247 remote 172.168.152.73 key 21 tos inherit  ttl inherit
ip l set dev gre21 master vrf21
ifconfig gre21 10.0.2.1/24 up


If there is only one tunnel. The route rule can be offloaded. But two tunnel only with different key can't be offloaded.

If I add a new address 172.168.152.248 for tunnel source and change the gre21 to

"ip tunnel add name gre21 mode gre local 172.168.152.248 remote 172.168.152.73 key 21 tos inherit  ttl inherit"

It's work.

So it means dispatch based on tunnel key is not supported ? It is a hardware limits or just software unsupported?


And if a replace the gre device to vxlan device,  the route can't be offloaded again only with one vxlan tunnel.

"ip l add dev vxlan11 type vxlan local 172.168.152.247 remote 172.168.152.73 id 11 noudpcsum tos inherit ttl inherit dstport 4789"

So currently the vxlan device can't work with routing?


BR

wenxu





Powered by blists - more mailing lists