lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 26 Dec 2019 13:07:33 +0800
From:   wenxu <>
Subject: Problem about gre tunnel route offload in mlxsw

Hi mlxsw team,

I did a route test with gre tunnel and vrf.

This test under current net-next tree with following script:

ifconfig enp3s0np31 up
ip a a dev enp3s0np31

ip l add dev vrf11 type vrf table 11
ifconfig vrf11 up
ip l set dev enp3s0np11 master vrf11
ifconfig enp3s0np11 up
ip tunnel add name gre11 mode gre local remote key 11 tos inherit  ttl inherit
ip l set dev gre11 master vrf11
ifconfig gre11 up

ip l add dev vrf21 type vrf table 21
ifconfig vrf21 up
ip l set dev enp3s0np21 master vrf21
ifconfig enp3s0np21 up
ip tunnel add name gre21 mode gre local remote key 21 tos inherit  ttl inherit
ip l set dev gre21 master vrf21
ifconfig gre21 up

If there is only one tunnel. The route rule can be offloaded. But two tunnel only with different key can't be offloaded.

If I add a new address for tunnel source and change the gre21 to

"ip tunnel add name gre21 mode gre local remote key 21 tos inherit  ttl inherit"

It's work.

So it means dispatch based on tunnel key is not supported ? It is a hardware limits or just software unsupported?

And if a replace the gre device to vxlan device,  the route can't be offloaded again only with one vxlan tunnel.

"ip l add dev vxlan11 type vxlan local remote id 11 noudpcsum tos inherit ttl inherit dstport 4789"

So currently the vxlan device can't work with routing?



Powered by blists - more mailing lists