From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 1FEDB2B99 for ; Mon, 27 Nov 2017 18:01:46 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0F488BDF7; Mon, 27 Nov 2017 17:01:46 +0000 (UTC) Received: from dhcp-25-97.bos.redhat.com (unknown [10.18.25.172]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CD26D6060D; Mon, 27 Nov 2017 17:01:42 +0000 (UTC) From: Aaron Conole To: "Tan\, Jianfeng" Cc: Yuanhan Liu , Chen Hailin , "ovs-dev\@openvswitch.org" , Maxime Coquelin , cloud , qemu-devel , dev References: <20171127142515.GA450@yliu-dev> <411329b7-5164-c24e-2e5e-8cf25079c4b9@intel.com> Date: Mon, 27 Nov 2017 12:01:41 -0500 In-Reply-To: <411329b7-5164-c24e-2e5e-8cf25079c4b9@intel.com> (Jianfeng Tan's message of "Mon, 27 Nov 2017 23:34:10 +0800") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 27 Nov 2017 17:01:46 +0000 (UTC) Subject: Re: [dpdk-dev] [ovs-dev] [PATCH RFC] netdev-dpdk: Fix device obtain mac address when received first packet in vhost type X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 17:01:47 -0000 "Tan, Jianfeng" writes: > On 11/27/2017 10:27 PM, Yuanhan Liu wrote: >> On Fri, Nov 24, 2017 at 05:59:09PM +0800, Chen Hailin wrote: >>> Hi Aaron Conole && Jianfeng, >>> >>> The stp could not work in ovs-dpdk vhostuser. >>> Because the attached vhost device doesn't have MAC address. >>> >>> Now we have two ways to solve this problem. >>> 1. The vhost learns MAC address from packet like as my first patch. >> I do agree with Aaron this is not the right way. > > I do think it should be the vswitch's responsibility to learn mac of > vhost port. > > Except that it's the only feasible way without modifying the spec > (yuanhan already makes it very clear below), we can treat the vswitch > as a phsical switch, VM as a physical server, virtio/vhost port as a > back-to-back connected NICs, the only way of the physical switch to > know the mac of the NIC on the other side is ARP learning. > > Might I ask why you don't think it's a right way? As a quick example, I think a malicious guest in a multi-tenant environment could send traffic out to manipulate this feature into learning an incorrect mac address. To get this right requires doing deep packet inspection, and making sure to only learn based on certain l2 traffic. > Thanks, > Jianfeng > >> >>> 2. The virtio notifies MAC address actively to vhost user . >> Unfortunately, AFAIK, there is no way to achieve that so far. we could >> either let virtio/QEMU to expose the CQ to vhost or add a new VHOST_USER >> message to carry the mac address. While vhost-user is a generic interface >> adding a virtio-net specific message also doesn't seem quite right. >> Exposing CQ is probably the best we can do. >> >> Anyway, both need spec change. >> >> --yliu >>> In my opinions, if we treat it as a device, we should allocate >>> MAC address for the device when the VM started. >>> >>> Which one do you think better? >>> >>> >>> >>> Best Regards, >>> Chen Hailin >>> chenhl@arraynetworks.com.cn >>> From: Aaron Conole >>> Date: 2017-11-18 10:00 >>> To: Hailin Chen >>> CC: ovs-dev@openvswitch.org; Maxime Coquelin; cloud@arraynetworks.com.cn >>> Subject: Re: [ovs-dev] [PATCH RFC] netdev-dpdk: Fix device obtain >>> mac address when received first packet in vhost type >>> Hi Hailin, >>> Hailin Chen writes: >>> >>>> The stp could not work on netdev-dpdk if network is loop. >>>> Because the stp protocol negotiates designate port by sending >>>> BPDU packets which contains MAC address. >>>> However the device doesn't have MAC address in vhostuser type. >>>> Thus, function send_bpdu_cb would not send BPDU packets. >>>> >>>> This patch will set the MAC for device when received first packet. >>>> >>>> Signed-off-by: Hailin Chen >>>> --- >>> Thanks for the patch. >>> In general, I don't think this is the right approach to deal with >>> this >>> type of issue. I believe the problem statement is that OvS bridge is >>> unaware of the guest MAC address - did I get it right? In that case, I >>> would think that a better way to solve this would be to have virtio tell >>> the mac address of the guest. I don't recall right now if that's >>> allowed in the virtio spec, but I do remember some kind of negotiation >>> features. >>> I've CC'd Maxime, who is one of the maintainers of the virtio >>> code from >>> DPDK side. Perhaps there is an alternate way to solve this. >>> _______________________________________________ >>> dev mailing list >>> dev@openvswitch.org >>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev