mirror of
https://github.com/openvswitch/ovs
synced 2025-09-02 15:25:22 +00:00
netdev-vport: Deprecate STT tunnel port type.
STT tunnel implementation was rejected in the upstream Linux kernel long time ago and will probably never be there. So, the only implementation for Linux is in the OOT kernel module shipped with OVS 2.17. It is deprecated and will reach end of life in Feb 2025. In addition, modern network interface cards support various hardware offload features with UDP tunnels, diminishing the main selling point of STT - the ability to reuse hardware offload features meant for TCP. Deprecate the port type now, so it can be removed once 2.17 is EoL. There is another implementation for this tunnel type in the Windows datapath. However, the protocol itself is considered harmful as it may confuse stateful network hardware by pretending to be TCP (hence the reason it was rejected in the Linux kernel). So, it is better if we deprecate this implementation and stop supporting it as well. The standard draft for the protocol itself is also expired and archived with the latest update made in 2016: https://datatracker.ietf.org/doc/draft-davie-stt/ Acked-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This commit is contained in:
Ilya Maximets
@@ -142,7 +142,7 @@ Q: Are all features available with all datapaths?
|
||||
Conntrack NAT6 4.6 2.6 2.8 3.0
|
||||
Conntrack Helper Persist. YES YES 3.3 NO
|
||||
Tunnel - LISP (deprecated) NO 2.11 NO NO
|
||||
Tunnel - STT NO 2.4 NO YES
|
||||
Tunnel - STT (deprecated) NO 2.4 NO YES
|
||||
Tunnel - GRE 3.11 1.0 2.4 YES
|
||||
Tunnel - VXLAN 3.12 1.10 2.4 YES
|
||||
Tunnel - Geneve 3.18 2.4 2.4 YES
|
||||
|
||||
@@ -703,7 +703,8 @@ Add tunnels
|
||||
|
||||
#. IPv4 tunnel, e.g.:
|
||||
|
||||
The Windows Open vSwitch implementation support VXLAN and STT tunnels.
|
||||
The Windows Open vSwitch implementation support VXLAN and STT tunnels
|
||||
(STT tunnel ports are deprecated).
|
||||
To add tunnels. For example, first add the tunnel port between
|
||||
172.168.201.101 <->172.168.201.102:
|
||||
|
||||
|
||||
4
NEWS
4
NEWS
@@ -26,8 +26,8 @@ Post-v3.4.0
|
||||
- DPDK:
|
||||
* OVS validated with DPDK 23.11.2.
|
||||
- Tunnels:
|
||||
* LISP tunnel port type is deprecated and will be removed in the next
|
||||
release.
|
||||
* LISP and STT tunnel port types are deprecated and will be removed in
|
||||
the next release.
|
||||
|
||||
|
||||
v3.4.0 - 15 Aug 2024
|
||||
|
||||
@@ -248,7 +248,7 @@ enum ovs_vport_type {
|
||||
OVS_VPORT_TYPE_VXLAN, /* VXLAN tunnel. */
|
||||
OVS_VPORT_TYPE_GENEVE, /* Geneve tunnel. */
|
||||
OVS_VPORT_TYPE_LISP = 105, /* LISP tunnel (deprecated). */
|
||||
OVS_VPORT_TYPE_STT = 106, /* STT tunnel */
|
||||
OVS_VPORT_TYPE_STT = 106, /* STT tunnel (deprecated). */
|
||||
OVS_VPORT_TYPE_ERSPAN = 107, /* ERSPAN tunnel. */
|
||||
OVS_VPORT_TYPE_IP6ERSPAN = 108, /* ERSPAN tunnel. */
|
||||
OVS_VPORT_TYPE_IP6GRE = 109,
|
||||
|
||||
@@ -229,6 +229,7 @@ netdev_vport_construct(struct netdev *netdev_)
|
||||
VLOG_WARN("%s: 'lisp' port type is deprecated.", name);
|
||||
} else if (!strcmp(type, "stt")) {
|
||||
tnl_cfg->dst_port = port ? htons(port) : htons(STT_DST_PORT);
|
||||
VLOG_WARN("%s: 'stt' port type is deprecated.", name);
|
||||
} else if (!strcmp(type, "gtpu")) {
|
||||
tnl_cfg->dst_port = port ? htons(port) : htons(GTPU_DST_PORT);
|
||||
} else if (!strcmp(type, "bareudp")) {
|
||||
|
||||
@@ -8658,7 +8658,7 @@ dnl Remove the flow which contains sample action.
|
||||
AT_CHECK([ovs-ofctl del-flows br0 in_port=3], [0], [ignore])
|
||||
AT_CHECK([ovs-vsctl destroy Flow_Sample_Collector_Set 1], [0], [ignore])
|
||||
|
||||
OVS_VSWITCHD_STOP
|
||||
OVS_VSWITCHD_STOP(["/'stt' port type is deprecated/d"])
|
||||
AT_CLEANUP
|
||||
|
||||
AT_SETUP([ofproto-dpif - Flow IPFIX sanity check - from field])
|
||||
|
||||
@@ -2844,20 +2844,33 @@
|
||||
|
||||
<dt><code>stt</code></dt>
|
||||
<dd>
|
||||
The Stateless TCP Tunnel (STT) is particularly useful when tunnel
|
||||
endpoints are in end-systems, as it utilizes the capabilities of
|
||||
standard network interface cards to improve performance. STT utilizes
|
||||
a TCP-like header inside the IP header. It is stateless, i.e., there is
|
||||
no TCP connection state of any kind associated with the tunnel. The
|
||||
TCP-like header is used to leverage the capabilities of existing
|
||||
network interface cards, but should not be interpreted as implying
|
||||
any sort of connection state between endpoints.
|
||||
Since the STT protocol does not engage in the usual TCP 3-way handshake,
|
||||
so it will have difficulty traversing stateful firewalls.
|
||||
The protocol is documented at
|
||||
https://tools.ietf.org/html/draft-davie-stt
|
||||
<p>
|
||||
This port type is deprecated.
|
||||
</p>
|
||||
|
||||
All traffic uses a default destination port of 7471.
|
||||
<p>
|
||||
The Stateless TCP Tunnel (STT) is particularly useful when tunnel
|
||||
endpoints are in end-systems, as it utilizes the capabilities of
|
||||
standard network interface cards to improve performance.
|
||||
STT utilizes a TCP-like header inside the IP header. It is
|
||||
stateless, i.e., there is no TCP connection state of any kind
|
||||
associated with the tunnel. The TCP-like header is used to
|
||||
leverage the capabilities of existing network interface cards,
|
||||
but should not be interpreted as implying any sort of connection
|
||||
state between endpoints.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Since the STT protocol does not engage in the usual TCP 3-way
|
||||
handshake, so it will have difficulty traversing stateful
|
||||
firewalls.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The protocol is documented at
|
||||
<code>https://tools.ietf.org/html/draft-davie-stt</code>.
|
||||
All traffic uses a default destination port of 7471.
|
||||
</p>
|
||||
</dd>
|
||||
|
||||
<dt><code>patch</code></dt>
|
||||
|
||||
Reference in New Issue
Block a user