summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/faq/releases.rst2
-rw-r--r--Documentation/intro/install/windows.rst172
2 files changed, 174 insertions, 0 deletions
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index 5edc1e204..232d19503 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -132,10 +132,12 @@ Q: Are all features available with all datapaths?
Feature Linux upstream Linux OVS tree Userspace Hyper-V
========================== ============== ============== ========= =======
Connection tracking 4.3 2.5 2.6 YES
+ Connection tracking-IPv6 YES YES YES YES
Conntrack Fragment Reass. 4.3 2.6 2.12 YES
Conntrack Timeout Policies 5.2 2.12 2.14 NO
Conntrack Zone Limit 4.18 2.10 2.13 YES
Conntrack NAT 4.6 2.6 2.8 YES
+ Conntrack NAT6 4.6 2.6 2.8 YES
Tunnel - LISP NO 2.11 NO NO
Tunnel - STT NO 2.4 NO YES
Tunnel - GRE 3.11 1.0 2.4 YES
diff --git a/Documentation/intro/install/windows.rst b/Documentation/intro/install/windows.rst
index 8e9442efb..0a392d781 100644
--- a/Documentation/intro/install/windows.rst
+++ b/Documentation/intro/install/windows.rst
@@ -758,6 +758,178 @@ Add tunnels
Till the checksum offload support is complete we recommend
disabling TX/RX offloads for IPV6 on Windows VM.
+Add conntrack for ipv6
+~~~~~~~~~~~~~~~~~~~~~~
+
+The Windows Open vSwitch implementation support conntrack ipv6. To use the
+conntrack ipv6. Using the following commands. Take tcp6(replace Protocol to
+icmp6, udp6 to other protocol) for example.
+
+::
+
+ normal scenario
+ Vif38(20::1, ofport:2)->Vif40(20:2, ofport:3)
+ Vif38Name="podvif38"
+ Vif40Name="podvif40"
+ Vif38Port=2
+ Vif38Address="20::1"
+ Vif40Port=3
+ Vif40Address="20::2"
+ Vif40MacAddressCli="00-15-5D-F0-01-0C"
+ Vif38MacAddressCli="00-15-5D-F0-01-0b"
+ Protocol="tcp6"
+ > netsh int ipv6 set neighbors $Vif38Name $Vif40Address \
+ Vif40MacAddressCli
+ > netsh int ipv6 set neighbors $Vif40Name $Vif38Address \
+ $Vif38MacAddressCli
+ > ovs-ofctl del-flows --strict br-int "table=0,priority=0"
+ > ovs-ofctl add-flow br-int "table=0,priority=1,ip6, \
+ ipv6_dst=$Vif40Address,$Protocol,actions=ct(table=1)"
+ > ovs-ofctl add-flow br-int "table=0,priority=1,ip6, \
+ ipv6_dst=$Vif38Address,$Protocol,actions=ct(table=1)"
+ > ovs-ofctl add-flow br-int "table=1,priority=1,ip6,ct_state=+new+trk, \
+ $Protocol,actions=ct(commit,table=2)"
+ > ovs-ofctl add-flow br-int "table=1,priority=2,ip6, \
+ ct_state=-new+rpl+trk,$Protocol,actions=ct(commit,table=2)"
+ > ovs-ofctl add-flow br-int "table=1,priority=1,ip6, \
+ ct_state=+trk+est-new,$Protocol,actions=ct(commit,table=2)"
+ > ovs-ofctl add-flow br-int "table=2,priority=1,ip6, \
+ ipv6_dst=$Vif38Address,$Protocol,actions=output:$Vif38Port"
+ > ovs-ofctl add-flow br-int "table=2,priority=1,ip6, \
+ ipv6_dst=$Vif40Address,$Protocol,actions=output:$Vif40Port"
+
+
+::
+
+ nat scenario
+ Vif38(20::1, ofport:2) -> nat address(20::9) -> Vif42(21::3, ofport:4)
+ Due to not construct flow to return neighbor mac address,
+ we set the neighbor mac address manually.
+ Vif38Name="podvif38"
+ Vif42Name="podvif42"
+ Vif38Ip="20::1"
+ Vif38Port=2
+ Vif42Port=4
+ NatAddress="20::9"
+ NatMacAddress="aa:bb:cc:dd:ee:ff"
+ NatMacAddressForCli="aa-bb-cc-dd-ee-ff"
+ Vif42Ip="21::3"
+ Vif38MacAddress="00:15:5D:F0:01:0B"
+ Vif38MacAddressCli="00-15-5D-F0-01-0B"
+ Vif42MacAddress="00:15:5D:F0:01:0D"
+ Protocol="tcp6"
+ > netsh int ipv6 set neighbors $Vif38Name $NatAddress \
+ $NatMacAddressForCli
+ > netsh int ipv6 set neighbors $Vif42Name $Vif38Ip \
+ $Vif38MacAddressCli
+ > ovs-ofctl del-flows --strict br-int "table=0,priority=0"
+ > ovs-ofctl add-flow br-int "table=0, priority=2,ipv6, \
+ dl_dst=$NatMacAddress,ct_state=-trk,$Protocol \
+ actions=ct(table=1,zone=456,nat)"
+ > ovs-ofctl add-flow br-int "table=0, priority=1,ipv6,ct_state=-trk, \
+ ip6,$Protocol actions=ct(nat, zone=456,table=1)"
+ > ovs-ofctl add-flow br-int "table=1, ipv6,in_port=$Vif38Port, \
+ ipv6_dst=$NatAddress,$Protocol,ct_state=+trk+new, \
+ actions=ct(commit,nat(dst=$Vif42Ip),zone=456, \
+ exec(set_field:1->ct_mark)),mod_dl_src=$NatMacAddress, \
+ mod_dl_dst=$Vif42MacAddress,output:$Vif42Port"
+ > ovs-ofctl add-flow br-int "table=1, ipv6,ct_state=+dnat,$Protocol, \
+ action=resubmit(,2)"
+ > ovs-ofctl add-flow br-int "table=1, ipv6,ct_state=+trk+snat, \
+ $Protocol, action=resubmit(,2)"
+ > ovs-ofctl add-flow br-int "table=2, ipv6,in_port=$Vif38Port, \
+ ipv6_dst=$Vif42Ip,$Protocol, actions=mod_dl_src=$NatMacAddress, \
+ mod_dl_dst=$Vif42MacAddress,output:$Vif42Port"
+ > ovs-ofctl add-flow br-int "table=2, ipv6,in_port=$Vif42Port, \
+ ct_state=-new+est,ct_mark=1,ct_zone=456,$Protocol, \
+ actions=mod_dl_src=$NatMacAddress,mod_dl_dst=$Vif38MacAddress, \
+ output:$Vif38Port"
+
+Ftp is a specific protocol, it contains an related flow, we need to match is
+related state.
+
+::
+
+ normal scenario
+ Vif38(20::1, ofport:2)->Vif40(20:2, ofport:3)
+ Vif38Name="podvif38"
+ Vif40Name="podvif40"
+ Vif38Port=2
+ Vif38Address="20::1"
+ Vif38MacAddressCli="00-15-5D-F0-01-0b"
+ Vif40Port=3
+ Vif40Address="20::2"
+ Vif40MacAddressCli="00-15-5D-F0-01-0C"
+ Protocol="tcp6"
+ > netsh int ipv6 set neighbors $Vif38Name $Vif40Address \
+ $Vif40MacAddressCli
+ > netsh int ipv6 set neighbors $Vif40Name $Vif38Address \
+ $Vif38MacAddressCli
+ > ovs-ofctl del-flows br-int --strict "table=0,priority=0"
+ > ovs-ofctl add-flow br-int "table=0,priority=1,$Protocol \
+ actions=ct(table=1)"
+ > ovs-ofctl add-flow br-int "table=1,priority=1,ct_state=+new+trk-est, \
+ $Protocol,actions=ct(commit,table=2)"
+ > ovs-ofctl add-flow br-int "table=1,priority=1, \
+ ct_state=-new+trk+est-rel, $Protocol,actions=ct(commit,table=2)"
+ > ovs-ofctl add-flow br-int "table=1,priority=1, \
+ ct_state=-new+trk+est+rel, $Protocol,actions=ct(commit,table=2)"
+ > ovs-ofctl add-flow br-int "table=2,priority=1,ip6, \
+ ipv6_dst=$Vif38Address,$Protocol,actions=output:$Vif38Port"
+ > ovs-ofctl add-flow br-int "table=2,priority=1,ip6, \
+ ipv6_dst=$Vif40Address,$Protocol,actions=output:$Vif40Port"
+
+::
+
+ nat scenario
+ Vif38(20::1, ofport:2) -> nat address(20::9) -> Vif42(21::3, ofport:4)
+ Due to not construct flow to return neighbor mac address, we set the
+ neighbor mac address manually
+ Vif38Port=2
+ Vif42Port=4
+ Vif38Name="podvif38"
+ Vif42Name="podvif42"
+ NatAddress="20::9"
+ NatMacAddress="aa:bb:cc:dd:ee:ff"
+ NatMacAddressForCli="aa-bb-cc-dd-ee-ff"
+ Vif42Ip="21::3"
+ Vif38MacAddress="00:15:5D:F0:01:0B"
+ Vif42MacAddress="00:15:5D:F0:01:0D"
+ Protocol="tcp6"
+ > netsh int ipv6 set neighbors $Vif38Name $NatAddress \
+ $NatMacAddressForCli
+ > netsh int ipv6 set neighbors $Vif42Name $NatAddress \
+ $NatMacAddressForCli
+ > ovs-ofctl del-flows br-int --strict "table=0,priority=0"
+ > ovs-ofctl add-flow br-int "table=0,priority=2,ipv6, \
+ dl_dst=$NatMacAddress,ct_state=-trk,$Protocol \
+ actions=ct(table=1,zone=456,nat)"
+ > ovs-ofctl add-flow br-int "table=0,priority=1,ipv6, \
+ ct_state=-trk,ip6,$Protocol actions=ct(nat, zone=456,table=1)"
+ > ovs-ofctl add-flow br-int "table=1,ipv6,in_port=$Vif38Port, \
+ ipv6_dst=$NatAddress,ct_state=+trk+new,$Protocol \
+ actions=ct(commit,nat(dst=$Vif42Ip),zone=456, \
+ exec(set_field:1->ct_mark)),mod_dl_src=$NatMacAddress, \
+ mod_dl_dst=$Vif42MacAddress,output:$Vif42Port"
+ > ovs-ofctl add-flow br-int "table=1,ipv6,ct_state=+dnat,$Protocol, \
+ action=resubmit(,2)"
+ > ovs-ofctl add-flow br-int "table=1,ipv6,ct_state=+trk+snat, \
+ $Protocol,action=resubmit(,2)"
+ > ovs-ofctl add-flow br-int "table=1,ipv6,ct_state=+trk+rel,$Protocol, \
+ action=resubmit(,2)"
+ > ovs-ofctl add-flow br-int "table=2,ipv6,in_port=$Vif38Port, \
+ ipv6_dst=$Vif42Ip,$Protocol, actions=mod_dl_src=$NatMacAddress, \
+ mod_dl_dst=$Vif42MacAddress,output:$Vif42Port"
+ > ovs-ofctl add-flow br-int "table=2,ipv6,in_port=$Vif42Port, \
+ ct_state=-new+est,ct_mark=1,ct_zone=456,$Protocol, \
+ actions=mod_dl_src=$NatMacAddress,mod_dl_dst=$Vif38MacAddress, \
+ output:$Vif38Port"
+
+.. note::
+
+ Till the checksum offload support is complete we recommend
+ disabling TX/RX offloads for IPV6 on Windows VM.
+
Windows Services
----------------
View Lorry Controller Status