[Bug 1826237] Re: Not possible to offload ct_state flows (OVS firewalling in openstack)

[James Page]

Confirmed; hardware offloading of connection state tracking is an
inflight feature in both the Linux kernel and OVS:

  https://mail.openvswitch.org/pipermail/ovs-dev/2019-July/360376.html



** Changed in: openvswitch (Ubuntu)
       Status: New => Triaged

** Changed in: openvswitch (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to openvswitch in Ubuntu.
https://bugs.launchpad.net/bugs/1826237

Title:
  Not possible to offload ct_state flows (OVS firewalling in openstack)

Status in openvswitch package in Ubuntu:
  Triaged

Bug description:
  Hi,

  Running Ubuntu 18.04, kernel 4.15.0-47-generic, openvswitch 2.10.0-0ubuntu2~cloud0.
  I enabled OVS offloading in OpenStack by following https://docs.openstack.org/neutron/rocky/admin/config-ovs-offload.html

  It would appear that if you use OVS firewalling in neutron, neutron
  will create flows with the "ct_state" property, and these flows cannot
  be offloaded :

  (from /var/log/openvswitch/ovs-vswitchd.log) :

  2019-04-24T13:01:20.634Z|00968|dpif(handler550)|DBG|system at ovs-system: miss upcall:
  recirc_id(0),dp_hash(0),skb_priority(0),in_port(2),skb_mark(0),ct_state(0),ct_zone(0),ct_mark(0),ct_label(0),eth(src=1a:b2:bd:d6:df:8f,dst=01:80:c2:00:00:0e),eth_type(0x
  88cc)
  vlan_tci=0x0000,dl_src=1a:b2:bd:d6:df:8f,dl_dst=01:80:c2:00:00:0e,dl_type=0x88cc
  2019-04-24T13:01:20.634Z|00969|netdev_tc_offloads(handler550)|DBG|offloading attribute ct_state isn't supported
  2019-04-24T13:01:20.634Z|00970|dpif_netlink(handler550)|ERR|failed to offload flow: Operation not supported

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1826237/+subscriptions