Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-797

spurious warning: netdev_vport unknown geneve argument 'ipsec_encapsulation'

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • None
    • None
    • openvswitch3.1
    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      Given a system administrator has set up an OpenShift cluster on IBM Cloud, 

      When they configure Geneve tunnels with IPsec, NAT-T, and ipsec_encapsulation, 

      Then, no warnings about unknown Geneve arguments should appear in the system logs and the IPsec functionality should work correctly without any errors. 

      Show
      Given a system administrator has set up an OpenShift cluster on IBM Cloud,  When they configure Geneve tunnels with IPsec, NAT-T, and ipsec_encapsulation,  Then, no warnings about unknown Geneve arguments should appear in the system logs and the IPsec functionality should work correctly without any errors. 
    • rhel-9
    • None
    • rhel-sst-network-fastdatapath-ovsdpdk
    • ssg_networking
    • OVS/DPDK - FDP-25.B
    • 1
    • Low

      When testing OCP wtih IPsec with NAT-T and ipsec_encapsulation we see log spam

       

      ovs-vswitchd[1090]: ovs|00127|netdev_vport|WARN|ovn-9dde52-0: unknown geneve argument 'ipsec_encapsulation'
ovs-vswitchd[1090]: ovs|00128|netdev_vport|WARN|ovn-da7b79-0: unknown geneve argument 'ipsec_encapsulation'
ovs-vswitchd[1090]: ovs|00129|netdev_vport|WARN|ovn-95900b-0: unknown geneve argument 'ipsec_encapsulation'
ovs-vswitchd[1090]: ovs|00130|netdev_vport|WARN|ovn-72a354-0: unknown geneve argument 'ipsec_encapsulation'

       

      We only use ipsec_encapsulation on IBMCloud platform so this is limited to one platform.

       

      openvswitch3.1 3.1.0-104.el9fdp
      OCP 4.16.0-0.nightly-2024-09-06-042551

      https://github.com/openvswitch/ovs/blob/main/lib/netdev-vport.c#L841

             } else if (!strcmp(node->key, "remote_cert") ||
                   !strcmp(node->key, "remote_name") ||
                   !strcmp(node->key, "psk")) {
            /* When configuring OVS for IPsec, these keys may be set in the
               tunnel port's 'options' column. 'ovs-vswitchd' does not directly
               use them, but they are read by 'ovs-monitor-ipsec'. In order to
               suppress the "unknown %s argument" warning message below, we
               handle them here by ignoring them. */
        }

          1.
          		 [RHEL-10 OVS-3.3] spurious warning: netdev_vport unknown geneve argument 'ipsec_encapsulation' Sub-task Closed Undefined Eelco Chaudron
          2.
          		 [RHEL-9 OVS-3.3] spurious warning: netdev_vport unknown geneve argument 'ipsec_encapsulation' Sub-task Closed Undefined Eelco Chaudron
          3.
          		 [RHEL-9 OVS-3.4] spurious warning: netdev_vport unknown geneve argument 'ipsec_encapsulation' Sub-task Closed Undefined Eelco Chaudron
          4.
          		 [RHEL-10 OVS-3.5] spurious warning: netdev_vport unknown geneve argument 'ipsec_encapsulation' Sub-task Verified Undefined Eelco Chaudron
          5.
          		 [RHEL-9 OVS-3.5] spurious warning: netdev_vport unknown geneve argument 'ipsec_encapsulation' Sub-task Closed Undefined Eelco Chaudron

              echaudro@redhat.com Eelco Chaudron
              rbrattai@redhat.com Ross Brattain
              Qijun Ding Qijun Ding
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: