A RHEL host has default firewall rules that prevent any Open vSwitch tunnel
traffic from passing through. If a user configures Open vSwitch tunnels like
-GRE, VXLAN, LISP etc., they will either have to manually add iptables firewall
-rules to allow the tunnel traffic or add it through a startup script (Please
-refer to the "enable-protocol" command in the ovs-ctl(8) manpage).
+Geneve, GRE, VXLAN, LISP etc., they will either have to manually add iptables
+firewall rules to allow the tunnel traffic or add it through a startup script
+(Please refer to the "enable-protocol" command in the ovs-ctl(8) manpage).
Red Hat Network Scripts Integration
-----------------------------------
* The Open vSwitch startup script automatically adds a firewall rule
to allow GRE traffic. This rule is needed for the XenServer feature
called "Cross-Host Internal Networks" (CHIN) that uses GRE. If a user
-configures tunnels other than GRE (ex: VXLAN, LISP), they will have
+configures tunnels other than GRE (ex: Geneve, VXLAN, LISP), they will have
to either manually add a iptables firewall rule to allow the tunnel traffic
or add it through a startup script (Please refer to the "enable-protocol"
command in the ovs-ctl(8) manpage).
* NIC bonding with or without LACP on upstream switch
* NetFlow, sFlow(R), and mirroring for increased visibility
* QoS (Quality of Service) configuration, plus policing
- * GRE, GRE over IPSEC, VXLAN, and LISP tunneling
+ * Geneve, GRE, GRE over IPSEC, VXLAN, and LISP tunneling
* 802.1ag connectivity fault management
* OpenFlow 1.0 plus numerous extensions
* Transactional configuration database with C and Python bindings
/* Tunnel ID.
*
- * For a packet received via a GRE, VXLAN or LISP tunnel including a (32-bit)
- * key, the key is stored in the low 32-bits and the high bits are zeroed. For
- * other packets, the value is 0.
+ * For a packet received via a Geneve, GRE, VXLAN or LISP tunnel including a
+ * key less than 64 bits, the key is stored in the low bits and the high bits
+ * are zeroed. For other packets, the value is 0.
*
* All zero bits, for packets not received via a keyed tunnel.
*
key="in_key"/> at all.
</li>
<li>
- A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit
- (for GRE64) number. The tunnel receives only packets with the
- specified key.
+ A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit (for GRE)
+ or 64-bit (for GRE64) number. The tunnel receives only packets
+ with the specified key.
</li>
<li>
The word <code>flow</code>. The tunnel accepts packets with any
key="out_key"/> at all.
</li>
<li>
- A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit
- (for GRE64) number. Packets sent through the tunnel will have the
- specified key.
+ A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit (for GRE) or
+ 64-bit (for GRE64) number. Packets sent through the tunnel will
+ have the specified key.
</li>
<li>
The word <code>flow</code>. Packets sent through the tunnel will
</column>
<column name="status" key="tunnel_egress_iface">
- Egress interface for tunnels. Currently only relevant for GRE tunnels
- On Linux systems, this column will show the name of the interface
+ Egress interface for tunnels. Currently only relevant for tunnels
+ on Linux systems, this column will show the name of the interface
which is responsible for routing traffic destined for the configured
<ref column="options" key="remote_ip"/>. This could be an internal
interface such as a bridge port.