Skip to content

Commit

Permalink
netdev-vport: Deprecate STT tunnel port type.
Browse files Browse the repository at this point in the history
STT tunnel implementation was rejected in the upstream Linux kernel
long time ago and will probably never be there.  So, the only
implementation for Linux is in the OOT kernel module shipped with
OVS 2.17.  It is deprecated and will reach end of life in Feb 2025.

Deprecate the port type now, so it can be removed once 2.17 is EoL.

There is another implementation for this tunnel type in the Windows
datapath.  However, the protocol itself is considered harmful as it
may confuse stateful network hardware by pretending to be TCP (hence
the reason it was rejected in the Linux kernel).  So, it is better
if we deprecate this implementation and stop supporting it as well.

The standard draft for the protocol itself is also expired and
archived with the latest update made in 2016:
  https://datatracker.ietf.org/doc/draft-davie-stt/

Signed-off-by: Ilya Maximets <[email protected]>
  • Loading branch information
igsilya committed Dec 4, 2024
1 parent 818c5f7 commit e019bf9
Show file tree
Hide file tree
Showing 7 changed files with 34 additions and 19 deletions.
2 changes: 1 addition & 1 deletion Documentation/faq/releases.rst
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ Q: Are all features available with all datapaths?
Conntrack NAT6 4.6 2.6 2.8 3.0
Conntrack Helper Persist. YES YES 3.3 NO
Tunnel - LISP (deprecated) NO 2.11 NO NO
Tunnel - STT NO 2.4 NO YES
Tunnel - STT (deprecated) NO 2.4 NO YES
Tunnel - GRE 3.11 1.0 2.4 YES
Tunnel - VXLAN 3.12 1.10 2.4 YES
Tunnel - Geneve 3.18 2.4 2.4 YES
Expand Down
3 changes: 2 additions & 1 deletion Documentation/intro/install/windows.rst
Original file line number Diff line number Diff line change
Expand Up @@ -703,7 +703,8 @@ Add tunnels

#. IPv4 tunnel, e.g.:

The Windows Open vSwitch implementation support VXLAN and STT tunnels.
The Windows Open vSwitch implementation support VXLAN and STT tunnels
(STT tunnel ports are deprecated).
To add tunnels. For example, first add the tunnel port between
172.168.201.101 <->172.168.201.102:

Expand Down
4 changes: 2 additions & 2 deletions NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ Post-v3.4.0
- DPDK:
* OVS validated with DPDK 23.11.2.
- Tunnels:
* LISP tunnel port type is deprecated and will be removed in the next
release.
* LISP and STT tunnel port types are deprecated and will be removed in
the next release.


v3.4.0 - 15 Aug 2024
Expand Down
2 changes: 1 addition & 1 deletion include/linux/openvswitch.h
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,7 @@ enum ovs_vport_type {
OVS_VPORT_TYPE_VXLAN, /* VXLAN tunnel. */
OVS_VPORT_TYPE_GENEVE, /* Geneve tunnel. */
OVS_VPORT_TYPE_LISP = 105, /* LISP tunnel (deprecated). */
OVS_VPORT_TYPE_STT = 106, /* STT tunnel */
OVS_VPORT_TYPE_STT = 106, /* STT tunnel (deprecated). */
OVS_VPORT_TYPE_ERSPAN = 107, /* ERSPAN tunnel. */
OVS_VPORT_TYPE_IP6ERSPAN = 108, /* ERSPAN tunnel. */
OVS_VPORT_TYPE_IP6GRE = 109,
Expand Down
1 change: 1 addition & 0 deletions lib/netdev-vport.c
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,7 @@ netdev_vport_construct(struct netdev *netdev_)
VLOG_WARN("%s: 'lisp' port type is deprecated.", name);
} else if (!strcmp(type, "stt")) {
tnl_cfg->dst_port = port ? htons(port) : htons(STT_DST_PORT);
VLOG_WARN("%s: 'stt' port type is deprecated.", name);
} else if (!strcmp(type, "gtpu")) {
tnl_cfg->dst_port = port ? htons(port) : htons(GTPU_DST_PORT);
} else if (!strcmp(type, "bareudp")) {
Expand Down
2 changes: 1 addition & 1 deletion tests/ofproto-dpif.at
Original file line number Diff line number Diff line change
Expand Up @@ -8658,7 +8658,7 @@ dnl Remove the flow which contains sample action.
AT_CHECK([ovs-ofctl del-flows br0 in_port=3], [0], [ignore])
AT_CHECK([ovs-vsctl destroy Flow_Sample_Collector_Set 1], [0], [ignore])

OVS_VSWITCHD_STOP
OVS_VSWITCHD_STOP(["/'stt' port type is deprecated/d"])
AT_CLEANUP

AT_SETUP([ofproto-dpif - Flow IPFIX sanity check - from field])
Expand Down
39 changes: 26 additions & 13 deletions vswitchd/vswitch.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2844,20 +2844,33 @@

<dt><code>stt</code></dt>
<dd>
The Stateless TCP Tunnel (STT) is particularly useful when tunnel
endpoints are in end-systems, as it utilizes the capabilities of
standard network interface cards to improve performance. STT utilizes
a TCP-like header inside the IP header. It is stateless, i.e., there is
no TCP connection state of any kind associated with the tunnel. The
TCP-like header is used to leverage the capabilities of existing
network interface cards, but should not be interpreted as implying
any sort of connection state between endpoints.
Since the STT protocol does not engage in the usual TCP 3-way handshake,
so it will have difficulty traversing stateful firewalls.
The protocol is documented at
https://tools.ietf.org/html/draft-davie-stt
<p>
This port type is deprecated.
</p>

<p>
The Stateless TCP Tunnel (STT) is particularly useful when tunnel
endpoints are in end-systems, as it utilizes the capabilities of
standard network interface cards to improve performance.
STT utilizes a TCP-like header inside the IP header. It is
stateless, i.e., there is no TCP connection state of any kind
associated with the tunnel. The TCP-like header is used to
leverage the capabilities of existing network interface cards,
but should not be interpreted as implying any sort of connection
state between endpoints.
</p>

<p>
Since the STT protocol does not engage in the usual TCP 3-way
handshake, so it will have difficulty traversing stateful
firewalls.
</p>

All traffic uses a default destination port of 7471.
<p>
The protocol is documented at
<code>https://tools.ietf.org/html/draft-davie-stt</code>.
All traffic uses a default destination port of 7471.
</p>
</dd>

<dt><code>patch</code></dt>
Expand Down

0 comments on commit e019bf9

Please sign in to comment.