On Thu, Dec 12, 2019 at 10:06 AM Pavel Nakonechnyi <pavel@gremwell.com> wrote:
On Wednesday, 11 December 2019 16:37:50 CET Dominik Holler wrote:
> On Wed, Dec 11, 2019 at 1:21 PM Pavel Nakonechnyi <pavel@gremwell.com>

> > Are there plans to introduce such support? (or explicitly not to..)
> The feature is tracked in
> https://bugzilla.redhat.com/1782056
> If you would comment on the bug about your use case and why the feature
> would be helpful in your scenario, this might help to push the feature.

Great, thanks, added a comment.

Thanks for helping to adjust oVirt!

> > Is it possible to somehow manually configure such tunneling for existing
> > virtual networks? (even in a limited way)
> I would be interested to know, how far we are away from the flow described
> in
> http://docs.openvswitch.org/en/stable/tutorials/ovn-ipsec/ .
> I expect that the openvswitch-ipsec package is missing. Any input on this
> is welcome.

Could you direct me to the part of oVirt system which handles OVS tunnels

It seems that at some point oVirt issues a command similar to the following

`ovs-vsctl add-port br-int ovn-xxx-0 -- set interface ovn-xxx-0 \
 type=geneve options:csum=true key=flow options:remote_ip=`

I was not able to identify were the corresponding code is located. :(

When I tried to do a bad thing, manual deletion of such tunnel interface:

`ovs-vsctl del-port br-int ovn-xxx-0`

it was immediately re-created or just was not deleted.. Still have to
experiment with that..

Yes, for VM OVS networking, oVirt does not use OVS directly, instead, OVN is doing the work.

During adding or reinstalling a host,
is triggered.
This triggers
while the latter is really doing the work.

I expect that this file has to be extended by the call from

Maybe the
can be done in a first try manually.

The weak point I expect is that the package  openvswitch-ipsec might be missing in our repos, details in
http://docs.openvswitch.org/en/stable/tutorials/ipsec/#install-ovs-ipsec .

In a first step, this package can be built manually.

Any feedback on this would be very helpful, thanks for having a look!

WBR, Pavel