Guoshuai Li [Wed, 24 Jan 2018 12:39:08 +0000 (20:39 +0800)]
ovn-controller: Add extend_table instead of group_table to expand meter.
The structure and function of the group table and meter table are similar,
refactoring code is used to extend for add the meter table.
The following function as lib: table init/destroy/clear/lookup/remove,
assign id for contents, Move the contents of desired to existing.
Signed-off-by: Guoshuai Li <ligs@dtdream.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Requested-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-January/343674.html Requested-by: Gregory Rose <gvrose8192@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
John Hurley [Tue, 23 Jan 2018 14:08:42 +0000 (14:08 +0000)]
tc flower: reorder tunnel encap/decap actions
The tc_flower conversion struct does not consider the order of actions.
If an OvS rule matches on a tunnel (decap) and outputs to a new tunnel,
the netlink conversion to TC will add the set tunnel key action before the
unset, leading to an incorrect TC rule. This patch reorders the netlink
generation to ensure a decap is done before an encap if both exist.
Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Róbert Mulik [Wed, 6 Dec 2017 10:36:33 +0000 (10:36 +0000)]
LACP: Check active partner sys id
A reboot of one switch in an MC-LAG bond makes all bond links
to go down, causing a total connectivity loss for 3 seconds.
Packet capture shows that spurious LACP PDUs are sent to OVS with
a different MAC address (partner system id) during the final
stages of the MC-LAG switch reboot. The current implementation
doesn't care about the partner sys_id (MAC address).
The code change based on the following:
- If an interface (lead interface) on a bond has an "attached"
LACP connection, then any other slaves on that bond is allowed
to become active only when its partner's sys_id is the same as
the partner's sys_id of the lead interface.
- So, when a slave interface of a bond becomes "current" (it gets
valid LACP information), first checks if there is already an
active interface on the bond.
- If there is a lead, the slave checks for the partner sys_ids,
and becomes active only when they are the same, otherwise it
remains in "current" state, but "detached".
- If there is no lead, it follows the old way, and accepts any
partner sys_id.
Signed-off-by: Robert Mulik <robert.mulik@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Greg Rose [Fri, 5 Jan 2018 19:30:24 +0000 (11:30 -0800)]
compat:inet_frag.h: Check for frag_percpu_counter_batch
Fix up the compat layer to check for frag_percpu_counter_batch and
if not present then use atomic_sub and atomic_add as per the
backport in the 3.16.50 LTS kernel. Fixes compile errors on
3.16 series kernels from 3.16.50 on.
Signed-off-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Justin Pettit <jpettit@ovn.org>
Zoltan Balogh [Fri, 12 Jan 2018 13:34:11 +0000 (14:34 +0100)]
xlate: fix xport lookup for recirc
Xlate_lookup and xlate_lookup_ofproto_() provides in_port and ofproto
based on xport determined using flow, which is extracted from packet.
The lookup can happen due to recirculation as well. It can happen, that
packet_type has been modified during xlate before recirculation is
triggered, so the lookup fails or delivers wrong xport.
This can be worked around by propagating xport to ctx->xin after the very
first lookup and store it in frozen state of the recirculation.
So, when lookup is performed due to recirculation, the xport can be
retrieved from the frozen state.
The packet-type-aware unit tests are updated with a new one to verify
this behavior.
Signed-off-by: Zoltan Balogh <zoltan.balogh@ericsson.com> CC: Jan Scheurich <jan.scheurich@ericsson.com> Fixes: beb75a40fdc2 ("userspace: Switching of L3 packets in L2 pipeline") Signed-off-by: Ben Pfaff <blp@ovn.org>
Until now, dpif_sflow_read_actions() has ignored actions inside clone.
This means that sflow missed tnl_push actions inside clone, which OVS
now uses to avoid tx recirculation. This commit fixes the problem
by making dpif_sflow_read_actions() recursively process actions inside
clone.
In addition, some sflow data needs to be stored and restored in
ofproto-dpif-xlate when native_tunnel_output() is invoked. Otherwise the
output action of underlay bridge is getting counted too when sFlow is set
on the overlay bridge.
Both bugs are connected to sflows and were introduced by the commit in
the "Fixes:" tag below.
Signed-off-by: Zoltan Balogh <zoltan.balogh@ericsson.com> CC: Sugesh Chandran <sugesh.chandran@intel.com> Fixes: 7c12dfc527a5 ("tunneling: Avoid datapath-recirc by combining recirc actions at xlate.") Signed-off-by: Ben Pfaff <blp@ovn.org>
Daniel Alvarez [Tue, 23 Jan 2018 15:13:16 +0000 (15:13 +0000)]
ovn-controller: add new external_id 'ovn-cms-options' to Chassis table
This patch makes ovn-controller sets the external_ids key
'ovn-cms-options' to its own Chassis table entry copying its
contents from the same external_ids key in the local OpenvSwitch
database.
The idea behind this patch is to allow setting general options
from the CMS Plugin to a particular chassis.
A good example of an use case is when we want to schedule a router
on a chassis from OpenStack. In this case, we may want to exclude
some nodes because they are more likely to be restarted for
maintenance operations or they simply won't have external connectivity.
This way, if the CMS/deployment tool would set the external_ids
as:
ovs-vsctl set open . external_ids:ovn-cms-options="enable-chassis-as-gw"
Then ovn-controller will write the options to the Chassis table in
southbound database. This value can be later read by the CMS in order
to decide which Chassis are eligible to schedule a router on.
Similarly, this new key would allow to specify additional options to
be consumed by the CMS.
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Send BFD packets with TOS value equivalent to DSCP CS6 so that the network
can apply the right QoS for those packets. This can help avoid BFD flaps due
to network congestion.
For a reference on this being the right choice, here is a short
declaration:
Network engineers create various queue/drop policies based upon precedence.
Routing protocols are considered high priority/high precedence. During link
saturation events, packets will get dropped. By creating an egress policy
where packets marked by CS6 are allowed front-of-the-queue status, one can be
sure that hello's from the various protocols arrive when they need to, without
delay and without loss. On the other hand, if the hellos are dropped as part
of normal traffic operations, then traffic routing will flap, leading to
further congestion and drops.
CS6 is a 'well known' marker to network engineers. In many vendor's gear, it
is automatically assigned to routing protocol packets.
Since OVS does not perform queuing, and leaves that to the kernel edge
operations, the queue policies can be used to ensure timely egress of the BFD
packets during high utilization events.
See also:
https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/339784.html
https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/339785.html
Thanks to Raymond Burkholder <ray@oneunified.net> for much of the above
information.
Signed-off-by: Venkatesan Pradeep <venkatesan.pradeep@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
This adds a ct_clear action for clearing conntrack state. ct_clear is
currently implemented in OVS userspace, but is not backed by an action
in the kernel datapath. This is useful for flows that may modify a
packet tuple after a ct lookup has already occurred.
Signed-off-by: Eric Garver <e@erig.me> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Notes:
- hunk from include/uapi/linux/openvswitch.h is missing because it
was added with userspace support in 1fe178d251c8 ("dpif: Add support
for OVS_ACTION_ATTR_CT_CLEAR")
- if IP_CT_UNTRACKED is not available use 0 as other nf_ct_set()
calls do. Since we're setting ct to NULL this is okay.
Signed-off-by: Eric Garver <e@erig.me> Acked-by: Pravin B Shelar <pshelar@ovn.org>
Yifeng Sun [Fri, 12 Jan 2018 17:45:31 +0000 (09:45 -0800)]
ovsdb-client: Fix memory leaks
This two leaks are reported by valgrind (testing ovsdb-client
backup and restore):
890 (56 direct, 834 indirect) bytes in 1 blocks are definitely lost in loss record 71 of 73
by 0x42DE22: xcalloc (util.c:103)
by 0x40DD8C: ovsdb_schema_create (ovsdb.c:34)
by 0x40E0B5: ovsdb_schema_from_json (ovsdb.c:196)
by 0x406DA5: fetch_schema (ovsdb-client.c:415)
by 0x408478: do_restore (ovsdb-client.c:1595)
by 0x405BCD: main (ovsdb-client.c:170)
2,688 (88 direct, 2,600 indirect) bytes in 1 blocks are definitely lost in loss record 73 of 73
by 0x42DE84: xmalloc (util.c:120)
by 0x40E61F: ovsdb_create (ovsdb.c:329)
by 0x40BA22: ovsdb_file_open__ (file.c:201)
by 0x40845A: do_restore (ovsdb-client.c:1592)
by 0x405BCD: main (ovsdb-client.c:170)
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Fri, 12 Jan 2018 17:45:30 +0000 (09:45 -0800)]
ovn-northd: Fix memory leak
This leak was reported by valgrind (testing ovn -- IPv6 Neighbor
Solicitation for unknown MAC):
3,027 bytes in 49 blocks are definitely lost in loss record 210 of 218
by 0x484C84: xrealloc (util.c:131)
by 0x43CE41: ds_reserve (dynamic-string.c:63)
by 0x43D29D: ds_put_format_valist (dynamic-string.c:161)
by 0x43D3A3: ds_put_format (dynamic-string.c:142)
by 0x412EEF: ovn_port_update_sbrec (ovn-northd.c:1948)
by 0x4148B4: build_ports (ovn-northd.c:2109)
by 0x4148B4: ovnnb_db_run.isra.37 (ovn-northd.c:6202)
by 0x406FE0: main (ovn-northd.c:6854)
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yifeng Sun [Fri, 12 Jan 2018 17:45:29 +0000 (09:45 -0800)]
pinctrl: Fix memory leak
This bug is reported by valgrind (testing ovn -- 3 HVs, 1 LS, 3 lports/HV):
51,680 (27,968 direct, 23,712 indirect) bytes in 76 blocks are definitely lost in loss record 72 of 72
at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4A8992: xcalloc (util.c:103)
by 0x493052: ovsdb_idl_index_init_row (ovsdb-idl.c:2343)
by 0x413F69: send_ipv6_ras (pinctrl.c:1321)
by 0x413F69: pinctrl_run (pinctrl.c:1093)
by 0x407348: main (ovn-controller.c:703)
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Flavio Leitner [Thu, 18 Jan 2018 00:09:58 +0000 (22:09 -0200)]
netdev-linux: do not send packets to down tap ifaces.
Today OVS pushes packets to the TAP interface ignoring its
current state. That works because the kernel will return -EIO
when it's not UP and OVS will just ignore that as it is not
an OVS issue.
However, it causes a huge impact when broadcasts happen when
using userspace datapath accelerated with DPDK (e.g.: action
NORMAL). This patch improves the situation by checking the
TAP's interface state before issueing any syscall.
However, there might be use-cases moving interfaces to other
networking namespaces and in that case, OVS can't retrieve
the iface state (sets it to DOWN). That would stop the traffic
breaking the use-case. This patch relies on netlink notifications
to find out if the device is local or not. When it's local, the
device state is checked otherwise it will behave as before.
Signed-off-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
Lilijun (Jerry) [Fri, 19 Jan 2018 08:12:30 +0000 (08:12 +0000)]
ofproto: Fix wrong datapath flow with same in_port and output port.
In my test, the new datapath flow which has the same in_port and actions
output port was found using ovs-appctl dpctl/dump-flows. Then the mac
address will move from one port to another and back it again in the
physical switch. This problem result in the VM's traffic become abnormal.
My test key steps:
1) There are three VM using ovs bridge and intel 82599 nics as uplink
port, deployed in different hosts connecting to the same physical
switch. They can be named using VM-A, VM-B and VM-C, Host-A, Host-B,
Host-C.
2) VM-A send many unicast packets to VM-B, and VM-B also send unicast
packets to VM-A.
3) VM-C ping VM-A continuously, and do ovs port add/delete testing in
Host-C ovs bridge.
4) In some abormal scence, the physical switch clear all the mac-entry
on each ports. Then Host-C ovs bridge's uplink port will receive two
direction packets(VM-A to VM-B, and VM-B to VM-A).
The expected result is that this two direction packets should be droppd in
the uplink port. Because the dst port of this packets is the uplink port
which is also the src port by looking ovs bridge's mac-entry table learned
by ovs NORMAL rules. But the truth is some packets being sent back to
uplink port and physical switch. And then VM-A's mac was moved to the
physical switch port of Host-C from the port of Host-A, as a reulst, VM-C
ping VM-A failed at this time. When this problem occurs, the abnormal ovs
datapath's flow "in_port(2) actions:2" was found by executing the command
"ovs-appctl dpctl/dump-flows".
Currently, xlate_normal() uses xbundle pointer compare to verify the
packet's dst port whether is same with its input port. This implemention
may be wrong while calling xlate_txn_start/xlate_txn_commit in type_run()
at the same time, because xcfg/xbridge/xbundle object was reallocated and
copied just before we lookup the dst mac_port and mac_xbundle. Then
mac_xbundle and in_xbundle are same related with the uplink port but not
same object pointer.
And we can fix this bug by adding ofbundle check conditions shown in my
patch.
Signed-off-by: Lilijun <jerry.lilijun@huawei.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
John Hurley [Tue, 16 Jan 2018 10:46:36 +0000 (10:46 +0000)]
dpif: geneve: supply dpif function to get ifindex
Geneve tunnels are not given a netdev_class function to determine their
ifindex. This means when ofproto-dpif attempts to add a geneve netdev
it fails in 'netdev_ports_insert' in netdev.c. Failure to add this means
that further operations like offloading a rule that egresses to a geneve
port will be rejected as the egress port cannot be found. This patch
applies the same ifindex function to geneve as is used in vxlan.
Signed-off-by: John Hurley <john.hurley@netronome.com> Acked-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com>
Eric Garver [Fri, 19 Jan 2018 19:21:53 +0000 (14:21 -0500)]
system-traffic: Add conntrack floating IP test
This test cases uses floating IP (FIP) addresses for each endpoint. If
the destination is a FIP, the packet will undergo a transformation of
the form (dst=FIP, src=non-FIP) --> (dst=non-FIP, src=FIP) before
egress. Otherwise the packet is untouched.
This exercises the ct_clear action in the datapath.
Signed-off-by: Eric Garver <e@erig.me> Acked-by: William Tu <u9012063@gmail.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Justin Pettit <jpettit@ovn.org>
Eric Garver [Fri, 19 Jan 2018 19:21:51 +0000 (14:21 -0500)]
dpif: Add support for OVS_ACTION_ATTR_CT_CLEAR
This supports using the ct_clear action in the kernel datapath. To
preserve compatibility with current ct_clear behavior on old kernels, we
only pass this action down to the datapath if a probe reveals the
datapath actually supports it.
Signed-off-by: Eric Garver <e@erig.me> Acked-by: William Tu <u9012063@gmail.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Wed, 17 Jan 2018 18:02:25 +0000 (10:02 -0800)]
dpif-netlink-rtnl: Work around MTU bug in kernel GRE driver.
The kernel GRE driver ignores IFLA_MTU in RTM_NEWLINK requests and
overrides the MTU to 1472 bytes. This commit works around the problem by
following up a request to create a GRE device with a second request to set
the MTU.
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1488484 Reported-by: Eric Garver <e@erig.me> Reported-by: James Page <james.page@ubuntu.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Eric Garver <e@erig.me> Tested-by: James Page <james.page@ubuntu.com>
Ben Pfaff [Wed, 17 Jan 2018 18:02:24 +0000 (10:02 -0800)]
dpif-netlink-rtnl: Use 65000 instead of 65535 as tunnel MTU.
Most of the existing tunnels accept 65535 for MTU and internally reduce it
to the maximum value actually supported. However, in RTM_SETLINK calls,
at least GRE tunnels reject MTU larger than actually supported. This
commit changes the MTU used in RTM_NEWLINK calls to use a value that should
be acceptable to all tunnels and yet does not noticeably reduce
performance.
(This code doesn't actually use RTM_SETLINK to change MTU yet, but that's
coming up.)
Suggested-by: Eric Garver <e@erig.me>
Suggested-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-January/343304.html Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Eric Garver <e@erig.me> Tested-by: James Page <james.page@ubuntu.com>
On minimal install RHEL 7 servers (and perhaps other types of installs)
you need to enable a couple of optional repositories for the yum-builddep
utility to work correctly. This patch documents those two optional
repositories.
Signed-off-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Tue, 16 Jan 2018 14:05:47 +0000 (09:05 -0500)]
odp-util: Fix compiler warning.
The result of a ternary operation will be promoted at least to int type.
As such, the compiler may generate a warning as: format specifies type
'unsigned char' but the argument has type 'int'
Found with Apple LLVM version 8.1.0 (clang-802.0.42).
Squelch this by preferring the %d format specifier to print 1/0 values.
Fixes: 74c4530dca93 ("ofproto-dpif: Don't slow-path controller actions with pause.") Cc: Justin Pettit <jpettit@ovn.org> Signed-off-by: Aaron Conole <aconole@bytheb.org> Acked-by: Ian Stokes <ian.stokes@intel.com> Tested-by: Ian Stokes <ian.stokes@intel.com> Signed-off-by: Justin Pettit <jpettit@ovn.org>
Patch c49889cf3e "rhel: Ensure proper OVS kernel modules load after upgrade"
did not address the RHEL 6 kmod rpm spec file. This patch addresses
that error.
Brad Cowie [Mon, 15 Jan 2018 00:38:48 +0000 (13:38 +1300)]
Documentation: Update Faucet tutorial.
Drop use of minimum_ip_size_check in Faucet tutorial which is no longer
needed after we fixed a bug that was causing packet length checks to be
calculated wrong.
Kevin Traynor [Tue, 16 Jan 2018 15:04:42 +0000 (15:04 +0000)]
NEWS: Add entry for new appctl dpif-netdev/pmd-rxq-rebalance.
This feature was added earlier but we thought it better to
advertise in NEWS after there was stats provided to help
the user decide whether they should use it.
Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
These values are what would be used as part of rxq to pmd
assignment due to a reconfiguration event e.g. adding pmds,
adding rxqs or with the command:
ovs-appctl dpif-netdev/pmd-rxq-rebalance
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Co-authored-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Kevin Traynor [Thu, 11 Jan 2018 14:25:33 +0000 (14:25 +0000)]
dpif-netdev: Reset the rxq current cycle counter on reload.
An rxq may have processing cycles counted in the current
counter when a reload happens. That could temporarily create
a small skew on the stats for an rxq. Reset the counter after
reload.
Fixes: 4809891b2e01 ("dpif-netdev: Count the rxq processing cycles for an rxq.") Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Ilya Maximets [Mon, 15 Jan 2018 10:20:54 +0000 (13:20 +0300)]
docs: Describe output packet batching in DPDK guide.
Added information about output packet batching and a way to
configure 'tx-flush-interval'.
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Co-authored-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Acked-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Ilya Maximets [Mon, 15 Jan 2018 10:20:52 +0000 (13:20 +0300)]
dpif-netdev: Count cycles on per-rxq basis.
Upcoming time-based output batching will allow to collect in a single
output batch packets from different RX queues. Lets keep the list of
RX queues for each output packet and collect cycles for them on send.
Tested-by: Jan Scheurich <jan.scheurich@ericsson.com> Acked-by: Jan Scheurich <jan.scheurich@ericsson.com> Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Jan Scheurich [Mon, 15 Jan 2018 11:27:24 +0000 (12:27 +0100)]
dpif-netdev: Refactor cycle counting
Simplify the historically grown TSC cycle counting in PMD threads.
Cycles are currently counted for the following purposes:
1. Measure PMD ustilization
PMD utilization is defined as ratio of cycles spent in busy iterations
(at least one packet received or sent) over the total number of cycles.
This is already done in pmd_perf_start_iteration() and
pmd_perf_end_iteration() based on a TSC timestamp saved in current
iteration at start_iteration() and the actual TSC at end_iteration().
No dependency on intermediate cycle accounting.
2. Measure the processing load per RX queue
This comprises cycles spend on polling and processing packets received
from the rx queue and the cycles spent on delayed sending of these packets
to tx queues (with time-based batching).
The previous scheme using cycles_count_start(), cycles_count_intermediate()
and cycles-count_end() originally introduced to simplify cycle counting
and saving calls to rte_get_tsc_cycles() was rather obscuring things.
Replace by a nestable cycle_timer with with start and stop functions to
embrace a code segment to be timed. The timed code may contain arbitrary
nested cycle_timers. The duration of nested timers is excluded from the
outer timer.
The caller must ensure that each call to cycle_timer_start() is
followed by a call to cycle_timer_end(). Failure to do so will lead to
assertion failure or a memory leak.
The new cycle_timer is used to measure the processing cycles per rx queue.
This is not yet strictly necessary but will be made use of in a subsequent
commit.
All cycle count functions and data are relocated to module
dpif-netdev-perf.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Acked-by: Ilya Maximets <i.maximets@samsung.com> Acked-by: Billy O'Mahony <billy.o.mahony@intel.com>
Signed-off: Ian Stokes <ian.stokes@intel.com>
Jan Scheurich [Mon, 15 Jan 2018 11:27:23 +0000 (12:27 +0100)]
dpif-netdev: Refactor PMD performance into dpif-netdev-perf
Add module dpif-netdev-perf to host all PMD performance-related
data structures and functions in dpif-netdev. Refactor the PMD
stats handling in dpif-netdev and delegate whatever possible into
the new module, using clean interfaces to shield dpif-netdev from
the implementation details. Accordingly, the all PMD statistics
members are moved from the main struct dp_netdev_pmd_thread into
a dedicated member of type struct pmd_perf_stats.
Include Darrel's prior refactoring of PMD stats contained in
[PATCH v5,2/3] dpif-netdev: Refactor some pmd stats:
1. The cycles per packet counts are now based on packets
received rather than packet passes through the datapath.
2. Packet counters are now kept for packets received and
packets recirculated. These are kept as separate counters for
maintainability reasons. The cost of incrementing these counters
is negligible. These new counters are also displayed to the user.
3. A display statistic is added for the average number of
datapath passes per packet. This should be useful for user
debugging and understanding of packet processing.
4. The user visible 'miss' counter is used for successful upcalls,
rather than the sum of sucessful and unsuccessful upcalls. Hence,
this becomes what user historically understands by OVS 'miss upcall'.
The user display is annotated to make this clear as well.
5. The user visible 'lost' counter remains as failed upcalls, but
is annotated to make it clear what the meaning is.
6. The enum pmd_stat_type is annotated to make the usage of the
stats counters clear.
7. The subtable lookup stats is renamed to make it clear that it
relates to masked lookups.
8. The PMD stats test is updated to handle the new user stats of
packets received, packets recirculated and average number of datapath
passes per packet.
On top of that introduce a "-pmd <core>" option to the PMD info
commands to filter the output for a single PMD.
Made the pmd-stats-show output a bit more readable by adding a blank
between colon and value.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com> Co-authored-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Acked-by: Ilya Maximets <i.maximets@samsung.com> Acked-by: Billy O'Mahony <billy.o.mahony@intel.com>
Signed-off: Ian Stokes <ian.stokes@intel.com>
Greg Rose [Tue, 16 Jan 2018 16:44:15 +0000 (08:44 -0800)]
rhel: Ensure proper OVS kernel modules load after upgrade
Add post install and post un-install scripts to make sure that the
openvswitch kernel modules are correctly written with the weak-modules
utility. This ensures that after an upgrade to a newer kernel the
correct openvswitch kernel modules from a previous installation will
be found by the depmod search path.
Aaron Conole [Fri, 12 Jan 2018 22:15:50 +0000 (17:15 -0500)]
flake8: Ignore bare except violations
Newer versions of flake8 (3.5.0, mccabe: 0.6.1, pycodestyle: 2.3.1,
pyflakes: 1.6.0) add an error code for 'bare exception'. The OvS
codebase does use bare exceptions in places, especially when the
specific exception isn't important (ie: the program will be
terminating, so the specific exception isn't important).
Without this change, the following error messages appear:
utilities/checkpatch.py:476:5: E722 do not use bare except'
utilities/checkpatch.py:514:5: E722 do not use bare except'
utilities/ovs-dev.py:189:5: E722 do not use bare except'
utilities/ovs-dev.py:192:9: E722 do not use bare except'
utilities/ovs-dev.py:197:5: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:360:13: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:434:5: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:470:13: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:609:9: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:679:5: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:712:13: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:744:9: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:751:9: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:825:5: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:1006:13: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:1041:13: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:1079:5: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:1202:5: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:1247:9: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:1257:13: E722 do not use bare except'
utilities/bugtool/ovs-bugtool.in:1328:9: E722 do not use bare except'
tests/test-daemon.py:60:5: E722 do not use bare except'
tests/test-l7.py:23:1: E722 do not use bare except'
tests/test-unixctl.py:96:5: E722 do not use bare except'
xenserver/usr_share_openvswitch_scripts_ovs-xapi-sync:404:5: E722 do not use bare except'
python/ovs/fcntl_win.py:39:9: E722 do not use bare except'
python/ovs/poller.py:38:1: E722 do not use bare except'
python/ovs/socket_util.py:151:13: E722 do not use bare except'
python/ovs/stream.py:169:17: E722 do not use bare except'
python/ovs/stream.py:578:17: E722 do not use bare except'
python/ovs/timeval.py:51:1: E722 do not use bare except'
python/ovstest/util.py:52:5: E722 do not use bare except'
vtep/ovs-vtep:767:5: E722 do not use bare except'
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Fri, 12 Jan 2018 20:40:21 +0000 (15:40 -0500)]
ovs-tcpundump: fix a conversion issue
When I tried using ovs-tcpundump, I got the following error message:
Traceback (most recent call last):
File ./ovs-tcpundump, line 64, in <module>
if m is None or int(m.group(1)) == 0:
ValueError: invalid literal for int() with base 10: '00a0'
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
netdev-native-tnl: Add assertion in vxlan_pop_header.
During tunnel decapsulation the below steps are performed:
[1] Tunnel information is populated in packet metadata i.e packet->md->tunnel.
[2] Outer header gets popped.
[3] Packet is recirculated.
For [1] to work, the dp_packet L3 and L4 header offsets should be valid.
The offsets in the dp_packet are set as part of miniflow extraction.
If offsets are accidentally reset (or) the pop header operation is performed
prior to miniflow extraction, step [1] fails silently and creates
issues that are harder to debug. Add the assertion to check if the
offsets are valid.
Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Fri, 12 Jan 2018 18:42:39 +0000 (10:42 -0800)]
docs: Recommend newer version of "sparse".
The previously recommended version of sparse, version 0.4.4, does not
support -Wsparse-error properly, so configuring with --enable-Werror and
--enable-sparse will not have the desired effect of breaking the build
when sparse reports an error. Version 0.5.1 and later do implement this
properly.
This commit also updates the recommended URL for sparse because the
previous URL doesn't have the newer releases.
Ben Pfaff [Thu, 11 Jan 2018 23:49:24 +0000 (15:49 -0800)]
configure: New --enable-sparse option to enable sparse checking by default.
Until now, "make" called sparse to do checking only if C=1 was passed on
the command line. It was easy for developers to forget to specify that.
This commit adds another option: specifying --enable-sparse on the
configure command line enables sparse checking by default. (It can still
be disabled with C=0.)
packets: Prefetch the packet metadata in cacheline1.
pkt_metadata_prefetch_init() is used to prefetch the packet metadata
before initializing the metadata in pkt_metadata_init(). This is done
for every packet in userspace datapath and is performance critical.
Commit 99fc16c0 prefetches only cachline0 and cacheline2 as the metadata
part of respective cachelines will be initialized by pkt_metadata_init().
However in VXLAN case when popping the vxlan header, netdev_vxlan_pop_header()
invokes pkt_metadata_init_tnl() which zeroes out metadata part of
cacheline1 that wasn't prefetched earlier and causes performance
degradation.
By prefetching cacheline1, 9% performance improvement is observed with
vxlan decapsulation test case for packet sizes of 118 bytes. Performance
variation is observed based on CFLAGS.
CFLAGS="-O2" CFLAGS="-O2 -msse4.2"
Master 4.667 Mpps Master 4.710 Mpps
With Patch 5.045 Mpps With Patch 5.097 Mpps
CFLAGS="-O2 -march=native" CFLAGS="-Ofast -march=native"
Master 5.072 Mpps Master 5.349 Mpps
With Patch 5.193 Mpps With Patch 5.378 Mpps
Fixes: 99fc16c0 ("Reorganize the pkt_metadata structure.") Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> Acked-by: Sugesh Chandran <sugesh.chandran@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yi Yang [Thu, 11 Jan 2018 05:24:03 +0000 (13:24 +0800)]
nsh: add dec_nsh_ttl action
NSH ttl is a 6-bit field ranged from 0 to 63, it should be
decremented by 1 every hop, if it is 0 or it is so after
decremented, the packet should be dropped and a packet-in
message is sent to main controller.
Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Yi Yang [Thu, 11 Jan 2018 05:24:02 +0000 (13:24 +0800)]
nsh: fix nested mask for OVS_KEY_ATTR_NSH
NSH kernel implementation used nested mask for OVS_KEY_ATTR_NSH,
so NSH userspace must adapt to it, OVS hasn't used nested mask for
any key attribute so far, OVS_KEY_ATTR_NSH is the first use case.
Signed-off-by: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Thu, 11 Jan 2018 21:59:04 +0000 (13:59 -0800)]
configure: Make --enable-Werror turn sparse warnings into errors.
Until now, when "sparse" reported a warning, it didn't fail the build for
that file, even when the project was configured with --enable-Werror, which
made it easy to miss warnings. This commit fixes the problem.
Reported-by: "Stokes, Ian" <ian.stokes@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Ian Stokes <ian.stokes@intel.com> Tested-by: Ian Stokes <ian.stokes@intel.com>
Justin Pettit [Thu, 11 Jan 2018 18:55:04 +0000 (10:55 -0800)]
odp-util: Fix Sparse warning in parse_odp_userspace_action().
Sparse complains with warning: incorrect type in argument 1 (different
base types) in function parse_odp_userspace_action due to a call to
htonll(rule_cookie). The variable is read in host-byte order, so it
shouldn't have been declared as big-endian.
Fixes: d39ec23de384 ("ofproto-dpif: Don't slow-path controller actions.") Reported-by: Ian Stokes <ian.stokes@intel.com> Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ian Stokes <ian.stokes@intel.com> Tested-by: Ian Stokes <ian.stokes@intel.com> Acked-by: Ben Pfaff <blp@ovn.org>
Justin Pettit [Thu, 19 Oct 2017 06:16:22 +0000 (23:16 -0700)]
ofproto-dpif: Don't slow-path controller actions with pause.
A previous patch removed slow-pathing for controller actions with the
exception of ones that specified "pause". This commit removes that
restriction so that no controller actions are slow-pathed.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Controller actions have become more commonly used for purposes other
than just making forwarding decisions (e.g., packet logging). A packet
that needs to be copied to the controller and forwarded would always be
sent to ovs-vswitchd to be handled, which could negatively affect
performance and cause heavier CPU utilization in ovs-vswitchd.
This commit changes the behavior so that OpenFlow controller actions
become userspace datapath actions while continuing to let packet
forwarding and manipulation continue to be handled by the datapath
directly.
This patch still slow-paths controller actions with the "pause" flag
set. A future patch will stop slow-pathing these pause actions as
well.
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Justin Pettit [Wed, 4 Oct 2017 00:31:34 +0000 (17:31 -0700)]
ofproto: Add 'ofproto_uuid' and 'ofp_in_port' to user action cookie.
Previously, the ofproto instance and OpenFlow port have been derived
based on the datapath port number. This change explicitly declares them
both, which will be helpful in future commits that no longer can depend
on having a unique datapath port (e.g., a source port that represents
the controller).
Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Michal Weglicki [Tue, 9 Jan 2018 07:55:37 +0000 (07:55 +0000)]
netdev: Custom statistics.
- New get_custom_stats interface function is added to netdev. It
allows particular netdev implementation to expose custom
counters in dictionary format (counter name/counter value).
- New statistics are retrieved using experimenter code and
are printed as a result to ofctl dump-ports.
- New counters are available for OpenFlow 1.4+.
- New statistics are printed to output via ofctl only if those
are present in reply message.
- New statistics definition is added to include/openflow/intel-ext.h.
- Custom statistics are implemented only for dpdk-physical
port type.
- DPDK-physical implementation uses xstats to collect statistics.
Only dropped and error counters are exposed.
Co-authored-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org> Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Michal Weglicki [Wed, 10 Jan 2018 13:06:03 +0000 (13:06 +0000)]
ofproto-dpif-ipfix: add interface Information Elements to flow key
Extend flow key part of data record to include following Information Elements:
- ingressInterface
- ingressInterfaceType
- egressInterface
- egressInterfaceType
- interfaceName
- interfaceDescription
In case of input sampling we don't have information about egress port.
Define templates depending not only on protocol types, but also on flow
direction. Only egress flow will include egress information elements.
With this change, dpif_ipfix_exporter stores every port in hmap rather
than only tunnel ports. It allows to easily retrieve required
information about interfaces during sampling upcalls.
Co-authored-by: Michal Weglicki <michalx.weglicki@intel.com> Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com> Signed-off-by: Przemyslaw Szczerbik <przemyslawx.szczerbik@intel.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Wed, 10 Jan 2018 16:35:04 +0000 (08:35 -0800)]
ofproto-dpif: Issue clear error messages for unsupported CT features.
I spent way too much time this last week tracking down errors due to a
VM with an antique kernel module that didn't support connection tracking.
This commit adds clear error messages that would have made the problem
obvious.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Darrell Ball <dlu998@gmail.com>
William Tu [Wed, 10 Jan 2018 21:13:11 +0000 (13:13 -0800)]
tunnel: fix tunnel flags set/clear.
Existing code only set these tunnel flags (df, csum, and key) when the
flag is set in the output tunnel port, but did not clear when the flag
is unset. The patch fixes it by setting and clearing it accordingly.
Two existing testcases need to fix:
'tunnel - Geneve option present' has no key set up, so we should match
'flags(df)' instead of 'flags(df|key)'. The second case
'tunnel - concomitant IPv6 and IPv4 tunnels' follows the same pattern.
One additional test case 'tunnel - Mix Geneve/GRE options' is added.
Signed-off-by: William Tu <u9012063@gmail.com>
VMWare-BZ: #2019012 Signed-off-by: Ben Pfaff <blp@ovn.org>
Ashish Varma [Fri, 15 Dec 2017 15:09:50 +0000 (07:09 -0800)]
tests: add-del-add sequence for interface
Added a unit test case for testing the condition when a veth interface
is added to br0 and then the veth interface is deleted from the
system and added back with the same name.
Darrell Ball [Tue, 9 Jan 2018 23:44:57 +0000 (15:44 -0800)]
conntrack: Reorder sanity checks in extract_l3_ipvx().
The functions extract_l3_ipv4 and extract_l3_ipv6 check for
unsupported ip fragments and return early. The checks were after
an assignment that would not be needed when early return happens.
This is slightly inefficient, but mostly reads poorly.
Hence, reorder the ip fragment checks before the assignments.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Tue, 9 Jan 2018 23:44:56 +0000 (15:44 -0800)]
conntrack: Some style improvements.
Fix up some instances where variable declarations were not close
enough to their use, as these were missed before. This is the
preferred art in OVS code and flagged heavily in code reviews.
This is highly desirable due to code clarity reasons.
There are also some cases where newlines were not needed by prior art
and some cases where they were needed but missed.
There was one case where there was a missing space after "}".
There were a few cases where for loop index declarations could be
folded into the loop.
One function was missing some const qualifiers.
There were a few instances where a local variable for conn_key_hash
could be eliminated.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Tue, 9 Jan 2018 23:44:55 +0000 (15:44 -0800)]
conntrack: Add additional alg support.
In order to support more algs with different requirements,
expectation handling is allowed to handle more cases, such as
a wildcard source ip as in the case of SIP. NAT can also be
skipped in some alg cases.
Expectation_create() was otherwise simplified in the process.
Some renaming was done to support the above changes.
Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Darrell Ball [Tue, 9 Jan 2018 23:44:54 +0000 (15:44 -0800)]
conntrack: Fix alg expectation cleanup.
Presently, alg expectations are removed by being time expired.
This was intended to happen before the control connections and
was intended to minimize the extra work involved for tracking and
removing the expectations. This is not the best option since it
should be possible to remove expectations when a control connection
is removed and a new api is in the works to do this. Also, conceptually
an expectation should not exist without a control connection context
and it can be argued that this should be a strict requirement.
The approach is changed to remove the expectations when the control
connections are removed. The previous code to expire the expectations
is removed at the same time.
Fixes: bd5e81a0e ("Userspace Datapath: Add ALG infra and FTP.")
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-December/341683.html Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ofproto-dpif-xlate: Incorrect handling of errors in group action processing
As per OpenFlow v1.3 specification, when an action list contains a group
action a copy of the packet is passed to the group for processing by the
group. This means that if there is an error encountered during group
processing, only the copy of packet should be dropped, but subsequent
actions in the action list should be executed on the original packet.
Additionally, if the group type is "ALL", each action bucket of the group
should process a copy of the packet. If there is an error while processing
one bucket other buckets should still be processed.
Example 1:
table=0,in_port=tap0 actions=output:tap1,group:10,output:tap2
Even if any error is encountered while processing the group action, the
packet should still be forwarded to ports tap1 and tap2.
Example 2:
group_id=1,type=all,bucket=actions=output:tap1,bucket=actions=encap(eth)
Even if processing the action in the second bucket fails because the
packet already has an Ethernet header, the other copy of the packet should
still be processed by the first bucket and output to port tap1.
Currently the error handling in OVS does not comply with those rules. When
any group bucket execution fails the error is recorded in the so-called
"translation context" which is global for the processing of the original
packet. Once an error is recorded, OVS skips processing subsequent buckets
and installs a drop action in the datapath even if parts of the action list
were previously processed successfully.
This patch clears the error flag after any bucket of a group is executed.
This way the error encountered in processing any bucket of the group will
not impact other actions of action-list or other buckets of the group.
Errors which are system limits to protect translation from taking too long
time or too much space are not cleared. Instead drop action is installed
for them.
Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera@ericsson.com> Signed-off-by: Keshav Gupta <keshav.gupta@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovs-bugtool: Extend bugtool with query repeat feature.
Devs can configure bugtool plugin queries to be repeated using
repeat counters. The value of a repeat counter is an integer
greater than 1. The outputs of a repeated query are saved in the
same output file with date headers. Queries without repeat counter
will run only once. Users can set the delay between repeated
queries with the delay option. Default value for delay is 10
seconds.
Setting repeat counter value to "2" for traffic related queries.
Signed-off-by: David Patrik Pinter <david.patrik.pinter@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
ovs-bugtool: Refactorize bugtool plugin xml files.
Introducing new query calling practice:
- single line query called directly from plugin xml
- multiple line query saved as script and the script is called
from plugin xml
Signed-off-by: David Patrik Pinter <david.patrik.pinter@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Introducing 'ovs-bugtool-ovs-ofctl-loop-over-bridges' bash script.
It calls ovs-ofctl commands given as first parameter for each
bridge with the corresponding open flow protocol option.
Usage:
ovs-bugtool-ovs-ofctl-loop-over-bridges "param1" "param2"
- param1: ovs-ofctl command to call (show, dump-flows, etc...)
- param2: optional, add further parts for the shell command
(like "| grep something")
Calling ovs-ofctl commands 'show' and 'dump-flows' with the
'ovs-bugtool-ovs-ofctl-loop-over-bridges' bash script.
Signed-off-by: David Patrik Pinter <david.patrik.pinter@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Numan Siddique [Mon, 8 Jan 2018 07:35:56 +0000 (13:05 +0530)]
OVN pacemaker: Fix issues when started as pacemaker container bundles
When OVN dbs are created as a pacemaker container bundle resource with
meta attribute "container-attribute-target=host" defined, the OVN OCF script
is not working properly. It should use the function provided by the OCF lib
'ocf_attribute_target' [1] to get the physical hostname and use that to set the
master/slave scores. This patch makes use of this function when setting the
scores. Also fixes other issues seen and deletes the local unused function
'ovsdb_server_find_active_peers'.
[1] - Please see this commit in ResourceAgents for more information on
'ocf_attribute_target'
https://github.com/ClusterLabs/resource-agents/commit/9bd94137d77f770967d35db5de716590cfaf0435
Signed-off-by: Numan Siddique <nusiddiq@redhat.com> CC: Russell Bryant <russell@ovn.org> Signed-off-by: Russell Bryant <russell@ovn.org>
Markos Chandras [Wed, 27 Dec 2017 18:27:12 +0000 (18:27 +0000)]
ovsdb: ovsdb-dot.in: Change exception semantics for Python3
PEP-3110 changes the semantics for capturing exceptions in Python3
from 'except E,N' to 'except E as N'. This fixes the following problem
when building with python3
Markos Chandras [Wed, 27 Dec 2017 18:27:11 +0000 (18:27 +0000)]
ovsdb: ovsdb-dot.in: Use print function for Python3
The python2 print statement no longer works in python3 since the
latter uses a print function. As such, replace all instances of
'print' with 'print()'. This fixes the following build problem with
python3
Markos Chandras [Wed, 27 Dec 2017 18:27:10 +0000 (18:27 +0000)]
ovsdb: Use items() instead of iteritems() for Python3
Python3 removed the iteritems() iterator and replaced it with items()
which should also work in Python2. This fixes the following build
problem on Python3:
Traceback (most recent call last):
File "./ovsdb/ovsdb-idlc.in", line 1436, in <module>
func(*args[1:])
File "./ovsdb/ovsdb-idlc.in", line 314, in printCIDLHeader
for columnName, column in sorted(table.columns.iteritems()):
AttributeError: 'dict' object has no attribute 'iteritems'
Signed-off-by: Markos Chandras <mchandras@suse.de> Signed-off-by: Ben Pfaff <blp@ovn.org>
Daniel Alvarez [Tue, 9 Jan 2018 13:54:36 +0000 (14:54 +0100)]
ovn-controller: Change duplicate flows trace from INFO to DBG
When ovn-controller detects that a flow is duplicated, it will print an
INFO trace. Even though it's rate limited, this patch is changing the
trace level back to DEBUG to reduce noise.
Background: in our effort to ensure consistency across objects in
Neutron and OVN databases we find some special cases like security group
rules which match OVN ACLs but not in 1:1 relationship. Until now, two
identical security group rules beloning each to a different security
group would generate a single ACL in NB database. With this behavior,
there's no way to map the ACL in OVN to the corresponding Neutron
object.
By implementing [0] we're trying to ensure this mapping so we make use
of the external_ids column of every table for this purpose. It may
happen that we'll have two identical ACLs but each referencing a
different Neutron object in their external_ids field. However, this will
make ovn-controller to drop those duplicated flows and log a (rate
controlled) INFO trace. In order to reduce this noise, this patch
changes it to DBG.
projects / ovs.git / log