[ovs-dev,v2] ovn-northd: Optionally skip the check of lsp_is_up.

The checking of lsp "up" status before adding ARP responder flows was
added to avoid confusion in cases when a network admin sees ARP response
for VM/containers that is not up on chassis yet. However, this check
introduces an extra round of flow change in SB and triggers computes
on hypervisors which is unnecessary cost in most cases, especially for
large scale environment. To improve this, this patch provides an option
ignore_lsp_down to disable the check for the use cases when ARP reponse for a
port that is "down" isn't considered harmful.

Acked-by: Numan Siddique <numans@ovn.org>
Signed-off-by: Han Zhou <hzhou@ovn.org>
---
v1 -> v2: change the option from "check_lsp_is_up" to "ignore_lsp_down" as
          suggested by Numan.

 northd/ovn-northd.8.xml | 15 ++++++++++-----
 northd/ovn-northd.c     |  7 ++++++-
 ovn-nb.xml              | 13 +++++++++++++
 tests/ovn-northd.at     | 14 ++++++++++++++
 4 files changed, 43 insertions(+), 6 deletions(-)

On Wed, Sep 9, 2020 at 2:52 AM Han Zhou <hzhou@ovn.org> wrote:
>
> The checking of lsp "up" status before adding ARP responder flows was
> added to avoid confusion in cases when a network admin sees ARP response
> for VM/containers that is not up on chassis yet. However, this check
> introduces an extra round of flow change in SB and triggers computes
> on hypervisors which is unnecessary cost in most cases, especially for
> large scale environment. To improve this, this patch provides an option
> ignore_lsp_down to disable the check for the use cases when ARP reponse for a
> port that is "down" isn't considered harmful.
>
> Acked-by: Numan Siddique <numans@ovn.org>
> Signed-off-by: Han Zhou <hzhou@ovn.org>
> ---
> v1 -> v2: change the option from "check_lsp_is_up" to "ignore_lsp_down" as
>           suggested by Numan.


Hi Han,

The patch LGTM.

Thanks
Numan

>
>  northd/ovn-northd.8.xml | 15 ++++++++++-----
>  northd/ovn-northd.c     |  7 ++++++-
>  ovn-nb.xml              | 13 +++++++++++++
>  tests/ovn-northd.at     | 14 ++++++++++++++
>  4 files changed, 43 insertions(+), 6 deletions(-)
>
> diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
> index d15245a..a275442 100644
> --- a/northd/ovn-northd.8.xml
> +++ b/northd/ovn-northd.8.xml
> @@ -763,9 +763,11 @@ output;
>
>          <p>
>            These flows are omitted for logical ports (other than router ports or
> -          <code>localport</code> ports) that are down, for logical ports of
> -          type <code>virtual</code> and for logical ports with 'unknown'
> -          address set.
> +          <code>localport</code> ports) that are down (unless <code>
> +          ignore_lsp_down</code> is configured as true in <code>options</code>
> +          column of <code>NB_Global</code> table of the <code>Northbound</code>
> +          database), for logical ports of type <code>virtual</code> and for
> +          logical ports with 'unknown' address set.
>          </p>
>        </li>
>
> @@ -812,8 +814,11 @@ nd_na_router {
>
>          <p>
>            These flows are omitted for logical ports (other than router ports or
> -          <code>localport</code> ports) that are down and for logical ports of
> -          type <code>virtual</code>.
> +          <code>localport</code> ports) that are down (unless <code>
> +          ignore_lsp_down</code> is configured as true in <code>options</code>
> +          column of <code>NB_Global</code> table of the <code>Northbound</code>
> +          database), for logical ports of type <code>virtual</code> and for
> +          logical ports with 'unknown' address set.
>          </p>
>        </li>
>
> diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> index bebb25a..100d9dc 100644
> --- a/northd/ovn-northd.c
> +++ b/northd/ovn-northd.c
> @@ -87,6 +87,8 @@ static struct eth_addr mac_prefix;
>
>  static bool controller_event_en;
>
> +static bool check_lsp_is_up;
> +
>  /* MAC allocated for service monitor usage. Just one mac is allocated
>   * for this purpose and ovn-controller's on each chassis will make use
>   * of this mac when sending out the packets to monitor the services
> @@ -6741,7 +6743,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
>               *  - port type is router or
>               *  - port type is localport
>               */
> -            if (!lsp_is_up(op->nbsp) && strcmp(op->nbsp->type, "router") &&
> +            if (check_lsp_is_up &&
> +                !lsp_is_up(op->nbsp) && strcmp(op->nbsp->type, "router") &&
>                  strcmp(op->nbsp->type, "localport")) {
>                  continue;
>              }
> @@ -11831,6 +11834,8 @@ ovnnb_db_run(struct northd_context *ctx,
>
>      controller_event_en = smap_get_bool(&nb->options,
>                                          "controller_event", false);
> +    check_lsp_is_up = !smap_get_bool(&nb->options,
> +                                     "ignore_lsp_down", false);
>
>      build_datapaths(ctx, datapaths, lr_list);
>      build_ports(ctx, sbrec_chassis_by_name, datapaths, ports);
> diff --git a/ovn-nb.xml b/ovn-nb.xml
> index 109ffcf..0bfe626 100644
> --- a/ovn-nb.xml
> +++ b/ovn-nb.xml
> @@ -167,6 +167,19 @@
>          </p>
>        </column>
>
> +      <column name="options" key="ignore_lsp_down">
> +        <p>
> +          If set to false, ARP/ND reply flows for logical switch ports will be
> +          installed only if the port is up, i.e. claimed by a Chassis. If set
> +          to true, these flows are installed regardless of the status of the
> +          port, which can result in a situation that ARP request to an IP is
> +          resolved even before the relevant VM/container is running. For
> +          environments where this is not an issue, setting it to
> +          <code>true</code> can reduce the load and latency of the control
> +          plane. The default value is <code>false</code>.
> +        </p>
> +      </column>
> +
>        <group title="Options for configuring interconnection route advertisement">
>          <p>
>            These options control how routes are advertised between OVN
> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> index c6d9ae11..b89c585 100644
> --- a/tests/ovn-northd.at
> +++ b/tests/ovn-northd.at
> @@ -1991,3 +1991,17 @@ AT_CHECK([ovn-sbctl lflow-list | grep "ls_out_pre_lb.*priority=100" | grep reg0
>  ])
>
>  AT_CLEANUP
> +
> +AT_SETUP([ovn -- ignore_lsp_down])
> +ovn_start
> +
> +ovn-nbctl ls-add sw0
> +ovn-nbctl lsp-add sw0 sw0-p1 -- lsp-set-addresses sw0-p1 "aa:aa:aa:aa:aa:aa 10.0.0.1"
> +
> +ovn-nbctl --wait=sb sync
> +AT_CHECK([ovn-sbctl lflow-list | grep arp | grep 10\.0\.0\.1], [1], [ignore])
> +
> +ovn-nbctl --wait=sb set NB_Global . options:ignore_lsp_down=true
> +AT_CHECK([ovn-sbctl lflow-list | grep arp | grep 10\.0\.0\.1], [0], [ignore])
> +
> +AT_CLEANUP
> --
> 2.1.0
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>

On Wed, Sep 9, 2020 at 4:15 AM Numan Siddique <numans@ovn.org> wrote:
>
> On Wed, Sep 9, 2020 at 2:52 AM Han Zhou <hzhou@ovn.org> wrote:
> >
> > The checking of lsp "up" status before adding ARP responder flows was
> > added to avoid confusion in cases when a network admin sees ARP response
> > for VM/containers that is not up on chassis yet. However, this check
> > introduces an extra round of flow change in SB and triggers computes
> > on hypervisors which is unnecessary cost in most cases, especially for
> > large scale environment. To improve this, this patch provides an option
> > ignore_lsp_down to disable the check for the use cases when ARP reponse
for a
> > port that is "down" isn't considered harmful.
> >
> > Acked-by: Numan Siddique <numans@ovn.org>
> > Signed-off-by: Han Zhou <hzhou@ovn.org>
> > ---
> > v1 -> v2: change the option from "check_lsp_is_up" to "ignore_lsp_down"
as
> >           suggested by Numan.
>
>
> Hi Han,
>
> The patch LGTM.
>
Thanks Numan. I applied this to master.