From patchwork Tue Jan 3 09:33:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mickey Spiegel X-Patchwork-Id: 710431 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3tt82j6RYfz9s3v for ; Tue, 3 Jan 2017 20:36:13 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="RDTB6Mka"; dkim-atps=neutral Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 898F3B77; Tue, 3 Jan 2017 09:33:49 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id EDDBAB63 for ; Tue, 3 Jan 2017 09:33:46 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg0-f68.google.com (mail-pg0-f68.google.com [74.125.83.68]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6D81990 for ; Tue, 3 Jan 2017 09:33:46 +0000 (UTC) Received: by mail-pg0-f68.google.com with SMTP id b1so33024469pgc.1 for ; Tue, 03 Jan 2017 01:33:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8SDDVVYlxRpnMdFm+Ar6NrYcjJdaRSxLKh+5zGwD/ms=; b=RDTB6Mka7X7c8qMjEJVlehQ2PmISG9YEUYyzPcmOuInhUwhf0RkJGbemVWlKljdleH Gc8URkrRqQntDOLAVfpSBcHDsgMd1Ta0rGQSxNEiQ9nmA3LQ2ZZgzUXLKbrH+Tu2DxLZ JBVz4dCzg9VI6RRLCJByr/AY2Zt24oSarzg7VwYy/IroVPI6WaarqIrkqh6A3QOtQEgI Ko8PrhAZZNopw4Hjxy/tv0zDOQaOJDpGAbEw8WPee1CgkIhLwdVpgc6iD37LbebNouev b//tUizZ9obIEgqLSrcYnxro0p/oNVNCVEcFyZ5m0uF6cR/egA7TuojGfVde6EvBmzfh 1tLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8SDDVVYlxRpnMdFm+Ar6NrYcjJdaRSxLKh+5zGwD/ms=; b=XqxjTeJm6H9qT7RAh1NepVYU/4P1fpNAJPqfmAvYdOiexCSsCSmlTtuFym6k9L5DGL KPToVkjHDN6xgAi8EZxVR0sWC+D/EvFzNfYYEWQ/YgDwuv93fYdTXSqCmAr1MYU/MfOp zz7uV5yJfnQ0REX0hdoBKLD4AhJ/Sw9F3ohyVHHWH+hahbrCAip9gEb8akFMa9WUNckk SmUT0hQuvKzp3EkTOHYdmezAI5k1dxy8vgzEBvDrfqhjzNKxuC3I/DL1TNp6f8TkbIaI sZaEh/FvChekHCNYWpwrrWaDGSHyqomRc4ZoG8LzhjqYlZvis5nLMkTSpwaR6m80X7k6 yGcw== X-Gm-Message-State: AIkVDXL821aBZzR+JvuGkSwgZ2GlMoZNcuECiROr3N677cRweBFP4WQsuZeHJ7zVGf0VLw== X-Received: by 10.84.173.195 with SMTP id p61mr133646814plb.158.1483436025874; Tue, 03 Jan 2017 01:33:45 -0800 (PST) Received: from localhost.localdomain (cpe-104-174-127-57.socal.res.rr.com. [104.174.127.57]) by smtp.gmail.com with ESMTPSA id d1sm138267476pfb.76.2017.01.03.01.33.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 03 Jan 2017 01:33:45 -0800 (PST) From: Mickey Spiegel To: dev@openvswitch.org Date: Tue, 3 Jan 2017 01:33:23 -0800 Message-Id: <1483436004-3253-6-git-send-email-mickeys.dev@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1483436004-3253-1-git-send-email-mickeys.dev@gmail.com> References: <1483436004-3253-1-git-send-email-mickeys.dev@gmail.com> X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v5 5/6] ovn: avoid snat recirc only on gateway routers X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Currently, for performance reasons on gateway routers, ct_snat that does not specify an IP address does not immediately trigger recirculation. On gateway routers, ct_snat that does not specify an IP address happens in the UNSNAT pipeline stage, which is followed by the DNAT pipeline stage that triggers recirculation for all packets. This DNAT pipeline stage recirculation takes care of the recirculation needs of UNSNAT as well as other cases such as UNDNAT. On distributed routers, UNDNAT is handled in the egress pipeline stage, separately from DNAT in the ingress pipeline stages. The DNAT pipeline stage only triggers recirculation for some packets. Due to this difference in design, UNSNAT needs to trigger its own recirculation. This patch restricts the logic that avoids recirculation for ct_snat, so that it only applies to datapaths representing gateway routers. Signed-off-by: Mickey Spiegel --- include/ovn/actions.h | 3 +++ ovn/controller/lflow.c | 10 ++++++++++ ovn/lib/actions.c | 15 +++++++++------ tests/ovn.at | 2 +- 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/include/ovn/actions.h b/include/ovn/actions.h index 0bf6145..0451c08 100644 --- a/include/ovn/actions.h +++ b/include/ovn/actions.h @@ -417,6 +417,9 @@ struct ovnact_encode_params { /* 'true' if the flow is for a switch. */ bool is_switch; + /* 'true' if the flow is for a gateway router. */ + bool is_gateway_router; + /* A map from a port name to its connection tracking zone. */ const struct simap *ct_zones; diff --git a/ovn/controller/lflow.c b/ovn/controller/lflow.c index 3814b09..64c0591 100644 --- a/ovn/controller/lflow.c +++ b/ovn/controller/lflow.c @@ -125,6 +125,15 @@ is_switch(const struct sbrec_datapath_binding *ldp) } +static bool +is_gateway_router(const struct sbrec_datapath_binding *ldp, + const struct hmap *local_datapaths) +{ + struct local_datapath *ld = + get_local_datapath(local_datapaths, ldp->tunnel_key); + return ld ? ld->has_local_l3gateway : false; +} + /* Adds the logical flows from the Logical_Flow table to flow tables. */ static void add_logical_flows(struct controller_ctx *ctx, const struct lport_index *lports, @@ -238,6 +247,7 @@ consider_logical_flow(const struct lport_index *lports, .lookup_port = lookup_port_cb, .aux = &aux, .is_switch = is_switch(ldp), + .is_gateway_router = is_gateway_router(ldp, local_datapaths), .ct_zones = ct_zones, .group_table = group_table, diff --git a/ovn/lib/actions.c b/ovn/lib/actions.c index 686ecc5..3da3dbe 100644 --- a/ovn/lib/actions.c +++ b/ovn/lib/actions.c @@ -788,12 +788,15 @@ encode_ct_nat(const struct ovnact_ct_nat *cn, ct = ofpacts->header; if (cn->ip) { ct->flags |= NX_CT_F_COMMIT; - } else if (snat) { - /* XXX: For performance reasons, we try to prevent additional - * recirculations. So far, ct_snat which is used in a gateway router - * does not need a recirculation. ct_snat(IP) does need a - * recirculation. Should we consider a method to let the actions - * specify whether an action needs recirculation if there more use + } else if (snat && ep->is_gateway_router) { + /* For performance reasons, we try to prevent additional + * recirculations. ct_snat which is used in a gateway router + * does not need a recirculation. ct_snat(IP) does need a + * recirculation. ct_snat in a distributed router needs + * recirculation regardless of whether an IP address is + * specified. + * XXX Should we consider a method to let the actions specify + * whether an action needs recirculation if there are more use * cases?. */ ct->recirc_table = NX_CT_RECIRC_NONE; } diff --git a/tests/ovn.at b/tests/ovn.at index 7c85e72..ee126b8 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -852,7 +852,7 @@ ct_dnat(); # ct_snat ct_snat; - encodes as ct(zone=NXM_NX_REG12[0..15],nat) + encodes as ct(table=27,zone=NXM_NX_REG12[0..15],nat) has prereqs ip ct_snat(192.168.1.2); encodes as ct(commit,table=27,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2))