From patchwork Fri Nov 20 18:22:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flaviof X-Patchwork-Id: 1403951 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=flaviof.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Cd4dq5bwqz9sRR for ; Sat, 21 Nov 2020 05:22:23 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 023A720387; Fri, 20 Nov 2020 18:22:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JIaKn-VPCiLr; Fri, 20 Nov 2020 18:22:19 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 9A6252E117; Fri, 20 Nov 2020 18:22:19 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7F495C163C; Fri, 20 Nov 2020 18:22:19 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id F0193C0891 for ; Fri, 20 Nov 2020 18:22:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id D43FD2E117 for ; Fri, 20 Nov 2020 18:22:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iD3LI1nc1zKh for ; Fri, 20 Nov 2020 18:22:16 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-qt1-f172.google.com (mail-qt1-f172.google.com [209.85.160.172]) by silver.osuosl.org (Postfix) with ESMTPS id A45C820387 for ; Fri, 20 Nov 2020 18:22:16 +0000 (UTC) Received: by mail-qt1-f172.google.com with SMTP id v11so7739374qtq.12 for ; Fri, 20 Nov 2020 10:22:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=A1Yy5rzo1M8VXng2pXN/W4kCqa1rKXln0pCXHiTRS7I=; b=LT/N4OzcDYEFgbRqgWU2XCYQg5HYkgjL9jctjh+qpQk2TgqS5rVfjlbSy0QVgYU2Gk m9qLi9hLW09nrrP7ivcOesn4ulxzmfjHCSrkTZQtdWJxnAnzFq9/pQZs+MqNW54BGYqK 474NQQfE6N0Fg2suPHqimK8tyaizhaMjhn08XWoyOISxXz2l5Kt2R0lzBB7O6D4PjPJ0 ISoRSmBcEZSYDOtxUzyp0S9e045lxhshLmc1BnrcbHgCSWJIlibzCAxO37m2NCdZWt1g X+yV0cQsPTPWGdfP1uWQcA5Ysj5pP6/KOXVGLM1+YvUJKmY6sLgMsoYXV5pnPKDSFlMq Kuvw== X-Gm-Message-State: AOAM5315ZlypNTrh27xXC8w+8hjGVteLKwEmiS80LKsGonkXA2UZMPRS 7BcTbiNhEvWXt2T2ywA/dpEQ91fPoF1ffg== X-Google-Smtp-Source: ABdhPJyTOmqpFh4XoEEVUV330kaVu9CpxAIQIj5tbLE572c4Ax4MtBsxELa4HJvyrwYJ3gJJXcmASw== X-Received: by 2002:ac8:1482:: with SMTP id l2mr17089055qtj.75.1605896535163; Fri, 20 Nov 2020 10:22:15 -0800 (PST) Received: from c8vm.redhat.com (pool-173-76-170-96.bstnma.fios.verizon.net. [173.76.170.96]) by smtp.gmail.com with ESMTPSA id 189sm2500416qkn.125.2020.11.20.10.22.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Nov 2020 10:22:14 -0800 (PST) From: Flavio Fernandes To: dev@openvswitch.org Date: Fri, 20 Nov 2020 18:22:10 +0000 Message-Id: <20201120182211.2646-1-flavio@flaviof.com> X-Mailer: git-send-email 2.18.4 Subject: [ovs-dev] [PATCH v6 ovn 0/1] northd: Enhance the implementation of ACL log meters (pre-ddlog merge). X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Using meters is a great way to keep the ovn-controllers from getting overwhelmed with ACL log events. Since multiple ACL rows with logging enabled can refer to the same meter name, I ran a little experiment to better understand how that behaves [1]. From that experiment, we see that a 'noisy' ACL match could consume all the events allowed by the meter, shadowing logs for other ACLs that also use the same meter. The thought of maintaining a meter row per ACL at the NB side is a solution, but it could easily become a management burden for the CMS. A much better approach would be to leverage northd to take care of this on behalf of the ACLs. As northd populates SB meter table from NB meter table, a new logic checks if the meter is configured as 'fair'. Such config is kept as a new column in the Meter table. Fair meters result in additional rows in the SB that have the same attributes of the original (aka template) meter except for its name has the ACL UUID appended to it. Last but not least, northd takes care of using the corresponding meter name as the logical flow action for the logging of the ACL. This change can be tracked in the following github clone/branch: https://github.com/flavio-fernandes/ovn/commits/acl-meters.v6 [1]: https://github.com/flavio-fernandes/ovsdbapp_playground/blob/acl_meter_issue/scripts/acl_meter.sh v5 -> v6: * Rebase master (4da6881b6). * Implement changes from Numan review. * Keep ddlog portion as a follow up after it merges. v4 -> v5: * Rebase master (e14b52a9f). v3 -> v4: * Rename 'shared meters' to 'fair meters' to keep it less confusing. * NB schema change: Add column in Meter to track which meters are 'fair'. * Add optional '--fair' flag to ovn-nbctl meter-add command. v2 -> v3: * Use recently introduced testing helpers (4afe409e9). v1 -> v2: * Rebase master b38e10f4b. Flavio Fernandes (1): northd: Enhance the implementation of ACL log meters. NEWS | 2 + northd/ovn-northd.c | 168 ++++++++++++++++++++++++++++++------------ ovn-nb.ovsschema | 5 +- ovn-nb.xml | 16 +++- tests/ovn-nbctl.at | 6 +- tests/ovn-northd.at | 97 ++++++++++++++++++++++++ utilities/ovn-nbctl.c | 16 +++- 7 files changed, 256 insertions(+), 54 deletions(-)