[ovs-dev,RFC,v2,ovn,0/5] Add CoPP (Control Plane Protection).
mbox series

Message ID 20191105125242.4760.67348.stgit@dceara.remote.csb
Headers show
  • Add CoPP (Control Plane Protection).
Related show


Dumitru Ceara Nov. 5, 2019, 12:52 p.m. UTC
This series adds support for user configured control plane protection
policies. Such policies are implemented through OVS meters and are
useful for protecting ovn-controller from being overloaded by control
traffic (any type of traffic that requires ovn-controller additional

First, logical flows are extended to allow ovn-northd to refer to a
specific Meter that would be used when traffic matching logical flows
is punted to ovn-controller.

The following commit builds the infrastructure required for configuring
control plane policies and adds code to ovn-northd to allow creation
of logical flows that have an associated control meter.

Then CoPP is implemented for all types of traffic that currently gets
punted to ovn-controller.

CoPP can be applied at different levels: logical switch port, logical
router port, logical switch, logical router. Whenever a CoPP policy
is configured for a logical port, it will take precedence over the
policy configured at router/switch level. However, per port CoPP
policies are allowed only for types of traffic that are currently
handled by ovn-northd through logical flows that also match on
"inport". This could be further refined by follow-up commits.

Post-RFC remaining items:
- add autotests for CoPP

Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-September/362732.html
CC: Han Zhou <hzhou@ovn.org>
CC: Numan Siddique <numans@ovn.org>>
Signed-off-by: Dumitru Ceara <dceara@redhat.com>

Dumitru Ceara (5):
      ovn-controller: Add support for Logical_Flow control meters.
      ovn-northd: Add support for CoPP.
      ovn-northd: Add CoPP policies for flows that punt packets to ovn-controller.
      ovn-northd: Extend metering to Controller-Events
      NEWS: Add CoPP support.

 NEWS                      |    1 
 controller/lflow.c        |   37 ++++
 controller/ofctrl.c       |   29 +++
 controller/ofctrl.h       |   13 +
 controller/physical.c     |    3 
 include/ovn/actions.h     |    3 
 lib/actions.c             |  104 ++++-------
 lib/automake.mk           |    2 
 lib/copp.c                |   99 +++++++++++
 lib/copp.h                |   58 ++++++
 northd/ovn-northd.c       |  300 ++++++++++++++++++++++-----------
 ovn-nb.ovsschema          |   24 ++-
 ovn-nb.xml                |   91 ++++++++++
 ovn-sb.ovsschema          |    6 -
 ovn-sb.xml                |    6 +
 tests/ovn.at              |    3 
 utilities/ovn-nbctl.8.xml |   94 ++++++++++
 utilities/ovn-nbctl.c     |  412 +++++++++++++++++++++++++++++++++++++++++++++
 18 files changed, 1099 insertions(+), 186 deletions(-)
 create mode 100644 lib/copp.c
 create mode 100644 lib/copp.h

  - Address Han's comment and split the RFC in a series.
  - Simplify a bit the logic of applying CoPP on logical ports.