Message ID | 1449024229-7271-1-git-send-email-wenyuz@vmware.com |
---|---|
State | Accepted |
Headers | show |
On Tue, Dec 01, 2015 at 06:43:49PM -0800, Wenyu Zhang wrote: > The patch is to skip BFD packets in ipfix. > Bidirectional Forwarding Detection (BFD) packets are for monitoring > the tunnel link status and consumed by ovs itself, no need to sample > them. > Refer to IETF RFC 5881, BFD control packets are the UDP packets with > destination port 3784 and BFD echo packets are the UDP packets with dst > destination port 3785. > Ipfix will skip both BFD control packets and BFD echo packets. > > Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Does this reduce the accuracy of the estimate of the total number of packets? If so, can that be fixed?
On 12/2/15, 11:45 AM, "Ben Pfaff" <blp@ovn.org> wrote: >On Tue, Dec 01, 2015 at 06:43:49PM -0800, Wenyu Zhang wrote: >> The patch is to skip BFD packets in ipfix. >> Bidirectional Forwarding Detection (BFD) packets are for monitoring >> the tunnel link status and consumed by ovs itself, no need to sample >> them. >> Refer to IETF RFC 5881, BFD control packets are the UDP packets with >> destination port 3784 and BFD echo packets are the UDP packets with dst >> destination port 3785. >> Ipfix will skip both BFD control packets and BFD echo packets. >> >> Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> > >Does this reduce the accuracy of the estimate of the total number of >packets? If so, can that be fixed? I think that it won¹t affect the accuracy. Because the total number of packets is per-flow, when the BFD packets are skipped, The BFD flow will not exported, but the packets number of other flows won¹t be affected. E.g: the sampling rate is 10%, and there are 100 packets coming, including 20 BFD packets and 80 packets for other flows. According sampling action, there may be about 10 packets sampled in datapath, 2 BFD packets and 8 other packets. And then in user world ipfix, the 2 BFD packets will be skipped, and we will estimate of the total number of packets in Other flow via 8*10=80, it is same as before. Bests, Wenyu
On Thu, Dec 03, 2015 at 02:45:15AM +0000, Wenyu Zhang wrote: > > > On 12/2/15, 11:45 AM, "Ben Pfaff" <blp@ovn.org> wrote: > > >On Tue, Dec 01, 2015 at 06:43:49PM -0800, Wenyu Zhang wrote: > >> The patch is to skip BFD packets in ipfix. > >> Bidirectional Forwarding Detection (BFD) packets are for monitoring > >> the tunnel link status and consumed by ovs itself, no need to sample > >> them. > >> Refer to IETF RFC 5881, BFD control packets are the UDP packets with > >> destination port 3784 and BFD echo packets are the UDP packets with dst > >> destination port 3785. > >> Ipfix will skip both BFD control packets and BFD echo packets. > >> > >> Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> > > > >Does this reduce the accuracy of the estimate of the total number of > >packets? If so, can that be fixed? > > I think that it won¹t affect the accuracy. > Because the total number of packets is per-flow, when the BFD packets are > skipped, > The BFD flow will not exported, but the packets number of other flows > won¹t be affected. > > E.g: the sampling rate is 10%, and there are 100 packets coming, including > 20 BFD packets and 80 packets for other flows. > According sampling action, there may be about 10 packets sampled in > datapath, 2 BFD packets and 8 other packets. > And then in user world ipfix, the 2 BFD packets will be skipped, and we > will estimate of the total number of packets in > Other flow via 8*10=80, it is same as before. OK. I'm not too happy with the idea of changing what IPFIX bridge-based sampling means, but it does seem like not sampling BFD packets is a reasonable default, and if users want to override that it seems to me that they could use flow-based sampling, which in general gives a lot more control to the user. I added a check that the flow is IP and applied this to master.
diff --git a/ofproto/ofproto-dpif-ipfix.c b/ofproto/ofproto-dpif-ipfix.c index 9ad8fa2..7bf8097 100644 --- a/ofproto/ofproto-dpif-ipfix.c +++ b/ofproto/ofproto-dpif-ipfix.c @@ -43,6 +43,10 @@ static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER; /* Cf. IETF RFC 5101 Section 10.3.4. */ #define IPFIX_DEFAULT_COLLECTOR_PORT 4739 +/* Cf. IETF RFC 5881 Setion 8. */ +#define BFD_CONTROL_DEST_PORT 3784 +#define BFD_ECHO_DEST_PORT 3785 + /* The standard layer2SegmentId (ID 351) element is included in vDS to send * the VxLAN tunnel's VNI. It is 64-bit long, the most significant byte is * used to indicate the type of tunnel (0x01 = VxLAN, 0x02 = GRE) and the three @@ -1696,6 +1700,22 @@ dpif_ipfix_bridge_sample(struct dpif_ipfix *di, const struct dp_packet *packet, ovs_mutex_unlock(&mutex); return; } + + /* Skip BFD packets: + * Bidirectional Forwarding Detection(BFD) packets are for monitoring + * the tunnel link status and consumed by ovs itself. No need to + * smaple them. + * CF IETF RFC 5881, BFD control packet is the UDP packet with + * destination port 3784, and BFD echo packet is the UDP packet with + * destination port 3785. + */ + if (flow->nw_proto == IPPROTO_UDP && + (flow->tp_dst == htons(BFD_CONTROL_DEST_PORT) || + flow->tp_dst == htons(BFD_ECHO_DEST_PORT))) { + ovs_mutex_unlock(&mutex); + return; + } + /* Use the sampling probability as an approximation of the number * of matched packets. */ packet_delta_count = UINT32_MAX / di->bridge_exporter.probability; @@ -1711,6 +1731,7 @@ dpif_ipfix_bridge_sample(struct dpif_ipfix *di, const struct dp_packet *packet, tunnel_port = dpif_ipfix_find_port(di, output_odp_port); } } + dpif_ipfix_sample(&di->bridge_exporter.exporter, packet, flow, packet_delta_count, di->bridge_exporter.options->obs_domain_id,
The patch is to skip BFD packets in ipfix. Bidirectional Forwarding Detection (BFD) packets are for monitoring the tunnel link status and consumed by ovs itself, no need to sample them. Refer to IETF RFC 5881, BFD control packets are the UDP packets with destination port 3784 and BFD echo packets are the UDP packets with dst destination port 3785. Ipfix will skip both BFD control packets and BFD echo packets. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> --- ofproto/ofproto-dpif-ipfix.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)