From patchwork Mon Jun 13 16:10:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Moreno X-Patchwork-Id: 1642908 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=hPBMp+eV; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LMGlR1B7tz9s0r for ; Tue, 14 Jun 2022 02:11:14 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 61502828DA; Mon, 13 Jun 2022 16:11:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_se6srXC6LX; Mon, 13 Jun 2022 16:11:08 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 91BC9828B3; Mon, 13 Jun 2022 16:11:07 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6816EC0032; Mon, 13 Jun 2022 16:11:07 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 05BDBC002D for ; Mon, 13 Jun 2022 16:11:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id DA6BD4058D for ; Mon, 13 Jun 2022 16:11:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNIu3RVSxPBw for ; Mon, 13 Jun 2022 16:11:02 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id 5DB204054B for ; Mon, 13 Jun 2022 16:11:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1655136661; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Td/cSO7xAJF2DGk5c4wHFUH/ROdR8t90sN47BXem9vI=; b=hPBMp+eVA9Wb421wqXsHn9+pr8ZBP0p9oViDrBl3ViuY/2OnpDe1BzTMF43HrmlC0fCmwe gc+21my+dXm9g2BrIa8uKRQHRYW5pYNZ18WSvVvYSeUi+uIPwfYKGPySQWN9+gHDIZBl7e B3cyeeIYMjpZjrk/ZYvZDxia763cJm0= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-170-y1LutzI0NlCoJ9C0VeQ7LQ-1; Mon, 13 Jun 2022 12:10:59 -0400 X-MC-Unique: y1LutzI0NlCoJ9C0VeQ7LQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8C0133806723; Mon, 13 Jun 2022 16:10:59 +0000 (UTC) Received: from amorenoz.users.ipa.redhat.com (unknown [10.39.195.66]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3BC2B401015D; Mon, 13 Jun 2022 16:10:58 +0000 (UTC) From: Adrian Moreno To: dev@openvswitch.org Date: Mon, 13 Jun 2022 18:10:51 +0200 Message-Id: <20220613161054.2896553-1-amorenoz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=amorenoz@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH ovn v1 0/3] Add ovn drop debugging X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Very often when troubleshooting networking issues in an OVN cluster one would like to know if any packet (or a specific one) is being dropped by OVN. Currently, this cannot be known because of two main reasons: 1 - Implicit drops: Some tables do not have a default action (priority=0, match=1). In this case, a packet that does not match any rule will be silently dropped. 2 - Even on explicit drops, we only know a packet was dropped. We lack information about that packet. In order to improve this, this series proposes a two-fold solution: - First, create a debug-mode option. When enabled, it makes: - northd add a default (match = "1") "drop;" action to those tables that currently lack one. - ovn-controller add an explicit drop action on those tables are not associated with logical flows (i.e: physical-to-logical mappings). - Secondly, allow sampling of all drops. By introducing a new OVN action: "sample" (equivalent to OVS's), OVN can make OVS sample the packets as they are dropped. In order to be able to correlate those samples back to what exact rule generated them, the user specifies the a 8-bit observation_domain_id. Based on that, the samples contain the following fields: - obs_domain_id: - 8 most significant bits = the provided observation_domain_id. - 24 least significant bits = the datapath's tunnely key if the drop comes from a lflow or zero otherwise. - obs_point_id: the first 32-bits of the lflow's UUID (i.e: the cookie) if the drop comes from an lflow or the table number otherwise. Based on the above changes in the flows, all of which are optional, users can collect IPFIX samples of the packets that are dropped by OVN which contain header information useful for debugging. * Note on observation_domain_ids: By allowing the user to specify only the 8 most significant bits of the obs_domain_id and having OVN combine it with the datapath's tunnel key, OVN could be extended to support more than one "sampling" application. For instance, ACL sampling could be developed in the future and, by specifying a different observation_domain_id, it could co-exist with the drop sampling mode implemented in the current series while still allowing to uniquely identify the flow that created the sample. Adrian Moreno (3): actions: add sample action northd: add drop-debug-mode to add explicit drops northd: add drop sampling controller/lflow.c | 1 + controller/ovn-controller.c | 50 ++++++++++ controller/physical.c | 80 +++++++++++++++- controller/physical.h | 7 ++ include/ovn/actions.h | 16 ++++ lib/actions.c | 119 +++++++++++++++++++++++ northd/automake.mk | 2 + northd/debug.c | 108 +++++++++++++++++++++ northd/debug.h | 41 ++++++++ northd/northd.c | 115 ++++++++++++++-------- ovn-nb.xml | 32 +++++++ tests/ovn-northd.at | 76 +++++++++++++++ tests/ovn.at | 184 +++++++++++++++++++++++++++++++++++- tests/test-ovn.c | 3 + utilities/ovn-trace.c | 2 + 15 files changed, 793 insertions(+), 43 deletions(-) create mode 100644 northd/debug.c create mode 100644 northd/debug.h