From patchwork Mon Sep 23 15:09:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1166096 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46cSRX1jb7z9sPD for ; Tue, 24 Sep 2019 01:10:00 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 91253D4B; Mon, 23 Sep 2019 15:09:19 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E7FCBD3D for ; Mon, 23 Sep 2019 15:09:17 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 28B2A108 for ; Mon, 23 Sep 2019 15:09:17 +0000 (UTC) Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 588F2356C5 for ; Mon, 23 Sep 2019 15:09:16 +0000 (UTC) Received: by mail-wr1-f69.google.com with SMTP id b6so5001109wrx.0 for ; Mon, 23 Sep 2019 08:09:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gYrMREJP4dwJjNLOx/B2qz+4AYPnDURC6g1RfTQ55xI=; b=MhYFozZCoeUiY5ZKvnDy0w5/GS7tqa3WXWywVx4m1hYbs8pMEj3ao7HL2eucgRpnnZ NMSA7jFHBmlS7Su4qWVlepk/52rMggKGRiO3kIiIlAKKsYsqdUAhBHsT11jcaGvPZejK 1SEP+2WeiCqeaHAz3KWAbunOvJER3a4awu0teHrSYS+8WzgMbePfrVtVHL425Bu3IMnj ci18C1CSk9BmTn6qzBXW650ZSrgbgM/hsqXk8A0VylcBHSLaqpEnpKDgeoJ0xtUkf5UW 8Gb0gW3E6IDpSe3kApo0WxMrySEN4nL2Dsw9rE06xKzhavTA+HU2bizRM1HoWPAn0Grb ZmTg== X-Gm-Message-State: APjAAAWyxfVVZX2deeb4N65RMFvrJt0TkaUCfB6m47Kc8YHUS6H6zhB7 CFxyU8SKs4eCmw/R/BGVCvvCvG155ko8WvW075tl6Nt/V/XR9WhnWoBOv6koyXDI4EQnXVFZZ74 us4K8VJ7abduSfVDiIQ== X-Received: by 2002:a1c:20c2:: with SMTP id g185mr90035wmg.107.1569251354839; Mon, 23 Sep 2019 08:09:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqyewQaCPSvt/j7I+AEQTNGMMwJb6ROH+b5WtdUWdM3YuaFOHobn9Uw4NPWts87fzxpQdmOEPg== X-Received: by 2002:a1c:20c2:: with SMTP id g185mr90015wmg.107.1569251354537; Mon, 23 Sep 2019 08:09:14 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id u22sm19648658wru.72.2019.09.23.08.09.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2019 08:09:14 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Mon, 23 Sep 2019 17:09:00 +0200 Message-Id: X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH ovn 1/3] Add egress QoS mapping for non-tunnel interfaces X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Introduce add_localnet_egress_interface_mappings routine in order to collect as egress interfaces all ovs bridge interfaces marked with ovn-egress-iface in the external_ids column of ovs interface table. ovn-egress-iface is used to indicate to which localnet ports QoS egress shaping has to be applied. Refactor add_bridge_mappings routine Signed-off-by: Lorenzo Bianconi --- controller/binding.c | 58 +++++++++++++++++++++++++++- controller/binding.h | 4 ++ controller/ovn-controller.c | 3 +- controller/patch.c | 76 +++++++++++++++++++++---------------- controller/patch.h | 4 ++ 5 files changed, 110 insertions(+), 35 deletions(-) diff --git a/controller/binding.c b/controller/binding.c index 242163d59..89262b2d2 100644 --- a/controller/binding.c +++ b/controller/binding.c @@ -18,6 +18,7 @@ #include "ha-chassis.h" #include "lflow.h" #include "lport.h" +#include "patch.h" #include "lib/bitmap.h" #include "openvswitch/poll-loop.h" @@ -532,6 +533,9 @@ consider_local_datapath(struct ovsdb_idl_txn *ovnsb_idl_txn, /* Add all localnet ports to local_lports so that we allocate ct zones * for them. */ sset_add(local_lports, binding_rec->logical_port); + if (qos_map && ovs_idl_txn) { + get_qos_params(binding_rec, qos_map); + } } else if (!strcmp(binding_rec->type, "external")) { if (ha_chassis_group_contains(binding_rec->ha_chassis_group, chassis_rec)) { @@ -619,10 +623,55 @@ consider_local_datapath(struct ovsdb_idl_txn *ovnsb_idl_txn, } } +static void +add_localnet_egress_interface_mappings( + const struct sbrec_port_binding *port_binding, + struct shash *bridge_mappings, struct sset *egress_ifaces) +{ + const char *network = smap_get(&port_binding->options, "network_name"); + if (!network) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); + VLOG_ERR_RL(&rl, "%s port '%s' has no network name.", + port_binding->type, port_binding->logical_port); + return; + } + + struct ovsrec_bridge *br_ln = shash_find_data(bridge_mappings, network); + if (!br_ln) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); + VLOG_ERR_RL(&rl, "bridge not found for %s port '%s' " + "with network name '%s'", port_binding->type, + port_binding->logical_port, network); + return; + } + + /* Add egress-ifaces from the connected bridge */ + for (size_t i = 0; i < br_ln->n_ports; i++) { + const struct ovsrec_port *port_rec = br_ln->ports[i]; + + for (size_t j = 0; j < port_rec->n_interfaces; j++) { + const struct ovsrec_interface *iface_rec; + + iface_rec = port_rec->interfaces[j]; + bool is_egress_iface = smap_get_bool(&iface_rec->external_ids, + "ovn-egress-iface", false); + if (!is_egress_iface) { + continue; + } + sset_add(egress_ifaces, iface_rec->name); + } + } +} + static void consider_localnet_port(const struct sbrec_port_binding *binding_rec, + struct shash *bridge_mappings, + struct sset *egress_ifaces, struct hmap *local_datapaths) { + add_localnet_egress_interface_mappings(binding_rec, + bridge_mappings, egress_ifaces); + struct local_datapath *ld = get_local_datapath(local_datapaths, binding_rec->datapath->tunnel_key); @@ -655,6 +704,8 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn, const struct ovsrec_bridge *br_int, const struct sbrec_chassis *chassis_rec, const struct sset *active_tunnels, + const struct ovsrec_bridge_table *bridge_table, + const struct ovsrec_open_vswitch_table *ovs_table, struct hmap *local_datapaths, struct sset *local_lports, struct sset *local_lport_ids) { @@ -663,6 +714,7 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn, } const struct sbrec_port_binding *binding_rec; + struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings); struct shash lport_to_iface = SHASH_INITIALIZER(&lport_to_iface); struct sset egress_ifaces = SSET_INITIALIZER(&egress_ifaces); struct hmap qos_map; @@ -688,14 +740,18 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn, } + add_ovs_bridge_mappings(ovs_table, bridge_table, &bridge_mappings); + /* Run through each binding record to see if it is a localnet port * on local datapaths discovered from above loop, and update the * corresponding local datapath accordingly. */ SBREC_PORT_BINDING_TABLE_FOR_EACH (binding_rec, port_binding_table) { if (!strcmp(binding_rec->type, "localnet")) { - consider_localnet_port(binding_rec, local_datapaths); + consider_localnet_port(binding_rec, &bridge_mappings, + &egress_ifaces, local_datapaths); } } + shash_destroy(&bridge_mappings); if (!sset_is_empty(&egress_ifaces) && set_noop_qos(ovs_idl_txn, port_table, qos_table, &egress_ifaces)) { diff --git a/controller/binding.h b/controller/binding.h index bae162ede..924891c1b 100644 --- a/controller/binding.h +++ b/controller/binding.h @@ -26,6 +26,8 @@ struct ovsdb_idl_txn; struct ovsrec_bridge; struct ovsrec_port_table; struct ovsrec_qos_table; +struct ovsrec_bridge_table; +struct ovsrec_open_vswitch_table; struct sbrec_chassis; struct sbrec_port_binding_table; struct sset; @@ -42,6 +44,8 @@ void binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn, const struct ovsrec_bridge *br_int, const struct sbrec_chassis *, const struct sset *active_tunnels, + const struct ovsrec_bridge_table *bridge_table, + const struct ovsrec_open_vswitch_table *ovs_table, struct hmap *local_datapaths, struct sset *local_lports, struct sset *local_lport_ids); bool binding_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn, diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 33ece59be..b46a1d151 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -1082,7 +1082,8 @@ en_runtime_data_run(struct engine_node *node) sbrec_port_binding_by_name, port_table, qos_table, pb_table, br_int, chassis, - active_tunnels, local_datapaths, + active_tunnels, bridge_table, + ovs_table, local_datapaths, local_lports, local_lport_ids); update_ct_zones(local_lports, local_datapaths, ct_zones, diff --git a/controller/patch.c b/controller/patch.c index a6770c6d5..f2053de7b 100644 --- a/controller/patch.c +++ b/controller/patch.c @@ -129,6 +129,48 @@ remove_port(const struct ovsrec_bridge_table *bridge_table, } } +void +add_ovs_bridge_mappings(const struct ovsrec_open_vswitch_table *ovs_table, + const struct ovsrec_bridge_table *bridge_table, + struct shash *bridge_mappings) +{ + const struct ovsrec_open_vswitch *cfg; + + cfg = ovsrec_open_vswitch_table_first(ovs_table); + if (cfg) { + const char *mappings_cfg; + char *cur, *next, *start; + + mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings"); + if (!mappings_cfg || !mappings_cfg[0]) { + return; + } + + next = start = xstrdup(mappings_cfg); + while ((cur = strsep(&next, ",")) && *cur) { + const struct ovsrec_bridge *ovs_bridge; + char *network, *bridge = cur; + + network = strsep(&bridge, ":"); + if (!bridge || !*network || !*bridge) { + VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'", + mappings_cfg); + break; + } + + ovs_bridge = get_bridge(bridge_table, bridge); + if (!ovs_bridge) { + VLOG_WARN("Bridge '%s' not found for network '%s'", + bridge, network); + continue; + } + + shash_add(bridge_mappings, network, ovs_bridge); + } + free(start); + } +} + /* Obtains external-ids:ovn-bridge-mappings from OVSDB and adds patch ports for * the local bridge mappings. Removes any patch ports for bridge mappings that * already existed from 'existing_ports'. */ @@ -142,41 +184,9 @@ add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn, const struct sbrec_chassis *chassis) { /* Get ovn-bridge-mappings. */ - const char *mappings_cfg = ""; - const struct ovsrec_open_vswitch *cfg; - cfg = ovsrec_open_vswitch_table_first(ovs_table); - if (cfg) { - mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings"); - if (!mappings_cfg || !mappings_cfg[0]) { - return; - } - } - - /* Parse bridge mappings. */ struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings); - char *cur, *next, *start; - next = start = xstrdup(mappings_cfg); - while ((cur = strsep(&next, ",")) && *cur) { - char *network, *bridge = cur; - const struct ovsrec_bridge *ovs_bridge; - - network = strsep(&bridge, ":"); - if (!bridge || !*network || !*bridge) { - VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'", - mappings_cfg); - break; - } - ovs_bridge = get_bridge(bridge_table, bridge); - if (!ovs_bridge) { - VLOG_WARN("Bridge '%s' not found for network '%s'", - bridge, network); - continue; - } - - shash_add(&bridge_mappings, network, ovs_bridge); - } - free(start); + add_ovs_bridge_mappings(ovs_table, bridge_table, &bridge_mappings); const struct sbrec_port_binding *binding; SBREC_PORT_BINDING_TABLE_FOR_EACH (binding, port_binding_table) { diff --git a/controller/patch.h b/controller/patch.h index 9018e4967..49b0b2e90 100644 --- a/controller/patch.h +++ b/controller/patch.h @@ -30,7 +30,11 @@ struct ovsrec_open_vswitch_table; struct ovsrec_port_table; struct sbrec_port_binding_table; struct sbrec_chassis; +struct shash; +void add_ovs_bridge_mappings(const struct ovsrec_open_vswitch_table *ovs_table, + const struct ovsrec_bridge_table *bridge_table, + struct shash *bridge_mappings); void patch_run(struct ovsdb_idl_txn *ovs_idl_txn, const struct ovsrec_bridge_table *, const struct ovsrec_open_vswitch_table *, From patchwork Mon Sep 23 15:09:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1166097 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46cSSh1gMDz9sNw for ; Tue, 24 Sep 2019 01:11:00 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 49659D84; Mon, 23 Sep 2019 15:09:22 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id F1404D4B for ; Mon, 23 Sep 2019 15:09:18 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6AA2A108 for ; Mon, 23 Sep 2019 15:09:18 +0000 (UTC) Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C15053DE31 for ; Mon, 23 Sep 2019 15:09:17 +0000 (UTC) Received: by mail-wr1-f71.google.com with SMTP id t11so4956064wro.10 for ; Mon, 23 Sep 2019 08:09:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FNCuw04ttT65SL/a2BzWXaFfjVfTZ5AJVws/xu3D+lo=; b=tPMsSDkSso0zX3kgTdJK2R/PNg0ZrboIuP3qWkwaoZDNi51HvWOxJEAM7+cDs9iUki sQOa4ilxOF0KZQ1xbCXPAM3cYfJyknoCyoQaped6P1wDApPAK0DKrIMG8ThclyVQMg+v l/bWVkQ4yY01uaz7aN8lHOnZ1NFOJ23+XznEzkCCZgABuk+dzTBa3Xl8SVhhiupOx/Dl pBiD8Xi53DAaMdwv7NoXyz9i0o21+/rVE2bQlfQk3RFnGI9kmtndgVtzUEFujPwykb7i rYZ3mlypk9Z/ROMb2oPA/UJVbNvKshZt+GSCjrSslco7fPfFzRAyo7YsWBZg6UxmRStX 883A== X-Gm-Message-State: APjAAAWOYHU92cVMD8vX0voZs1gvfAyJleDfODedFpvHZbHHGhJC90za IfQhU9PGx7X/mszk4b8yPD2LNHanb/xf2G9Se5JfPoj2iCPsrnzWiYDBzpPbkDaC6piMnOXA67e rWsPr6XFIH5m6UkYXuA== X-Received: by 2002:a1c:1fd3:: with SMTP id f202mr141342wmf.18.1569251356301; Mon, 23 Sep 2019 08:09:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqyAEIaWsjnTSptDoAxsw/ojLJKsrZPQjKwm3/e8DHDzostCzlg3h5v+D98LGocYuD3Y5aUagA== X-Received: by 2002:a1c:1fd3:: with SMTP id f202mr141320wmf.18.1569251356070; Mon, 23 Sep 2019 08:09:16 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id u22sm19648658wru.72.2019.09.23.08.09.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2019 08:09:15 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Mon, 23 Sep 2019 17:09:01 +0200 Message-Id: <70b41a3ef538fa37b940419a7c1e3d076c3b68ef.1569250466.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH ovn 2/3] northd: add the possibility to define localnet as qos capable port X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Refactor allocate_chassis_queueid and free_chassis_queueid in order to get an unused queue_id even for localnet ports and add the the possibility to define localnet as qos capable port Signed-off-by: Lorenzo Bianconi Acked-by: Dumitru Ceara --- northd/ovn-northd.c | 45 ++++++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index f393cebb8..633fb502b 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -357,7 +357,7 @@ destroy_chassis_queues(struct hmap *set) } static void -add_chassis_queue(struct hmap *set, struct uuid *chassis_uuid, +add_chassis_queue(struct hmap *set, const struct uuid *chassis_uuid, uint32_t queue_id) { struct ovn_chassis_qdisc_queues *node = xmalloc(sizeof *node); @@ -368,7 +368,7 @@ add_chassis_queue(struct hmap *set, struct uuid *chassis_uuid, } static bool -chassis_queueid_in_use(const struct hmap *set, struct uuid *chassis_uuid, +chassis_queueid_in_use(const struct hmap *set, const struct uuid *chassis_uuid, uint32_t queue_id) { const struct ovn_chassis_qdisc_queues *node; @@ -383,31 +383,38 @@ chassis_queueid_in_use(const struct hmap *set, struct uuid *chassis_uuid, } static uint32_t -allocate_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis) +allocate_chassis_queueid(struct hmap *set, const struct uuid *uuid, char *name) { + if (!uuid) { + return 0; + } + for (uint32_t queue_id = QDISC_MIN_QUEUE_ID + 1; queue_id <= QDISC_MAX_QUEUE_ID; queue_id++) { - if (!chassis_queueid_in_use(set, &chassis->header_.uuid, queue_id)) { - add_chassis_queue(set, &chassis->header_.uuid, queue_id); + if (!chassis_queueid_in_use(set, uuid, queue_id)) { + add_chassis_queue(set, uuid, queue_id); return queue_id; } } static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); - VLOG_WARN_RL(&rl, "all %s queue ids exhausted", chassis->name); + VLOG_WARN_RL(&rl, "all %s queue ids exhausted", name); return 0; } static void -free_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis, +free_chassis_queueid(struct hmap *set, const struct uuid *uuid, uint32_t queue_id) { - const struct uuid *chassis_uuid = &chassis->header_.uuid; + if (!uuid) { + return; + } + struct ovn_chassis_qdisc_queues *node; HMAP_FOR_EACH_WITH_HASH (node, key_node, - hash_chassis_queue(chassis_uuid, queue_id), set) { - if (uuid_equals(chassis_uuid, &node->chassis_uuid) + hash_chassis_queue(uuid, queue_id), set) { + if (uuid_equals(uuid, &node->chassis_uuid) && node->queue_id == queue_id) { hmap_remove(set, &node->key_node); free(node); @@ -2650,15 +2657,23 @@ ovn_port_update_sbrec(struct northd_context *ctx, uint32_t queue_id = smap_get_int( &op->sb->options, "qdisc_queue_id", 0); bool has_qos = port_has_qos_params(&op->nbsp->options); + const struct uuid *uuid = NULL; struct smap options; + char *name = ""; + + if (!strcmp(op->nbsp->type, "localnet")) { + uuid = &op->sb->header_.uuid; + name = "localnet"; + } else if (op->sb->chassis) { + uuid = &op->sb->chassis->header_.uuid; + name = op->sb->chassis->name; + } - if (op->sb->chassis && has_qos && !queue_id) { + if (has_qos && !queue_id) { queue_id = allocate_chassis_queueid(chassis_qdisc_queues, - op->sb->chassis); + uuid, name); } else if (!has_qos && queue_id) { - free_chassis_queueid(chassis_qdisc_queues, - op->sb->chassis, - queue_id); + free_chassis_queueid(chassis_qdisc_queues, uuid, queue_id); queue_id = 0; } From patchwork Mon Sep 23 15:09:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1166098 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46cSTW0jh4z9sNw for ; Tue, 24 Sep 2019 01:11:43 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id E5293D89; Mon, 23 Sep 2019 15:09:22 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id AD165D73 for ; Mon, 23 Sep 2019 15:09:21 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D9FC48A0 for ; Mon, 23 Sep 2019 15:09:20 +0000 (UTC) Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3655258569 for ; Mon, 23 Sep 2019 15:09:20 +0000 (UTC) Received: by mail-wm1-f70.google.com with SMTP id k184so6857077wmk.1 for ; Mon, 23 Sep 2019 08:09:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=U5dxQ2RrcNBQEJdgef+KKMQrfVjEjut4BXlkhQRkwm8=; b=Cq563rYCxq0ila5OW9cLrRL7vPGYRqvLMu3Ru+y1VhKEOtsBFR5LiRjbuwvobl5zO2 Z23cPfx+qu872+U2BDFyye9MrMdv0ky4oiTN7qR3njtY14DD0qd6tAl7vuXZtwByCOf8 T9MpG23Nj4qf7f3UQwj/rXRr8SWrJZn3HWFCB/V3DLemKwgN4H5nC52xg+XFjnFhmfwv G+62NgkS2hQMUNqEyJqfiQ4ANaq8rf+fq1NYKxcXiytE3oUUloUKBuwpR/oiiTYCsQBZ 6kGBbZIdmmmqguU274zOesIojkMWmptvpLzv74PRuiUB6qDhLZ5c733fgjEN7Cj+T/46 UZ8w== X-Gm-Message-State: APjAAAUcLZQOJUfA9TCt7Kb8Ee+RMh7bojhz0vZLgKeBj3wrFGXn16dh kZ4vpK+nGmpIfK/FXQRKSCEqcDxSqJ77llSAxr4dQENGfjz3IvHR6VTEXUg76gOe4ggbttphxtf eetTp/+HhW9vbnCWUIg== X-Received: by 2002:a1c:a6ca:: with SMTP id p193mr93608wme.103.1569251358679; Mon, 23 Sep 2019 08:09:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqzqhWipi5xcnfOT4e9aU7H1YgayKbwUiuFdnojw1/xNUlvmYLWZ9KgP8h2Bj1twryI76OP43g== X-Received: by 2002:a1c:a6ca:: with SMTP id p193mr93580wme.103.1569251358367; Mon, 23 Sep 2019 08:09:18 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id u22sm19648658wru.72.2019.09.23.08.09.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2019 08:09:17 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Mon, 23 Sep 2019 17:09:02 +0200 Message-Id: <8bea1e79bc209de4e413038bd7d79a84046a0ead.1569250466.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH ovn 3/3] northd: interoduce logical flow for localnet egress shaping X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Add set_queue() action for qos capable localnet port in S_SWITCH_OUT_PORT_SEC_L2 stage of logical swith pipeline Introduce build_lswitch_port_sec and refactor lswitch_port_security code in order to remove duplicated code Signed-off-by: Lorenzo Bianconi --- northd/ovn-northd.8.xml | 7 +- northd/ovn-northd.c | 199 +++++++++++++++++++++------------------- 2 files changed, 110 insertions(+), 96 deletions(-) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 0f4f1c112..093b55438 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1150,10 +1150,15 @@ output; eth.dst are always accepted instead of being subject to the port security rules; this is implemented through a priority-100 flow that matches on eth.mcast with action output;. - Finally, to ensure that even broadcast and multicast packets are not + Moreover, to ensure that even broadcast and multicast packets are not delivered to disabled logical ports, a priority-150 flow for each disabled logical outport overrides the priority-100 flow with a drop; action. + Finally if egress qos has been enabled on a localnet port, the outgoing + queue id is set through set_queue action. Please remember to + mark the corresponding physical interface with + ovn-egress-iface set to true in

Logical Router Datapaths

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 633fb502b..4bacad572 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -3903,6 +3903,108 @@ has_stateful_acl(struct ovn_datapath *od) return false; } +static void +build_lswitch_port_sec(struct hmap *ports, struct hmap *datapaths, + struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + struct ovn_datapath *od; + struct ovn_port *op; + + HMAP_FOR_EACH (op, key_node, ports) { + if (!op->nbsp) { + continue; + } + + if (lsp_is_external(op->nbsp)) { + continue; + } + + ds_clear(&match); + ds_put_format(&match, "outport == %s", op->json_key); + + /* Egress table 8: Egress port security - IP (priorities 90 and 80) + * if port security enabled. + * + * Egress table 9: Egress port security - L2 (priorities 50 and 150). + * + * Priority 50 rules implement port security for enabled logical port. + * + * Priority 150 rules drop packets to disabled logical ports, so that + * they don't even receive multicast or broadcast packets. + */ + if (!lsp_is_enabled(op->nbsp)) { + ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 150, + ds_cstr(&match), "drop;"); + build_port_security_ip(P_OUT, op, lflows); + continue; + } + + ds_clear(&actions); + if (!strcmp(op->nbsp->type, "localnet")) { + const char *queue_id = smap_get(&op->sb->options, + "qdisc_queue_id"); + if (queue_id) { + ds_put_format(&actions, "set_queue(%s); ", queue_id); + } + } + ds_put_cstr(&actions, "output;"); + build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs, + &match); + ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 50, + ds_cstr(&match), ds_cstr(&actions)); + + ds_clear(&match); + ds_clear(&actions); + + /* Logical switch ingress table 0: Ingress port security - L2 + * (priority 50). + * Ingress table 1: Ingress port security - IP (priority 90 and 80) + * Ingress table 2: Ingress port security - ND (priority 90 and 80) + */ + ds_put_format(&match, "inport == %s", op->json_key); + build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs, + &match); + + const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id"); + if (queue_id) { + ds_put_format(&actions, "set_queue(%s); ", queue_id); + } + ds_put_cstr(&actions, "next;"); + ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, + ds_cstr(&match), ds_cstr(&actions)); + + if (op->nbsp->n_port_security) { + build_port_security_ip(P_IN, op, lflows); + build_port_security_ip(P_OUT, op, lflows); + build_port_security_nd(op, lflows); + } + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + if (!od->nbs) { + continue; + } + + /* Ingress table 1 and 2: Port security - IP and ND, by default + * goto next. (priority 0) + */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;"); + + /* Egress tables 8: Egress port security - IP (priority 0) + * Egress table 9: Egress port security L2 - multicast/broadcast + * (priority 100). */ + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast", + "output;"); + } + + ds_destroy(&match); + ds_destroy(&actions); +} + static void build_pre_acls(struct ovn_datapath *od, struct hmap *lflows) { @@ -4974,61 +5076,12 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, * to the next table if packet source is acceptable. */ } - /* Logical switch ingress table 0: Ingress port security - L2 - * (priority 50). - * Ingress table 1: Ingress port security - IP (priority 90 and 80) - * Ingress table 2: Ingress port security - ND (priority 90 and 80) - */ - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } - - if (!lsp_is_enabled(op->nbsp)) { - /* Drop packets from disabled logical ports (since logical flow - * tables are default-drop). */ - continue; - } - - if (lsp_is_external(op->nbsp)) { - continue; - } - - ds_clear(&match); - ds_clear(&actions); - ds_put_format(&match, "inport == %s", op->json_key); - build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs, - &match); - - const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id"); - if (queue_id) { - ds_put_format(&actions, "set_queue(%s); ", queue_id); - } - ds_put_cstr(&actions, "next;"); - ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, - ds_cstr(&match), ds_cstr(&actions)); - - if (op->nbsp->n_port_security) { - build_port_security_ip(P_IN, op, lflows); - build_port_security_nd(op, lflows); - } - } - - /* Ingress table 1 and 2: Port security - IP and ND, by default goto next. - * (priority 0)*/ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;"); - } + build_lswitch_port_sec(ports, datapaths, lflows); /* Ingress table 11: ARP/ND responder, skip requests coming from localnet * and vtep ports. (priority 100); see ovn-northd.8.xml for the * rationale. */ + struct ovn_port *op; HMAP_FOR_EACH (op, key_node, ports) { if (!op->nbsp) { continue; @@ -5651,50 +5704,6 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } } - /* Egress tables 8: Egress port security - IP (priority 0) - * Egress table 9: Egress port security L2 - multicast/broadcast - * (priority 100). */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast", - "output;"); - } - - /* Egress table 8: Egress port security - IP (priorities 90 and 80) - * if port security enabled. - * - * Egress table 9: Egress port security - L2 (priorities 50 and 150). - * - * Priority 50 rules implement port security for enabled logical port. - * - * Priority 150 rules drop packets to disabled logical ports, so that they - * don't even receive multicast or broadcast packets. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp || lsp_is_external(op->nbsp)) { - continue; - } - - ds_clear(&match); - ds_put_format(&match, "outport == %s", op->json_key); - if (lsp_is_enabled(op->nbsp)) { - build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs, - &match); - ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 50, - ds_cstr(&match), "output;"); - } else { - ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 150, - ds_cstr(&match), "drop;"); - } - - if (op->nbsp->n_port_security) { - build_port_security_ip(P_OUT, op, lflows); - } - } - ds_destroy(&match); ds_destroy(&actions); }