From patchwork Mon Sep 23 15:09:00 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi
X-Patchwork-Id: 1166096
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 46cSRX1jb7z9sPD
for ;
Tue, 24 Sep 2019 01:10:00 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 91253D4B;
Mon, 23 Sep 2019 15:09:19 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id E7FCBD3D
for ; Mon, 23 Sep 2019 15:09:17 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 28B2A108
for ; Mon, 23 Sep 2019 15:09:17 +0000 (UTC)
Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com
[209.85.221.69])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
bits)) (No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 588F2356C5
for ; Mon, 23 Sep 2019 15:09:16 +0000 (UTC)
Received: by mail-wr1-f69.google.com with SMTP id b6so5001109wrx.0
for ; Mon, 23 Sep 2019 08:09:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=gYrMREJP4dwJjNLOx/B2qz+4AYPnDURC6g1RfTQ55xI=;
b=MhYFozZCoeUiY5ZKvnDy0w5/GS7tqa3WXWywVx4m1hYbs8pMEj3ao7HL2eucgRpnnZ
NMSA7jFHBmlS7Su4qWVlepk/52rMggKGRiO3kIiIlAKKsYsqdUAhBHsT11jcaGvPZejK
1SEP+2WeiCqeaHAz3KWAbunOvJER3a4awu0teHrSYS+8WzgMbePfrVtVHL425Bu3IMnj
ci18C1CSk9BmTn6qzBXW650ZSrgbgM/hsqXk8A0VylcBHSLaqpEnpKDgeoJ0xtUkf5UW
8Gb0gW3E6IDpSe3kApo0WxMrySEN4nL2Dsw9rE06xKzhavTA+HU2bizRM1HoWPAn0Grb
ZmTg==
X-Gm-Message-State: APjAAAWyxfVVZX2deeb4N65RMFvrJt0TkaUCfB6m47Kc8YHUS6H6zhB7
CFxyU8SKs4eCmw/R/BGVCvvCvG155ko8WvW075tl6Nt/V/XR9WhnWoBOv6koyXDI4EQnXVFZZ74
us4K8VJ7abduSfVDiIQ==
X-Received: by 2002:a1c:20c2:: with SMTP id g185mr90035wmg.107.1569251354839;
Mon, 23 Sep 2019 08:09:14 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqyewQaCPSvt/j7I+AEQTNGMMwJb6ROH+b5WtdUWdM3YuaFOHobn9Uw4NPWts87fzxpQdmOEPg==
X-Received: by 2002:a1c:20c2:: with SMTP id g185mr90015wmg.107.1569251354537;
Mon, 23 Sep 2019 08:09:14 -0700 (PDT)
Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com.
[149.6.153.186]) by smtp.gmail.com with ESMTPSA id
u22sm19648658wru.72.2019.09.23.08.09.13
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 23 Sep 2019 08:09:14 -0700 (PDT)
From: Lorenzo Bianconi
To: ovs-dev@openvswitch.org
Date: Mon, 23 Sep 2019 17:09:00 +0200
Message-Id:
X-Mailer: git-send-email 2.21.0
In-Reply-To:
References:
MIME-Version: 1.0
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH ovn 1/3] Add egress QoS mapping for non-tunnel
interfaces
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
Introduce add_localnet_egress_interface_mappings routine in order to collect as
egress interfaces all ovs bridge interfaces marked with ovn-egress-iface
in the external_ids column of ovs interface table.
ovn-egress-iface is used to indicate to which localnet ports QoS egress
shaping has to be applied.
Refactor add_bridge_mappings routine
Signed-off-by: Lorenzo Bianconi
---
controller/binding.c | 58 +++++++++++++++++++++++++++-
controller/binding.h | 4 ++
controller/ovn-controller.c | 3 +-
controller/patch.c | 76 +++++++++++++++++++++----------------
controller/patch.h | 4 ++
5 files changed, 110 insertions(+), 35 deletions(-)
diff --git a/controller/binding.c b/controller/binding.c
index 242163d59..89262b2d2 100644
--- a/controller/binding.c
+++ b/controller/binding.c
@@ -18,6 +18,7 @@
#include "ha-chassis.h"
#include "lflow.h"
#include "lport.h"
+#include "patch.h"
#include "lib/bitmap.h"
#include "openvswitch/poll-loop.h"
@@ -532,6 +533,9 @@ consider_local_datapath(struct ovsdb_idl_txn *ovnsb_idl_txn,
/* Add all localnet ports to local_lports so that we allocate ct zones
* for them. */
sset_add(local_lports, binding_rec->logical_port);
+ if (qos_map && ovs_idl_txn) {
+ get_qos_params(binding_rec, qos_map);
+ }
} else if (!strcmp(binding_rec->type, "external")) {
if (ha_chassis_group_contains(binding_rec->ha_chassis_group,
chassis_rec)) {
@@ -619,10 +623,55 @@ consider_local_datapath(struct ovsdb_idl_txn *ovnsb_idl_txn,
}
}
+static void
+add_localnet_egress_interface_mappings(
+ const struct sbrec_port_binding *port_binding,
+ struct shash *bridge_mappings, struct sset *egress_ifaces)
+{
+ const char *network = smap_get(&port_binding->options, "network_name");
+ if (!network) {
+ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
+ VLOG_ERR_RL(&rl, "%s port '%s' has no network name.",
+ port_binding->type, port_binding->logical_port);
+ return;
+ }
+
+ struct ovsrec_bridge *br_ln = shash_find_data(bridge_mappings, network);
+ if (!br_ln) {
+ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
+ VLOG_ERR_RL(&rl, "bridge not found for %s port '%s' "
+ "with network name '%s'", port_binding->type,
+ port_binding->logical_port, network);
+ return;
+ }
+
+ /* Add egress-ifaces from the connected bridge */
+ for (size_t i = 0; i < br_ln->n_ports; i++) {
+ const struct ovsrec_port *port_rec = br_ln->ports[i];
+
+ for (size_t j = 0; j < port_rec->n_interfaces; j++) {
+ const struct ovsrec_interface *iface_rec;
+
+ iface_rec = port_rec->interfaces[j];
+ bool is_egress_iface = smap_get_bool(&iface_rec->external_ids,
+ "ovn-egress-iface", false);
+ if (!is_egress_iface) {
+ continue;
+ }
+ sset_add(egress_ifaces, iface_rec->name);
+ }
+ }
+}
+
static void
consider_localnet_port(const struct sbrec_port_binding *binding_rec,
+ struct shash *bridge_mappings,
+ struct sset *egress_ifaces,
struct hmap *local_datapaths)
{
+ add_localnet_egress_interface_mappings(binding_rec,
+ bridge_mappings, egress_ifaces);
+
struct local_datapath *ld
= get_local_datapath(local_datapaths,
binding_rec->datapath->tunnel_key);
@@ -655,6 +704,8 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
const struct ovsrec_bridge *br_int,
const struct sbrec_chassis *chassis_rec,
const struct sset *active_tunnels,
+ const struct ovsrec_bridge_table *bridge_table,
+ const struct ovsrec_open_vswitch_table *ovs_table,
struct hmap *local_datapaths, struct sset *local_lports,
struct sset *local_lport_ids)
{
@@ -663,6 +714,7 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
}
const struct sbrec_port_binding *binding_rec;
+ struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings);
struct shash lport_to_iface = SHASH_INITIALIZER(&lport_to_iface);
struct sset egress_ifaces = SSET_INITIALIZER(&egress_ifaces);
struct hmap qos_map;
@@ -688,14 +740,18 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
}
+ add_ovs_bridge_mappings(ovs_table, bridge_table, &bridge_mappings);
+
/* Run through each binding record to see if it is a localnet port
* on local datapaths discovered from above loop, and update the
* corresponding local datapath accordingly. */
SBREC_PORT_BINDING_TABLE_FOR_EACH (binding_rec, port_binding_table) {
if (!strcmp(binding_rec->type, "localnet")) {
- consider_localnet_port(binding_rec, local_datapaths);
+ consider_localnet_port(binding_rec, &bridge_mappings,
+ &egress_ifaces, local_datapaths);
}
}
+ shash_destroy(&bridge_mappings);
if (!sset_is_empty(&egress_ifaces)
&& set_noop_qos(ovs_idl_txn, port_table, qos_table, &egress_ifaces)) {
diff --git a/controller/binding.h b/controller/binding.h
index bae162ede..924891c1b 100644
--- a/controller/binding.h
+++ b/controller/binding.h
@@ -26,6 +26,8 @@ struct ovsdb_idl_txn;
struct ovsrec_bridge;
struct ovsrec_port_table;
struct ovsrec_qos_table;
+struct ovsrec_bridge_table;
+struct ovsrec_open_vswitch_table;
struct sbrec_chassis;
struct sbrec_port_binding_table;
struct sset;
@@ -42,6 +44,8 @@ void binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
const struct ovsrec_bridge *br_int,
const struct sbrec_chassis *,
const struct sset *active_tunnels,
+ const struct ovsrec_bridge_table *bridge_table,
+ const struct ovsrec_open_vswitch_table *ovs_table,
struct hmap *local_datapaths,
struct sset *local_lports, struct sset *local_lport_ids);
bool binding_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn,
diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
index 33ece59be..b46a1d151 100644
--- a/controller/ovn-controller.c
+++ b/controller/ovn-controller.c
@@ -1082,7 +1082,8 @@ en_runtime_data_run(struct engine_node *node)
sbrec_port_binding_by_name,
port_table, qos_table, pb_table,
br_int, chassis,
- active_tunnels, local_datapaths,
+ active_tunnels, bridge_table,
+ ovs_table, local_datapaths,
local_lports, local_lport_ids);
update_ct_zones(local_lports, local_datapaths, ct_zones,
diff --git a/controller/patch.c b/controller/patch.c
index a6770c6d5..f2053de7b 100644
--- a/controller/patch.c
+++ b/controller/patch.c
@@ -129,6 +129,48 @@ remove_port(const struct ovsrec_bridge_table *bridge_table,
}
}
+void
+add_ovs_bridge_mappings(const struct ovsrec_open_vswitch_table *ovs_table,
+ const struct ovsrec_bridge_table *bridge_table,
+ struct shash *bridge_mappings)
+{
+ const struct ovsrec_open_vswitch *cfg;
+
+ cfg = ovsrec_open_vswitch_table_first(ovs_table);
+ if (cfg) {
+ const char *mappings_cfg;
+ char *cur, *next, *start;
+
+ mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings");
+ if (!mappings_cfg || !mappings_cfg[0]) {
+ return;
+ }
+
+ next = start = xstrdup(mappings_cfg);
+ while ((cur = strsep(&next, ",")) && *cur) {
+ const struct ovsrec_bridge *ovs_bridge;
+ char *network, *bridge = cur;
+
+ network = strsep(&bridge, ":");
+ if (!bridge || !*network || !*bridge) {
+ VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'",
+ mappings_cfg);
+ break;
+ }
+
+ ovs_bridge = get_bridge(bridge_table, bridge);
+ if (!ovs_bridge) {
+ VLOG_WARN("Bridge '%s' not found for network '%s'",
+ bridge, network);
+ continue;
+ }
+
+ shash_add(bridge_mappings, network, ovs_bridge);
+ }
+ free(start);
+ }
+}
+
/* Obtains external-ids:ovn-bridge-mappings from OVSDB and adds patch ports for
* the local bridge mappings. Removes any patch ports for bridge mappings that
* already existed from 'existing_ports'. */
@@ -142,41 +184,9 @@ add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn,
const struct sbrec_chassis *chassis)
{
/* Get ovn-bridge-mappings. */
- const char *mappings_cfg = "";
- const struct ovsrec_open_vswitch *cfg;
- cfg = ovsrec_open_vswitch_table_first(ovs_table);
- if (cfg) {
- mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings");
- if (!mappings_cfg || !mappings_cfg[0]) {
- return;
- }
- }
-
- /* Parse bridge mappings. */
struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings);
- char *cur, *next, *start;
- next = start = xstrdup(mappings_cfg);
- while ((cur = strsep(&next, ",")) && *cur) {
- char *network, *bridge = cur;
- const struct ovsrec_bridge *ovs_bridge;
-
- network = strsep(&bridge, ":");
- if (!bridge || !*network || !*bridge) {
- VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'",
- mappings_cfg);
- break;
- }
- ovs_bridge = get_bridge(bridge_table, bridge);
- if (!ovs_bridge) {
- VLOG_WARN("Bridge '%s' not found for network '%s'",
- bridge, network);
- continue;
- }
-
- shash_add(&bridge_mappings, network, ovs_bridge);
- }
- free(start);
+ add_ovs_bridge_mappings(ovs_table, bridge_table, &bridge_mappings);
const struct sbrec_port_binding *binding;
SBREC_PORT_BINDING_TABLE_FOR_EACH (binding, port_binding_table) {
diff --git a/controller/patch.h b/controller/patch.h
index 9018e4967..49b0b2e90 100644
--- a/controller/patch.h
+++ b/controller/patch.h
@@ -30,7 +30,11 @@ struct ovsrec_open_vswitch_table;
struct ovsrec_port_table;
struct sbrec_port_binding_table;
struct sbrec_chassis;
+struct shash;
+void add_ovs_bridge_mappings(const struct ovsrec_open_vswitch_table *ovs_table,
+ const struct ovsrec_bridge_table *bridge_table,
+ struct shash *bridge_mappings);
void patch_run(struct ovsdb_idl_txn *ovs_idl_txn,
const struct ovsrec_bridge_table *,
const struct ovsrec_open_vswitch_table *,
From patchwork Mon Sep 23 15:09:01 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi
X-Patchwork-Id: 1166097
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 46cSSh1gMDz9sNw
for ;
Tue, 24 Sep 2019 01:11:00 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 49659D84;
Mon, 23 Sep 2019 15:09:22 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id F1404D4B
for ; Mon, 23 Sep 2019 15:09:18 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6AA2A108
for ; Mon, 23 Sep 2019 15:09:18 +0000 (UTC)
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com
[209.85.221.71])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
bits)) (No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id C15053DE31
for ; Mon, 23 Sep 2019 15:09:17 +0000 (UTC)
Received: by mail-wr1-f71.google.com with SMTP id t11so4956064wro.10
for ; Mon, 23 Sep 2019 08:09:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=FNCuw04ttT65SL/a2BzWXaFfjVfTZ5AJVws/xu3D+lo=;
b=tPMsSDkSso0zX3kgTdJK2R/PNg0ZrboIuP3qWkwaoZDNi51HvWOxJEAM7+cDs9iUki
sQOa4ilxOF0KZQ1xbCXPAM3cYfJyknoCyoQaped6P1wDApPAK0DKrIMG8ThclyVQMg+v
l/bWVkQ4yY01uaz7aN8lHOnZ1NFOJ23+XznEzkCCZgABuk+dzTBa3Xl8SVhhiupOx/Dl
pBiD8Xi53DAaMdwv7NoXyz9i0o21+/rVE2bQlfQk3RFnGI9kmtndgVtzUEFujPwykb7i
rYZ3mlypk9Z/ROMb2oPA/UJVbNvKshZt+GSCjrSslco7fPfFzRAyo7YsWBZg6UxmRStX
883A==
X-Gm-Message-State: APjAAAWOYHU92cVMD8vX0voZs1gvfAyJleDfODedFpvHZbHHGhJC90za
IfQhU9PGx7X/mszk4b8yPD2LNHanb/xf2G9Se5JfPoj2iCPsrnzWiYDBzpPbkDaC6piMnOXA67e
rWsPr6XFIH5m6UkYXuA==
X-Received: by 2002:a1c:1fd3:: with SMTP id f202mr141342wmf.18.1569251356301;
Mon, 23 Sep 2019 08:09:16 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqyAEIaWsjnTSptDoAxsw/ojLJKsrZPQjKwm3/e8DHDzostCzlg3h5v+D98LGocYuD3Y5aUagA==
X-Received: by 2002:a1c:1fd3:: with SMTP id f202mr141320wmf.18.1569251356070;
Mon, 23 Sep 2019 08:09:16 -0700 (PDT)
Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com.
[149.6.153.186]) by smtp.gmail.com with ESMTPSA id
u22sm19648658wru.72.2019.09.23.08.09.15
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 23 Sep 2019 08:09:15 -0700 (PDT)
From: Lorenzo Bianconi
To: ovs-dev@openvswitch.org
Date: Mon, 23 Sep 2019 17:09:01 +0200
Message-Id:
<70b41a3ef538fa37b940419a7c1e3d076c3b68ef.1569250466.git.lorenzo.bianconi@redhat.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To:
References:
MIME-Version: 1.0
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH ovn 2/3] northd: add the possibility to define
localnet as qos capable port
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
Refactor allocate_chassis_queueid and free_chassis_queueid in order
to get an unused queue_id even for localnet ports and add the
the possibility to define localnet as qos capable port
Signed-off-by: Lorenzo Bianconi
Acked-by: Dumitru Ceara
---
northd/ovn-northd.c | 45 ++++++++++++++++++++++++++++++---------------
1 file changed, 30 insertions(+), 15 deletions(-)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index f393cebb8..633fb502b 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -357,7 +357,7 @@ destroy_chassis_queues(struct hmap *set)
}
static void
-add_chassis_queue(struct hmap *set, struct uuid *chassis_uuid,
+add_chassis_queue(struct hmap *set, const struct uuid *chassis_uuid,
uint32_t queue_id)
{
struct ovn_chassis_qdisc_queues *node = xmalloc(sizeof *node);
@@ -368,7 +368,7 @@ add_chassis_queue(struct hmap *set, struct uuid *chassis_uuid,
}
static bool
-chassis_queueid_in_use(const struct hmap *set, struct uuid *chassis_uuid,
+chassis_queueid_in_use(const struct hmap *set, const struct uuid *chassis_uuid,
uint32_t queue_id)
{
const struct ovn_chassis_qdisc_queues *node;
@@ -383,31 +383,38 @@ chassis_queueid_in_use(const struct hmap *set, struct uuid *chassis_uuid,
}
static uint32_t
-allocate_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis)
+allocate_chassis_queueid(struct hmap *set, const struct uuid *uuid, char *name)
{
+ if (!uuid) {
+ return 0;
+ }
+
for (uint32_t queue_id = QDISC_MIN_QUEUE_ID + 1;
queue_id <= QDISC_MAX_QUEUE_ID;
queue_id++) {
- if (!chassis_queueid_in_use(set, &chassis->header_.uuid, queue_id)) {
- add_chassis_queue(set, &chassis->header_.uuid, queue_id);
+ if (!chassis_queueid_in_use(set, uuid, queue_id)) {
+ add_chassis_queue(set, uuid, queue_id);
return queue_id;
}
}
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "all %s queue ids exhausted", chassis->name);
+ VLOG_WARN_RL(&rl, "all %s queue ids exhausted", name);
return 0;
}
static void
-free_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis,
+free_chassis_queueid(struct hmap *set, const struct uuid *uuid,
uint32_t queue_id)
{
- const struct uuid *chassis_uuid = &chassis->header_.uuid;
+ if (!uuid) {
+ return;
+ }
+
struct ovn_chassis_qdisc_queues *node;
HMAP_FOR_EACH_WITH_HASH (node, key_node,
- hash_chassis_queue(chassis_uuid, queue_id), set) {
- if (uuid_equals(chassis_uuid, &node->chassis_uuid)
+ hash_chassis_queue(uuid, queue_id), set) {
+ if (uuid_equals(uuid, &node->chassis_uuid)
&& node->queue_id == queue_id) {
hmap_remove(set, &node->key_node);
free(node);
@@ -2650,15 +2657,23 @@ ovn_port_update_sbrec(struct northd_context *ctx,
uint32_t queue_id = smap_get_int(
&op->sb->options, "qdisc_queue_id", 0);
bool has_qos = port_has_qos_params(&op->nbsp->options);
+ const struct uuid *uuid = NULL;
struct smap options;
+ char *name = "";
+
+ if (!strcmp(op->nbsp->type, "localnet")) {
+ uuid = &op->sb->header_.uuid;
+ name = "localnet";
+ } else if (op->sb->chassis) {
+ uuid = &op->sb->chassis->header_.uuid;
+ name = op->sb->chassis->name;
+ }
- if (op->sb->chassis && has_qos && !queue_id) {
+ if (has_qos && !queue_id) {
queue_id = allocate_chassis_queueid(chassis_qdisc_queues,
- op->sb->chassis);
+ uuid, name);
} else if (!has_qos && queue_id) {
- free_chassis_queueid(chassis_qdisc_queues,
- op->sb->chassis,
- queue_id);
+ free_chassis_queueid(chassis_qdisc_queues, uuid, queue_id);
queue_id = 0;
}
From patchwork Mon Sep 23 15:09:02 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi
X-Patchwork-Id: 1166098
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 46cSTW0jh4z9sNw
for ;
Tue, 24 Sep 2019 01:11:43 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id E5293D89;
Mon, 23 Sep 2019 15:09:22 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id AD165D73
for ; Mon, 23 Sep 2019 15:09:21 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D9FC48A0
for ; Mon, 23 Sep 2019 15:09:20 +0000 (UTC)
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
[209.85.128.70])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
bits)) (No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 3655258569
for ; Mon, 23 Sep 2019 15:09:20 +0000 (UTC)
Received: by mail-wm1-f70.google.com with SMTP id k184so6857077wmk.1
for ; Mon, 23 Sep 2019 08:09:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=U5dxQ2RrcNBQEJdgef+KKMQrfVjEjut4BXlkhQRkwm8=;
b=Cq563rYCxq0ila5OW9cLrRL7vPGYRqvLMu3Ru+y1VhKEOtsBFR5LiRjbuwvobl5zO2
Z23cPfx+qu872+U2BDFyye9MrMdv0ky4oiTN7qR3njtY14DD0qd6tAl7vuXZtwByCOf8
T9MpG23Nj4qf7f3UQwj/rXRr8SWrJZn3HWFCB/V3DLemKwgN4H5nC52xg+XFjnFhmfwv
G+62NgkS2hQMUNqEyJqfiQ4ANaq8rf+fq1NYKxcXiytE3oUUloUKBuwpR/oiiTYCsQBZ
6kGBbZIdmmmqguU274zOesIojkMWmptvpLzv74PRuiUB6qDhLZ5c733fgjEN7Cj+T/46
UZ8w==
X-Gm-Message-State: APjAAAUcLZQOJUfA9TCt7Kb8Ee+RMh7bojhz0vZLgKeBj3wrFGXn16dh
kZ4vpK+nGmpIfK/FXQRKSCEqcDxSqJ77llSAxr4dQENGfjz3IvHR6VTEXUg76gOe4ggbttphxtf
eetTp/+HhW9vbnCWUIg==
X-Received: by 2002:a1c:a6ca:: with SMTP id p193mr93608wme.103.1569251358679;
Mon, 23 Sep 2019 08:09:18 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqzqhWipi5xcnfOT4e9aU7H1YgayKbwUiuFdnojw1/xNUlvmYLWZ9KgP8h2Bj1twryI76OP43g==
X-Received: by 2002:a1c:a6ca:: with SMTP id p193mr93580wme.103.1569251358367;
Mon, 23 Sep 2019 08:09:18 -0700 (PDT)
Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com.
[149.6.153.186]) by smtp.gmail.com with ESMTPSA id
u22sm19648658wru.72.2019.09.23.08.09.17
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 23 Sep 2019 08:09:17 -0700 (PDT)
From: Lorenzo Bianconi
To: ovs-dev@openvswitch.org
Date: Mon, 23 Sep 2019 17:09:02 +0200
Message-Id:
<8bea1e79bc209de4e413038bd7d79a84046a0ead.1569250466.git.lorenzo.bianconi@redhat.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To:
References:
MIME-Version: 1.0
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH ovn 3/3] northd: interoduce logical flow for
localnet egress shaping
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
Add set_queue() action for qos capable localnet port in
S_SWITCH_OUT_PORT_SEC_L2 stage of logical swith pipeline
Introduce build_lswitch_port_sec and refactor lswitch_port_security code
in order to remove duplicated code
Signed-off-by: Lorenzo Bianconi
---
northd/ovn-northd.8.xml | 7 +-
northd/ovn-northd.c | 199 +++++++++++++++++++++-------------------
2 files changed, 110 insertions(+), 96 deletions(-)
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index 0f4f1c112..093b55438 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -1150,10 +1150,15 @@ output;
eth.dst
are always accepted instead of being subject to the
port security rules; this is implemented through a priority-100 flow that
matches on eth.mcast
with action output;
.
- Finally, to ensure that even broadcast and multicast packets are not
+ Moreover, to ensure that even broadcast and multicast packets are not
delivered to disabled logical ports, a priority-150 flow for each
disabled logical outport
overrides the priority-100 flow
with a drop;
action.
+ Finally if egress qos has been enabled on a localnet port, the outgoing
+ queue id is set through set_queue
action. Please remember to
+ mark the corresponding physical interface with
+ ovn-egress-iface
set to true in
Logical Router Datapaths
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 633fb502b..4bacad572 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -3903,6 +3903,108 @@ has_stateful_acl(struct ovn_datapath *od)
return false;
}
+static void
+build_lswitch_port_sec(struct hmap *ports, struct hmap *datapaths,
+ struct hmap *lflows)
+{
+ struct ds match = DS_EMPTY_INITIALIZER;
+ struct ds actions = DS_EMPTY_INITIALIZER;
+ struct ovn_datapath *od;
+ struct ovn_port *op;
+
+ HMAP_FOR_EACH (op, key_node, ports) {
+ if (!op->nbsp) {
+ continue;
+ }
+
+ if (lsp_is_external(op->nbsp)) {
+ continue;
+ }
+
+ ds_clear(&match);
+ ds_put_format(&match, "outport == %s", op->json_key);
+
+ /* Egress table 8: Egress port security - IP (priorities 90 and 80)
+ * if port security enabled.
+ *
+ * Egress table 9: Egress port security - L2 (priorities 50 and 150).
+ *
+ * Priority 50 rules implement port security for enabled logical port.
+ *
+ * Priority 150 rules drop packets to disabled logical ports, so that
+ * they don't even receive multicast or broadcast packets.
+ */
+ if (!lsp_is_enabled(op->nbsp)) {
+ ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 150,
+ ds_cstr(&match), "drop;");
+ build_port_security_ip(P_OUT, op, lflows);
+ continue;
+ }
+
+ ds_clear(&actions);
+ if (!strcmp(op->nbsp->type, "localnet")) {
+ const char *queue_id = smap_get(&op->sb->options,
+ "qdisc_queue_id");
+ if (queue_id) {
+ ds_put_format(&actions, "set_queue(%s); ", queue_id);
+ }
+ }
+ ds_put_cstr(&actions, "output;");
+ build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs,
+ &match);
+ ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 50,
+ ds_cstr(&match), ds_cstr(&actions));
+
+ ds_clear(&match);
+ ds_clear(&actions);
+
+ /* Logical switch ingress table 0: Ingress port security - L2
+ * (priority 50).
+ * Ingress table 1: Ingress port security - IP (priority 90 and 80)
+ * Ingress table 2: Ingress port security - ND (priority 90 and 80)
+ */
+ ds_put_format(&match, "inport == %s", op->json_key);
+ build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs,
+ &match);
+
+ const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id");
+ if (queue_id) {
+ ds_put_format(&actions, "set_queue(%s); ", queue_id);
+ }
+ ds_put_cstr(&actions, "next;");
+ ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50,
+ ds_cstr(&match), ds_cstr(&actions));
+
+ if (op->nbsp->n_port_security) {
+ build_port_security_ip(P_IN, op, lflows);
+ build_port_security_ip(P_OUT, op, lflows);
+ build_port_security_nd(op, lflows);
+ }
+ }
+
+ HMAP_FOR_EACH (od, key_node, datapaths) {
+ if (!od->nbs) {
+ continue;
+ }
+
+ /* Ingress table 1 and 2: Port security - IP and ND, by default
+ * goto next. (priority 0)
+ */
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;");
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;");
+
+ /* Egress tables 8: Egress port security - IP (priority 0)
+ * Egress table 9: Egress port security L2 - multicast/broadcast
+ * (priority 100). */
+ ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;");
+ ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast",
+ "output;");
+ }
+
+ ds_destroy(&match);
+ ds_destroy(&actions);
+}
+
static void
build_pre_acls(struct ovn_datapath *od, struct hmap *lflows)
{
@@ -4974,61 +5076,12 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
* to the next table if packet source is acceptable. */
}
- /* Logical switch ingress table 0: Ingress port security - L2
- * (priority 50).
- * Ingress table 1: Ingress port security - IP (priority 90 and 80)
- * Ingress table 2: Ingress port security - ND (priority 90 and 80)
- */
- struct ovn_port *op;
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp) {
- continue;
- }
-
- if (!lsp_is_enabled(op->nbsp)) {
- /* Drop packets from disabled logical ports (since logical flow
- * tables are default-drop). */
- continue;
- }
-
- if (lsp_is_external(op->nbsp)) {
- continue;
- }
-
- ds_clear(&match);
- ds_clear(&actions);
- ds_put_format(&match, "inport == %s", op->json_key);
- build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs,
- &match);
-
- const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id");
- if (queue_id) {
- ds_put_format(&actions, "set_queue(%s); ", queue_id);
- }
- ds_put_cstr(&actions, "next;");
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50,
- ds_cstr(&match), ds_cstr(&actions));
-
- if (op->nbsp->n_port_security) {
- build_port_security_ip(P_IN, op, lflows);
- build_port_security_nd(op, lflows);
- }
- }
-
- /* Ingress table 1 and 2: Port security - IP and ND, by default goto next.
- * (priority 0)*/
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;");
- }
+ build_lswitch_port_sec(ports, datapaths, lflows);
/* Ingress table 11: ARP/ND responder, skip requests coming from localnet
* and vtep ports. (priority 100); see ovn-northd.8.xml for the
* rationale. */
+ struct ovn_port *op;
HMAP_FOR_EACH (op, key_node, ports) {
if (!op->nbsp) {
continue;
@@ -5651,50 +5704,6 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
}
}
- /* Egress tables 8: Egress port security - IP (priority 0)
- * Egress table 9: Egress port security L2 - multicast/broadcast
- * (priority 100). */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast",
- "output;");
- }
-
- /* Egress table 8: Egress port security - IP (priorities 90 and 80)
- * if port security enabled.
- *
- * Egress table 9: Egress port security - L2 (priorities 50 and 150).
- *
- * Priority 50 rules implement port security for enabled logical port.
- *
- * Priority 150 rules drop packets to disabled logical ports, so that they
- * don't even receive multicast or broadcast packets. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp || lsp_is_external(op->nbsp)) {
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "outport == %s", op->json_key);
- if (lsp_is_enabled(op->nbsp)) {
- build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs,
- &match);
- ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 50,
- ds_cstr(&match), "output;");
- } else {
- ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 150,
- ds_cstr(&match), "drop;");
- }
-
- if (op->nbsp->n_port_security) {
- build_port_security_ip(P_OUT, op, lflows);
- }
- }
-
ds_destroy(&match);
ds_destroy(&actions);
}