From patchwork Thu Jul 1 05:45:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1499266 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GFnHz19JSz9sWk for ; Thu, 1 Jul 2021 15:45:50 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 2CDD783AF5; Thu, 1 Jul 2021 05:45:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVrGhuNp7Ywq; Thu, 1 Jul 2021 05:45:48 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 8524E83440; Thu, 1 Jul 2021 05:45:47 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 68267C0010; Thu, 1 Jul 2021 05:45:47 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 109E6C000E for ; Thu, 1 Jul 2021 05:45:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id E47FC834FE for ; Thu, 1 Jul 2021 05:45:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HOVN1vMl-Zfl for ; Thu, 1 Jul 2021 05:45:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by smtp1.osuosl.org (Postfix) with ESMTPS id 0F65D83440 for ; Thu, 1 Jul 2021 05:45:44 +0000 (UTC) Received: (Authenticated sender: hzhou@ovn.org) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 8D5F96000A; Thu, 1 Jul 2021 05:45:42 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Wed, 30 Jun 2021 22:45:19 -0700 Message-Id: <20210701054522.162291-2-hzhou@ovn.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210701054522.162291-1-hzhou@ovn.org> References: <20210701054522.162291-1-hzhou@ovn.org> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH RFC ovn 1/4] ovn-northd.at: Minor improvement for the dp group test case. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" When counting lsp specific flows, using format "table" for ovn-sbctl output to make sure each record is counted at most once. Signed-off-by: Han Zhou --- tests/ovn-northd.at | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 2c811f094..c00f5bc3e 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -2487,7 +2487,7 @@ check_row_count Logical_DP_Group 0 dnl Number of logical flows that depends on logical switch or multicast group. dnl These will not be combined. -n_flows_specific=$(ovn-sbctl --bare find Logical_Flow | grep -cE 'swp') +n_flows_specific=$(ovn-sbctl -f table find Logical_Flow | grep -cE 'swp') echo "Number of specific flows: "${n_flows_specific} dnl Both logical switches configured identically, so there should be same From patchwork Thu Jul 1 05:45:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1499268 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GFnJ45XhBz9sWk for ; Thu, 1 Jul 2021 15:45:56 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 85D176072D; Thu, 1 Jul 2021 05:45:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Er5GYgfJ4lBh; Thu, 1 Jul 2021 05:45:52 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTPS id 8277060816; Thu, 1 Jul 2021 05:45:51 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 56BDFC001D; Thu, 1 Jul 2021 05:45:51 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9E434C001F for ; Thu, 1 Jul 2021 05:45:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 7E61740670 for ; Thu, 1 Jul 2021 05:45:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WZ7_In2K0_TN for ; Thu, 1 Jul 2021 05:45:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by smtp4.osuosl.org (Postfix) with ESMTPS id 940CF40662 for ; Thu, 1 Jul 2021 05:45:46 +0000 (UTC) Received: (Authenticated sender: hzhou@ovn.org) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id E0A9E60006; Thu, 1 Jul 2021 05:45:43 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Wed, 30 Jun 2021 22:45:20 -0700 Message-Id: <20210701054522.162291-3-hzhou@ovn.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210701054522.162291-1-hzhou@ovn.org> References: <20210701054522.162291-1-hzhou@ovn.org> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH RFC ovn 2/4] ovn-sb: Add tags column to logical_flow table of the SB DB. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" The column will provide information to help improve efficiency of ovn-controller lflow parsing. Signed-off-by: Han Zhou --- ovn-sb.ovsschema | 7 +++++-- ovn-sb.xml | 23 +++++++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/ovn-sb.ovsschema b/ovn-sb.ovsschema index bbf60781d..33fcc1a3d 100644 --- a/ovn-sb.ovsschema +++ b/ovn-sb.ovsschema @@ -1,7 +1,7 @@ { "name": "OVN_Southbound", - "version": "20.18.0", - "cksum": "1816525029 26536", + "version": "20.19.0", + "cksum": "4105410918 26688", "tables": { "SB_Global": { "columns": { @@ -109,6 +109,9 @@ "maxInteger": 65535}}}, "match": {"type": "string"}, "actions": {"type": "string"}, + "tags": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}, "external_ids": { "type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}}}, diff --git a/ovn-sb.xml b/ovn-sb.xml index 69de4551b..a39778ee0 100644 --- a/ovn-sb.xml +++ b/ovn-sb.xml @@ -2441,6 +2441,29 @@ tcp.flags = RST; + + Key-value pairs that provide additional information to help + ovn-controller processing the logical flow. Below are the tags used + by ovn-controller. + +
+
in_out_port
+
+ In the logical flow's "match" column, if a logical port P is + compared with "inport" and the logical flow is on a logical switch + ingress pipeline, or if P is compared with "outport" and the + logical flow is on a logical switch egress pipeline, and the + expression is combined with other expressions (if any) using the + operator &&, then the port P should be added as the value in + this tag. If there are multiple logical ports meeting this criteria, + one of them can be added. ovn-controller uses this information to + skip parsing flows that are not needed on the chassis. Failing to add + the tag will affect efficiency, while adding wrong value will affect + correctness. +
+
+ + Human-readable name for this flow's stage in the pipeline. From patchwork Thu Jul 1 05:45:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1499269 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GFnJ65t65z9sWk for ; Thu, 1 Jul 2021 15:45:58 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id C3EF183C4D; Thu, 1 Jul 2021 05:45:56 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwD8m_tx3XnR; Thu, 1 Jul 2021 05:45:54 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 30E2C83C36; Thu, 1 Jul 2021 05:45:53 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4992DC0010; Thu, 1 Jul 2021 05:45:52 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id A8273C001D for ; Thu, 1 Jul 2021 05:45:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 8CB8241609 for ; Thu, 1 Jul 2021 05:45:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K8mCGmH6I1cx for ; Thu, 1 Jul 2021 05:45:49 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by smtp4.osuosl.org (Postfix) with ESMTPS id C0BE34067E for ; Thu, 1 Jul 2021 05:45:48 +0000 (UTC) Received: (Authenticated sender: hzhou@ovn.org) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 424AA60009; Thu, 1 Jul 2021 05:45:44 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Wed, 30 Jun 2021 22:45:21 -0700 Message-Id: <20210701054522.162291-4-hzhou@ovn.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210701054522.162291-1-hzhou@ovn.org> References: <20210701054522.162291-1-hzhou@ovn.org> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH RFC ovn 3/4] ovn-northd: Populate in_out_port in logical_flow table's tags. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Populate the in_out_port tag for logical switch pipeline flows wherever possible. Signed-off-by: Han Zhou --- northd/ovn-northd.c | 272 +++++++++++++++++++++++++------------------- 1 file changed, 155 insertions(+), 117 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 83746f4ab..f60dab7a9 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -4046,6 +4046,7 @@ struct ovn_lflow { uint16_t priority; char *match; char *actions; + char *io_port; char *stage_hint; const char *where; }; @@ -4081,7 +4082,7 @@ ovn_lflow_equal(const struct ovn_lflow *a, const struct ovn_datapath *od, static void ovn_lflow_init(struct ovn_lflow *lflow, struct ovn_datapath *od, enum ovn_stage stage, uint16_t priority, - char *match, char *actions, char *stage_hint, + char *match, char *actions, char *io_port, char *stage_hint, const char *where) { hmapx_init(&lflow->od_group); @@ -4090,6 +4091,7 @@ ovn_lflow_init(struct ovn_lflow *lflow, struct ovn_datapath *od, lflow->priority = priority; lflow->match = match; lflow->actions = actions; + lflow->io_port = io_port; lflow->stage_hint = stage_hint; lflow->where = where; } @@ -4107,7 +4109,7 @@ static struct hashrow_locks lflow_locks; static void do_ovn_lflow_add(struct hmap *lflow_map, struct ovn_datapath *od, uint32_t hash, enum ovn_stage stage, uint16_t priority, - const char *match, const char *actions, + const char *match, const char *actions, const char *io_port, const struct ovsdb_idl_row *stage_hint, const char *where) { @@ -4130,6 +4132,7 @@ do_ovn_lflow_add(struct hmap *lflow_map, struct ovn_datapath *od, * one datapath in a group, so it could be hashed correctly. */ ovn_lflow_init(lflow, NULL, stage, priority, xstrdup(match), xstrdup(actions), + io_port ? xstrdup(io_port) : NULL, ovn_lflow_hint(stage_hint), where); hmapx_add(&lflow->od_group, od); hmap_insert_fast(lflow_map, &lflow->hmap_node, hash); @@ -4139,7 +4142,7 @@ do_ovn_lflow_add(struct hmap *lflow_map, struct ovn_datapath *od, static void ovn_lflow_add_at(struct hmap *lflow_map, struct ovn_datapath *od, enum ovn_stage stage, uint16_t priority, - const char *match, const char *actions, + const char *match, const char *actions, const char *io_port, const struct ovsdb_idl_row *stage_hint, const char *where) { ovs_assert(ovn_stage_to_datapath_type(stage) == ovn_datapath_get_type(od)); @@ -4154,11 +4157,11 @@ ovn_lflow_add_at(struct hmap *lflow_map, struct ovn_datapath *od, if (use_logical_dp_groups && use_parallel_build) { lock_hash_row(&lflow_locks, hash); do_ovn_lflow_add(lflow_map, od, hash, stage, priority, match, - actions, stage_hint, where); + actions, io_port, stage_hint, where); unlock_hash_row(&lflow_locks, hash); } else { do_ovn_lflow_add(lflow_map, od, hash, stage, priority, match, - actions, stage_hint, where); + actions, io_port, stage_hint, where); } } @@ -4166,11 +4169,27 @@ ovn_lflow_add_at(struct hmap *lflow_map, struct ovn_datapath *od, #define ovn_lflow_add_with_hint(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, \ ACTIONS, STAGE_HINT) \ ovn_lflow_add_at(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, ACTIONS, \ - STAGE_HINT, OVS_SOURCE_LOCATOR) + NULL, STAGE_HINT, OVS_SOURCE_LOCATOR) + +/* This macro is similar to ovn_lflow_add_with_hint, except that it requires + * the IN_OUT_PORT argument, which tells the lport name that appears in the + * MATCH, which helps ovn-controller to bypass lflows parsing when the lport is + * not local to the chassis. The critiera of the lport to be added using this + * argument: + * + * - For ingress pipeline, the lport that is used to match "inport". + * - For egress pipeline, the lport that is used to match "outport". + * + * For now, only LS pipelines should use this macro. */ +#define ovn_lflow_add_with_lport_and_hint(LFLOW_MAP, OD, STAGE, PRIORITY, \ + MATCH, ACTIONS, IN_OUT_PORT, \ + STAGE_HINT) \ + ovn_lflow_add_at(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, ACTIONS, \ + IN_OUT_PORT, STAGE_HINT, OVS_SOURCE_LOCATOR) #define ovn_lflow_add(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, ACTIONS) \ ovn_lflow_add_at(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, ACTIONS, \ - NULL, OVS_SOURCE_LOCATOR) + NULL, NULL, OVS_SOURCE_LOCATOR) static struct ovn_lflow * ovn_lflow_find(const struct hmap *lflows, const struct ovn_datapath *od, @@ -4196,6 +4215,7 @@ ovn_lflow_destroy(struct hmap *lflows, struct ovn_lflow *lflow) hmapx_destroy(&lflow->od_group); free(lflow->match); free(lflow->actions); + free(lflow->io_port); free(lflow->stage_hint); free(lflow); } @@ -4365,8 +4385,10 @@ build_port_security_nd(struct ovn_port *op, struct hmap *lflows, ds_chomp(&match, ','); ds_put_cstr(&match, "}"); } - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND, - 90, ds_cstr(&match), "next;", stage_hint); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_PORT_SEC_ND, 90, + ds_cstr(&match), "next;", + op->key, stage_hint); } if (ps->n_ipv6_addrs || no_ip) { @@ -4375,15 +4397,18 @@ build_port_security_nd(struct ovn_port *op, struct hmap *lflows, op->json_key, ps->ea_s); build_port_security_ipv6_nd_flow(&match, ps->ea, ps->ipv6_addrs, ps->n_ipv6_addrs); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND, - 90, ds_cstr(&match), "next;", stage_hint); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_PORT_SEC_ND, 90, + ds_cstr(&match), "next;", + op->key, stage_hint); } } ds_clear(&match); ds_put_format(&match, "inport == %s && (arp || nd)", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND, 80, - ds_cstr(&match), "drop;", stage_hint); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND, + 80, ds_cstr(&match), "drop;", op->key, + stage_hint); ds_destroy(&match); } @@ -4435,9 +4460,10 @@ build_port_security_ip(enum ovn_pipeline pipeline, struct ovn_port *op, " && ip4.dst == 255.255.255.255" " && udp.src == 68 && udp.dst == 67", op->json_key, ps->ea_s); - ovn_lflow_add_with_hint(lflows, op->od, stage, 90, - ds_cstr(&dhcp_match), "next;", - stage_hint); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, stage, 90, + ds_cstr(&dhcp_match), + "next;", op->key, + stage_hint); ds_destroy(&dhcp_match); ds_put_format(&match, "inport == %s && eth.src == %s" " && ip4.src == {", op->json_key, @@ -4476,9 +4502,9 @@ build_port_security_ip(enum ovn_pipeline pipeline, struct ovn_port *op, ds_chomp(&match, ' '); ds_chomp(&match, ','); ds_put_cstr(&match, "}"); - ovn_lflow_add_with_hint(lflows, op->od, stage, 90, - ds_cstr(&match), "next;", - stage_hint); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, stage, 90, + ds_cstr(&match), "next;", + op->key, stage_hint); ds_destroy(&match); } @@ -4492,11 +4518,11 @@ build_port_security_ip(enum ovn_pipeline pipeline, struct ovn_port *op, " && eth.src == %s" " && ip6.src == ::" " && ip6.dst == ff02::/16" - " && icmp6.type == {131, 135, 143}", op->json_key, - ps->ea_s); - ovn_lflow_add_with_hint(lflows, op->od, stage, 90, - ds_cstr(&dad_match), "next;", - stage_hint); + " && icmp6.type == {131, 135, 143}", + op->json_key, ps->ea_s); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, stage, 90, + ds_cstr(&dad_match), "next;", + op->key, stage_hint); ds_destroy(&dad_match); } ds_put_format(&match, "%s == %s && %s == %s", @@ -4504,9 +4530,9 @@ build_port_security_ip(enum ovn_pipeline pipeline, struct ovn_port *op, pipeline == P_IN ? "eth.src" : "eth.dst", ps->ea_s); build_port_security_ipv6_flow(pipeline, &match, ps->ea, ps->ipv6_addrs, ps->n_ipv6_addrs); - ovn_lflow_add_with_hint(lflows, op->od, stage, 90, - ds_cstr(&match), "next;", - stage_hint); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, stage, 90, + ds_cstr(&match), "next;", + op->key, stage_hint); ds_destroy(&match); } @@ -4514,8 +4540,8 @@ build_port_security_ip(enum ovn_pipeline pipeline, struct ovn_port *op, port_direction, op->json_key, pipeline == P_IN ? "eth.src" : "eth.dst", ps->ea_s); - ovn_lflow_add_with_hint(lflows, op->od, stage, 80, match, "drop;", - stage_hint); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, stage, 80, match, + "drop;", op->key, stage_hint); free(match); } @@ -4836,9 +4862,9 @@ build_lswitch_input_port_sec_op( ds_put_format(actions, "set_queue(%s); ", queue_id); } ds_put_cstr(actions, "next;"); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, - ds_cstr(match), ds_cstr(actions), - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, + 50, ds_cstr(match), ds_cstr(actions), + op->key, &op->nbsp->header_); if (op->nbsp->n_port_security) { build_port_security_ip(P_IN, op, lflows, &op->nbsp->header_); @@ -4872,16 +4898,18 @@ build_lswitch_learn_fdb_op( ds_put_format(match, "inport == %s", op->json_key); ds_put_format(actions, REGBIT_LKUP_FDB " = lookup_fdb(inport, eth.src); next;"); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_LOOKUP_FDB, 100, - ds_cstr(match), ds_cstr(actions), - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_LOOKUP_FDB, 100, + ds_cstr(match), ds_cstr(actions), + op->key, &op->nbsp->header_); ds_put_cstr(match, " && "REGBIT_LKUP_FDB" == 0"); ds_clear(actions); ds_put_cstr(actions, "put_fdb(inport, eth.src); next;"); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PUT_FDB, 100, - ds_cstr(match), ds_cstr(actions), - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, S_SWITCH_IN_PUT_FDB, + 100, ds_cstr(match), + ds_cstr(actions), op->key, + &op->nbsp->header_); } } @@ -4931,13 +4959,15 @@ build_lswitch_output_port_sec_op(struct ovn_port *op, } } ds_put_cstr(actions, "output;"); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, - 50, ds_cstr(match), ds_cstr(actions), - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_OUT_PORT_SEC_L2, 50, + ds_cstr(match), ds_cstr(actions), + op->key, &op->nbsp->header_); } else { - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, - 150, ds_cstr(match), "drop;", - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_OUT_PORT_SEC_L2, 150, + ds_cstr(match), "drop;", op->key, + &op->nbsp->header_); } if (op->nbsp->n_port_security) { @@ -4979,12 +5009,12 @@ skip_port_from_conntrack(struct ovn_datapath *od, struct ovn_port *op, ds_put_format(&match_in, "ip && inport == %s", op->json_key); ds_put_format(&match_out, "ip && outport == %s", op->json_key); - ovn_lflow_add_with_hint(lflows, od, in_stage, priority, - ds_cstr(&match_in), "next;", - &op->nbsp->header_); - ovn_lflow_add_with_hint(lflows, od, out_stage, priority, - ds_cstr(&match_out), "next;", - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, od, in_stage, priority, + ds_cstr(&match_in), "next;", op->key, + &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, od, out_stage, priority, + ds_cstr(&match_out), "next;", op->key, + &op->nbsp->header_); ds_destroy(&match_in); ds_destroy(&match_out); @@ -5519,7 +5549,8 @@ build_reject_acl_rules(struct ovn_datapath *od, struct hmap *lflows, "outport <-> inport; %s };", next_action); ovn_lflow_add_with_hint(lflows, od, stage, acl->priority + OVN_ACL_PRI_OFFSET, - ds_cstr(&match), ds_cstr(&actions), stage_hint); + ds_cstr(&match), ds_cstr(&actions), + stage_hint); free(next_action); ds_destroy(&match); @@ -5892,9 +5923,10 @@ build_acls(struct ovn_datapath *od, struct hmap *lflows, "&& ip4.src == %s && udp && udp.src == 67 " "&& udp.dst == 68", od->nbs->ports[i]->name, server_mac, server_id); - ovn_lflow_add_with_hint( + ovn_lflow_add_with_lport_and_hint( lflows, od, S_SWITCH_OUT_ACL, 34000, ds_cstr(&match), - dhcp_actions, &od->nbs->ports[i]->dhcpv4_options->header_); + dhcp_actions, od->nbs->ports[i]->name, + &od->nbs->ports[i]->dhcpv4_options->header_); } } @@ -5918,9 +5950,9 @@ build_acls(struct ovn_datapath *od, struct hmap *lflows, "&& ip6.src == %s && udp && udp.src == 547 " "&& udp.dst == 546", od->nbs->ports[i]->name, server_mac, server_ip); - ovn_lflow_add_with_hint( + ovn_lflow_add_with_lport_and_hint( lflows, od, S_SWITCH_OUT_ACL, 34000, ds_cstr(&match), - dhcp6_actions, + dhcp6_actions, od->nbs->ports[i]->name, &od->nbs->ports[i]->dhcpv6_options->header_); } } @@ -6632,7 +6664,7 @@ build_lswitch_rport_arp_req_flows(struct ovn_port *op, static void build_dhcpv4_options_flows(struct ovn_port *op, struct lport_addresses *lsp_addrs, - const char *json_key, bool is_external, + struct ovn_port *inport, bool is_external, struct hmap *lflows) { struct ds match = DS_EMPTY_INITIALIZER; @@ -6649,18 +6681,17 @@ build_dhcpv4_options_flows(struct ovn_port *op, &match, "inport == %s && eth.src == %s && " "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && " "udp.src == 68 && udp.dst == 67", - json_key, lsp_addrs->ea_s); + inport->json_key, lsp_addrs->ea_s); if (is_external) { ds_put_format(&match, " && is_chassis_resident(%s)", op->json_key); } - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_OPTIONS, 100, - ds_cstr(&match), - ds_cstr(&options_action), - &op->nbsp->dhcpv4_options->header_); + ovn_lflow_add_with_lport_and_hint( + lflows, op->od, S_SWITCH_IN_DHCP_OPTIONS, 100, ds_cstr(&match), + ds_cstr(&options_action), inport->key, + &op->nbsp->dhcpv4_options->header_); ds_clear(&match); /* Allow ip4.src = OFFER_IP and * ip4.dst = {SERVER_IP, 255.255.255.255} for the below @@ -6673,18 +6704,17 @@ build_dhcpv4_options_flows(struct ovn_port *op, ds_put_format( &match, "inport == %s && eth.src == %s && " "%s && udp.src == 68 && udp.dst == 67", - json_key, lsp_addrs->ea_s, ds_cstr(&ipv4_addr_match)); + inport->json_key, lsp_addrs->ea_s, ds_cstr(&ipv4_addr_match)); if (is_external) { ds_put_format(&match, " && is_chassis_resident(%s)", op->json_key); } - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_OPTIONS, 100, - ds_cstr(&match), - ds_cstr(&options_action), - &op->nbsp->dhcpv4_options->header_); + ovn_lflow_add_with_lport_and_hint( + lflows, op->od, S_SWITCH_IN_DHCP_OPTIONS, 100, ds_cstr(&match), + ds_cstr(&options_action), inport->key, + &op->nbsp->dhcpv4_options->header_); ds_clear(&match); /* If REGBIT_DHCP_OPTS_RESULT is set, it means the @@ -6693,18 +6723,17 @@ build_dhcpv4_options_flows(struct ovn_port *op, &match, "inport == %s && eth.src == %s && " "ip4 && udp.src == 68 && udp.dst == 67" " && "REGBIT_DHCP_OPTS_RESULT, - json_key, lsp_addrs->ea_s); + inport->json_key, lsp_addrs->ea_s); if (is_external) { ds_put_format(&match, " && is_chassis_resident(%s)", op->json_key); } - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_RESPONSE, 100, - ds_cstr(&match), - ds_cstr(&response_action), - &op->nbsp->dhcpv4_options->header_); + ovn_lflow_add_with_lport_and_hint( + lflows, op->od, S_SWITCH_IN_DHCP_RESPONSE, 100, + ds_cstr(&match), ds_cstr(&response_action), inport->key, + &op->nbsp->dhcpv4_options->header_); ds_destroy(&options_action); ds_destroy(&response_action); ds_destroy(&ipv4_addr_match); @@ -6717,7 +6746,7 @@ build_dhcpv4_options_flows(struct ovn_port *op, static void build_dhcpv6_options_flows(struct ovn_port *op, struct lport_addresses *lsp_addrs, - const char *json_key, bool is_external, + struct ovn_port *inport, bool is_external, struct hmap *lflows) { struct ds match = DS_EMPTY_INITIALIZER; @@ -6733,27 +6762,25 @@ build_dhcpv6_options_flows(struct ovn_port *op, &match, "inport == %s && eth.src == %s" " && ip6.dst == ff02::1:2 && udp.src == 546 &&" " udp.dst == 547", - json_key, lsp_addrs->ea_s); + inport->json_key, lsp_addrs->ea_s); if (is_external) { ds_put_format(&match, " && is_chassis_resident(%s)", op->json_key); } - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_OPTIONS, 100, - ds_cstr(&match), - ds_cstr(&options_action), - &op->nbsp->dhcpv6_options->header_); + ovn_lflow_add_with_lport_and_hint( + lflows, op->od, S_SWITCH_IN_DHCP_OPTIONS, 100, ds_cstr(&match), + ds_cstr(&options_action), inport->key, + &op->nbsp->dhcpv6_options->header_); /* If REGBIT_DHCP_OPTS_RESULT is set to 1, it means the * put_dhcpv6_opts action is successful */ ds_put_cstr(&match, " && "REGBIT_DHCP_OPTS_RESULT); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_RESPONSE, 100, - ds_cstr(&match), - ds_cstr(&response_action), - &op->nbsp->dhcpv6_options->header_); + ovn_lflow_add_with_lport_and_hint( + lflows, op->od, S_SWITCH_IN_DHCP_RESPONSE, 100, + ds_cstr(&match), ds_cstr(&response_action), inport->key, + &op->nbsp->dhcpv6_options->header_); ds_destroy(&options_action); ds_destroy(&response_action); break; @@ -6782,10 +6809,10 @@ build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op, port->json_key, op->lsp_addrs[i].ea_s, op->json_key, rp->lsp_addrs[k].ipv4_addrs[l].addr_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_EXTERNAL_PORT, - 100, ds_cstr(&match), "drop;", - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint( + lflows, op->od, S_SWITCH_IN_EXTERNAL_PORT, 100, + ds_cstr(&match), "drop;", port->key, + &op->nbsp->header_); } for (size_t l = 0; l < rp->lsp_addrs[k].n_ipv6_addrs; l++) { ds_clear(&match); @@ -6798,10 +6825,10 @@ build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op, rp->lsp_addrs[k].ipv6_addrs[l].addr_s, rp->lsp_addrs[k].ipv6_addrs[l].sn_addr_s, rp->lsp_addrs[k].ipv6_addrs[l].addr_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_EXTERNAL_PORT, 100, - ds_cstr(&match), "drop;", - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint( + lflows, op->od, S_SWITCH_IN_EXTERNAL_PORT, 100, + ds_cstr(&match), "drop;", port->key, + &op->nbsp->header_); } ds_clear(&match); @@ -6812,10 +6839,11 @@ build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op, port->json_key, op->lsp_addrs[i].ea_s, rp->lsp_addrs[k].ea_s, op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_EXTERNAL_PORT, - 100, ds_cstr(&match), "drop;", - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_EXTERNAL_PORT, + 100, ds_cstr(&match), + "drop;", port->key, + &op->nbsp->header_); } } } @@ -6921,9 +6949,10 @@ build_lswitch_arp_nd_responder_skip_local(struct ovn_port *op, (!strcmp(op->nbsp->type, "vtep"))) { ds_clear(match); ds_put_format(match, "inport == %s", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, - 100, ds_cstr(match), "next;", - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 100, + ds_cstr(match), "next;", op->key, + &op->nbsp->header_); } } } @@ -6980,10 +7009,11 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, "bind_vport(%s, inport); " "next;", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 100, - ds_cstr(match), ds_cstr(actions), - &vp->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 100, + ds_cstr(match), + ds_cstr(actions), vparent, + &vp->nbsp->header_); } free(tokstr); @@ -7046,10 +7076,11 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, * network is not working as configured, so dropping the * request would frustrate that intent.) */ ds_put_format(match, " && inport == %s", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 100, - ds_cstr(match), "next;", - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, + 100, ds_cstr(match), + "next;", op->key, + &op->nbsp->header_); } /* For ND solicitations, we need to listen for both the @@ -7088,10 +7119,11 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, /* Do not reply to a solicitation from the port that owns * the address (otherwise DAD detection will fail). */ ds_put_format(match, " && inport == %s", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 100, - ds_cstr(match), "next;", - &op->nbsp->header_); + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, + 100, ds_cstr(match), + "next;", op->key, + &op->nbsp->header_); } } } @@ -7231,17 +7263,17 @@ build_lswitch_dhcp_options_and_response(struct ovn_port *op, for (size_t j = 0; j < op->od->n_localnet_ports; j++) { build_dhcpv4_options_flows( op, &op->lsp_addrs[i], - op->od->localnet_ports[j]->json_key, is_external, + op->od->localnet_ports[j], is_external, lflows); build_dhcpv6_options_flows( op, &op->lsp_addrs[i], - op->od->localnet_ports[j]->json_key, is_external, + op->od->localnet_ports[j], is_external, lflows); } } else { - build_dhcpv4_options_flows(op, &op->lsp_addrs[i], op->json_key, + build_dhcpv4_options_flows(op, &op->lsp_addrs[i], op, is_external, lflows); - build_dhcpv6_options_flows(op, &op->lsp_addrs[i], op->json_key, + build_dhcpv6_options_flows(op, &op->lsp_addrs[i], op, is_external, lflows); } } @@ -12480,6 +12512,12 @@ build_lflows(struct northd_context *ctx, struct hmap *datapaths, sbrec_logical_flow_set_priority(sbflow, lflow->priority); sbrec_logical_flow_set_match(sbflow, lflow->match); sbrec_logical_flow_set_actions(sbflow, lflow->actions); + if (lflow->io_port) { + struct smap tags = SMAP_INITIALIZER(&tags); + smap_add(&tags, "in_out_port", lflow->io_port); + sbrec_logical_flow_set_tags(sbflow, &tags); + smap_destroy(&tags); + } /* Trim the source locator lflow->where, which looks something like * "ovn/northd/ovn-northd.c:1234", down to just the part following the From patchwork Thu Jul 1 05:45:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1499270 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GFnJB3VKZz9sWk for ; Thu, 1 Jul 2021 15:46:02 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 77B7583C57; Thu, 1 Jul 2021 05:45:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ivzJdWMZhlPq; Thu, 1 Jul 2021 05:45:56 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 22E4B83C4E; Thu, 1 Jul 2021 05:45:55 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id BF24FC002B; Thu, 1 Jul 2021 05:45:53 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id AD5D0C0021 for ; Thu, 1 Jul 2021 05:45:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 8EAF283C07 for ; Thu, 1 Jul 2021 05:45:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CGxVNS2OCR-Y for ; Thu, 1 Jul 2021 05:45:50 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by smtp1.osuosl.org (Postfix) with ESMTPS id 6EA9483ADF for ; Thu, 1 Jul 2021 05:45:50 +0000 (UTC) Received: (Authenticated sender: hzhou@ovn.org) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id C1F5160006; Thu, 1 Jul 2021 05:45:47 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Wed, 30 Jun 2021 22:45:22 -0700 Message-Id: <20210701054522.162291-5-hzhou@ovn.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210701054522.162291-1-hzhou@ovn.org> References: <20210701054522.162291-1-hzhou@ovn.org> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH RFC ovn 4/4] ovn-controller: Skip non-local lflows in ovn-controller before parsing. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" With the help of logical_flow's in_out_port tag, we can skip parsing a big portion of the logical flows in SB DB, which can largely improve ovn-controller's performance whenever a full recompute is required. With a scale test topology of 1000 chassises, 20 LSPs per chassis, 20k lports in total spread acrossing 200 logical switches, connected by a logical router, the test result before & after this change: Before: - lflow-cache disabled: - ovn-controller recompute: 2.7 sec - lflow-cache enabled: - ovn-controller recompute: 2.1 sec - lflow cache memory: 622103 KB After: - lflow-cache disabled: - ovn-controller recompute: 0.83 sec - lflow-cache enabled: - ovn-controller recompute: 0.71 sec - lflow cache memory: 123641 KB (note: DP group enabled for both) So for this test scenario, when lflow cache is disabled, latency reduced ~70%; when lflow cache is enabled, latency reduced ~65% and lflow cache memory reduced ~80%. Signed-off-by: Han Zhou --- controller/lflow.c | 21 +++++++++++++++++++++ controller/lflow.h | 1 + controller/ovn-controller.c | 1 + 3 files changed, 23 insertions(+) diff --git a/controller/lflow.c b/controller/lflow.c index b7699a309..ee05c559c 100644 --- a/controller/lflow.c +++ b/controller/lflow.c @@ -740,6 +740,27 @@ consider_logical_flow__(const struct sbrec_logical_flow *lflow, return true; } + const char *io_port = smap_get(&lflow->tags, "in_out_port"); + if (io_port) { + lflow_resource_add(l_ctx_out->lfrr, REF_TYPE_PORTBINDING, io_port, + &lflow->header_.uuid); + const struct sbrec_port_binding *pb + = lport_lookup_by_name(l_ctx_in->sbrec_port_binding_by_name, + io_port); + if (!pb) { + VLOG_DBG("lflow "UUID_FMT" matches inport/outport %s that's not " + "found, skip", UUID_ARGS(&lflow->header_.uuid), io_port); + return true; + } + char buf[16]; + get_unique_lport_key(dp->tunnel_key, pb->tunnel_key, buf, sizeof buf); + if (!sset_contains(l_ctx_in->local_lport_ids, buf)) { + VLOG_DBG("lflow "UUID_FMT" matches inport/outport %s that's not " + "local, skip", UUID_ARGS(&lflow->header_.uuid), io_port); + return true; + } + } + /* Determine translation of logical table IDs to physical table IDs. */ bool ingress = !strcmp(lflow->pipeline, "ingress"); diff --git a/controller/lflow.h b/controller/lflow.h index 9d8882ae5..797d2d026 100644 --- a/controller/lflow.h +++ b/controller/lflow.h @@ -146,6 +146,7 @@ struct lflow_ctx_in { const struct shash *port_groups; const struct sset *active_tunnels; const struct sset *local_lport_ids; + const struct sset *local_lports; }; struct lflow_ctx_out { diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index b15ecbb5d..24da79628 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -2048,6 +2048,7 @@ init_lflow_ctx(struct engine_node *node, l_ctx_in->port_groups = port_groups; l_ctx_in->active_tunnels = &rt_data->active_tunnels; l_ctx_in->local_lport_ids = &rt_data->local_lport_ids; + l_ctx_in->local_lports = &rt_data->local_lports; l_ctx_out->flow_table = &fo->flow_table; l_ctx_out->group_table = &fo->group_table;