On 26 October 2015 at 08:32, Andrey Korolyov <[email protected]> wrote: > Hi, > > As far as I can see, the default 200k limit for in-datapath rules > working not exactly as suggested, because dpctl shows far lower number > of the active flows and with max-idle for 2.5h: > > system@ovs-system: > lookups: hit:176489248433 missed:29538996446 lost:46962 > flows: 6462 > masks: hit:906990269299 total:5 hit/pkt:4.40 > > > Stdev of flow# is about ten percent within a minute, so OVS behaving > slightly different than it should by a bare look at the code. Can > anyone please suggest a way to change an eviction rate so datapath > will hold at least one tenth of amount of prefixes from the limit, or > it is intentional to hold in-dp flow number that low? Indeed there is > a small tail with low hit-rate but most of those subnets are > definitely used more frequently than max-idle.
If your flow table isn't sufficiently complex, then there may be no reason for OVS userspace to generate more datapath flows. If traffic isn't regularly hitting your flows, then OVS will evict those flows from the datapath. If OVS is not able to validate all datapath flows within a second, then it will reduce the number of datapath flows that it maintains. There have been significant improvements in how this works in v2.1.x (with threaded revalidation) and in v2.4.x (with UFID), so if you're not already running 2.4 or later, I suggest updating. Since you're interested in how datapath flow management works, you may get more insight from "Revaliwhat? Keeping kernel flows fresh" from OVS fall conference 2014. It's on the OVS website. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
