The OVN ingress pipeline for a logical switch is maxed out at 16 stages. This patch takes the simple approach of starting the ingress pipeline at table 8 rather than table 16, and starting the egress pipeline at table 40 rather than table 48.
v1->v2: Bumped range of Logical_Flow.table_id column in ovn/ovn-sb.ovsschema from 0 to 15, to 0 to 23. Ran automated tests with an extra noop table, pushing S_SWITCH_IN_L2_LKUP to 16. Signed-off-by: Mickey Spiegel <[email protected]> --- ovn/controller/lflow.h | 6 +++--- ovn/ovn-architecture.7.xml | 27 ++++++++++++++------------- ovn/ovn-sb.ovsschema | 6 +++--- ovn/utilities/ovn-trace.c | 2 +- tests/ovn.at | 40 ++++++++++++++++++++-------------------- tests/test-ovn.c | 6 +++--- 6 files changed, 44 insertions(+), 43 deletions(-) diff --git a/ovn/controller/lflow.h b/ovn/controller/lflow.h index 8761b1e..a23cde0 100644 --- a/ovn/controller/lflow.h +++ b/ovn/controller/lflow.h @@ -49,17 +49,17 @@ struct uuid; * These are heavily documented in ovn-architecture(7), please update it if * you make any changes. */ #define OFTABLE_PHY_TO_LOG 0 -#define OFTABLE_LOG_INGRESS_PIPELINE 16 /* First of LOG_PIPELINE_LEN tables. */ +#define OFTABLE_LOG_INGRESS_PIPELINE 8 /* First of LOG_PIPELINE_LEN tables. */ #define OFTABLE_REMOTE_OUTPUT 32 #define OFTABLE_LOCAL_OUTPUT 33 #define OFTABLE_CHECK_LOOPBACK 34 -#define OFTABLE_LOG_EGRESS_PIPELINE 48 /* First of LOG_PIPELINE_LEN tables. */ +#define OFTABLE_LOG_EGRESS_PIPELINE 40 /* First of LOG_PIPELINE_LEN tables. */ #define OFTABLE_SAVE_INPORT 64 #define OFTABLE_LOG_TO_PHY 65 #define OFTABLE_MAC_BINDING 66 /* The number of tables for the ingress and egress pipelines. */ -#define LOG_PIPELINE_LEN 16 +#define LOG_PIPELINE_LEN 24 void lflow_init(void); void lflow_run(struct controller_ctx *, diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml index d8114f1..eb6744b 100644 --- a/ovn/ovn-architecture.7.xml +++ b/ovn/ovn-architecture.7.xml @@ -774,7 +774,7 @@ VXLAN tunnels do not transmit the logical output port field. Since VXLAN tunnels do not carry a logical output port field in the tunnel key, when a packet is received from VXLAN tunnel by - an OVN hypervisor, the packet is resubmitted to table 16 to + an OVN hypervisor, the packet is resubmitted to table 8 to determine the output port(s); when the packet reaches table 32, these packets are resubmitted to table 33 for local delivery by checking a MLF_RCV_FROM_VXLAN flag, which is set when the packet @@ -835,7 +835,7 @@ the packet's ingress port. Its actions annotate the packet with logical metadata, by setting the logical datapath field to identify the logical datapath that the packet is traversing and the logical input - port field to identify the ingress port. Then it resubmits to table 16 + port field to identify the ingress port. Then it resubmits to table 8 to enter the logical ingress pipeline. </p> @@ -864,13 +864,13 @@ <li> <p> - OpenFlow tables 16 through 31 execute the logical ingress pipeline from + OpenFlow tables 8 through 31 execute the logical ingress pipeline from the <code>Logical_Flow</code> table in the OVN Southbound database. These tables are expressed entirely in terms of logical concepts like logical ports and logical datapaths. A big part of <code>ovn-controller</code>'s job is to translate them into equivalent OpenFlow (in particular it translates the table numbers: - <code>Logical_Flow</code> tables 0 through 15 become OpenFlow tables 16 + <code>Logical_Flow</code> tables 0 through 23 become OpenFlow tables 8 through 31). </p> @@ -999,7 +999,7 @@ and resubmit these packets to table 33 for local delivery. Packets received from VXLAN tunnels reach here because of a lack of logical output port field in the tunnel key and thus these packets needed to - be submitted to table 16 to determine the output port. + be submitted to table 8 to determine the output port. </p> <p> @@ -1024,13 +1024,13 @@ <p> Table 34 matches and drops packets for which the logical input and output ports are the same and the MLF_ALLOW_LOOPBACK flag is not - set. It resubmits other packets to table 48. + set. It resubmits other packets to table 40. </p> </li> <li> <p> - OpenFlow tables 48 through 63 execute the logical egress pipeline from + OpenFlow tables 40 through 63 execute the logical egress pipeline from the <code>Logical_Flow</code> table in the OVN Southbound database. The egress pipeline can perform a final stage of validation before packet delivery. Eventually, it may execute an <code>output</code> @@ -1110,27 +1110,28 @@ <li> In OVS versions 2.7 and later, the packet is cloned and resubmitted - directly to OpenFlow flow table 16, setting the logical ingress - port to the peer logical patch port, and using the peer logical - patch port's logical datapath (that represents the logical router). + directly to the first OpenFlow flow table in the ingress pipeline, + setting the logical ingress port to the peer logical patch port, and + using the peer logical patch port's logical datapath (that + represents the logical router). </li> </ul> <p> The packet re-enters the ingress pipeline in order to traverse tables - 16 to 65 again, this time using the logical datapath representing the + 8 to 65 again, this time using the logical datapath representing the logical router. The processing continues as described in the previous section <code>Architectural Physical Life Cycle of a Packet</code>. When the packet reachs table 65, the logical egress port will once again be a logical patch port. In the same manner as described above, this logical patch port will cause the packet to be resubmitted to - OpenFlow tables 16 to 65, this time using the logical datapath + OpenFlow tables 8 to 65, this time using the logical datapath representing the logical switch that the destination VM or container is attached to. </p> <p> - The packet traverses tables 16 to 65 a third and final time. If the + The packet traverses tables 8 to 65 a third and final time. If the destination VM or container resides on a remote hypervisor, then table 32 will send the packet on a tunnel port from the sender's hypervisor to the remote hypervisor. Finally table 65 will output the packet diff --git a/ovn/ovn-sb.ovsschema b/ovn/ovn-sb.ovsschema index ae248f8..5d7546b 100644 --- a/ovn/ovn-sb.ovsschema +++ b/ovn/ovn-sb.ovsschema @@ -1,7 +1,7 @@ { "name": "OVN_Southbound", - "version": "1.12.0", - "cksum": "4119465100 10905", + "version": "1.12.1", + "cksum": "1914140659 10905", "tables": { "SB_Global": { "columns": { @@ -63,7 +63,7 @@ "egress"]]}}}, "table_id": {"type": {"key": {"type": "integer", "minInteger": 0, - "maxInteger": 15}}}, + "maxInteger": 23}}}, "priority": {"type": {"key": {"type": "integer", "minInteger": 0, "maxInteger": 65535}}}, diff --git a/ovn/utilities/ovn-trace.c b/ovn/utilities/ovn-trace.c index a9970af..149f70d 100644 --- a/ovn/utilities/ovn-trace.c +++ b/ovn/utilities/ovn-trace.c @@ -826,7 +826,7 @@ read_flows(void) .pipeline = (!strcmp(sblf->pipeline, "ingress") ? OVNACT_P_INGRESS : OVNACT_P_EGRESS), - .n_tables = 16, + .n_tables = 24, .cur_ltable = sblf->table_id, }; uint64_t stub[1024 / 8]; diff --git a/tests/ovn.at b/tests/ovn.at index b30315e..61661c3 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -643,41 +643,41 @@ output; # next next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(11); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(0); - encodes as resubmit(,16) -next(15); + encodes as resubmit(,8) +next(23); encodes as resubmit(,31) next(); Syntax error at `)' expecting "pipeline" or "table". next(10; Syntax error at `;' expecting `)'. -next(16); - "next" action cannot advance beyond table 15. +next(24); + "next" action cannot advance beyond table 23. next(table=11); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(pipeline=ingress); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(table=11, pipeline=ingress); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(pipeline=ingress, table=11); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(pipeline=egress); "next" action cannot advance from ingress to egress pipeline (use "output" action instead) next(table=10); formats as next(10); - encodes as resubmit(,26) + encodes as resubmit(,18) # Loading a constant value. tcp.dst=80; @@ -699,7 +699,7 @@ ip.ttl=4; has prereqs eth.type == 0x800 || eth.type == 0x86dd outport="eth0"; next; outport="LOCAL"; next; formats as outport = "eth0"; next; outport = "LOCAL"; next; - encodes as set_field:0x5->reg15,resubmit(,27),set_field:0xfffe->reg15,resubmit(,27) + encodes as set_field:0x5->reg15,resubmit(,19),set_field:0xfffe->reg15,resubmit(,19) inport[1] = 1; Cannot select subfield of string field inport. @@ -780,11 +780,11 @@ ip.ttl # load balancing. ct_lb; - encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat) + encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat) has prereqs ip ct_lb(); formats as ct_lb; - encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat) + encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat) has prereqs ip ct_lb(192.168.1.2:80, 192.168.1.3:80); encodes as group:1 @@ -803,7 +803,7 @@ ct_lb(foo); # ct_next ct_next; - encodes as ct(table=27,zone=NXM_NX_REG13[0..15]) + encodes as ct(table=19,zone=NXM_NX_REG13[0..15]) has prereqs ip # ct_commit @@ -855,10 +855,10 @@ ct_commit(ct_label=18446744073709551616); # ct_dnat ct_dnat; - encodes as ct(table=27,zone=NXM_NX_REG11[0..15],nat) + encodes as ct(table=19,zone=NXM_NX_REG11[0..15],nat) has prereqs ip ct_dnat(192.168.1.2); - encodes as ct(commit,table=27,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2)) + encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2)) has prereqs ip ct_dnat(192.168.1.2, 192.168.1.3); @@ -872,10 +872,10 @@ ct_dnat(); # ct_snat ct_snat; - encodes as ct(table=27,zone=NXM_NX_REG12[0..15],nat) + encodes as ct(table=19,zone=NXM_NX_REG12[0..15],nat) has prereqs ip ct_snat(192.168.1.2); - encodes as ct(commit,table=27,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2)) + encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2)) has prereqs ip ct_snat(192.168.1.2, 192.168.1.3); @@ -893,7 +893,7 @@ ct_clear; # clone clone { ip4.dst = 255.255.255.255; output; }; next; - encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)),resubmit(,27) + encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)),resubmit(,19) has prereqs eth.type == 0x800 # arp diff --git a/tests/test-ovn.c b/tests/test-ovn.c index 18860ae..32efac4 100644 --- a/tests/test-ovn.c +++ b/tests/test-ovn.c @@ -1224,7 +1224,7 @@ test_parse_actions(struct ovs_cmdl_context *ctx OVS_UNUSED) .symtab = &symtab, .dhcp_opts = &dhcp_opts, .dhcpv6_opts = &dhcpv6_opts, - .n_tables = 16, + .n_tables = 24, .cur_ltable = 10, }; error = ovnacts_parse_string(ds_cstr(&input), &pp, &ovnacts, &prereqs); @@ -1245,8 +1245,8 @@ test_parse_actions(struct ovs_cmdl_context *ctx OVS_UNUSED) .group_table = &group_table, .pipeline = OVNACT_P_INGRESS, - .ingress_ptable = 16, - .egress_ptable = 48, + .ingress_ptable = 8, + .egress_ptable = 40, .output_ptable = 64, .mac_bind_ptable = 65, }; -- 1.9.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
