> On 22 Jan 2026, at 8:37 PM, Dumitru Ceara <[email protected]> wrote: > > !-------------------------------------------------------------------| > CAUTION: External Email > > |-------------------------------------------------------------------! > > On 1/22/26 10:24 AM, Dumitru Ceara wrote: >> On 1/22/26 4:22 AM, Nave enack Yerramneni wrote: >>> >>> >>>> On 21 Jan 2026, at 9:09 PM, Dumitru Ceara <[email protected]> wrote: >>>> >>>> !-------------------------------------------------------------------| >>>> CAUTION: External Email >>>> >>>> |-------------------------------------------------------------------! >>>> >>>> On 1/21/26 4:26 PM, Mark Michelson wrote: >>>>> Hi Naveen, >>>>> >>>> >>>> Hi Naveen, Mark, >>>> >>>>> Dumitru or Numan may have a different opinion from me on this, but I >>>>> don't think it makes sense to integrate this patch into 26.03 without >>>>> the rest of the active-active patches. I'm imagining a user that is >>>>> using the Network Function support in ovn25.09 upgrading to ovn26.03. >>>>> Now they find that they need to insert an ID for the network functions >>>>> that they didn't have to before. When they look into why they need to >>>>> do it, the answer is...no reason. Yes, the ID will be used in a future >>>>> version, but in the current version, it's being required for no >>>>> apparent reason. IMO, this should be deferred until the entire >>>>> active-active patch series is posted. This way, it is more clear why >>>>> the ID is being required. >>>>> >>>> >>>> I agree. The Network_Function support is released and not experimental >>>> so we can't really break any potential users (even if we think there are >>>> no other users we can't know for sure). >>> >>> >>> Hi Mark, Dumitru, >>> >> >> Hi Naveen, >> >>> Network Function patches are merged post 25.09 release. >>> 26.03 will be the first release that supports Network Function. >>> >> >> Ah, you're completely right, I mixed things up. So it's fine to still >> change the NB-facing interface for Network Function. Then it's good to >> consider this work for 26.03. >> >>>> >>>>> On a secondary note, if someone is not going to use the active-active, >>>>> feature, it would be good if the ID on the NF is optional. This way >>>>> we're less likely to cause problems during upgrades. >>>>> >>>> >>>> +1, if we don't and we make it mandatory and unique we're also breaking >>>> potential existing users. >>>> >>>> I didn't look at the actual patch or read into the Active/Active plan in >>>> too much detail but I assume we can validate the presence and uniqueness >>>> of the ID (once we add support for it) in northd and warn on >>>> misconfigurations. >>>> >>>> For the CMS there would be no actual difference as it would still have >>>> to generate unique IDs in order for Active/Active to work. >>>> >>>> Or, Naveen, are you saying you'd like to stop using NFG.ID completely >>>> and change the implementation for non-Active/Active as well? >>> >>> Yes, we want to commit NF-ID in CT always irrespective of HA mode >>> (Active/Active or Active/Standby). >>> >> >> But then that part for Active/Standby should also be included in the >> patch that adds NF.ID. Also, in the same series we should remove the >> NFG.ID from the schema (and implementation) as it won't be used anymore. >> >> Would you have time to post something in the next few days? I can >> prioritize review for it then. Worst case we can consider this an >> exception from the soft freeze process because we're already discussing it. >> > > I'll move this patch to "Changes Requested" in patchwork waiting for a > v2 that does the above (also remove the NFG.ID and change the > implementation for the Active/Standby case.
Sure, Thanks. We will send updated patch for review in few days. > > That also means, in my opinion, that we should defer "Add support for > Network Function VTAP mode" [0] until we implement the NFG.ID -> NF.ID > changes. As it doesn't make sense to add more features while we're > changing the interface. > > What do you think? I agree, pease hold this review. I will send updated patch once NF ID changes are merged. VTAP patch can go in post 26.03 as well. > > Thanks, > Dumitru > > [0] > https://urldefense.proofpoint.com/v2/url?u=https-3A__patchwork.ozlabs.org_project_ovn_list_-3Fseries-3D488989-26state-3D-2A&d=DwIDaQ&c=s883GpUCOChKOHiocYtGcg&r=2PQjSDR7A28z1kXE1ptSm6X36oL_nCq1XxeEt7FkLmA&m=PVp1TWufM2AC3juzJ_EvBPtl03nddj_0cmIpJRG_0owa-LLf7SS4Vt6rOhliy3W1&s=6FPZAMdRD6uW_0poyTau2vBNTSFFdrmc1i5azh1JH4c&e= > >> Regards, >> Dumitru >> >>>> >>>> Regards, >>>> Dumitru >>>> >>>>> Thanks, >>>>> Mark Michelson >>>>> >>>>> On Tue, Jan 20, 2026 at 11:55 PM Naveen Yerramneni >>>>> <[email protected]> wrote: >>>>>> >>>>>> Hi Dumitru, Mark, Numan, >>>>>> >>>>>> >>>>>> >>>>>> Could you please consider this patch for OVN 26.03 release ? >>>>>> >>>>>> Since there is no enough time to review entire Active/Active patch for >>>>>> 26.03 , we thought it is better to commit this schema changes for 26.03. >>>>>> >>>>>> The plan is to modify the code to store nf-id in CT label instead of >>>>>> nfg-id in Active/Active patch. This is required to avoid switching >>>>>> existing connections going to healthy NFs when no.of healthy NFs count >>>>>> in an NFG changes. >>>>>> >>>>>> Please let us know if there any concerns or other suggestions. >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Naveen >>>>>> >>>>>> >>>>>> >>>>>> From: Aditya Mehakare <[email protected]> >>>>>> Date: Tuesday, 20 January 2026 at 8:16 PM >>>>>> To: [email protected] <[email protected]> >>>>>> Cc: Aditya Mehakare <[email protected]>, Naveen Yerramneni >>>>>> <[email protected]> >>>>>> Subject: [PATCH ovn] ovn-nb, ovn-nbctl: Add ID column to >>>>>> Network_Function table. >>>>>> >>>>>> This commit introduces a new 'id' column to the Network_Function table >>>>>> in the OVN Northbound database schema. The ID is a mandatory integer >>>>>> field (range 1-255) with a unique index constraint. >>>>>> >>>>>> This change is required to support network function active-active mode >>>>>> in future releases. The ID will be used to uniquely identify network >>>>>> functions in scenarios where multiple instances need to be managed >>>>>> simultaneously. >>>>>> >>>>>> Since this is a schema change that is not backward compatible, it is >>>>>> being introduced in the current release to ensure smoother upgrades >>>>>> when active-active mode support is added in subsequent releases. >>>>>> >>>>>> Schema changes: >>>>>> - Added 'id' column to Network_Function table (integer, 1-255) >>>>>> - Added unique index on 'id' column alongside existing 'name' index >>>>>> >>>>>> Changes to ovn-nbctl: >>>>>> - Updated nf-add command to require ID parameter: >>>>>> nf-add NETWORK-FUNCTION ID PORT-IN PORT-OUT >>>>>> - Modified nf-list to display the ID field >>>>>> - Updated related documentation, and tests >>>>>> >>>>>> Signed-off-by: Aditya Mehakare <[email protected]> >>>>>> Acked-by: Naveen Yerramneni <[email protected]> >>>>>> --- >>>>>> ovn-nb.ovsschema | 10 +++++--- >>>>>> ovn-nb.xml | 5 ++++ >>>>>> tests/ovn-nbctl.at | 48 +++++++++++++++++++++++++++------------ >>>>>> tests/ovn-northd.at | 8 +++---- >>>>>> tests/ovn.at | 6 ++--- >>>>>> tests/system-ovn.at | 4 ++-- >>>>>> utilities/ovn-nbctl.8.xml | 19 ++++++++-------- >>>>>> utilities/ovn-nbctl.c | 25 +++++++++++++++----- >>>>>> 8 files changed, 84 insertions(+), 41 deletions(-) >>>>>> >>>>>> diff --git a/ovn-nb.ovsschema b/ovn-nb.ovsschema >>>>>> index 8c2c1d861..2c60d000c 100644 >>>>>> --- a/ovn-nb.ovsschema >>>>>> +++ b/ovn-nb.ovsschema >>>>>> @@ -1,7 +1,7 @@ >>>>>> { >>>>>> "name": "OVN_Northbound", >>>>>> - "version": "7.15.0", >>>>>> - "cksum": "4060410729 43708", >>>>>> + "version": "7.16.0", >>>>>> + "cksum": "3182666148 43912", >>>>>> "tables": { >>>>>> "NB_Global": { >>>>>> "columns": { >>>>>> @@ -213,10 +213,14 @@ >>>>>> "refTable": "Network_Function_Health_Check", >>>>>> "refType": "strong"}, >>>>>> "min": 0, "max": 1}}, >>>>>> + "id": { >>>>>> + "type": {"key": {"type": "integer", >>>>>> + "minInteger": 1, >>>>>> + "maxInteger": 255}}}, >>>>>> "external_ids": { >>>>>> "type": {"key": "string", "value": "string", >>>>>> "min": 0, "max": "unlimited"}}}, >>>>>> - "indexes": [["name"]], >>>>>> + "indexes": [["name"], ["id"]], >>>>>> "isRoot": true}, >>>>>> "Network_Function_Group": { >>>>>> "columns": { >>>>>> diff --git a/ovn-nb.xml b/ovn-nb.xml >>>>>> index e74c0d010..4f71fe0e7 100644 >>>>>> --- a/ovn-nb.xml >>>>>> +++ b/ovn-nb.xml >>>>>> @@ -6382,6 +6382,11 @@ or >>>>>> Name of the <ref table="Network_Function"/>. Name should be unique. >>>>>> </column> >>>>>> >>>>>> + <column name="id"> >>>>>> + A unique integer between 1 and 255 must be assigned to each >>>>>> + <code>Network_Function</code>. >>>>>> + </column> >>>>>> + >>>>>> <column name="inport"> >>>>>> <ref table="Logical_Switch_Port"/> where request traffic for >>>>>> from-lport >>>>>> ACL and response traffic for to-lport ACL is redirected. >>>>>> diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at >>>>>> index dccf30758..f4cb89b82 100644 >>>>>> --- a/tests/ovn-nbctl.at >>>>>> +++ b/tests/ovn-nbctl.at >>>>>> @@ -3245,13 +3245,13 @@ AT_CHECK([check ovn-nbctl set >>>>>> logical_switch_port svc-port1 \ >>>>>> options:is-nf=true options:nf-linked-port=svc-port0]) >>>>>> >>>>>> # Create network-function. >>>>>> -AT_CHECK([ovn-nbctl nf-add nf0 svc-port0 svc-port1]) >>>>>> -AT_CHECK([ovn-nbctl nf-add nf0 svc-port0 svc-port1], [1], [], >>>>>> +AT_CHECK([ovn-nbctl nf-add nf0 1 svc-port0 svc-port1]) >>>>>> +AT_CHECK([ovn-nbctl nf-add nf0 1 svc-port0 svc-port1], [1], [], >>>>>> [ovn-nbctl: nf0: same name network-function already exists >>>>>> ]) >>>>>> -AT_CHECK([ovn-nbctl --may-exist nf-add nf0 svc-port0 svc-port1]) >>>>>> +AT_CHECK([ovn-nbctl --may-exist nf-add nf0 1 svc-port0 svc-port1]) >>>>>> AT_CHECK([ovn-nbctl nf-list | uuidfilt], [0], [dnl >>>>>> -<0> (nf0) in:svc-port0 out:svc-port1 >>>>>> +<0> (nf0) id:1 in:svc-port0 out:svc-port1 >>>>>> ]) >>>>>> >>>>>> # Test --may-exist overwrite behavior: update existing network function >>>>>> with new ports >>>>>> @@ -3263,25 +3263,25 @@ AT_CHECK([check ovn-nbctl set >>>>>> logical_switch_port svc-port4 \ >>>>>> AT_CHECK([check ovn-nbctl set logical_switch_port svc-port5 \ >>>>>> options:receive_multicast=false options:lsp_learn_fdb=false \ >>>>>> options:is-nf=true options:nf-linked-port=svc-port4]) >>>>>> -AT_CHECK([ovn-nbctl --may-exist nf-add nf0 svc-port4 svc-port5]) >>>>>> +AT_CHECK([ovn-nbctl --may-exist nf-add nf0 1 svc-port4 svc-port5]) >>>>>> AT_CHECK([ovn-nbctl nf-list | uuidfilt], [0], [dnl >>>>>> -<0> (nf0) in:svc-port4 out:svc-port5 >>>>>> +<0> (nf0) id:1 in:svc-port4 out:svc-port5 >>>>>> ]) >>>>>> >>>>>> # Create two more network-functions, one with same inport and outport. >>>>>> AT_CHECK([check ovn-nbctl lsp-add ls0 svc-port2]) >>>>>> AT_CHECK([check ovn-nbctl lsp-add ls0 svc-port3]) >>>>>> -AT_CHECK([ovn-nbctl nf-add nf1 svc-port2 svc-port3]) >>>>>> +AT_CHECK([ovn-nbctl nf-add nf1 2 svc-port2 svc-port3]) >>>>>> AT_CHECK([ovn-nbctl nf-list | uuidfilt], [0], [dnl >>>>>> -<0> (nf0) in:svc-port4 out:svc-port5 >>>>>> -<1> (nf1) in:svc-port2 out:svc-port3 >>>>>> +<0> (nf0) id:1 in:svc-port4 out:svc-port5 >>>>>> +<1> (nf1) id:2 in:svc-port2 out:svc-port3 >>>>>> ]) >>>>>> >>>>>> -AT_CHECK([ovn-nbctl nf-add nf2 svc-port2 svc-port2]) >>>>>> +AT_CHECK([ovn-nbctl nf-add nf2 3 svc-port2 svc-port2]) >>>>>> AT_CHECK([ovn-nbctl nf-list | uuidfilt], [0], [dnl >>>>>> -<0> (nf0) in:svc-port4 out:svc-port5 >>>>>> -<1> (nf1) in:svc-port2 out:svc-port3 >>>>>> -<2> (nf2) in:svc-port2 out:svc-port2 >>>>>> +<0> (nf0) id:1 in:svc-port4 out:svc-port5 >>>>>> +<1> (nf1) id:2 in:svc-port2 out:svc-port3 >>>>>> +<2> (nf2) id:3 in:svc-port2 out:svc-port2 >>>>>> ]) >>>>>> >>>>>> # Create a network-function-group. >>>>>> @@ -3334,10 +3334,30 @@ AT_CHECK([ovn-nbctl nfg-list | uuidfilt], [0], >>>>>> []) >>>>>> AT_CHECK([ovn-nbctl nf-del nf1]) >>>>>> AT_CHECK([ovn-nbctl nf-del nf0]) >>>>>> AT_CHECK([ovn-nbctl nf-list | uuidfilt], [0], [dnl >>>>>> -<0> (nf2) in:svc-port2 out:svc-port2 >>>>>> +<0> (nf2) id:3 in:svc-port2 out:svc-port2 >>>>>> ]) >>>>>> AT_CHECK([ovn-nbctl nf-del nf2]) >>>>>> AT_CHECK([ovn-nbctl nf-list | uuidfilt], [0], []) >>>>>> + >>>>>> +# Test ID validation and uniqueness >>>>>> +AT_CHECK([check ovn-nbctl lsp-add ls0 svc-port6]) >>>>>> +AT_CHECK([check ovn-nbctl lsp-add ls0 svc-port7]) >>>>>> +# Test invalid ID (out of range) >>>>>> +AT_CHECK([ovn-nbctl nf-add nf3 0 svc-port6 svc-port7], [1], [], >>>>>> + [ovn-nbctl: network-function id must be between 1 and 255 >>>>>> +]) >>>>>> +AT_CHECK([ovn-nbctl nf-add nf3 256 svc-port6 svc-port7], [1], [], >>>>>> + [ovn-nbctl: network-function id must be between 1 and 255 >>>>>> +]) >>>>>> +AT_CHECK([ovn-nbctl nf-add nf3 abc svc-port6 svc-port7], [1], [], >>>>>> + [ovn-nbctl: network-function id must be between 1 and 255 >>>>>> +]) >>>>>> +# Test valid ID >>>>>> +AT_CHECK([ovn-nbctl nf-add nf3 10 svc-port6 svc-port7]) >>>>>> +AT_CHECK([ovn-nbctl nf-list | uuidfilt], [0], [dnl >>>>>> +<0> (nf3) id:10 in:svc-port6 out:svc-port7 >>>>>> +]) >>>>>> +AT_CHECK([ovn-nbctl nf-del nf3]) >>>>>> ]) >>>>>> >>>>>> AT_SETUP([ovn-nbctl - TLS server name indication (SNI) with >>>>>> --ssl-server-name]) >>>>>> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at >>>>>> index 25655c456..9a1cfdb99 100644 >>>>>> --- a/tests/ovn-northd.at >>>>>> +++ b/tests/ovn-northd.at >>>>>> @@ -18438,7 +18438,7 @@ check ovn-nbctl set logical_switch_port >>>>>> sw0-nf-p1 \ >>>>>> check ovn-nbctl set logical_switch_port sw0-nf-p2 \ >>>>>> options:receive_multicast=false options:lsp_learn_mac=false \ >>>>>> options:is-nf=true options:nf-linked-port=sw0-nf-p1 >>>>>> -check ovn-nbctl nf-add nf0 sw0-nf-p1 sw0-nf-p2 >>>>>> +check ovn-nbctl nf-add nf0 1 sw0-nf-p1 sw0-nf-p2 >>>>>> check ovn-nbctl nfg-add nfg0 1 inline nf0 >>>>>> >>>>>> check ovn-nbctl lsp-add sw0 sw0-p1 -- lsp-set-addresses sw0-p1 >>>>>> "00:00:00:00:00:01 10.0.0.2" >>>>>> @@ -18551,7 +18551,7 @@ check ovn-nbctl set logical_switch_port >>>>>> sw0-nf-p3 \ >>>>>> check ovn-nbctl set logical_switch_port sw0-nf-p4 \ >>>>>> options:receive_multicast=false options:lsp_learn_mac=false \ >>>>>> options:is-nf=true options:nf-linked-port=sw0-nf-p3 >>>>>> -check ovn-nbctl nf-add nf1 sw0-nf-p3 sw0-nf-p4 >>>>>> +check ovn-nbctl nf-add nf1 2 sw0-nf-p3 sw0-nf-p4 >>>>>> check ovn-nbctl nfg-add nfg1 2 inline nf1 >>>>>> check ovn-nbctl acl-add pg0 to-lport 1003 "outport == @pg0 && ip4.src == >>>>>> 10.0.0.4" allow-related nfg1 >>>>>> check ovn-sbctl lsp-bind sw0-nf-p3 hv1 >>>>>> @@ -18729,8 +18729,8 @@ check ovn-nbctl set logical_switch_port $nfsw-p4 >>>>>> \ >>>>>> options:receive_multicast=false options:lsp_learn_fdb=false \ >>>>>> options:is-nf=true options:nf-linked-port=$nfsw-p3 >>>>>> >>>>>> -check ovn-nbctl nf-add nf0 $nfsw-p1 $nfsw-p2 >>>>>> -check ovn-nbctl nf-add nf1 $nfsw-p3 $nfsw-p4 >>>>>> +check ovn-nbctl nf-add nf0 1 $nfsw-p1 $nfsw-p2 >>>>>> +check ovn-nbctl nf-add nf1 2 $nfsw-p3 $nfsw-p4 >>>>>> nf0_uuid=$(fetch_column nb:network_function _uuid name=nf0) >>>>>> nf1_uuid=$(fetch_column nb:network_function _uuid name=nf1) >>>>>> AT_CHECK( >>>>>> diff --git a/tests/ovn.at b/tests/ovn.at >>>>>> index 445a74ce5..3babe1636 100644 >>>>>> --- a/tests/ovn.at >>>>>> +++ b/tests/ovn.at >>>>>> @@ -35816,7 +35816,7 @@ check ovs-vsctl add-port br-int ls0-hv -- set >>>>>> Interface ls0-hv external-ids:ifac >>>>>> check ovn-nbctl lr-add lr0 >>>>>> >>>>>> check ovn-nbctl ls-add ls0 >>>>>> -check ovn-nbctl lsp-add ls0 ls0-lr0 >>>>>> +check ovn-nbctl lsp-add ls0 ls0-lr0 >>>>>> check ovn-nbctl lsp-set-type ls0-lr0 router >>>>>> check ovn-nbctl lsp-set-addresses ls0-lr0 router >>>>>> check ovn-nbctl lrp-add lr0 lr0-ls0 00:00:00:00:00:01 10.0.0.1 >>>>>> @@ -43563,7 +43563,7 @@ create_logical_topology() { >>>>>> check ovn-nbctl set logical_switch_port $sw-nf-p2 \ >>>>>> options:receive_multicast=false options:lsp_learn_mac=false \ >>>>>> options:is-nf=true options:nf-linked-port=$sw-nf-p1 >>>>>> - check ovn-nbctl nf-add nf0 $sw-nf-p1 $sw-nf-p2 >>>>>> + check ovn-nbctl nf-add nf0 1 $sw-nf-p1 $sw-nf-p2 >>>>>> check ovn-nbctl nfg-add nfg0 1 inline nf0 >>>>>> check ovn-nbctl pg-add pg0 $sw-p1 >>>>>> check ovn-nbctl acl-add pg0 from-lport 1002 "inport == @pg0 && >>>>>> ip4.dst == 192.168.0.12" allow-related nfg0 >>>>>> @@ -43753,7 +43753,7 @@ create_logical_topology() { >>>>>> check ovn-nbctl set logical_switch_port $sw-nf-p2 \ >>>>>> options:receive_multicast=false options:lsp_learn_mac=false \ >>>>>> options:is-nf=true options:nf-linked-port=$sw-nf-p1 >>>>>> - check ovn-nbctl nf-add nf0 $sw-nf-p1 $sw-nf-p2 >>>>>> + check ovn-nbctl nf-add nf0 1 $sw-nf-p1 $sw-nf-p2 >>>>>> check ovn-nbctl nfg-add nfg0 1 inline nf0 >>>>>> check ovn-nbctl pg-add pg0 $sw-p1 >>>>>> check ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4.src >>>>>> == 192.168.0.12" allow-related nfg0 >>>>>> diff --git a/tests/system-ovn.at b/tests/system-ovn.at >>>>>> index fc601dd1b..a10f3e591 100644 >>>>>> --- a/tests/system-ovn.at >>>>>> +++ b/tests/system-ovn.at >>>>>> @@ -19417,7 +19417,7 @@ check ovn-nbctl set logical_switch_port child-4 >>>>>> options:receive_multicast=false >>>>>> >>>>>> AS_BOX([Test-1: Single NF without health check]) >>>>>> >>>>>> -check ovn-nbctl nf-add nf0 nf-p1 nf-p2 >>>>>> +check ovn-nbctl nf-add nf0 1 nf-p1 nf-p2 >>>>>> nf0_uuid=$(fetch_column nb:network_function _uuid name=nf0) >>>>>> check ovn-nbctl nfg-add nfg0 1 inline nf0 >>>>>> nfg_uuid=$(fetch_column nb:network_function_group _uuid name=nfg0) >>>>>> @@ -19519,7 +19519,7 @@ validate_single_nf_no_health_check "server" >>>>>> "client" "192.168.1.10" "Outbound" >>>>>> AS_BOX([Test-2: Two NFs with health check config enabled]) >>>>>> >>>>>> # Add second NF >>>>>> -check ovn-nbctl nf-add nf1 nf-p3 nf-p4 >>>>>> +check ovn-nbctl nf-add nf1 2 nf-p3 nf-p4 >>>>>> nf1_uuid=$(fetch_column nb:network_function _uuid name=nf1) >>>>>> >>>>>> # Add bridge for nf1 >>>>>> diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml >>>>>> index 7df902944..253f6d8fc 100644 >>>>>> --- a/utilities/ovn-nbctl.8.xml >>>>>> +++ b/utilities/ovn-nbctl.8.xml >>>>>> @@ -475,16 +475,17 @@ >>>>>> <h2>Network Function Commands</h2> >>>>>> >>>>>> <dl> >>>>>> - <dt>[<code>--may-exist</code>] <code>nf-add</code> <var>nf</var> >>>>>> <var>inport</var> <var>outport</var></dt> >>>>>> + <dt>[<code>--may-exist</code>] <code>nf-add</code> <var>nf</var> >>>>>> <var>id</var> <var>inport</var> <var>outport</var></dt> >>>>>> <dd> >>>>>> <p> >>>>>> - Creates a new network function named <var>nf</var> with >>>>>> logical >>>>>> - switch ports <var>inport</var> and <var>outport</var>. Both >>>>>> the >>>>>> - ports must be on the same logical switch and must be already >>>>>> - created. When used in an ACL action, traffic matching the ACL >>>>>> - are redirected to the <var>inport</var> if it is from-lport >>>>>> ACL >>>>>> - and to the <var>outport</var> if it is to-lport ACL. The >>>>>> response >>>>>> - packets are sent through the same ports in reverse order. >>>>>> + Creates a new network function named <var>nf</var> with the >>>>>> specified >>>>>> + <var>id</var> (an integer between 1 and 255) and logical >>>>>> switch ports >>>>>> + <var>inport</var> and <var>outport</var>. Both the ports must >>>>>> be on >>>>>> + the same logical switch and must be already created. When >>>>>> used in an >>>>>> + ACL action, traffic matching the ACL are redirected to the >>>>>> + <var>inport</var> if it is from-lport ACL and to >>>>>> <var>outport</var> >>>>>> + if it is to-lport ACL. The response packets are sent through >>>>>> the same >>>>>> + ports in reverse order. >>>>>> </p> >>>>>> >>>>>> <p> >>>>>> @@ -1498,7 +1499,7 @@ >>>>>> The optional argument <var>protocol</var> must be either >>>>>> <code>tcp</code>, <code>udp</code> or <code>sctp</code>. This >>>>>> argument >>>>>> is useful when a port number is provided as part of the >>>>>> <var>vip</var>. >>>>>> - If the <var>protocol</var> is unspecified and a port number is >>>>>> provided >>>>>> + If the <var>protocol</var> is unspecified and a port number is >>>>>> provided >>>>>> as part of the <var>vip</var>, OVN assumes the >>>>>> <var>protocol</var> to >>>>>> be <code>tcp</code>. >>>>>> </p> >>>>>> diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c >>>>>> index cdf6b578a..2b674cad3 100644 >>>>>> --- a/utilities/ovn-nbctl.c >>>>>> +++ b/utilities/ovn-nbctl.c >>>>>> @@ -393,7 +393,7 @@ Network function group commands:\n\ >>>>>> network-function-group\n\ >>>>>> \n\ >>>>>> Network function commands:\n\ >>>>>> - nf-add NETWORK-FUNCTION PORT-IN PORT-OUT\n\ >>>>>> + nf-add NETWORK-FUNCTION ID PORT-IN PORT-OUT\n\ >>>>>> create a network-function\n\ >>>>>> nf-del NETWORK-FUNCTION delete a network-function\n\ >>>>>> nf-list print all network-functions\n\ >>>>>> @@ -2483,6 +2483,7 @@ nbctl_pre_nf_add(struct ctl_context *ctx) >>>>>> >>>>>> ovsdb_idl_add_column(ctx->idl, &nbrec_logical_switch_port_col_name); >>>>>> ovsdb_idl_add_column(ctx->idl, &nbrec_network_function_col_name); >>>>>> + ovsdb_idl_add_column(ctx->idl, &nbrec_network_function_col_id); >>>>>> ovsdb_idl_add_column(ctx->idl, &nbrec_network_function_col_inport); >>>>>> ovsdb_idl_add_column(ctx->idl, &nbrec_network_function_col_outport); >>>>>> } >>>>>> @@ -2495,17 +2496,25 @@ nbctl_nf_add(struct ctl_context *ctx) >>>>>> >>>>>> bool may_exist = shash_find(&ctx->options, "--may-exist") != NULL; >>>>>> >>>>>> - char * error = lsp_by_name_or_uuid(ctx, ctx->argv[2], true, >>>>>> &lsp_in); >>>>>> + char * error = lsp_by_name_or_uuid(ctx, ctx->argv[3], true, >>>>>> &lsp_in); >>>>>> if (error) { >>>>>> ctx->error = error; >>>>>> return; >>>>>> } >>>>>> - error = lsp_by_name_or_uuid(ctx, ctx->argv[3], true, &lsp_out); >>>>>> + error = lsp_by_name_or_uuid(ctx, ctx->argv[4], true, &lsp_out); >>>>>> if (error) { >>>>>> ctx->error = error; >>>>>> return; >>>>>> } >>>>>> >>>>>> + /* Validate and parse ID */ >>>>>> + int64_t nf_id = 0; >>>>>> + if (!ovs_scan(ctx->argv[2], "%"SCNd64, &nf_id) >>>>>> + || nf_id < 1 || nf_id > 255) { >>>>>> + ctl_error(ctx, "network-function id must be between 1 and 255"); >>>>>> + return; >>>>>> + } >>>>>> + >>>>>> const char *nf_name = ctx->argv[1]; >>>>>> >>>>>> /* Check if network function already exists */ >>>>>> @@ -2528,6 +2537,9 @@ nbctl_nf_add(struct ctl_context *ctx) >>>>>> nbrec_network_function_set_name(nf, nf_name); >>>>>> } >>>>>> >>>>>> + /* Set ID */ >>>>>> + nbrec_network_function_set_id(nf, nf_id); >>>>>> + >>>>>> /* Set/update the ports */ >>>>>> nbrec_network_function_set_inport(nf, lsp_in); >>>>>> nbrec_network_function_set_outport(nf, lsp_out); >>>>>> @@ -2560,6 +2572,7 @@ static void >>>>>> nbctl_pre_nf_list(struct ctl_context *ctx) >>>>>> { >>>>>> ovsdb_idl_add_column(ctx->idl, &nbrec_network_function_col_name); >>>>>> + ovsdb_idl_add_column(ctx->idl, &nbrec_network_function_col_id); >>>>>> ovsdb_idl_add_column(ctx->idl, &nbrec_network_function_col_inport); >>>>>> ovsdb_idl_add_column(ctx->idl, &nbrec_network_function_col_outport); >>>>>> ovsdb_idl_add_column(ctx->idl, &nbrec_logical_switch_port_col_name); >>>>>> @@ -2577,9 +2590,9 @@ nbctl_nf_list(struct ctl_context *ctx) >>>>>> const char *linport_name = linport ? linport->name : "<not_set>"; >>>>>> const char *loutport_name = loutport ? loutport->name : >>>>>> "<not_set>"; >>>>>> smap_add_format(&nfs, nf->name, >>>>>> - UUID_FMT " (%s) in:%s out:%s", >>>>>> + UUID_FMT " (%s) id:%"PRId64" in:%s out:%s", >>>>>> UUID_ARGS(&nf->header_.uuid), >>>>>> - nf->name, linport_name, loutport_name); >>>>>> + nf->name, nf->id, linport_name, loutport_name); >>>>>> } >>>>>> const struct smap_node **nodes = smap_sort(&nfs); >>>>>> for (size_t i = 0; i < smap_count(&nfs); i++) { >>>>>> @@ -8877,7 +8890,7 @@ static const struct ctl_command_syntax >>>>>> nbctl_commands[] = { >>>>>> nbctl_nf_group_del_network_function, NULL, "--if-exists", RW }, >>>>>> >>>>>> /* network-function commands. */ >>>>>> - { "nf-add", 3, 3, "NETWORK-FUNCTION PORT-IN PORT-OUT", >>>>>> + { "nf-add", 4, 4, "NETWORK-FUNCTION ID PORT-IN PORT-OUT", >>>>>> nbctl_pre_nf_add, >>>>>> nbctl_nf_add, >>>>>> NULL, "--may-exist", RW }, >>>>>> -- >>>>>> 2.43.5 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
