This series adds support for user configured control plane protection policies. Such policies are implemented through OVS meters and are useful for protecting ovn-controller from being overloaded by control traffic (any type of traffic that requires ovn-controller additional processing).
First, logical flows are extended to allow ovn-northd to refer to a specific Meter that would be used when traffic matching logical flows is punted to ovn-controller. The following commit builds the infrastructure required for configuring control plane policies and adds code to ovn-northd to allow creation of logical flows that have an associated control meter. Then CoPP is implemented for all types of traffic that currently gets punted to ovn-controller. CoPP can be applied at different levels: logical switch port, logical router port, logical switch, logical router. Whenever a CoPP policy is configured for a logical port, it will take precedence over the policy configured at router/switch level. However, per port CoPP policies are allowed only for types of traffic that are currently handled by ovn-northd through logical flows that also match on "inport". This could be further refined by follow-up commits. Post-RFC remaining items: - add autotests for CoPP Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-September/362732.html CC: Han Zhou <[email protected]> CC: Numan Siddique <[email protected]>> Signed-off-by: Dumitru Ceara <[email protected]> Dumitru Ceara (5): ovn-controller: Add support for Logical_Flow control meters. ovn-northd: Add support for CoPP. ovn-northd: Add CoPP policies for flows that punt packets to ovn-controller. ovn-northd: Extend metering to Controller-Events NEWS: Add CoPP support. NEWS | 1 controller/lflow.c | 37 ++++ controller/ofctrl.c | 29 +++ controller/ofctrl.h | 13 + controller/physical.c | 3 include/ovn/actions.h | 3 lib/actions.c | 104 ++++------- lib/automake.mk | 2 lib/copp.c | 99 +++++++++++ lib/copp.h | 58 ++++++ northd/ovn-northd.c | 300 ++++++++++++++++++++++----------- ovn-nb.ovsschema | 24 ++- ovn-nb.xml | 91 ++++++++++ ovn-sb.ovsschema | 6 - ovn-sb.xml | 6 + tests/ovn.at | 3 utilities/ovn-nbctl.8.xml | 94 ++++++++++ utilities/ovn-nbctl.c | 412 +++++++++++++++++++++++++++++++++++++++++++++ 18 files changed, 1099 insertions(+), 186 deletions(-) create mode 100644 lib/copp.c create mode 100644 lib/copp.h --- v2: - Address Han's comment and split the RFC in a series. - Simplify a bit the logic of applying CoPP on logical ports. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
