The first patch of the series adds a new stage in the ingress/egress to help classifying the type of traffic that will be processed in the ACL stage. The effect is that ACL logical flow matches are simplified and will generate less openflows (due to not having as many OR clauses as before).
The second patch of the series adds support for Stateless_Filters, a mechanism that allows bypassing conntrack for ACLs for specific types of traffic. CC: Han Zhou <[email protected]> CC: Numan Siddique <[email protected]> Signed-off-by: Dumitru Ceara <[email protected]> Dumitru Ceara (2): ovn-northd: Reduce number of flows generated for stateful ACLs. ovn-northd: Support mixing stateless/stateful ACLs with Stateless_Filter. NEWS | 3 northd/ovn-northd.8.xml | 159 +++++++++++++++++++---- northd/ovn-northd.c | 281 +++++++++++++++++++++++++++++++--------- ovn-nb.ovsschema | 26 +++- ovn-nb.xml | 56 ++++++++ tests/ovn-nbctl.at | 53 ++++++++ tests/ovn-northd.at | 289 +++++++++++++++++++++++++++++++++++++++-- tests/ovn.at | 58 ++++---- tests/system-common-macros.at | 8 + tests/system-ovn.at | 117 ++++++++++++++++- utilities/ovn-detrace.in | 12 ++ utilities/ovn-nbctl.c | 213 +++++++++++++++++++++++++++++- 12 files changed, 1132 insertions(+), 143 deletions(-) --- V3: - split the patch in a series. - patch1: - implement Han's suggestion to optimize openflow generation for ACLs. - patch2: - address Han's comments regarding Stateless_Filters. V2: - address Numan's comments: - fix spacing in the logical flow match. - add a new table to the NB DB instead of using a config option on the logical switch. - add ovn-nbctl CLI commands for the new table and also unit tests for them. - reword the commit message. NOTE: checkpatch.py will complain about lines lacking whitespacec around operators in the ovn-nbctl help string but this is a false positive and should be ignored. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
