Move stateful lb rules for logical switches in build_lswitch_flows_for_lb routine in order to reduce cpu utilization
Signed-off-by: Lorenzo Bianconi <[email protected]> --- northd/ovn-northd.c | 45 ++++++++++++++++++++------------------------- 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 2133048b1..d763fba9a 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6030,8 +6030,7 @@ build_qos(struct ovn_datapath *od, struct hmap *lflows) { } static void -build_lb_rules(struct ovn_datapath *od, struct hmap *lflows, - struct ovn_northd_lb *lb) +build_lb_rules(struct hmap *lflows, struct ovn_northd_lb *lb) { struct ds action = DS_EMPTY_INITIALIZER; struct ds match = DS_EMPTY_INITIALIZER; @@ -6081,15 +6080,15 @@ build_lb_rules(struct ovn_datapath *od, struct hmap *lflows, ds_put_format(&match, "ct.new && %s.dst == %s", ip_match, lb_vip->vip_str); + int priority = 110; if (lb_vip->vip_port) { ds_put_format(&match, " && %s.dst == %d", proto, lb_vip->vip_port); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_STATEFUL, 120, - ds_cstr(&match), ds_cstr(&action), - &lb->nlb->header_); - } else { - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_STATEFUL, 110, - ds_cstr(&match), ds_cstr(&action), - &lb->nlb->header_); + priority = 120; + } + for (size_t j = 0; j < lb->n_nb_ls; j++) { + ovn_lflow_add_with_hint(lflows, lb->nb_ls[j], S_SWITCH_IN_STATEFUL, + priority, ds_cstr(&match), + ds_cstr(&action), &lb->nlb->header_); } } ds_destroy(&action); @@ -6097,7 +6096,7 @@ build_lb_rules(struct ovn_datapath *od, struct hmap *lflows, } static void -build_stateful(struct ovn_datapath *od, struct hmap *lflows, struct hmap *lbs) +build_stateful(struct ovn_datapath *od, struct hmap *lflows) { /* Ingress and Egress stateful Table (Priority 0): Packets are * allowed by default. */ @@ -6114,19 +6113,6 @@ build_stateful(struct ovn_datapath *od, struct hmap *lflows, struct hmap *lbs) ovn_lflow_add(lflows, od, S_SWITCH_OUT_STATEFUL, 100, REGBIT_CONNTRACK_COMMIT" == 1", "ct_commit { ct_label.blocked = 0; }; next;"); - - /* Load balancing rules for new connections get committed to conntrack - * table. So even if REGBIT_CONNTRACK_COMMIT is set in a previous table - * a higher priority rule for load balancing below also commits the - * connection, so it is okay if we do not hit the above match on - * REGBIT_CONNTRACK_COMMIT. */ - for (int i = 0; i < od->nbs->n_load_balancer; i++) { - struct ovn_northd_lb *lb = - ovn_northd_lb_find(lbs, &od->nbs->load_balancer[i]->header_.uuid); - - ovs_assert(lb); - build_lb_rules(od, lflows, lb); - } } static void @@ -6894,7 +6880,7 @@ build_lswitch_lflows_pre_acl_and_acl(struct ovn_datapath *od, build_acl_hints(od, lflows); build_acls(od, lflows, port_groups, meter_groups); build_qos(od, lflows); - build_stateful(od, lflows, lbs); + build_stateful(od, lflows); build_lb_hairpin(od, lflows); } } @@ -8964,11 +8950,12 @@ build_lswitch_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, for (size_t i = 0; i < lb->n_vips; i++) { struct ovn_lb_vip *lb_vip = &lb->vips[i]; + /* pre-stateful lb */ if (!build_empty_lb_event_flow(lb_vip, lb->nlb, meter_groups, match, action)) { continue; } - for (int j = 0; j < lb->n_nb_ls; j++) { + for (size_t j = 0; j < lb->n_nb_ls; j++) { ovn_lflow_add_with_hint(lflows, lb->nb_ls[j], S_SWITCH_IN_PRE_LB, 130, ds_cstr(match), ds_cstr(action), &lb->nlb->header_); @@ -8978,6 +8965,14 @@ build_lswitch_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, * the packet through ct() action to de-fragment. In stateful * table, we will eventually look at L4 information. */ } + + /* stateful lb + * Load balancing rules for new connections get committed to conntrack + * table. So even if REGBIT_CONNTRACK_COMMIT is set in a previous table + * a higher priority rule for load balancing below also commits the + * connection, so it is okay if we do not hit the above match on + * REGBIT_CONNTRACK_COMMIT. */ + build_lb_rules(lflows, lb); } static void -- 2.31.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
