Very often when troubleshooting networking issues in an OVN cluster one would like to know if any packet (or a specific one) is being dropped by OVN.
Currently, this cannot be known because of two main reasons: 1 - Implicit drops: Some tables do not have a default action (priority=0, match=1). In this case, a packet that does not match any rule will be silently dropped. 2 - Even on explicit drops, we only know a packet was dropped. We lack information about that packet. In order to improve this, this RFC proposes a two-fold solution: - First, create a debug-mode option that makes northd add a default "drop;" action on those tables that currently lack one. - Secondly, allow sampling of all drops. By introducing a new OVN action: "sample" (equivalent to OVS's), OVN can make OVS sample the packets as they are dropped and insert the first 32 bits of the Logical Flow's UUID (a.k.a cookie) into the IPFIX sample's ObservationPointId. That way a collector can see the packet's header information as well as what Logical Flow dropped it. This RFC has some limitations I'd like some specific feedback/guidance on: * Per-datapath flows Even if a Logical Flow is created with "match=1", the controller will insert the datapath metadata match. This might be good enough for most cases but could miss packets if there's a bug in OVN. A possible approach could be to propagate the "drop-debug" configuration to the SB and make the controller insert the default drops but without a Logical Flow, how would we trace it back? Another approach (suggested by Dumitru) could be to have OVN detect that a lflow actually applies to all datapaths and remove the metadata match which would also remove the number of Openflow flows. * Use of ObservationPointID In this RFC, I just used the ObservationPointID (IPFIX element 138) because it's already supported in the OVS's NXAST_SAMPLE. This allows us to encode 32bits which is good enough for the cookie. If we wanted to encode more information we'd have to look for another IPFIX element. Adrian Moreno (3): actions: add sample action northd: add drop_debugging option debug: add sampling of drop actions include/ovn/actions.h | 11 ++++ lib/actions.c | 111 +++++++++++++++++++++++++++++++++++++ northd/automake.mk | 2 + northd/debug.c | 98 +++++++++++++++++++++++++++++++++ northd/debug.h | 41 ++++++++++++++ northd/northd.c | 125 ++++++++++++++++++++++++++++-------------- ovn-nb.xml | 29 ++++++++++ tests/ovn.at | 10 +++- tests/test-ovn.c | 2 + utilities/ovn-trace.c | 3 + 10 files changed, 390 insertions(+), 42 deletions(-) create mode 100644 northd/debug.c create mode 100644 northd/debug.h -- 2.35.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
