On 8/8/24 05:14, Numan Siddique wrote: > On Wed, Aug 7, 2024 at 2:52 AM Dumitru Ceara <[email protected]> wrote: >> >> This series adds support for sampling packets processed by ACLs by using >> per-flow IPFIX. This new feature allows users to configure >> (potentially) different sampling options for ACL matched traffic that >> creates new connections or that is forwarded on existing connections. >> >> This work is based on Adrian's original RFC: >> https://patchwork.ozlabs.org/project/ovn/cover/[email protected]/ >> >> In order for the whole feature to work properly some pre-requisite work >> is done: >> - patch 1: fixes the QoS logical flow documentation. This is needed >> because the sampling patches need to insert new tables and numbers >> were inconsistent. >> - patch 2: fixes a bug in the way ACLs with labels are processed when >> the switches also have load balancers configured >> >> The feature itself is implemented by the last 3 patches: >> - patch 3: adds support for users to configure different types of >> sampling applications (drop debug, acl-new-traffic, >> acl-established-traffic) >> - patch 4: combines the already existing drop debug sampling >> configuration with the new sampling application configuration (giving >> priority to the latter) >> - patch 5: adds sampling support to ACLs >> >> Patches 6-9 implement an optimization and reduce the number of logical >> and openflow rules for the case when sampling is enabled for ACLs with a >> single collector (the common case). This optimization requires the >> recently added OVS support for sampling with observation IDs passed >> directly from fields [0]. >> >> [0] >> https://github.com/openvswitch/ovs/commit/1aa9e137fe36a810271415d79735dedfedfc9f6e >> >> Changes in V7: >> - Added Mark's acks to patches 1-8 >> - Addressed Nadia's comment: >> - Made Sample_Collector.ID 8bit long. >> - Addressed Mark's comment in patch 9/9: >> - cleaned up the way the flow match was created for new connections. >> >> Changes in V6: >> - Addressed (some) review comments from Ilya (individual changes listed >> in each patch). >> Most important changes: >> - Changed sample_collector schema to add unique ID (4 bit): this fixes >> the case with multiple probabilities per set_id and reduces the >> number of register and ct-mark bits used. >> - Made Sample table non-root (this needs changes to ovn-nbctl acl-add >> command too). >> Not addressed review comments: >> - Didn't use the single collector per sample_config type suggestion >> because OVN-K8s needs the flexibility of using different collectors >> (or multiple collectors) per ACL. >> Fixed a bug with sampling on to-lport ACLs when they're hit in the >> egress pipeline towards logical routers. >> >> Changes in V5: >> - Addressed review comments from Numan and Ilya (individual changes >> listed in each patch). The most important change is the >> NB.Sampling_App 'name' column change to 'type' along with shortening >> of the strings representing allowed app types. >> >> Changes in V4: >> - Addressed review comments from Mark, Ales and Numan (individual >> changes listed in each patch). >> - Dropped first 4 patches of V3 because they were already accepted. >> - Added a first 1/5 patch to fix documentation that I needed to touch >> too. >> - Added Ales as co-author of patch 5, he provided most of the >> incremental changes that were added to that patch in v4. >> - Included Ales' patches (6-9) to reduce the number of sampling flows >> when the underlying OVS instance supports sampling with IDs taken from >> fields (or registers). >> >> Changes in V3: >> - Addressed Ilya's comment and bumped NB schema version on patch 8. >> I didn't bump it on patch 6 too because I don't think these two >> commits will ever be separated in different releases. >> >> Changes in V2: >> - Addressed Adrian's comments on patch 8. >> - Fixed unit test failure in patch 2. >> >> Adrian Moreno (1): >> northd: Add ACL Sampling. >> >> Ales Musil (4): >> features: Make querying of OpenFlow features more versatile. >> features: Add detection for sample with registers. >> actions: Add support for sample with register. >> northd: Allow flow simplification for ACL sampling. >> >> Dumitru Ceara (4): >> northd: Fix up logical flow documentation for QoS. >> northd: Commit from-lport ACL label (and state) when LBs are used. >> northd: Add Sampling_App table. >> northd: Override NB_Global drop sampling id with Sampling_App config. > > Thanks Dumitru, Adrian and Ales for adding this feature. > > I applied this patch series to main. > > Numan >
Thanks! _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
