On 1/23/25 2:47 PM, Alexandra Rukomoinikova wrote: > Today the mirror feature in OVN supports only tunnel to local > and remote to ports that locate outside of OVN claster. > > With this feature, traffic to/from a virtual port that > can be mirrored to dedicated OVN port. > > To enable overlay port mirroring with filter functions, > we have introduced the necessary schemas in the Northbound db > and the associated XML configuration: > 1. A field for mirror rules has been added to the mirror table > to add reflection rules of mirrored traffic. > 2. A new table, titled "Mirror Rule," has been established > to filter overlay remote traffic. > 3. A new mirror type, titled "lport", has been established > for encapsulate mirror traffic to another ovn port > 4. A new port type, titles "mirror" has been established for > serve as a conductor to the target port. > > For lport mirrors, all processing occurs within OVN, making it > unnecessary to involve OVS. In the case of lport mirror we add > logical flows about the necessary actions with the package. > > A new stages named "MIRROR" in logical flow table has been > introduced, allowing specification of mirror rule filters for > the lport mirror type. > > Added stage number 2 in the ingress pipeline of the logical switch > and table number 7 in the egress pipeline of the logical switch. > > Packets that meet these criteria are duplicated and delivered to > the target port, while the original packet follows its designated > pipeline. Northbound's mirror rule table enables the creation of > these filters. > > In case of creating a mirror with the lport type without any rules > attached to it, default logical flows are added that duplicate all > incoming/outgoing traffic to the target port. > > At the time of attaching lport mirror to logical switch port, a new > port binding with name mp-datapath-target port is created, > it's a mirror port with a parent that is the target port, > tagging is unnecessary, packets are sent without VLAN header > encapsulation. > > Signed-off-by: Alexandra Rukomoinikova <[email protected]> > Signed-off-by: Vladislav Odintsov <[email protected]> > Co-authored-by: Vladislav Odintsov <[email protected]> > Tested-by: Ivan Burnin <[email protected]> > ---
Hi Alexandra, Unfortunately this patch fails CI: https://github.com/ovsrobot/ovn/actions/runs/12931649533/job/36068033820 239: ovn.at:17971 Mirror - lport: 2 HVs, 2 LS, 1 lport/LS, 2 peer LRs -- parallelization=yes -- ovn_monitor_all=yes 240: ovn.at:17971 Mirror - lport: 2 HVs, 2 LS, 1 lport/LS, 2 peer LRs -- parallelization=yes -- ovn_monitor_all=no It's due to a memory leak: ==223621==ERROR: LeakSanitizer: detected memory leaks Direct leak of 86 byte(s) in 1 object(s) allocated from: #0 0x5636ca1d7120 in realloc (/workspace/ovn-tmp/ovn-24.09.90/_build/sub/northd/ovn-northd+0x39b120) (BuildId: 906db12da7544678ce73b97322897f9b916eb530) #1 0x5636ca66c118 in xrealloc__ /workspace/ovn-tmp/ovs/lib/util.c:151:9 #2 0x5636ca66c118 in xrealloc /workspace/ovn-tmp/ovs/lib/util.c:183:12 #3 0x5636ca60f551 in ds_reserve /workspace/ovn-tmp/ovs/lib/dynamic-string.c:63:22 #4 0x5636ca60f551 in ds_put_format_valist /workspace/ovn-tmp/ovs/lib/dynamic-string.c:164:9 #5 0x5636ca60f49a in ds_put_format /workspace/ovn-tmp/ovs/lib/dynamic-string.c:142:5 #6 0x5636ca2cbdf2 in build_mirror_pass_lflow /workspace/ovn-tmp/ovn-24.09.90/_build/sub/../../northd/northd.c:6039:9 #7 0x5636ca247b31 in build_mirror_lflows /workspace/ovn-tmp/ovn-24.09.90/_build/sub/../../northd/northd.c:6077:13 #8 0x5636ca247b31 in build_lswitch_and_lrouter_iterate_by_lsp /workspace/ovn-tmp/ovn-24.09.90/_build/sub/../../northd/northd.c:17678:5 #9 0x5636ca2388a0 in build_lflows_thread /workspace/ovn-tmp/ovn-24.09.90/_build/sub/../../northd/northd.c:17795:21 #10 0x5636ca6439ae in ovsthread_wrapper /workspace/ovn-tmp/ovs/lib/ovs-thread.c:429:12 #11 0x5636ca1d47ec in asan_thread_start(void*) asan_interceptors.cpp.o I'll mark this patch as "Changes Requested" in patchwork. Could you please have a look at the failure and repost as v3 (I think the current patch was supposed to be v3) when it's sorted out? Thanks, Dumitru _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
