On 8/25/25 10:36 AM, Sragdhara Datta Chaudhuri wrote:
> Hi Dumitru,
>
Hi Sragdhara,
> Thanks a lot for your detailed comments on all the patches. Regarding this
> one, have addressed all except one. Please see responses below in line with
> the comments.
>
> Thanks,
> Sragdhara
>
> From: Dumitru Ceara <dce...@redhat.com>
> Date: Thursday, August 21, 2025 at 2:23 AM
> To: Sragdhara Datta Chaudhuri <sragdha.chau...@nutanix.com>,
> ovs-dev@openvswitch.org <ovs-dev@openvswitch.org>
> Cc: Numan Siddique <num...@ovn.org>
> Subject: Re: [ovs-dev] [PATCH OVN v6 1/5] ovn-nb: Network Function insertion
> OVN-NB schema changes
> !-------------------------------------------------------------------|
> CAUTION: External Email
>
> |-------------------------------------------------------------------!
>
> Hi Sragdhara,
>
> Thanks for the patch!
>
> On 8/20/25 3:25 AM, Sragdhara Datta Chaudhuri wrote:
>> New tables:
>> Network_Function: Each row contains {inport, outport, health_check}
>> Network_Function_Group: Each row contains a list of Network_Function
>> entities.
>> Min and max length of this list is 1.
>> It also contains a unique id (1 and 255) generated by
>> northd and and a reference to the current active NF.
>
> It's a bit odd that northd generates this unique ID in the northbound
> database. For most features, the NB database is not changed by
> ovn-northd (there are some exceptions like reporting logical_port state
> but those are not the norm).
>
> Why can't the CMS generate and write this unqiue ID?
> [Sragdhara] Mainly to meet the requirement of uniqueness, had it as
> internally generated. Thanks for the suggestion to use index. Have made the
> changes.
>
>> The mode field is for future extension when we want
>> to support both inline and mirror modes.
>> Network_Function_Health_Check: Each row contains configuration for probes in
>> options field:
>> {interval, timeout, success_count, failure_count}
>
> I have a related comment in patch 5/5: shouldn't we store the target IP
> the NF health check should use? Instead of having a global config?
> [Sragdhara] The health monitoring here is different from that for LB. The
> packet path is passthrough. Some dummy IP is used in the header and it is
> injected into the NF. If the same packet comes out of the other port of NF,
> it is taken as a sign of good health for the NF datapath. (If the NF is a
> firewall, it needs to have a rule to allow these packets) The IP used is
> really a dummy IP and so far haven’t seen a need to make it unique for each
> NF. Even if there are multiple NF instances on the same host, the VIF in
> combination with the packet header will be unique.
Ok, that might be fine for now, but let's make sure this is properly
documented.
Regards,
Dumitru
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
