Good afternoon, We've been trying to apply CoPP but are failing to get it to work and at this point we're running out of options. We are running OVN 24.03.5 with OVS 2.17.9.
The following commands were used to set it up: $ ovn-nbctl meter-add limit-dns drop 5000 pktps 3000 $ ovn-nbctl copp-add limit dns limit-dns $ ovn-nbctl ls-copp-add limit neutron-639803c1-b2e5-4d7b-9708-587884aaf6f1 We've tried various variations on the meter including changing it up to kbps instead of pktps, none of them seem to have an effect. We send a high rate of DNS packets from external sources to a VM on this cloud and check the pinctrl_total_pin_pkts go up way over this 5000 pktps. We have measurements of the tap device on the hypervisor that correspond to the number pin_pkts we see (well over our limit). We can see that openvswitch includes meter_id=1 in the relevant action: $ sudo ovs-ofctl dump-flows br-int | grep meter .. udp6 omitted .. cookie=0x378e70b9, duration=246.880s, table=32, n_packets=12754501, n_bytes=867306085, idle_age=0, priority=100,udp,metadata=0x7,tp_dst=53 actions=controller(userdata=00.00.00.06.00.00.00.00.00.01.de.10.00.00.00.64,pause,meter_id=1),resubmit(,33) However if we then check our meter stats, it indicates that it isn't being hit whatsoever: $ sudo ovs-ofctl -O OpenFlow13 meter-stats br-int OFPST_METER reply (OF1.3) (xid=0x2): meter:1 flow_count:0 packet_in_count:0 byte_in_count:0 duration:762.659s bands: 0: packet_count:0 byte_count:0 Please advise. Regards, Jasper Ras. Kind regards, Jasper Ras Software Engineer [group.one] group.one Carlsgatan 3 | 211 20 Malmö | Sweden group.one<https://www.group.one> | LinkedIn<https://www.linkedin.com/company/group-dot-one/>
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
