subject:"\[ovs\-dev\] \[PATCH v2\] ovn\: Support for taas\(tap\-as\-a\-service\) function"

Re: [ovs-dev] [PATCH v2] ovn: Support for taas(tap-as-a-service) function

2017-08-24 Thread Russell Bryant

Sorry for the delay in getting back to this ...

On Tue, Aug 15, 2017 at 4:28 AM,   wrote:
> Taas was designed to provide tenants and service providers a means of
> monitoring the traffic flowing in their Neutron provisioned virtual
> networks. It is useful for network trouble-shooting, security and
> analytics. The taas presentations could be found from
> https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst
> , and the api reference could be found from
> https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst
>
> To support taas function, this patch add two type of logica_switch_port,
> "mirror" and "taas". port with type "mirror" is used as inport for monitor
> flow in logica_switch, and port with type "taas" is used as outport for
> monitor flow in logica_switch.
>
> The ovn-controller will make the relations of the ports in tap_service and
> tap_flow to mirror port and taas port.
>
> Signed-off-by: wang qianyu 

> diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
> index 31303a8..5fdd045 100644
> --- a/ovn/ovn-nb.xml
> +++ b/ovn/ovn-nb.xml
> @@ -301,6 +301,20 @@
>
>  A port to a logical switch on a VTEP gateway.
>
> +
> +  mirror
> +  
> +A port indicate the inport of mirrored flows. The user need
> to
> +create this port in the logical_switch. This port should one
> to
> +one correspondence with the the tap_flows
> +  
> +
> +  taas
> +  
> +A port indicate the outport of mirrored flows. The user need
> to
> +create this port in logical_switch. This port should one to
> +one correspondence with the the tap_service.
> +  
>  
>
>  
> @@ -445,6 +459,61 @@
>interface, in bits.
>  
>
> +
> +  
> +
> +  These options apply when  is
> +  mirror.
> +
> +
> +
> +  Required.  The  of the  +  table="Logical_switch_Port"/> that indicates where the
> +  cloned flows come from.
> +
> +
> +
> +  Required.  The  of the  +  table="Logical_switch_Port"/> with type taas.
> +
> +
> +
> + 
> +This option indicates whitch direction(from-port/to-port/all)
> of
> +packet will be cloned to the taas-port. The directions are
> defined
> +as follow:
> +  
> +  
> +from-port
> +
> +  The packets from this port will be cloned to specified
> mirror
> +  port.
> +
> +to-port
> +
> +  The packets to this port will be cloned to specified mirror
> +  port.
> +
> +both
> +
> +  The packets both from and to this port will be cloned to
> +  specified mirror port.
> +
> +  
> +
> +  
> +
> +  
> +
> +  These options apply when  is
> taas.
> +
> +
> +
> +  Required.  The  of the  +  table="Logical_switch_Port"/> that indicates where the
> +  cloned flows come to.
> +
> +  
>  
>
>  

I'm having a hard time understanding this schema.  Could you expand on
why both a "mirror" and "taas" port type was needed?

I was hoping for only a single new port type, "mirror" for example,
with options to specify what port it is receiving a mirror of traffic
for.

Does something like that not express everything needed here?

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2] ovn: Support for taas(tap-as-a-service) function

2017-08-15 Thread Russell Bryant

Thanks for updating this!  This looks closer to what I was hoping for.
It will most likely be next week before I can complete a detailed
review, though.

On Tue, Aug 15, 2017 at 4:28 AM,   wrote:
> Taas was designed to provide tenants and service providers a means of
> monitoring the traffic flowing in their Neutron provisioned virtual
> networks. It is useful for network trouble-shooting, security and
> analytics. The taas presentations could be found from
> https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst
> , and the api reference could be found from
> https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst
>
> To support taas function, this patch add two type of logica_switch_port,
> "mirror" and "taas". port with type "mirror" is used as inport for monitor
> flow in logica_switch, and port with type "taas" is used as outport for
> monitor flow in logica_switch.
>
> The ovn-controller will make the relations of the ports in tap_service and
> tap_flow to mirror port and taas port.
>
> Signed-off-by: wang qianyu 
> ---
>  ovn/controller/binding.c|  12 ++
>  ovn/controller/ovn-controller.c |   2 +
>  ovn/controller/physical.c   | 185 +-
>  ovn/lib/logical-fields.c|   4 +
>  ovn/lib/logical-fields.h|   4 +
>  ovn/northd/ovn-northd.c | 329
> 
>  ovn/ovn-nb.xml  |  69 +
>  7 files changed, 603 insertions(+), 2 deletions(-)
>
> diff --git a/ovn/controller/binding.c b/ovn/controller/binding.c
> index 32309e9..fc74ea0 100644
> --- a/ovn/controller/binding.c
> +++ b/ovn/controller/binding.c
> @@ -437,6 +437,18 @@ consider_local_datapath(struct controller_ctx *ctx,
>   * for them. */
>  sset_add(local_lports, binding_rec->logical_port);
>  our_chassis = false;
> +} else if (!strcmp(binding_rec->type, "mirror")) {
> +add_local_datapath(ctx, binding_rec->datapath,
> +   false, local_datapaths);
> +} else if (!strcmp(binding_rec->type, "taas")) {
> +const char *target_port_name = smap_get(_rec->options,
> +  "target-port");
> +if (target_port_name &&
> +sset_contains(local_lports, target_port_name)) {
> +our_chassis = true;
> +}
> +add_local_datapath(ctx, binding_rec->datapath,
> +   false, local_datapaths);
>  }
>
>  if (ctx->ovnsb_idl_txn) {
> diff --git a/ovn/controller/ovn-controller.c
> b/ovn/controller/ovn-controller.c
> index e2c9652..0a148e4 100644
> --- a/ovn/controller/ovn-controller.c
> +++ b/ovn/controller/ovn-controller.c
> @@ -150,6 +150,8 @@ update_sb_monitors(struct ovsdb_idl *ovnsb_idl,
>  struct ovsdb_idl_condition mg = OVSDB_IDL_CONDITION_INIT();
>  struct ovsdb_idl_condition dns = OVSDB_IDL_CONDITION_INIT();
>  sbrec_port_binding_add_clause_type(, OVSDB_F_EQ, "patch");
> +sbrec_port_binding_add_clause_type(, OVSDB_F_EQ, "mirror");
> +sbrec_port_binding_add_clause_type(, OVSDB_F_EQ, "taas");
>  /* XXX: We can optimize this, if we find a way to only monitor
>   * ports that have a Gateway_Chassis that point's to our own
>   * chassis */
> diff --git a/ovn/controller/physical.c b/ovn/controller/physical.c
> index df71979..7b55b04 100644
> --- a/ovn/controller/physical.c
> +++ b/ovn/controller/physical.c
> @@ -291,9 +291,100 @@ load_logical_ingress_metadata(const struct
> sbrec_port_binding *binding,
>  }
>
>  static void
> +taas_port_handle(struct controller_ctx *ctx,
> + const struct sbrec_port_binding *binding,
> + struct ofpbuf *ofpacts_p,
> + struct hmap *flow_table,
> + uint32_t dp_key,
> + uint32_t port_key)
> +{
> +const char *target_port_name = smap_get(>options,
> +  "target-port");
> +if (!target_port_name) {
> +VLOG_INFO("taas port %s not configure target-port",
> + binding->logical_port);
> +return;
> +}
> +const struct sbrec_port_binding *target_port = lport_lookup_by_name(
> +ctx->ovnsb_idl, target_port_name);
> +if (!target_port) {
> +VLOG_INFO("can not find target port %s in this switch",
> +target_port_name);
> +return;
> +}
> +
> +ofp_port_t ofport = u16_to_ofp(simap_get(_to_ofport,
> +  target_port_name));
> +if (!ofport) {
> +VLOG_INFO("can not find ofport of %s in this switch",
> +target_port_name);
> +return;
> +}
> +struct match match;
> +
> +/* Table 33, priority 100.
> + * ===
> + *
> + * Implements output to local hypervisor.  Each flow matches a
> + * logical

[ovs-dev] [PATCH v2] ovn: Support for taas(tap-as-a-service) function

2017-08-15 Thread wang . qianyu

Taas was designed to provide tenants and service providers a means of 
monitoring the traffic flowing in their Neutron provisioned virtual 
networks. It is useful for network trouble-shooting, security and 
analytics. The taas presentations could be found from 
https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst
, and the api reference could be found from 
https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst

To support taas function, this patch add two type of logica_switch_port, 
"mirror" and "taas". port with type "mirror" is used as inport for monitor 
flow in logica_switch, and port with type "taas" is used as outport for 
monitor flow in logica_switch.

The ovn-controller will make the relations of the ports in tap_service and 
tap_flow to mirror port and taas port.

Signed-off-by: wang qianyu 
---
 ovn/controller/binding.c|  12 ++
 ovn/controller/ovn-controller.c |   2 +
 ovn/controller/physical.c   | 185 +-
 ovn/lib/logical-fields.c|   4 +
 ovn/lib/logical-fields.h|   4 +
 ovn/northd/ovn-northd.c | 329 

 ovn/ovn-nb.xml  |  69 +
 7 files changed, 603 insertions(+), 2 deletions(-)

diff --git a/ovn/controller/binding.c b/ovn/controller/binding.c
index 32309e9..fc74ea0 100644
--- a/ovn/controller/binding.c
+++ b/ovn/controller/binding.c
@@ -437,6 +437,18 @@ consider_local_datapath(struct controller_ctx *ctx,
  * for them. */
 sset_add(local_lports, binding_rec->logical_port);
 our_chassis = false;
+} else if (!strcmp(binding_rec->type, "mirror")) {
+add_local_datapath(ctx, binding_rec->datapath,
+   false, local_datapaths);
+} else if (!strcmp(binding_rec->type, "taas")) {
+const char *target_port_name = smap_get(_rec->options,
+  "target-port");
+if (target_port_name &&
+sset_contains(local_lports, target_port_name)) {
+our_chassis = true;
+}
+add_local_datapath(ctx, binding_rec->datapath,
+   false, local_datapaths);
 }
 
 if (ctx->ovnsb_idl_txn) {
diff --git a/ovn/controller/ovn-controller.c 
b/ovn/controller/ovn-controller.c
index e2c9652..0a148e4 100644
--- a/ovn/controller/ovn-controller.c
+++ b/ovn/controller/ovn-controller.c
@@ -150,6 +150,8 @@ update_sb_monitors(struct ovsdb_idl *ovnsb_idl,
 struct ovsdb_idl_condition mg = OVSDB_IDL_CONDITION_INIT();
 struct ovsdb_idl_condition dns = OVSDB_IDL_CONDITION_INIT();
 sbrec_port_binding_add_clause_type(, OVSDB_F_EQ, "patch");
+sbrec_port_binding_add_clause_type(, OVSDB_F_EQ, "mirror");
+sbrec_port_binding_add_clause_type(, OVSDB_F_EQ, "taas");
 /* XXX: We can optimize this, if we find a way to only monitor
  * ports that have a Gateway_Chassis that point's to our own
  * chassis */
diff --git a/ovn/controller/physical.c b/ovn/controller/physical.c
index df71979..7b55b04 100644
--- a/ovn/controller/physical.c
+++ b/ovn/controller/physical.c
@@ -291,9 +291,100 @@ load_logical_ingress_metadata(const struct 
sbrec_port_binding *binding,
 }
 
 static void
+taas_port_handle(struct controller_ctx *ctx,
+ const struct sbrec_port_binding *binding,
+ struct ofpbuf *ofpacts_p,
+ struct hmap *flow_table,
+ uint32_t dp_key,
+ uint32_t port_key)
+{
+const char *target_port_name = smap_get(>options,
+  "target-port");
+if (!target_port_name) {
+VLOG_INFO("taas port %s not configure target-port",
+ binding->logical_port);
+return;
+}
+const struct sbrec_port_binding *target_port = lport_lookup_by_name(
+ctx->ovnsb_idl, target_port_name);
+if (!target_port) {
+VLOG_INFO("can not find target port %s in this switch",
+target_port_name);
+return;
+}
+
+ofp_port_t ofport = u16_to_ofp(simap_get(_to_ofport,
+  target_port_name));
+if (!ofport) {
+VLOG_INFO("can not find ofport of %s in this switch",
+target_port_name);
+return;
+}
+struct match match;
+
+/* Table 33, priority 100.
+ * ===
+ *
+ * Implements output to local hypervisor.  Each flow matches a
+ * logical output port on the local hypervisor, and resubmits to
+ * table 34.
+ */
+match_init_catchall();
+ofpbuf_clear(ofpacts_p);
+match_set_metadata(, htonll(dp_key));
+match_set_reg(, MFF_LOG_OUTPORT - MFF_REG0, port_key);
+
+put_load(1, MFF_LOG_FLAGS, MLF_CLONED_FLOW_BIT, 1, ofpacts_p);
+/* Resubmit to table 34. */
+put_resubmit(OFTABLE_CHECK_LOOPBACK, ofpacts_p);
+

Re: [ovs-dev] [PATCH v2] ovn: Support for taas(tap-as-a-service) function

Re: [ovs-dev] [PATCH v2] ovn: Support for taas(tap-as-a-service) function

[ovs-dev] [PATCH v2] ovn: Support for taas(tap-as-a-service) function

3 matches

Site Navigation

Mail list logo

Footer information