[ovs-dev] [PATCH] ovn: reduce logical flow applied to ovn-controller

>From 80260a2950f10544e307d6f20cb1cfe8c9bb885f Mon Sep 17 00:00:00 2001 From: wang qianyu <wang.qia...@zte.com.cn> Date: Thu, 21 Sep 2017 18:05:16 +0800 Subject: [PATCH] ovn: reduce logical flow applied to ovn-controller Add a logical_port column in Logical_Flow table. If logical flow

[ovs-dev] 答复: [PATCH v1 1/3] Add multipath static router in OVN northd and north-db

How to configure multipath_port in static_route? I think the the multipath can be figured out from exist data of static_route, may not need to add this multipath_port column. And I think we should add a status column to indicate the nexthop state. When some of nexthop in multipath is down, ovn

[ovs-dev] [PATCH] ovn-northd: add chassis nonull check

op->sb->gateway_chassis[0]->chassis may null in some special cases, need to add a check to avoid segment fault. Signed-off-by: wang qianyu <wang.qia...@zte.com.cn> --- ovn/northd/ovn-northd.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ovn/northd/ovn

[ovs-dev] [PATCH v3] ovn: Support for taas(tap-as-a-service) function

e ovn-controller will make the relations of the ports in tap_service and tap_flow to mirror port and taas port. Signed-off-by: wang qianyu <wang.qia...@zte.com.cn> --- ovn/controller/binding.c| 3 + ovn/controller/ovn-controller.c | 2 + ovn/controller/physical.c | 168 +++

[ovs-dev] 答复: Re: [PATCH] ovn: Discard flows for non-local ports.

I agree with Han Zhou, This patch can reduce the flow to vswitchd, but can not reduce the flow calculation of ovn-controller. It may be better to move the check for local_lport_ids before the parse happens. Add a lport column in logical flow may be more efficient. Thanks. Han Zhou

[ovs-dev] 答复: [RFC] Question about ovn-controller performance

Hi everyone, Whether we could add a port property to logical flow? port property have value of "normal" or logical port name. If the port property is "normal" means this logical flow should be allocated to all HVs, if port property is a name of logical_port, means this logical flow is related

[ovs-dev] [RFC] Question about ovn-controller performance

I configure 5 networks, every network have about 80 ports, the total ports is 400, all in same security group. When I bind some port on HVs, the ovn-controller is always running with 100% cpu, and the total openflow table entities in ovs is more than 300,000. Most of the entities is table 52,

[ovs-dev] 答复: Re: 答复: Re: 答复: Re: 答复: Re: 答复: Re: [PATCH v2] ovn: Support for taas(tap-as-a-service) function

ps://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst > > > > , and the api reference could be found from > > > > * https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst* > < https://github.com/openstack/tap-as-a-servi

[ovs-dev] 答复: Re: 答复: Re: 答复: Re: 答复: Re: [PATCH v2] ovn: Support for taas(tap-as-a-service) function

rst* > < https://github.com/openstack/tap-as-a-service/blob/master/doc/source/presentations.rst > > > > , and the api reference could be found from > > > > * https://github.com/openstack/tap-as-a-service/blob/master/API_REFERENCE.rst* > < https://github.com/openstack/ta

[ovs-dev] 答复: Re: 答复: Re: 答复: Re: 答复: Re: [PATCH v2] ovn: Support for taas(tap-as-a-service) function

lob/master/API_REFERENCE.rst > > To support taas function, this patch add two type of logica_switch_port, > "mirror" and "taas". port with type "mirror" is used as inport for monitor > flow in logica_switch, and port with type "taas" is used as o

[ovs-dev] [RFC] Deploy HA for Ovn-controller-vtep

Hi everyone Ovn-controller-vtep is the link of logical switch and pysical switch. Whether we should deploy the Ovn-controller-vtep and vtep db with HA? Thanks. ___ dev mailing list d...@openvswitch.org

[ovs-dev] 答复: Re: 答复: Re: [PATCH v2] ovn: Support for taas(tap-as-a-service) function

flow in logica_switch, and port with type "taas" is used as outport for > monitor flow in logica_switch. > > The ovn-controller will make the relations of the ports in tap_service and > tap_flow to mirror port and taas port. > > Signed-off-by: wang qianyu <wang.qia...@z

[ovs-dev] 答复: Re: [PATCH v2] ovn: Support for taas(tap-as-a-service) function

"mirror" is used as inport for monitor > flow in logica_switch, and port with type "taas" is used as outport for > monitor flow in logica_switch. > > The ovn-controller will make the relations of the ports in tap_service and > tap_flow to mirror port and taas port. &g

[ovs-dev] [PATCH v2] ovn: Support for taas(tap-as-a-service) function

ype "mirror" is used as inport for monitor flow in logica_switch, and port with type "taas" is used as outport for monitor flow in logica_switch. The ovn-controller will make the relations of the ports in tap_service and tap_flow to mirror port and taas port. Signed-off

[ovs-dev] 答复: Re: 答复: Re: 答复: Re: 答复: Re: [PATCH] ovn: Support for taas(tap-as-a-service) function

Ok, I will make a new version which have no mirror switch. This may need some days. Thanks Gao Zhenyu 2017/08/07 22:34 收件人：Ben Pfaff , 抄送： wang.qia...@zte.com.cn, ovs dev , zhou.huij...@zte.com.cn,

[ovs-dev] 答复: Re: 答复: Re: 答复: Re: 答复: Re: [PATCH] ovn: Support for taas(tap-as-a-service) function

Hi Zhenyu, Ben and Russell, Thanks for your review. I think function of taas is independent, and have no influence with logical switch. Similar to logcial switch and logical router, I think independent function should use independent pipeline. Here, is there some constraints or problems to add

[ovs-dev] 答复: Re: 答复: Re: 答复: Re: [PATCH] ovn: Support for taas(tap-as-a-service) function

If we do not add a new type of switch, we should write flag to a reg to indicate the matched packets which are cloned to monitor. This reg should add to all the pipeline stages of logical switch(both ingress and egress) to distinguish from normal flow. Is this right for Russell's point? If we

[ovs-dev] 答复: Re: 答复: Re: [PATCH] ovn: Support for taas(tap-as-a-service) function

Not add new logical_mirror_switch, just use logical_switch of course can capture the use case. But logical_switch pipeline is complex for flow monitor. Flow monitor should ignore some tables such as port_security, lb and so on. And also should consider normal function for normal ports. I think

Re: [ovs-dev] [PATCH v5] ovn-controller: Refactor function of consider_port_binding

The function of consider_port_binding is redundant. This patch divide the function to some sub-function by the port type. Signed-off-by: wang qianyu <wang.qia...@zte.com.cn> --- ovn/controller/physical.c | 834 ++ 1 file changed, 481 inse

[ovs-dev] [PATCH v4] ovn-controller: Refactor function of consider_port_binding

The function of consider_port_binding is redundant. This patch divide the function to some sub-function by the port type. Signed-off-by: wang qianyu <wang.qia...@zte.com.cn> --- ovn/controller/physical.c | 816 +++--- 1 file changed, 482 inse

[ovs-dev] [PATCH v2] ovn-controller: Refactor function of consider_port_binding

The function of consider_port_binding is redundant. This patch divide the function to some sub-function by the port type. Signed-off-by: wang qianyu <wang.qia...@zte.com.cn> --- ovn/controller/physical.c | 816 +++--- 1 file changed, 482 inse

[ovs-dev] [PATCH] ovn-controller: Refactor function of consider_port_binding

The function of consider_port_binding is redundant. This patch split the function to some sub-function by the port type. Signed-off-by: wang qianyu <wang.qia...@zte.com.cn> --- ovn/controller/physical.c | 816 +++--- 1 file changed, 482 inse

[ovs-dev] 答复: Re: [PATCH] ovn-controller: Refactor function of consider_port_binding

; function to some sub-function by the port type. > > Change-Id: I86a408e97e6d6211f3695cf42fc5b858352ac7ff > Signed-off-by: wang qianyu <wang.qia...@zte.com.cn> Thank you for the contribution. This patch is word-wrapped and cannot be applied. Can you re-post it, please? "git

[ovs-dev] 答复: Re: [PATCH] ovn: Support for taas(tap-as-a-service) function

"taas". port with type "mirror" is used as inport for monitor flow in > logica_mirror_switch, and port with type "taas" is used as outport for > monitor flow in logica_mirror_switch. > > The ovn-controller will make the relation between the logical_

[ovs-dev] [PATCH] ovn: Support for taas(tap-as-a-service) function

switch. The ovn-controller will make the relation between the logical_switch_port and logica_mirror_switch_port. Signed-off-by: wang qianyu <wang.qia...@zte.com.cn> --- ovn/controller/binding.c| 11 +- ovn/controller/ovn-controller.c | 4 +- ovn/controller/physical.c | 125

[ovs-dev] 答复: Re: [PATCH 1/2] ovn-controller: fix vlan_trunk bug

ok Ben Pfaff 2017/08/03 04:38 收件人：wang.qia...@zte.com.cn, 抄送： d...@openvswitch.org 主题： Re: [ovs-dev] [PATCH 1/2] ovn-controller: fix vlan_trunk bug On Fri, Jul 14, 2017 at 10:24:17AM +0800, wang.qia...@zte.com.cn wrote: > The bug

[ovs-dev] [PATCH] ovn-controller: Refactor function of consider_port_binding

The function of consider_port_binding is redundant. This patch divide the function to some sub-function by the port type. Change-Id: I86a408e97e6d6211f3695cf42fc5b858352ac7ff Signed-off-by: wang qianyu <wang.qia...@zte.com.cn> --- ovn/controller/physical.c

[ovs-dev] [PATCH 1/2] ovn-controller: fix vlan_trunk bug

The bug description is as follow: Neutron configure a trunk-sub port. The parent-port and sub-port located in different network. there is a vm attached to parent port. And no vm attached to the network of sub-port in the same chassis. In this situation, the ovn-controller can not get the

[ovs-dev] [PATCH 2/2] ovn-controller: fix vlan_trunk bug

The bug description is as follow: Neutron configure a trunk-sub port. The parent-port and sub-port located in different network. there is a vm attached to parent port. And no vm attached to the network of sub-port in the same chassis. In this situation, the ovn-controller can not get the

[ovs-dev] [PATCH] ovn-northd: Optimize acl of localnet-port

Localnet port is not an endpoint, and have no security requirements to use localnet port at present. So, for performance consideration, we could do not use ct for localnet port. The more specific discussion can be found from https://mail.openvswitch.org/pipermail/ovs-dev/2017-July/335048.html

[ovs-dev] 答复: Re: 答复: Re: 答复: Re: 答复: [spam可疑邮件]Re: 答复: Re: [PATCH 2/2] ovn-northd: Fix ping failure of vlan networks.

Hi Han Thanks for the reiew job. I will revise the commit message in new patch. Qianyu Han Zhou 2017/07/07 02:15 收件人：Mickey Spiegel , 抄送： wang.qia...@zte.com.cn, ovs dev , xurong00037997

[ovs-dev] 答复: Re: 答复: Re: 答复: [spam可疑邮件]Re: 答复: Re: [PATCH 2/2] ovn-northd: Fix ping failure of vlan networks.

Hi Mickey, Thanks for your review. If we could do some modifications to avoid the north/south problem you mentioned? Like as follow: When packets send to the localnet-port, if the MAC is router-port MAC, we change the router-port MAC to HV physical NIC MAC. And in gateway node, we make the

[ovs-dev] [PATCH] ovn-controller: fix vlan_trunk bug

The bug description is as follow: Neutron configure a trunk-sub port. The parent-port and sub-port located in different network. there is a vm attached to parent port. And no vm attached to the network of sub-port in the same chassis. In this situation, the ovn-controller can not get the

[ovs-dev] 答复: Re: 答复: [spam可疑邮件]Re: 答复: Re: [PATCH 2/2] ovn-northd: Fix ping failure of vlan networks.

Hi Han Zhou, > If using localnet, it should rely on physical network (L2 and L3) to reach the destination, not overlay, so adding the logical router here doesn't make sense here Why ovn have this limit for physical network? Does this mean that vlan network can not use the l3 function of ovn?

[ovs-dev] [PATCH] ovn: add qos function.

The current qos function is used for geneve tunnel to control the traffic out the ovs. And have no to-port qos control. This patch do the modification as follow 1. change the qos configuration with direction to consistent with neutron qos rule. Add qos_ingress_max_rate, qos_ingress_burst,

[ovs-dev] 答复: [spam可疑邮件]Re: 答复: Re: [PATCH 2/2] ovn-northd: Fix ping failure of vlan networks.

Hi Russell, I am sorry for the late reply. The route not bound to a chassis, and have no redirect-chassis. The dumped northbound db is as follow. Ip addresses of 100.0.0.148 and 200.0.0.2 locate on different chassis. The ping between them is not success before this patch. [root@tecs159 ~]#

[ovs-dev] 答复: Re: [PATCH 2/2] ovn-northd: Fix ping failure of vlan networks.

router is not external to OVN Russell Bryant 2017/06/05 20:12 收件人：wang.qia...@zte.com.cn, 抄送： Ben Pfaff , ovs dev , zhou.huij...@zte.com.cn, xurong00037997 主题： Re: [ovs-dev] [PATCH

[ovs-dev] [PATCH 2/2] ovn-northd: Fix ping failure of vlan networks.

There are two computer node, each have one vm. And the two vms in indifferent vlan networks. The ping between the vms is not success. The reason is that, acl of to-localnet port or from-localnet port is signed to contrack. So the pair of icmp request and reply have different zone id in one ovs

[ovs-dev] 答复: [spam可疑邮件]Re: 答复: [spam可疑邮件]Re: [PATCH] ovn-northd: Fix ping failure of vlan networks.

Thanks for you rapidly reply. We think localnet port never be the real destination port of vm instance. Like patch port of route, localnet port just used for interim. And nouse of ct to localnet will not cause the bypass of firewall. Because of the real destination port of vm1 or vm2 have

[ovs-dev] [PATCH] ovn-northd: Fix ping failure of vlan networks.

There are two computer node, each have one vm. And the two vms in indifferent vlan networks. The ping between the vms is not success. The reason is that, acl of to-localnet port or from-localnet port is signed to contrack. So the pair of icmp request and reply have different zone id in one ovs

[ovs-dev] 答复: RE: 答复: Re: 答复: Re: 答复: Re: [PATCH] ovn-controller: Support vxlan tunnel in ovn

t. These assumptions may not hold going forward. In fact I refer to two different patches below that are currently under review, that break your assumptions. On Fri, May 5, 2017 at 7:18 PM, <xu.r...@zte.com.cn> wrote: > Hi,Russell > > We think vxlan is the most commonly used tunne

[ovs-dev] 答复: Re: 答复: Re: 答复: Re: [PATCH] ovn-controller: Support vxlan tunnel in ovn

rk openstack,ovn should better consider it. > > As my workmate wang qianyu said,we would consider computer node connect > with existing hardware switches which associates with SR-IOV as VTEP. > > After discussion, we feel that as long as the following changes for vxlan > tunnel in the

[ovs-dev] 答复: Re: 答复: Re: [PATCH] ovn-controller: Support vxlan tunnel in ovn

We want to use ovn in the scenary that ovs-computer node and sriov computer node all managed by openstack. However, in our analysis that ovn-controller-vtep could only be used to forwards traffic between networks managed by openstack and physical network openstack not managed. Do we