| Message ID | 20240704075255.140530-1-amorenoz@redhat.com |
|---|---|
| Headers | show |
| Series | Introduce local sampling with NXAST_SAMPLE action. | expand |
On Thu, Jul 04, 2024 at 09:52:41AM GMT, Adrian Moreno wrote: > (Was: Add psample support to NXAST_SAMPLE action) > > This is the userspace counterpart of the work being done in the kernel > [1] which is still not merged (hence the RFC state). There, a new > datapath action is added, called "psample". > > From the PoV of ovs-vswitchd, this new action is used to implement > "local sampling". Local sampling (or lsample for short) is configured > in a similar way as current per-flow IPFIX sampling, i.e: using the > Flow_Sample_Collector_Set table and the NXAST_SAMPLE action. > > However, instead of sending the sample to an external IPFIX collector > though the network, the sample is emitted using the new action and > made available to locally running sample collector. > > The specific way emit_sample sends the sample (and the way the local > collector shall collect it) is datapath-specific. > Currently, currently only the Linux kernel datapath implements it using > the psample netlink multicast group. > > ~~ Configuration ~~ > Local sampling is configured via a new column in the > Flow_Sample_Collector_Set (FSCS) table called "local_sample_group". > Configuring this value is orthogonal to also associating the FSCS > entry to an entry in the IPFIX table. > > Once that entry in the OVSDB is configured, NXAST_SAMPLE actions coming > from the controller will be translated into the following odp action: > > sample(sample={P}%, actions(emit_sample(group={G},cookie={C}))) > > Where: > P: Is the sampling probability from NXAST_SAMPLE > G: Is the group id in the FSCS entry whose "id" matches the one in > the NXAST_SAMPLE. > C: Is a 64bit cookie result of concatenating the obs_domain and > obs_point from the NXAST_SAMPLE in network order, i.e: > "htonl(obs_domain) << 32 | htonl(obs_point)" > Notes: > - The parent sample action might be omitted if the probability is > 100% and there is no IPFIX sampling that requires the use of a > meter. > > ~~ Dpif-lsample ~~ > Internally, a new object called "dpif-lsample" is introduced to track > the configured local sampling exporters and track statistics based on > odp flow stats (using xcache). > It exposes the list of configured exporters and their statistics on a > new unixctl command called "lsample/show". > I just realized I forgot to add a comment explicitly stating that the above two sections below (which translate to patches 11/13, 12/13 and 13/13) are new in this version of the RFC series. I know this can be problematic given the late stage we're in so I'll add a bit os context on why I added them. > ~~ Drop monitoring ~~ > A common use-case for this action can be to sample drops. However, > adding sample actions to drops makes the existing drop statistics > disappear. In order to fix this, patches 11 and 12 make use of explicit > drop actions to ensure statistics still report drops even if sampled. > Drop monitoring and the interaction with local (or even non-local) sampling has been discussed in the kernel series as I originally tried to solve the problem in the kernel. After some discussions with Ilya we agreed to explore the solution to the problem in userspace. That is why I feel these patches are related to the series. In any case, IMHO, both patches fix existing bugs: Enabling sampling (local or not, per-bridge or per-flow) should not hide drop statistics. One visibility feature should not break an existing one. > ~~ Extended OpenFlow sample action ~~ > Given the series aims at making sampling production ready, conntrack > integration must be considered. A common use-case for state-full > pipelines is to calculate the observation metadata at connection > establishment, store it in ct_label and then use it for packets of > established connections. However, this forces OVN to create a big number > of OFP Flows (one per distinct cookie). Patch 13 solves this by allowing > controllers to specify the obs_domain and point ids from another OFP > field. > This is an addition that, although discussed informally, did not come directly from the kernel series but from experimentation and interaction with the OVN team. It can be considered a follow-up optimization so if there is controversy around it, I'm OK postponing it to a future release. > ~~ Testing ~~ > The series includes an test utility program than can be executed by > running "tests/ovstest test-psample". This utility listens > to packets multicasted by the psample module and prints them (also > printing the obs_domain and obs_point ids). > > ~~ HW Offload ~~ > tc offload is not being introduced in this series as existing sample > or userspace actions are not currently offloadable. Also some > improvements need to be implemented in tc for it to be feasible. > > ~~ DPDK datapath ~~ > By naming the action "psample" it was intentionally restricted to the > Linux datapath only. A follow up task would be spawned to think of a > good way of implementing local-sampling in the userspace datapath. > > [1] > https://patchwork.kernel.org/project/netdevbpf/cover/20240702095336.596506-1-amorenoz@redhat.com/ > > Adrian Moreno (13): > ofproto-dpif: Allow forcing dp features. > odp-util: Add support OVS_ACTION_ATTR_PSAMPLE. > ofproto_dpif: Check for psample support. > ofproto: Add ofproto-dpif-lsample. > vswitchd: Add local sampling to vswitchd schema. > ofproto-dpif-xlate: Use psample for local sample. > ofproto-dpif-xlate-cache: Add lsample to xcache. > ofproto-dpif-lsample: Show stats via unixctl. > tests: Add test-psample testing utility. > tests: Test local sampling. > ofproto: xlate: Make flow-sampled drops explicit. > ofproto: xlate: Make bridge-sampled drops explicit. > ofp-actions: Load data from fields in sample action. > > NEWS | 6 + > include/linux/automake.mk | 1 + > include/linux/openvswitch.h | 28 +++ > include/linux/psample.h | 68 ++++++ > include/openvswitch/ofp-actions.h | 8 +- > lib/dpif-netdev.c | 1 + > lib/dpif.c | 8 + > lib/dpif.h | 1 + > lib/odp-execute.c | 25 +- > lib/odp-util.c | 93 ++++++++ > lib/odp-util.h | 3 + > lib/ofp-actions.c | 249 ++++++++++++++++++-- > ofproto/automake.mk | 2 + > ofproto/ofproto-dpif-ipfix.c | 1 + > ofproto/ofproto-dpif-lsample.c | 332 ++++++++++++++++++++++++++ > ofproto/ofproto-dpif-lsample.h | 46 ++++ > ofproto/ofproto-dpif-sflow.c | 1 + > ofproto/ofproto-dpif-xlate-cache.c | 11 +- > ofproto/ofproto-dpif-xlate-cache.h | 6 + > ofproto/ofproto-dpif-xlate.c | 323 +++++++++++++++++++------- > ofproto/ofproto-dpif-xlate.h | 5 +- > ofproto/ofproto-dpif.c | 122 +++++++++- > ofproto/ofproto-dpif.h | 8 +- > ofproto/ofproto-provider.h | 9 + > ofproto/ofproto.c | 12 + > ofproto/ofproto.h | 8 + > python/ovs/flow/odp.py | 8 + > python/ovs/flow/ofp.py | 8 +- > python/ovs/flow/ofp_act.py | 4 +- > tests/automake.mk | 3 +- > tests/drop-stats.at | 109 +++++++++ > tests/odp.at | 16 ++ > tests/ofp-actions.at | 5 + > tests/ofproto-dpif.at | 194 +++++++++++++++- > tests/system-common-macros.at | 4 + > tests/system-traffic.at | 359 +++++++++++++++++++++++++++++ > tests/test-psample.c | 284 +++++++++++++++++++++++ > vswitchd/bridge.c | 78 ++++++- > vswitchd/vswitch.ovsschema | 9 +- > vswitchd/vswitch.xml | 40 +++- > 40 files changed, 2357 insertions(+), 141 deletions(-) > create mode 100644 include/linux/psample.h > create mode 100644 ofproto/ofproto-dpif-lsample.c > create mode 100644 ofproto/ofproto-dpif-lsample.h > create mode 100644 tests/test-psample.c > > -- > 2.45.2 >
(Was: Add psample support to NXAST_SAMPLE action) This is the userspace counterpart of the work being done in the kernel [1] which is still not merged (hence the RFC state). There, a new datapath action is added, called "psample". From the PoV of ovs-vswitchd, this new action is used to implement "local sampling". Local sampling (or lsample for short) is configured in a similar way as current per-flow IPFIX sampling, i.e: using the Flow_Sample_Collector_Set table and the NXAST_SAMPLE action. However, instead of sending the sample to an external IPFIX collector though the network, the sample is emitted using the new action and made available to locally running sample collector. The specific way emit_sample sends the sample (and the way the local collector shall collect it) is datapath-specific. Currently, currently only the Linux kernel datapath implements it using the psample netlink multicast group. ~~ Configuration ~~ Local sampling is configured via a new column in the Flow_Sample_Collector_Set (FSCS) table called "local_sample_group". Configuring this value is orthogonal to also associating the FSCS entry to an entry in the IPFIX table. Once that entry in the OVSDB is configured, NXAST_SAMPLE actions coming from the controller will be translated into the following odp action: sample(sample={P}%, actions(emit_sample(group={G},cookie={C}))) Where: P: Is the sampling probability from NXAST_SAMPLE G: Is the group id in the FSCS entry whose "id" matches the one in the NXAST_SAMPLE. C: Is a 64bit cookie result of concatenating the obs_domain and obs_point from the NXAST_SAMPLE in network order, i.e: "htonl(obs_domain) << 32 | htonl(obs_point)" Notes: - The parent sample action might be omitted if the probability is 100% and there is no IPFIX sampling that requires the use of a meter. ~~ Dpif-lsample ~~ Internally, a new object called "dpif-lsample" is introduced to track the configured local sampling exporters and track statistics based on odp flow stats (using xcache). It exposes the list of configured exporters and their statistics on a new unixctl command called "lsample/show". ~~ Drop monitoring ~~ A common use-case for this action can be to sample drops. However, adding sample actions to drops makes the existing drop statistics disappear. In order to fix this, patches 11 and 12 make use of explicit drop actions to ensure statistics still report drops even if sampled. ~~ Extended OpenFlow sample action ~~ Given the series aims at making sampling production ready, conntrack integration must be considered. A common use-case for state-full pipelines is to calculate the observation metadata at connection establishment, store it in ct_label and then use it for packets of established connections. However, this forces OVN to create a big number of OFP Flows (one per distinct cookie). Patch 13 solves this by allowing controllers to specify the obs_domain and point ids from another OFP field. ~~ Testing ~~ The series includes an test utility program than can be executed by running "tests/ovstest test-psample". This utility listens to packets multicasted by the psample module and prints them (also printing the obs_domain and obs_point ids). ~~ HW Offload ~~ tc offload is not being introduced in this series as existing sample or userspace actions are not currently offloadable. Also some improvements need to be implemented in tc for it to be feasible. ~~ DPDK datapath ~~ By naming the action "psample" it was intentionally restricted to the Linux datapath only. A follow up task would be spawned to think of a good way of implementing local-sampling in the userspace datapath. [1] https://patchwork.kernel.org/project/netdevbpf/cover/20240702095336.596506-1-amorenoz@redhat.com/ Adrian Moreno (13): ofproto-dpif: Allow forcing dp features. odp-util: Add support OVS_ACTION_ATTR_PSAMPLE. ofproto_dpif: Check for psample support. ofproto: Add ofproto-dpif-lsample. vswitchd: Add local sampling to vswitchd schema. ofproto-dpif-xlate: Use psample for local sample. ofproto-dpif-xlate-cache: Add lsample to xcache. ofproto-dpif-lsample: Show stats via unixctl. tests: Add test-psample testing utility. tests: Test local sampling. ofproto: xlate: Make flow-sampled drops explicit. ofproto: xlate: Make bridge-sampled drops explicit. ofp-actions: Load data from fields in sample action. NEWS | 6 + include/linux/automake.mk | 1 + include/linux/openvswitch.h | 28 +++ include/linux/psample.h | 68 ++++++ include/openvswitch/ofp-actions.h | 8 +- lib/dpif-netdev.c | 1 + lib/dpif.c | 8 + lib/dpif.h | 1 + lib/odp-execute.c | 25 +- lib/odp-util.c | 93 ++++++++ lib/odp-util.h | 3 + lib/ofp-actions.c | 249 ++++++++++++++++++-- ofproto/automake.mk | 2 + ofproto/ofproto-dpif-ipfix.c | 1 + ofproto/ofproto-dpif-lsample.c | 332 ++++++++++++++++++++++++++ ofproto/ofproto-dpif-lsample.h | 46 ++++ ofproto/ofproto-dpif-sflow.c | 1 + ofproto/ofproto-dpif-xlate-cache.c | 11 +- ofproto/ofproto-dpif-xlate-cache.h | 6 + ofproto/ofproto-dpif-xlate.c | 323 +++++++++++++++++++------- ofproto/ofproto-dpif-xlate.h | 5 +- ofproto/ofproto-dpif.c | 122 +++++++++- ofproto/ofproto-dpif.h | 8 +- ofproto/ofproto-provider.h | 9 + ofproto/ofproto.c | 12 + ofproto/ofproto.h | 8 + python/ovs/flow/odp.py | 8 + python/ovs/flow/ofp.py | 8 +- python/ovs/flow/ofp_act.py | 4 +- tests/automake.mk | 3 +- tests/drop-stats.at | 109 +++++++++ tests/odp.at | 16 ++ tests/ofp-actions.at | 5 + tests/ofproto-dpif.at | 194 +++++++++++++++- tests/system-common-macros.at | 4 + tests/system-traffic.at | 359 +++++++++++++++++++++++++++++ tests/test-psample.c | 284 +++++++++++++++++++++++ vswitchd/bridge.c | 78 ++++++- vswitchd/vswitch.ovsschema | 9 +- vswitchd/vswitch.xml | 40 +++- 40 files changed, 2357 insertions(+), 141 deletions(-) create mode 100644 include/linux/psample.h create mode 100644 ofproto/ofproto-dpif-lsample.c create mode 100644 ofproto/ofproto-dpif-lsample.h create mode 100644 tests/test-psample.c