| Message ID | 20240707200905.2719071-1-amorenoz@redhat.com |
|---|---|
| Headers | show
Return-Path: <ovs-dev-bounces@openvswitch.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ZxcKcgoa; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WHJHk3GH2z1xpP for <incoming@patchwork.ozlabs.org>; Mon, 8 Jul 2024 06:09:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 31240403EB; Sun, 7 Jul 2024 20:09:20 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id fyGzcJTmkObD; Sun, 7 Jul 2024 20:09:18 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN> DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 6D685403E0 Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ZxcKcgoa Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 6D685403E0; Sun, 7 Jul 2024 20:09:18 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 39ADFC0A97; Sun, 7 Jul 2024 20:09:18 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id BDB7DC0A96 for <dev@openvswitch.org>; Sun, 7 Jul 2024 20:09:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id A377580CB9 for <dev@openvswitch.org>; Sun, 7 Jul 2024 20:09:16 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id X2-ie4ZbDPGa for <dev@openvswitch.org>; Sun, 7 Jul 2024 20:09:15 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=amorenoz@redhat.com; receiver=<UNKNOWN> DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 4D4BE80CA2 Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 4D4BE80CA2 Authentication-Results: smtp1.osuosl.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ZxcKcgoa Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 4D4BE80CA2 for <dev@openvswitch.org>; Sun, 7 Jul 2024 20:09:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720382953; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sJO4x2M2ZjOCb03LzdVNaI+C+NGtOLo/8FI83Fv0M5s=; b=ZxcKcgoaTqHMlCwxfpR4k5NQI0vCoji+CYb5x9cny+YYzXTIj27CN2hwfKgEQQxFVQs1rg C9CFKA2H8NoPlSjQ7DfSDXw5wMArni/nfo46zPbM8L2TnMkKmjmz/Ej8KfZYsgd4XoxNaG 9p/UEiFxfjsD4Gx17Jwa39qJDM4/bAg= Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-368-_jKBPUDVMoCszMSqwHnOJA-1; Sun, 07 Jul 2024 16:09:11 -0400 X-MC-Unique: _jKBPUDVMoCszMSqwHnOJA-1 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id F1E1F1956088 for <dev@openvswitch.org>; Sun, 7 Jul 2024 20:09:10 +0000 (UTC) Received: from antares.redhat.com (unknown [10.39.192.91]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id DD4671955F40; Sun, 7 Jul 2024 20:09:08 +0000 (UTC) From: Adrian Moreno <amorenoz@redhat.com> To: dev@openvswitch.org Date: Sun, 7 Jul 2024 22:08:52 +0200 Message-ID: <20240707200905.2719071-1-amorenoz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH v1 00/13] Introduce local sampling with NXAST_SAMPLE action. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: <ovs-dev.openvswitch.org> List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe> List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/> List-Post: <mailto:ovs-dev@openvswitch.org> List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help> List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" <ovs-dev-bounces@openvswitch.org> |
| Series |
Introduce local sampling with NXAST_SAMPLE action.
|
expand
|
(Was: Add psample support to NXAST_SAMPLE action) This is the userspace counterpart of the work done in the kernel which has recently been merged in net-next [1]. There, a new datapath action is added, called "psample". From the PoV of ovs-vswitchd, this new action is used to implement "local sampling". Local sampling (or lsample for short) is configured in a similar way as current per-flow IPFIX sampling, i.e: using the Flow_Sample_Collector_Set table and the NXAST_SAMPLE action. However, instead of sending the sample to an external IPFIX collector though the network, the sample is emitted using the new action and made available to locally running sample collector. The specific way emit_sample sends the sample (and the way the local collector shall collect it) is datapath-specific. Currently, currently only the Linux kernel datapath implements it using the psample netlink multicast group. ~~ Configuration ~~ Local sampling is configured via a new column in the Flow_Sample_Collector_Set (FSCS) table called "local_group_id". Configuring this value is orthogonal to also associating the FSCS entry to an entry in the IPFIX table. Once that entry in the OVSDB is configured, NXAST_SAMPLE actions coming from the controller will be translated into the following odp action: sample(sample={P}%, actions(emit_sample(group={G},cookie={C}))) Where: P: Is the sampling probability from NXAST_SAMPLE G: Is the group id in the FSCS entry whose "id" matches the one in the NXAST_SAMPLE. C: Is a 64bit cookie result of concatenating the obs_domain and obs_point from the NXAST_SAMPLE in network order, i.e: "htonl(obs_domain) << 32 | htonl(obs_point)" Notes: - The parent sample action might be omitted if the probability is 100% and there is no IPFIX sampling that requires the use of a meter. ~~ Dpif-lsample ~~ Internally, a new object called "dpif-lsample" is introduced to track the configured local sampling exporters and track statistics based on odp flow stats (using xcache). It exposes the list of configured exporters and their statistics on a new unixctl command called "lsample/show". ~~ Drop monitoring ~~ A common use-case for this action can be to sample drops. However, adding sample actions to drops makes the existing drop statistics disappear. In order to fix this, patches 11 and 12 make use of explicit drop actions to ensure statistics still report drops even if sampled. ~~ Extended OpenFlow sample action ~~ Given the series aims at making sampling production ready, conntrack integration must be considered. A common use-case for state-full pipelines is to calculate the observation metadata at connection establishment, store it in ct_label and then use it for packets of established connections. However, this forces OVN to create a big number of OFP Flows (one per distinct cookie). Patch 13 solves this by allowing controllers to specify the obs_domain and point ids from another OFP field. ~~ Testing ~~ The series includes an test utility program than can be executed by running "tests/ovstest test-psample". This utility listens to packets multicasted by the psample module and prints them (also printing the obs_domain and obs_point ids). ~~ HW Offload ~~ tc offload is not being introduced in this series as existing sample or userspace actions are not currently offloadable. Also some improvements need to be implemented in tc for it to be feasible. ~~ DPDK datapath ~~ By naming the action "psample" it was intentionally restricted to the Linux datapath only. A follow up task would be spawned to think of a good way of implementing local-sampling in the userspace datapath. [1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=aae0b82b46cb5004bdf82a000c004d69a0885c33 --- * rfc_v3 -> v1 - Add extra test to patch 13/13. - Rebased. - Removed RFC tag as kernel patches landed on net-next. * rfc_v2 -> rfc_v3 - Added patches 11, 12 and 13 fixing drop monitoring and extending the OpenFlow action to support field-specifiers. Adrian Moreno (13): ofproto-dpif: Allow forcing dp features. odp-util: Add support OVS_ACTION_ATTR_PSAMPLE. ofproto_dpif: Check for psample support. ofproto: Add ofproto-dpif-lsample. vswitchd: Add local sampling to vswitchd schema. ofproto-dpif-xlate: Use psample for local sample. ofproto-dpif-xlate-cache: Add lsample to xcache. ofproto-dpif-lsample: Show stats via unixctl. tests: Add test-psample testing utility. tests: Test local sampling. ofproto: xlate: Make flow-sampled drops explicit. ofproto: xlate: Make bridge-sampled drops explicit. ofp-actions: Load data from fields in sample action. NEWS | 6 + include/linux/automake.mk | 1 + include/linux/openvswitch.h | 28 +++ include/linux/psample.h | 68 ++++++ include/openvswitch/ofp-actions.h | 8 +- lib/dpif-netdev.c | 1 + lib/dpif.c | 8 + lib/dpif.h | 1 + lib/odp-execute.c | 25 +- lib/odp-util.c | 93 ++++++++ lib/odp-util.h | 3 + lib/ofp-actions.c | 249 ++++++++++++++++++-- ofproto/automake.mk | 2 + ofproto/ofproto-dpif-ipfix.c | 1 + ofproto/ofproto-dpif-lsample.c | 332 ++++++++++++++++++++++++++ ofproto/ofproto-dpif-lsample.h | 46 ++++ ofproto/ofproto-dpif-sflow.c | 1 + ofproto/ofproto-dpif-xlate-cache.c | 11 +- ofproto/ofproto-dpif-xlate-cache.h | 6 + ofproto/ofproto-dpif-xlate.c | 323 +++++++++++++++++++------- ofproto/ofproto-dpif-xlate.h | 5 +- ofproto/ofproto-dpif.c | 122 +++++++++- ofproto/ofproto-dpif.h | 8 +- ofproto/ofproto-provider.h | 9 + ofproto/ofproto.c | 12 + ofproto/ofproto.h | 8 + python/ovs/flow/odp.py | 8 + python/ovs/flow/ofp.py | 8 +- python/ovs/flow/ofp_act.py | 4 +- tests/automake.mk | 3 +- tests/drop-stats.at | 109 +++++++++ tests/odp.at | 16 ++ tests/ofp-actions.at | 5 + tests/ofproto-dpif.at | 235 ++++++++++++++++++- tests/system-common-macros.at | 4 + tests/system-traffic.at | 359 +++++++++++++++++++++++++++++ tests/test-psample.c | 284 +++++++++++++++++++++++ vswitchd/bridge.c | 78 ++++++- vswitchd/vswitch.ovsschema | 9 +- vswitchd/vswitch.xml | 40 +++- 40 files changed, 2398 insertions(+), 141 deletions(-) create mode 100644 include/linux/psample.h create mode 100644 ofproto/ofproto-dpif-lsample.c create mode 100644 ofproto/ofproto-dpif-lsample.h create mode 100644 tests/test-psample.c