Message ID | 1494527766-14402-1-git-send-email-mickeys.dev@gmail.com |
---|---|
State | Changes Requested |
Headers | show |
On Fri, May 12, 2017 at 12:06 AM, Mickey Spiegel <mickeys.dev@gmail.com> wrote: > The OVN ingress pipeline for a logical switch is maxed out at 16 stages. > > This patch takes the simple approach of starting the ingress pipeline at > table 8 rather than table 16, and starting the egress pipeline at > table 40 rather than table 48. > > You also need to increase the range of the Logical_Flow.table_id column in south bound db [1]. The present range is 0 to 15. [1]- https://github.com/openvswitch/ovs/blob/master/ovn/ovn-sb.ovsschema#L66 Numan Signed-off-by: Mickey Spiegel <mickeys.dev@gmail.com> > --- > ovn/controller/lflow.h | 6 +++--- > ovn/ovn-architecture.7.xml | 27 ++++++++++++++------------- > ovn/utilities/ovn-trace.c | 2 +- > tests/ovn.at | 40 ++++++++++++++++++++-------------------- > tests/test-ovn.c | 6 +++--- > 5 files changed, 41 insertions(+), 40 deletions(-) > > diff --git a/ovn/controller/lflow.h b/ovn/controller/lflow.h > index 8761b1e..a23cde0 100644 > --- a/ovn/controller/lflow.h > +++ b/ovn/controller/lflow.h > @@ -49,17 +49,17 @@ struct uuid; > * These are heavily documented in ovn-architecture(7), please update it > if > * you make any changes. */ > #define OFTABLE_PHY_TO_LOG 0 > -#define OFTABLE_LOG_INGRESS_PIPELINE 16 /* First of LOG_PIPELINE_LEN > tables. */ > +#define OFTABLE_LOG_INGRESS_PIPELINE 8 /* First of LOG_PIPELINE_LEN > tables. */ > #define OFTABLE_REMOTE_OUTPUT 32 > #define OFTABLE_LOCAL_OUTPUT 33 > #define OFTABLE_CHECK_LOOPBACK 34 > -#define OFTABLE_LOG_EGRESS_PIPELINE 48 /* First of LOG_PIPELINE_LEN > tables. */ > +#define OFTABLE_LOG_EGRESS_PIPELINE 40 /* First of LOG_PIPELINE_LEN > tables. */ > #define OFTABLE_SAVE_INPORT 64 > #define OFTABLE_LOG_TO_PHY 65 > #define OFTABLE_MAC_BINDING 66 > > /* The number of tables for the ingress and egress pipelines. */ > -#define LOG_PIPELINE_LEN 16 > +#define LOG_PIPELINE_LEN 24 > > void lflow_init(void); > void lflow_run(struct controller_ctx *, > diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml > index d8114f1..eb6744b 100644 > --- a/ovn/ovn-architecture.7.xml > +++ b/ovn/ovn-architecture.7.xml > @@ -774,7 +774,7 @@ > VXLAN tunnels do not transmit the logical output port field. > Since VXLAN tunnels do not carry a logical output port field in > the tunnel key, when a packet is received from VXLAN tunnel by > - an OVN hypervisor, the packet is resubmitted to table 16 to > + an OVN hypervisor, the packet is resubmitted to table 8 to > determine the output port(s); when the packet reaches table 32, > these packets are resubmitted to table 33 for local delivery by > checking a MLF_RCV_FROM_VXLAN flag, which is set when the packet > @@ -835,7 +835,7 @@ > the packet's ingress port. Its actions annotate the packet with > logical metadata, by setting the logical datapath field to > identify the > logical datapath that the packet is traversing and the logical > input > - port field to identify the ingress port. Then it resubmits to > table 16 > + port field to identify the ingress port. Then it resubmits to > table 8 > to enter the logical ingress pipeline. > </p> > > @@ -864,13 +864,13 @@ > > <li> > <p> > - OpenFlow tables 16 through 31 execute the logical ingress > pipeline from > + OpenFlow tables 8 through 31 execute the logical ingress pipeline > from > the <code>Logical_Flow</code> table in the OVN Southbound > database. > These tables are expressed entirely in terms of logical concepts > like > logical ports and logical datapaths. A big part of > <code>ovn-controller</code>'s job is to translate them into > equivalent > OpenFlow (in particular it translates the table numbers: > - <code>Logical_Flow</code> tables 0 through 15 become OpenFlow > tables 16 > + <code>Logical_Flow</code> tables 0 through 23 become OpenFlow > tables 8 > through 31). > </p> > > @@ -999,7 +999,7 @@ > and resubmit these packets to table 33 for local delivery. Packets > received from VXLAN tunnels reach here because of a lack of > logical > output port field in the tunnel key and thus these packets needed > to > - be submitted to table 16 to determine the output port. > + be submitted to table 8 to determine the output port. > </p> > > <p> > @@ -1024,13 +1024,13 @@ > <p> > Table 34 matches and drops packets for which the logical input and > output ports are the same and the MLF_ALLOW_LOOPBACK flag is not > - set. It resubmits other packets to table 48. > + set. It resubmits other packets to table 40. > </p> > </li> > > <li> > <p> > - OpenFlow tables 48 through 63 execute the logical egress pipeline > from > + OpenFlow tables 40 through 63 execute the logical egress pipeline > from > the <code>Logical_Flow</code> table in the OVN Southbound > database. > The egress pipeline can perform a final stage of validation before > packet delivery. Eventually, it may execute an > <code>output</code> > @@ -1110,27 +1110,28 @@ > > <li> > In OVS versions 2.7 and later, the packet is cloned and resubmitted > - directly to OpenFlow flow table 16, setting the logical ingress > - port to the peer logical patch port, and using the peer logical > - patch port's logical datapath (that represents the logical router). > + directly to the first OpenFlow flow table in the ingress pipeline, > + setting the logical ingress port to the peer logical patch port, and > + using the peer logical patch port's logical datapath (that > + represents the logical router). > </li> > </ul> > > <p> > The packet re-enters the ingress pipeline in order to traverse tables > - 16 to 65 again, this time using the logical datapath representing the > + 8 to 65 again, this time using the logical datapath representing the > logical router. The processing continues as described in the previous > section <code>Architectural Physical Life Cycle of a Packet</code>. > When the packet reachs table 65, the logical egress port will once > again be a logical patch port. In the same manner as described above, > this logical patch port will cause the packet to be resubmitted to > - OpenFlow tables 16 to 65, this time using the logical datapath > + OpenFlow tables 8 to 65, this time using the logical datapath > representing the logical switch that the destination VM or container > is attached to. > </p> > > <p> > - The packet traverses tables 16 to 65 a third and final time. If the > + The packet traverses tables 8 to 65 a third and final time. If the > destination VM or container resides on a remote hypervisor, then table > 32 will send the packet on a tunnel port from the sender's hypervisor > to the remote hypervisor. Finally table 65 will output the packet > diff --git a/ovn/utilities/ovn-trace.c b/ovn/utilities/ovn-trace.c > index a9970af..149f70d 100644 > --- a/ovn/utilities/ovn-trace.c > +++ b/ovn/utilities/ovn-trace.c > @@ -826,7 +826,7 @@ read_flows(void) > .pipeline = (!strcmp(sblf->pipeline, "ingress") > ? OVNACT_P_INGRESS > : OVNACT_P_EGRESS), > - .n_tables = 16, > + .n_tables = 24, > .cur_ltable = sblf->table_id, > }; > uint64_t stub[1024 / 8]; > diff --git a/tests/ovn.at b/tests/ovn.at > index b30315e..61661c3 100644 > --- a/tests/ovn.at > +++ b/tests/ovn.at > @@ -643,41 +643,41 @@ output; > > # next > next; > - encodes as resubmit(,27) > + encodes as resubmit(,19) > next(11); > formats as next; > - encodes as resubmit(,27) > + encodes as resubmit(,19) > next(0); > - encodes as resubmit(,16) > -next(15); > + encodes as resubmit(,8) > +next(23); > encodes as resubmit(,31) > > next(); > Syntax error at `)' expecting "pipeline" or "table". > next(10; > Syntax error at `;' expecting `)'. > -next(16); > - "next" action cannot advance beyond table 15. > +next(24); > + "next" action cannot advance beyond table 23. > > next(table=11); > formats as next; > - encodes as resubmit(,27) > + encodes as resubmit(,19) > next(pipeline=ingress); > formats as next; > - encodes as resubmit(,27) > + encodes as resubmit(,19) > next(table=11, pipeline=ingress); > formats as next; > - encodes as resubmit(,27) > + encodes as resubmit(,19) > next(pipeline=ingress, table=11); > formats as next; > - encodes as resubmit(,27) > + encodes as resubmit(,19) > > next(pipeline=egress); > "next" action cannot advance from ingress to egress pipeline (use > "output" action instead) > > next(table=10); > formats as next(10); > - encodes as resubmit(,26) > + encodes as resubmit(,18) > > # Loading a constant value. > tcp.dst=80; > @@ -699,7 +699,7 @@ ip.ttl=4; > has prereqs eth.type == 0x800 || eth.type == 0x86dd > outport="eth0"; next; outport="LOCAL"; next; > formats as outport = "eth0"; next; outport = "LOCAL"; next; > - encodes as set_field:0x5->reg15,resubmit( > ,27),set_field:0xfffe->reg15,resubmit(,27) > + encodes as set_field:0x5->reg15,resubmit( > ,19),set_field:0xfffe->reg15,resubmit(,19) > > inport[1] = 1; > Cannot select subfield of string field inport. > @@ -780,11 +780,11 @@ ip.ttl > > # load balancing. > ct_lb; > - encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat) > + encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat) > has prereqs ip > ct_lb(); > formats as ct_lb; > - encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat) > + encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat) > has prereqs ip > ct_lb(192.168.1.2:80, 192.168.1.3:80); > encodes as group:1 > @@ -803,7 +803,7 @@ ct_lb(foo); > > # ct_next > ct_next; > - encodes as ct(table=27,zone=NXM_NX_REG13[0..15]) > + encodes as ct(table=19,zone=NXM_NX_REG13[0..15]) > has prereqs ip > > # ct_commit > @@ -855,10 +855,10 @@ ct_commit(ct_label=18446744073709551616); > > # ct_dnat > ct_dnat; > - encodes as ct(table=27,zone=NXM_NX_REG11[0..15],nat) > + encodes as ct(table=19,zone=NXM_NX_REG11[0..15],nat) > has prereqs ip > ct_dnat(192.168.1.2); > - encodes as ct(commit,table=27,zone=NXM_NX_REG11[0..15],nat(dst=192. > 168.1.2)) > + encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192. > 168.1.2)) > has prereqs ip > > ct_dnat(192.168.1.2, 192.168.1.3); > @@ -872,10 +872,10 @@ ct_dnat(); > > # ct_snat > ct_snat; > - encodes as ct(table=27,zone=NXM_NX_REG12[0..15],nat) > + encodes as ct(table=19,zone=NXM_NX_REG12[0..15],nat) > has prereqs ip > ct_snat(192.168.1.2); > - encodes as ct(commit,table=27,zone=NXM_NX_REG12[0..15],nat(src=192. > 168.1.2)) > + encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192. > 168.1.2)) > has prereqs ip > > ct_snat(192.168.1.2, 192.168.1.3); > @@ -893,7 +893,7 @@ ct_clear; > > # clone > clone { ip4.dst = 255.255.255.255; output; }; next; > - encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)), > resubmit(,27) > + encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)), > resubmit(,19) > has prereqs eth.type == 0x800 > > # arp > diff --git a/tests/test-ovn.c b/tests/test-ovn.c > index 18860ae..32efac4 100644 > --- a/tests/test-ovn.c > +++ b/tests/test-ovn.c > @@ -1224,7 +1224,7 @@ test_parse_actions(struct ovs_cmdl_context *ctx > OVS_UNUSED) > .symtab = &symtab, > .dhcp_opts = &dhcp_opts, > .dhcpv6_opts = &dhcpv6_opts, > - .n_tables = 16, > + .n_tables = 24, > .cur_ltable = 10, > }; > error = ovnacts_parse_string(ds_cstr(&input), &pp, &ovnacts, > &prereqs); > @@ -1245,8 +1245,8 @@ test_parse_actions(struct ovs_cmdl_context *ctx > OVS_UNUSED) > .group_table = &group_table, > > .pipeline = OVNACT_P_INGRESS, > - .ingress_ptable = 16, > - .egress_ptable = 48, > + .ingress_ptable = 8, > + .egress_ptable = 40, > .output_ptable = 64, > .mac_bind_ptable = 65, > }; > -- > 1.9.1 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
Makes sense, but Numan is right https://github.com/openvswitch/ovs/blob/master/ovn/ovn-sb.ovsschema#L64 On Mon, May 15, 2017 at 12:07 PM, Numan Siddique <nusiddiq@redhat.com> wrote: > On Fri, May 12, 2017 at 12:06 AM, Mickey Spiegel <mickeys.dev@gmail.com> > wrote: > > > The OVN ingress pipeline for a logical switch is maxed out at 16 stages. > > > > This patch takes the simple approach of starting the ingress pipeline at > > table 8 rather than table 16, and starting the egress pipeline at > > table 40 rather than table 48. > > > > > You also need to increase the range of the Logical_Flow.table_id column in > south bound db [1]. > The present range is 0 to 15. > > [1]- https://github.com/openvswitch/ovs/blob/master/ > ovn/ovn-sb.ovsschema#L66 > > > Numan > > > Signed-off-by: Mickey Spiegel <mickeys.dev@gmail.com> > > --- > > ovn/controller/lflow.h | 6 +++--- > > ovn/ovn-architecture.7.xml | 27 ++++++++++++++------------- > > ovn/utilities/ovn-trace.c | 2 +- > > tests/ovn.at | 40 ++++++++++++++++++++---------- > ---------- > > tests/test-ovn.c | 6 +++--- > > 5 files changed, 41 insertions(+), 40 deletions(-) > > > > diff --git a/ovn/controller/lflow.h b/ovn/controller/lflow.h > > index 8761b1e..a23cde0 100644 > > --- a/ovn/controller/lflow.h > > +++ b/ovn/controller/lflow.h > > @@ -49,17 +49,17 @@ struct uuid; > > * These are heavily documented in ovn-architecture(7), please update it > > if > > * you make any changes. */ > > #define OFTABLE_PHY_TO_LOG 0 > > -#define OFTABLE_LOG_INGRESS_PIPELINE 16 /* First of LOG_PIPELINE_LEN > > tables. */ > > +#define OFTABLE_LOG_INGRESS_PIPELINE 8 /* First of LOG_PIPELINE_LEN > > tables. */ > > #define OFTABLE_REMOTE_OUTPUT 32 > > #define OFTABLE_LOCAL_OUTPUT 33 > > #define OFTABLE_CHECK_LOOPBACK 34 > > -#define OFTABLE_LOG_EGRESS_PIPELINE 48 /* First of LOG_PIPELINE_LEN > > tables. */ > > +#define OFTABLE_LOG_EGRESS_PIPELINE 40 /* First of LOG_PIPELINE_LEN > > tables. */ > > #define OFTABLE_SAVE_INPORT 64 > > #define OFTABLE_LOG_TO_PHY 65 > > #define OFTABLE_MAC_BINDING 66 > > > > /* The number of tables for the ingress and egress pipelines. */ > > -#define LOG_PIPELINE_LEN 16 > > +#define LOG_PIPELINE_LEN 24 > > > > void lflow_init(void); > > void lflow_run(struct controller_ctx *, > > diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml > > index d8114f1..eb6744b 100644 > > --- a/ovn/ovn-architecture.7.xml > > +++ b/ovn/ovn-architecture.7.xml > > @@ -774,7 +774,7 @@ > > VXLAN tunnels do not transmit the logical output port field. > > Since VXLAN tunnels do not carry a logical output port field in > > the tunnel key, when a packet is received from VXLAN tunnel by > > - an OVN hypervisor, the packet is resubmitted to table 16 to > > + an OVN hypervisor, the packet is resubmitted to table 8 to > > determine the output port(s); when the packet reaches table 32, > > these packets are resubmitted to table 33 for local delivery by > > checking a MLF_RCV_FROM_VXLAN flag, which is set when the packet > > @@ -835,7 +835,7 @@ > > the packet's ingress port. Its actions annotate the packet with > > logical metadata, by setting the logical datapath field to > > identify the > > logical datapath that the packet is traversing and the logical > > input > > - port field to identify the ingress port. Then it resubmits to > > table 16 > > + port field to identify the ingress port. Then it resubmits to > > table 8 > > to enter the logical ingress pipeline. > > </p> > > > > @@ -864,13 +864,13 @@ > > > > <li> > > <p> > > - OpenFlow tables 16 through 31 execute the logical ingress > > pipeline from > > + OpenFlow tables 8 through 31 execute the logical ingress > pipeline > > from > > the <code>Logical_Flow</code> table in the OVN Southbound > > database. > > These tables are expressed entirely in terms of logical concepts > > like > > logical ports and logical datapaths. A big part of > > <code>ovn-controller</code>'s job is to translate them into > > equivalent > > OpenFlow (in particular it translates the table numbers: > > - <code>Logical_Flow</code> tables 0 through 15 become OpenFlow > > tables 16 > > + <code>Logical_Flow</code> tables 0 through 23 become OpenFlow > > tables 8 > > through 31). > > </p> > > > > @@ -999,7 +999,7 @@ > > and resubmit these packets to table 33 for local delivery. > Packets > > received from VXLAN tunnels reach here because of a lack of > > logical > > output port field in the tunnel key and thus these packets > needed > > to > > - be submitted to table 16 to determine the output port. > > + be submitted to table 8 to determine the output port. > > </p> > > > > <p> > > @@ -1024,13 +1024,13 @@ > > <p> > > Table 34 matches and drops packets for which the logical input > and > > output ports are the same and the MLF_ALLOW_LOOPBACK flag is not > > - set. It resubmits other packets to table 48. > > + set. It resubmits other packets to table 40. > > </p> > > </li> > > > > <li> > > <p> > > - OpenFlow tables 48 through 63 execute the logical egress > pipeline > > from > > + OpenFlow tables 40 through 63 execute the logical egress > pipeline > > from > > the <code>Logical_Flow</code> table in the OVN Southbound > > database. > > The egress pipeline can perform a final stage of validation > before > > packet delivery. Eventually, it may execute an > > <code>output</code> > > @@ -1110,27 +1110,28 @@ > > > > <li> > > In OVS versions 2.7 and later, the packet is cloned and > resubmitted > > - directly to OpenFlow flow table 16, setting the logical ingress > > - port to the peer logical patch port, and using the peer logical > > - patch port's logical datapath (that represents the logical > router). > > + directly to the first OpenFlow flow table in the ingress pipeline, > > + setting the logical ingress port to the peer logical patch port, > and > > + using the peer logical patch port's logical datapath (that > > + represents the logical router). > > </li> > > </ul> > > > > <p> > > The packet re-enters the ingress pipeline in order to traverse > tables > > - 16 to 65 again, this time using the logical datapath representing > the > > + 8 to 65 again, this time using the logical datapath representing the > > logical router. The processing continues as described in the > previous > > section <code>Architectural Physical Life Cycle of a Packet</code>. > > When the packet reachs table 65, the logical egress port will once > > again be a logical patch port. In the same manner as described > above, > > this logical patch port will cause the packet to be resubmitted to > > - OpenFlow tables 16 to 65, this time using the logical datapath > > + OpenFlow tables 8 to 65, this time using the logical datapath > > representing the logical switch that the destination VM or container > > is attached to. > > </p> > > > > <p> > > - The packet traverses tables 16 to 65 a third and final time. If the > > + The packet traverses tables 8 to 65 a third and final time. If the > > destination VM or container resides on a remote hypervisor, then > table > > 32 will send the packet on a tunnel port from the sender's > hypervisor > > to the remote hypervisor. Finally table 65 will output the packet > > diff --git a/ovn/utilities/ovn-trace.c b/ovn/utilities/ovn-trace.c > > index a9970af..149f70d 100644 > > --- a/ovn/utilities/ovn-trace.c > > +++ b/ovn/utilities/ovn-trace.c > > @@ -826,7 +826,7 @@ read_flows(void) > > .pipeline = (!strcmp(sblf->pipeline, "ingress") > > ? OVNACT_P_INGRESS > > : OVNACT_P_EGRESS), > > - .n_tables = 16, > > + .n_tables = 24, > > .cur_ltable = sblf->table_id, > > }; > > uint64_t stub[1024 / 8]; > > diff --git a/tests/ovn.at b/tests/ovn.at > > index b30315e..61661c3 100644 > > --- a/tests/ovn.at > > +++ b/tests/ovn.at > > @@ -643,41 +643,41 @@ output; > > > > # next > > next; > > - encodes as resubmit(,27) > > + encodes as resubmit(,19) > > next(11); > > formats as next; > > - encodes as resubmit(,27) > > + encodes as resubmit(,19) > > next(0); > > - encodes as resubmit(,16) > > -next(15); > > + encodes as resubmit(,8) > > +next(23); > > encodes as resubmit(,31) > > > > next(); > > Syntax error at `)' expecting "pipeline" or "table". > > next(10; > > Syntax error at `;' expecting `)'. > > -next(16); > > - "next" action cannot advance beyond table 15. > > +next(24); > > + "next" action cannot advance beyond table 23. > > > > next(table=11); > > formats as next; > > - encodes as resubmit(,27) > > + encodes as resubmit(,19) > > next(pipeline=ingress); > > formats as next; > > - encodes as resubmit(,27) > > + encodes as resubmit(,19) > > next(table=11, pipeline=ingress); > > formats as next; > > - encodes as resubmit(,27) > > + encodes as resubmit(,19) > > next(pipeline=ingress, table=11); > > formats as next; > > - encodes as resubmit(,27) > > + encodes as resubmit(,19) > > > > next(pipeline=egress); > > "next" action cannot advance from ingress to egress pipeline (use > > "output" action instead) > > > > next(table=10); > > formats as next(10); > > - encodes as resubmit(,26) > > + encodes as resubmit(,18) > > > > # Loading a constant value. > > tcp.dst=80; > > @@ -699,7 +699,7 @@ ip.ttl=4; > > has prereqs eth.type == 0x800 || eth.type == 0x86dd > > outport="eth0"; next; outport="LOCAL"; next; > > formats as outport = "eth0"; next; outport = "LOCAL"; next; > > - encodes as set_field:0x5->reg15,resubmit( > > ,27),set_field:0xfffe->reg15,resubmit(,27) > > + encodes as set_field:0x5->reg15,resubmit( > > ,19),set_field:0xfffe->reg15,resubmit(,19) > > > > inport[1] = 1; > > Cannot select subfield of string field inport. > > @@ -780,11 +780,11 @@ ip.ttl > > > > # load balancing. > > ct_lb; > > - encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat) > > + encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat) > > has prereqs ip > > ct_lb(); > > formats as ct_lb; > > - encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat) > > + encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat) > > has prereqs ip > > ct_lb(192.168.1.2:80, 192.168.1.3:80); > > encodes as group:1 > > @@ -803,7 +803,7 @@ ct_lb(foo); > > > > # ct_next > > ct_next; > > - encodes as ct(table=27,zone=NXM_NX_REG13[0..15]) > > + encodes as ct(table=19,zone=NXM_NX_REG13[0..15]) > > has prereqs ip > > > > # ct_commit > > @@ -855,10 +855,10 @@ ct_commit(ct_label=18446744073709551616); > > > > # ct_dnat > > ct_dnat; > > - encodes as ct(table=27,zone=NXM_NX_REG11[0..15],nat) > > + encodes as ct(table=19,zone=NXM_NX_REG11[0..15],nat) > > has prereqs ip > > ct_dnat(192.168.1.2); > > - encodes as ct(commit,table=27,zone=NXM_NX_REG11[0..15],nat(dst=192. > > 168.1.2)) > > + encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192. > > 168.1.2)) > > has prereqs ip > > > > ct_dnat(192.168.1.2, 192.168.1.3); > > @@ -872,10 +872,10 @@ ct_dnat(); > > > > # ct_snat > > ct_snat; > > - encodes as ct(table=27,zone=NXM_NX_REG12[0..15],nat) > > + encodes as ct(table=19,zone=NXM_NX_REG12[0..15],nat) > > has prereqs ip > > ct_snat(192.168.1.2); > > - encodes as ct(commit,table=27,zone=NXM_NX_REG12[0..15],nat(src=192. > > 168.1.2)) > > + encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192. > > 168.1.2)) > > has prereqs ip > > > > ct_snat(192.168.1.2, 192.168.1.3); > > @@ -893,7 +893,7 @@ ct_clear; > > > > # clone > > clone { ip4.dst = 255.255.255.255; output; }; next; > > - encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)), > > resubmit(,27) > > + encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)), > > resubmit(,19) > > has prereqs eth.type == 0x800 > > > > # arp > > diff --git a/tests/test-ovn.c b/tests/test-ovn.c > > index 18860ae..32efac4 100644 > > --- a/tests/test-ovn.c > > +++ b/tests/test-ovn.c > > @@ -1224,7 +1224,7 @@ test_parse_actions(struct ovs_cmdl_context *ctx > > OVS_UNUSED) > > .symtab = &symtab, > > .dhcp_opts = &dhcp_opts, > > .dhcpv6_opts = &dhcpv6_opts, > > - .n_tables = 16, > > + .n_tables = 24, > > .cur_ltable = 10, > > }; > > error = ovnacts_parse_string(ds_cstr(&input), &pp, &ovnacts, > > &prereqs); > > @@ -1245,8 +1245,8 @@ test_parse_actions(struct ovs_cmdl_context *ctx > > OVS_UNUSED) > > .group_table = &group_table, > > > > .pipeline = OVNACT_P_INGRESS, > > - .ingress_ptable = 16, > > - .egress_ptable = 48, > > + .ingress_ptable = 8, > > + .egress_ptable = 40, > > .output_ptable = 64, > > .mac_bind_ptable = 65, > > }; > > -- > > 1.9.1 > > > > _______________________________________________ > > dev mailing list > > dev@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
diff --git a/ovn/controller/lflow.h b/ovn/controller/lflow.h index 8761b1e..a23cde0 100644 --- a/ovn/controller/lflow.h +++ b/ovn/controller/lflow.h @@ -49,17 +49,17 @@ struct uuid; * These are heavily documented in ovn-architecture(7), please update it if * you make any changes. */ #define OFTABLE_PHY_TO_LOG 0 -#define OFTABLE_LOG_INGRESS_PIPELINE 16 /* First of LOG_PIPELINE_LEN tables. */ +#define OFTABLE_LOG_INGRESS_PIPELINE 8 /* First of LOG_PIPELINE_LEN tables. */ #define OFTABLE_REMOTE_OUTPUT 32 #define OFTABLE_LOCAL_OUTPUT 33 #define OFTABLE_CHECK_LOOPBACK 34 -#define OFTABLE_LOG_EGRESS_PIPELINE 48 /* First of LOG_PIPELINE_LEN tables. */ +#define OFTABLE_LOG_EGRESS_PIPELINE 40 /* First of LOG_PIPELINE_LEN tables. */ #define OFTABLE_SAVE_INPORT 64 #define OFTABLE_LOG_TO_PHY 65 #define OFTABLE_MAC_BINDING 66 /* The number of tables for the ingress and egress pipelines. */ -#define LOG_PIPELINE_LEN 16 +#define LOG_PIPELINE_LEN 24 void lflow_init(void); void lflow_run(struct controller_ctx *, diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml index d8114f1..eb6744b 100644 --- a/ovn/ovn-architecture.7.xml +++ b/ovn/ovn-architecture.7.xml @@ -774,7 +774,7 @@ VXLAN tunnels do not transmit the logical output port field. Since VXLAN tunnels do not carry a logical output port field in the tunnel key, when a packet is received from VXLAN tunnel by - an OVN hypervisor, the packet is resubmitted to table 16 to + an OVN hypervisor, the packet is resubmitted to table 8 to determine the output port(s); when the packet reaches table 32, these packets are resubmitted to table 33 for local delivery by checking a MLF_RCV_FROM_VXLAN flag, which is set when the packet @@ -835,7 +835,7 @@ the packet's ingress port. Its actions annotate the packet with logical metadata, by setting the logical datapath field to identify the logical datapath that the packet is traversing and the logical input - port field to identify the ingress port. Then it resubmits to table 16 + port field to identify the ingress port. Then it resubmits to table 8 to enter the logical ingress pipeline. </p> @@ -864,13 +864,13 @@ <li> <p> - OpenFlow tables 16 through 31 execute the logical ingress pipeline from + OpenFlow tables 8 through 31 execute the logical ingress pipeline from the <code>Logical_Flow</code> table in the OVN Southbound database. These tables are expressed entirely in terms of logical concepts like logical ports and logical datapaths. A big part of <code>ovn-controller</code>'s job is to translate them into equivalent OpenFlow (in particular it translates the table numbers: - <code>Logical_Flow</code> tables 0 through 15 become OpenFlow tables 16 + <code>Logical_Flow</code> tables 0 through 23 become OpenFlow tables 8 through 31). </p> @@ -999,7 +999,7 @@ and resubmit these packets to table 33 for local delivery. Packets received from VXLAN tunnels reach here because of a lack of logical output port field in the tunnel key and thus these packets needed to - be submitted to table 16 to determine the output port. + be submitted to table 8 to determine the output port. </p> <p> @@ -1024,13 +1024,13 @@ <p> Table 34 matches and drops packets for which the logical input and output ports are the same and the MLF_ALLOW_LOOPBACK flag is not - set. It resubmits other packets to table 48. + set. It resubmits other packets to table 40. </p> </li> <li> <p> - OpenFlow tables 48 through 63 execute the logical egress pipeline from + OpenFlow tables 40 through 63 execute the logical egress pipeline from the <code>Logical_Flow</code> table in the OVN Southbound database. The egress pipeline can perform a final stage of validation before packet delivery. Eventually, it may execute an <code>output</code> @@ -1110,27 +1110,28 @@ <li> In OVS versions 2.7 and later, the packet is cloned and resubmitted - directly to OpenFlow flow table 16, setting the logical ingress - port to the peer logical patch port, and using the peer logical - patch port's logical datapath (that represents the logical router). + directly to the first OpenFlow flow table in the ingress pipeline, + setting the logical ingress port to the peer logical patch port, and + using the peer logical patch port's logical datapath (that + represents the logical router). </li> </ul> <p> The packet re-enters the ingress pipeline in order to traverse tables - 16 to 65 again, this time using the logical datapath representing the + 8 to 65 again, this time using the logical datapath representing the logical router. The processing continues as described in the previous section <code>Architectural Physical Life Cycle of a Packet</code>. When the packet reachs table 65, the logical egress port will once again be a logical patch port. In the same manner as described above, this logical patch port will cause the packet to be resubmitted to - OpenFlow tables 16 to 65, this time using the logical datapath + OpenFlow tables 8 to 65, this time using the logical datapath representing the logical switch that the destination VM or container is attached to. </p> <p> - The packet traverses tables 16 to 65 a third and final time. If the + The packet traverses tables 8 to 65 a third and final time. If the destination VM or container resides on a remote hypervisor, then table 32 will send the packet on a tunnel port from the sender's hypervisor to the remote hypervisor. Finally table 65 will output the packet diff --git a/ovn/utilities/ovn-trace.c b/ovn/utilities/ovn-trace.c index a9970af..149f70d 100644 --- a/ovn/utilities/ovn-trace.c +++ b/ovn/utilities/ovn-trace.c @@ -826,7 +826,7 @@ read_flows(void) .pipeline = (!strcmp(sblf->pipeline, "ingress") ? OVNACT_P_INGRESS : OVNACT_P_EGRESS), - .n_tables = 16, + .n_tables = 24, .cur_ltable = sblf->table_id, }; uint64_t stub[1024 / 8]; diff --git a/tests/ovn.at b/tests/ovn.at index b30315e..61661c3 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -643,41 +643,41 @@ output; # next next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(11); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(0); - encodes as resubmit(,16) -next(15); + encodes as resubmit(,8) +next(23); encodes as resubmit(,31) next(); Syntax error at `)' expecting "pipeline" or "table". next(10; Syntax error at `;' expecting `)'. -next(16); - "next" action cannot advance beyond table 15. +next(24); + "next" action cannot advance beyond table 23. next(table=11); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(pipeline=ingress); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(table=11, pipeline=ingress); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(pipeline=ingress, table=11); formats as next; - encodes as resubmit(,27) + encodes as resubmit(,19) next(pipeline=egress); "next" action cannot advance from ingress to egress pipeline (use "output" action instead) next(table=10); formats as next(10); - encodes as resubmit(,26) + encodes as resubmit(,18) # Loading a constant value. tcp.dst=80; @@ -699,7 +699,7 @@ ip.ttl=4; has prereqs eth.type == 0x800 || eth.type == 0x86dd outport="eth0"; next; outport="LOCAL"; next; formats as outport = "eth0"; next; outport = "LOCAL"; next; - encodes as set_field:0x5->reg15,resubmit(,27),set_field:0xfffe->reg15,resubmit(,27) + encodes as set_field:0x5->reg15,resubmit(,19),set_field:0xfffe->reg15,resubmit(,19) inport[1] = 1; Cannot select subfield of string field inport. @@ -780,11 +780,11 @@ ip.ttl # load balancing. ct_lb; - encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat) + encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat) has prereqs ip ct_lb(); formats as ct_lb; - encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat) + encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat) has prereqs ip ct_lb(192.168.1.2:80, 192.168.1.3:80); encodes as group:1 @@ -803,7 +803,7 @@ ct_lb(foo); # ct_next ct_next; - encodes as ct(table=27,zone=NXM_NX_REG13[0..15]) + encodes as ct(table=19,zone=NXM_NX_REG13[0..15]) has prereqs ip # ct_commit @@ -855,10 +855,10 @@ ct_commit(ct_label=18446744073709551616); # ct_dnat ct_dnat; - encodes as ct(table=27,zone=NXM_NX_REG11[0..15],nat) + encodes as ct(table=19,zone=NXM_NX_REG11[0..15],nat) has prereqs ip ct_dnat(192.168.1.2); - encodes as ct(commit,table=27,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2)) + encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2)) has prereqs ip ct_dnat(192.168.1.2, 192.168.1.3); @@ -872,10 +872,10 @@ ct_dnat(); # ct_snat ct_snat; - encodes as ct(table=27,zone=NXM_NX_REG12[0..15],nat) + encodes as ct(table=19,zone=NXM_NX_REG12[0..15],nat) has prereqs ip ct_snat(192.168.1.2); - encodes as ct(commit,table=27,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2)) + encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2)) has prereqs ip ct_snat(192.168.1.2, 192.168.1.3); @@ -893,7 +893,7 @@ ct_clear; # clone clone { ip4.dst = 255.255.255.255; output; }; next; - encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)),resubmit(,27) + encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)),resubmit(,19) has prereqs eth.type == 0x800 # arp diff --git a/tests/test-ovn.c b/tests/test-ovn.c index 18860ae..32efac4 100644 --- a/tests/test-ovn.c +++ b/tests/test-ovn.c @@ -1224,7 +1224,7 @@ test_parse_actions(struct ovs_cmdl_context *ctx OVS_UNUSED) .symtab = &symtab, .dhcp_opts = &dhcp_opts, .dhcpv6_opts = &dhcpv6_opts, - .n_tables = 16, + .n_tables = 24, .cur_ltable = 10, }; error = ovnacts_parse_string(ds_cstr(&input), &pp, &ovnacts, &prereqs); @@ -1245,8 +1245,8 @@ test_parse_actions(struct ovs_cmdl_context *ctx OVS_UNUSED) .group_table = &group_table, .pipeline = OVNACT_P_INGRESS, - .ingress_ptable = 16, - .egress_ptable = 48, + .ingress_ptable = 8, + .egress_ptable = 40, .output_ptable = 64, .mac_bind_ptable = 65, };
The OVN ingress pipeline for a logical switch is maxed out at 16 stages. This patch takes the simple approach of starting the ingress pipeline at table 8 rather than table 16, and starting the egress pipeline at table 40 rather than table 48. Signed-off-by: Mickey Spiegel <mickeys.dev@gmail.com> --- ovn/controller/lflow.h | 6 +++--- ovn/ovn-architecture.7.xml | 27 ++++++++++++++------------- ovn/utilities/ovn-trace.c | 2 +- tests/ovn.at | 40 ++++++++++++++++++++-------------------- tests/test-ovn.c | 6 +++--- 5 files changed, 41 insertions(+), 40 deletions(-)