Message ID | 1564697253-37992-2-git-send-email-yihung.wei@gmail.com |
---|---|
State | Superseded |
Headers | show |
Series | Support zone-based conntrack timeout policy | expand |
> On Aug 1, 2019, at 3:07 PM, Yi-Hung Wei <yihung.wei@gmail.com> wrote: > > From: Justin Pettit <jpettit@ovn.org> > > From: Justin Pettit <jpettit@ovn.org> Can you drop one of these "From:" statements? Otherwise it appears in the commit message. As we discussed off-line, can you apply the following diff, which we worked on together along with your co-authored-by tag? -=-=-=-=-=-=-=-=-=-=-=- diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index a0706c9c0fc1..495f0acad842 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -5615,8 +5615,8 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \ Connection tracking zone configuration <column name="timeout_policy"> - Connection tracking timeout policy for this zone. If timeout policy is - not specified, defaults to the timeout policy in the system. + Connection tracking timeout policy for this zone. If a timeout policy + is not specified, it defaults to the timeout policy in the system. </column> <group title="Common Columns"> @@ -5632,80 +5632,103 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \ <group title="Timeouts"> <column name="timeouts"> - The <code>timeouts</code> column contains key-value pairs used - to configure connection tracking timeouts in a datapath. - Key-value pairs that are not supported by a datapath are - ignored. + The <code>timeouts</code> column contains key-value pairs used + to configure connection tracking timeouts in a datapath. + Key-value pairs that are not supported by a datapath are + ignored. The timeout value is in seconds. </column> <group title="TCP Timeouts"> <column name="timeouts" key="tcp_syn_sent"> - TCP SYN sent timeout. + The timeout for the connection after the first TCP SYN packet has + been seen by conntrack. </column> <column name="timeouts" key="tcp_syn_recv"> - TCP SYN receive timeout. + The timeout of the connection after the first TCP SYN-ACK packet + has been seen by conntrack. </column> <column name="timeouts" key="tcp_established"> - TCP established timeout. + The timeout of the connection after the connection has been fully + established. </column> <column name="timeouts" key="tcp_fin_wait"> - TCP FIN wait timeout. + The timeout of the connection after the first TCP FIN packet + has been seen by conntrack. </column> <column name="timeouts" key="tcp_close_wait"> - TCP close wait timeout. + The timeout of the connection after the first TCP ACK packet + has been seen after it receives TCP FIN packet. This timeout + is only supported by the Linux kernel datapath. </column> <column name="timeouts" key="tcp_last_ack"> - TCP last ACK timeout. + The timeout of the connection after TCP FIN packets have been + seen by conntrack from both directions. This timeout is only + supported by the Linux kernel datapath. </column> <column name="timeouts" key="tcp_time_wait"> - TCP time wait timeout. + The timeout of the connection after conntrack has seen the + TCP ACK packet for the second TCP FIN packet. </column> <column name="timeouts" key="tcp_close"> - TCP close timeout. + The timeout of the connection after the first TCP RST packet + has been seen by conntrack. </column> <column name="timeouts" key="tcp_syn_sent2"> - TCP syn sent2 timeout. + The timeout of the connection when only a TCP SYN packet has been + seen by conntrack from both directions (simultaneous open). + This timeout is only supported by the Linux kernel datapath. </column> <column name="timeouts" key="tcp_retransmit"> - TCP retransmit timeout. + The timeout of the connection when it exceeds the maximum + number of retransmissions. This timeout is only supported by + the Linux kernel datapath. </column> <column name="timeouts" key="tcp_unack"> - TCP unacknowledgment timeout. + The timeout of the connection when non-SYN packets create an + established connection in TCP loose tracking mode. This timeout + is only supported by the Linux kernel datapath. </column> </group> <group title="UDP Timeouts"> <column name="timeouts" key="udp_first"> - First UDP packet timeout. + The timeout of the connection after the first UDP packet has + been seen by conntrack. This timeout is only supported by the + userspace datapath. </column> <column name="timeouts" key="udp_single"> - The timeout in the state that source host sends more than one packet - but the destination host has never sent one backs. + The timeout of the connection when conntrack only seen UDP + packet from the source host, but the destination host has never + sent one back. </column> <column name="timeouts" key="udp_multiple"> - UDP packets seen in both directions timeout. + The timeout of the connection when UDP packets have been seen in + both directions. </column> </group> <group title="ICMP Timeouts"> <column name="timeouts" key="icmp_first"> - First ICMP timeout. + The timeout of the connection after the first ICMP packet has + been seen by conntrack. </column> <column name="timeouts" key="icmp_reply"> - ICMP reply timeout. + The timeout of the connection after an ICMP error is replied in + response to an ICMP packet. This timeout is only supported by + the userspace datapath. </column> </group> </group> -=-=-=-=-=-=-=-=-=-=-=- Thanks, --Justin
On Fri, Aug 2, 2019 at 11:15 AM Justin Pettit <jpettit@ovn.org> wrote: > > > > On Aug 1, 2019, at 3:07 PM, Yi-Hung Wei <yihung.wei@gmail.com> wrote: > > > > From: Justin Pettit <jpettit@ovn.org> > > > > From: Justin Pettit <jpettit@ovn.org> > > Can you drop one of these "From:" statements? Otherwise it appears in the commit message. > > As we discussed off-line, can you apply the following diff, which we worked on together along with your co-authored-by tag? > Thanks for review. I will add the diff into v3. Thanks, -Yi-Hung
Thanks for the patch I avoided duplicate comments from what Justin suggested comments inline On Thu, Aug 1, 2019 at 3:08 PM Yi-Hung Wei <yihung.wei@gmail.com> wrote: > From: Justin Pettit <jpettit@ovn.org> > > From: Justin Pettit <jpettit@ovn.org> > > Signed-off-by: Justin Pettit <jpettit@ovn.org> > --- > vswitchd/vswitch.ovsschema | 43 +++++++- > vswitchd/vswitch.xml | 252 > ++++++++++++++++++++++++++++++++++++--------- > 2 files changed, 246 insertions(+), 49 deletions(-) > > diff --git a/vswitchd/vswitch.ovsschema b/vswitchd/vswitch.ovsschema > index f7c6eb8983cd..d215f4edfefa 100644 > --- a/vswitchd/vswitch.ovsschema > +++ b/vswitchd/vswitch.ovsschema > @@ -1,9 +1,14 @@ > {"name": "Open_vSwitch", > - "version": "8.0.0", > - "cksum": "3962141869 23978", > + "version": "8.1.0", > + "cksum": "1566974404 25483", > "tables": { > "Open_vSwitch": { > "columns": { > + "datapaths": { > + "type": {"key": {"type": "string"}, > Should 'type' be an enum something like: "type": {"key": {"type": "string", "enum": ["set", ["system", "netdev"]]}}, The schema can still be upgraded by adding new datapath types should more ever arise. > + "value": {"type": "uuid", > + "refTable": "Datapath"}, > + "min": 0, "max": "unlimited"}}, > accordingly: "min": 0, "max": "2"}}, > "bridges": { > "type": {"key": {"type": "uuid", > "refTable": "Bridge"}, > @@ -629,6 +634,40 @@ > "min": 0, "max": "unlimited"}, > "ephemeral": true}}, > "indexes": [["target"]]}, > + "Datapath": { > + "columns": { > + "datapath_version": { > + "type": "string"}, > + "ct_zones": { > + "type": {"key": {"type": "integer", > + "minInteger": 0, > + "maxInteger": 65535}, > + "value": {"type": "uuid", > + "refTable": "CT_Zone"}, > + "min": 0, "max": "unlimited"}}, > How about ? "min": 0, "max": "65535"}}, I don't think we can have multiple entries for the same zone and if we did, we don't handle it. > + "external_ids": { > + "type": {"key": "string", "value": "string", > + "min": 0, "max": "unlimited"}}}}, > + "CT_Zone": { > + "columns": { > + "timeout_policy": { > + "type": {"key": {"type": "uuid", > + "refTable": "CT_Timeout_Policy"}, > + "min": 0, "max": 1}}, > + "external_ids": { > + "type": {"key": "string", "value": "string", > + "min": 0, "max": "unlimited"}}}}, > + "CT_Timeout_Policy": { > + "columns": { > + "timeouts": { > + "type": {"key": "string", > + "value": {"type" : "integer", > + "minInteger" : 0, > + "maxInteger" : 4294967295}, > + "min": 0, "max": "unlimited"}}, > + "external_ids": { > + "type": {"key": "string", "value": "string", > + "min": 0, "max": "unlimited"}}}}, > "SSL": { > "columns": { > "private_key": { > diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml > index 027aee2f523b..a0706c9c0fc1 100644 > --- a/vswitchd/vswitch.xml > +++ b/vswitchd/vswitch.xml > @@ -52,6 +52,13 @@ > one record in the <ref table="Open_vSwitch"/> table. > > <group title="Configuration"> > + <column name="datapaths"> > + Map of datapath types to datapaths. The > + <ref column="datapath_type"/> column of the <ref table="Bridge"/> > + table is used as a key for this map. The value points to a row in > + the <ref table="Datapath"/> table. > + </column> > + > <column name="bridges"> > Set of bridges managed by the daemon. > </column> > @@ -1192,53 +1199,11 @@ > </column> > > <column name="datapath_version"> > - <p> > - Reports the version number of the Open vSwitch datapath in use. > - This allows management software to detect and report > discrepancies > - between Open vSwitch userspace and datapath versions. (The <ref > - column="ovs_version" table="Open_vSwitch"/> column in the <ref > - table="Open_vSwitch"/> reports the Open vSwitch userspace > version.) > - The version reported depends on the datapath in use: > - </p> > - > - <ul> > - <li> > - When the kernel module included in the Open vSwitch source > tree is > - used, this column reports the Open vSwitch version from which > the > - module was taken. > - </li> > - > - <li> > - When the kernel module that is part of the upstream Linux > kernel is > - used, this column reports <code><unknown></code>. > - </li> > - > - <li> > - When the datapath is built into the <code>ovs-vswitchd</code> > - binary, this column reports <code><built-in></code>. A > - built-in datapath is by definition the same version as the > rest of > - the Open VSwitch userspace. > - </li> > - > - <li> > - Other datapaths (such as the Hyper-V kernel datapath) > currently > - report <code><unknown></code>. > - </li> > - </ul> > - > - <p> > - A version discrepancy between <code>ovs-vswitchd</code> and the > - datapath in use is not normally cause for alarm. The Open > vSwitch > - kernel datapaths for Linux and Hyper-V, in particular, are > designed > - for maximum inter-version compatibility: any userspace version > works > - with with any kernel version. Some reasons do exist to insist > on > - particular user/kernel pairings. First, newer kernel versions > add > - new features, that can only be used by new-enough userspace, > e.g. > - VXLAN tunneling requires certain minimal userspace and kernel > - versions. Second, as an extension to the first reason, some > newer > - kernel versions add new features for enhancing performance that > only > - new-enough userspace versions can take advantage of. > - </p> > + Reports the datapath version. This column is maintained for > + backwards compatibility. The preferred locatation is the > + <ref column="datapath_id" table="Datapath"/> column of the > + <ref table="Datapath"/> table. The full documentation for this > + column is there. > </column> > > <column name="other_config" key="datapath-id"> > @@ -5560,6 +5525,199 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 > type=patch options:peer=p1 \ > </group> > </table> > > + <table name="Datapath"> > + <p> > + Configuration for a datapath within <ref table="Open_vSwitch"/>. > + </p> > + <p> > + A datapath is responsible for providing the packet handling in Open > + vSwitch. There are two primary datapath implementations used by > + Open vSwitch: kernel and userspace. Kernel datapath > + implementations are available for Linux and Hyper-V, and selected > + as <code>system</code> in the <ref column="datapath_type"/> column > + of the <ref table="Bridge"/> table. The userspace datapath is used > + by DPDK and AF-XDP, and is selected as <code>netdev</code> in the > + <ref column="datapath_type"/> column of the <ref table="Bridge"/> > + table. > + </p> > + <p> > + A datapath of a particular type is shared by all the bridges that > use > + that datapath. Thus, configurations applied to this table affect > + all bridges that use this datapath. > + </p> > + > + <column name="datapath_version"> > + <p> > + Reports the version number of the Open vSwitch datapath in use. > + This allows management software to detect and report discrepancies > + between Open vSwitch userspace and datapath versions. (The <ref > + column="ovs_version" table="Open_vSwitch"/> column in the <ref > + table="Open_vSwitch"/> reports the Open vSwitch userspace > version.) > + The version reported depends on the datapath in use: > + </p> > + > + <ul> > + <li> > + When the kernel module included in the Open vSwitch source tree > is > + used, this column reports the Open vSwitch version from which > the > + module was taken. > + </li> > + > + <li> > + When the kernel module that is part of the upstream Linux > kernel is > + used, this column reports <code><unknown></code>. > + </li> > + > + <li> > + When the datapath is built into the <code>ovs-vswitchd</code> > + binary, this column reports <code><built-in></code>. A > + built-in datapath is by definition the same version as the rest > of > + the Open VSwitch userspace. > + </li> > + > + <li> > + Other datapaths (such as the Hyper-V kernel datapath) currently > + report <code><unknown></code>. > + </li> > + </ul> > + > + <p> > + A version discrepancy between <code>ovs-vswitchd</code> and the > + datapath in use is not normally cause for alarm. The Open vSwitch > + kernel datapaths for Linux and Hyper-V, in particular, are > designed > + for maximum inter-version compatibility: any userspace version > works > + with with any kernel version. Some reasons do exist to insist on > + particular user/kernel pairings. First, newer kernel versions add > + new features, that can only be used by new-enough userspace, e.g. > + VXLAN tunneling requires certain minimal userspace and kernel > + versions. Second, as an extension to the first reason, some newer > + kernel versions add new features for enhancing performance that > only > + new-enough userspace versions can take advantage of. > + </p> > + </column> > + > + <column name="ct_zones"> > + Configuration for connection tracking zones. Each pair maps from a > + zone id to a configuration for that zone. Zone <code>0</code> > applies > + to the default zone (ie, the one used if a zone is not specified in > + connection tracking-related OpenFlow matches and actions). > + </column> > + > + <group title="Common Columns"> > + The overall purpose of these columns is described under <code>Common > + Columns</code> at the beginning of this document. > + > + <column name="external_ids"/> > + </group> > + </table> > + > + <table name="CT_Zone"> > + Connection tracking zone configuration > + > + <column name="timeout_policy"> > + Connection tracking timeout policy for this zone. If timeout policy > is > + not specified, defaults to the timeout policy in the system. > + </column> > + > + <group title="Common Columns"> > + The overall purpose of these columns is described under <code>Common > + Columns</code> at the beginning of this document. > + > + <column name="external_ids"/> > + </group> > + </table> > + > + <table name="CT_Timeout_Policy"> > + Connection tracking timeout policy configuration > + > + <group title="Timeouts"> > + <column name="timeouts"> > + The <code>timeouts</code> column contains key-value pairs used > + to configure connection tracking timeouts in a datapath. > + Key-value pairs that are not supported by a datapath are > + ignored. > + </column> > + > + <group title="TCP Timeouts"> > + <column name="timeouts" key="tcp_syn_sent"> > + TCP SYN sent timeout. > + </column> > + > + <column name="timeouts" key="tcp_syn_recv"> > + TCP SYN receive timeout. > + </column> > + > + <column name="timeouts" key="tcp_established"> > + TCP established timeout. > + </column> > + > + <column name="timeouts" key="tcp_fin_wait"> > + TCP FIN wait timeout. > + </column> > + > + <column name="timeouts" key="tcp_close_wait"> > + TCP close wait timeout. > + </column> > + > + <column name="timeouts" key="tcp_last_ack"> > + TCP last ACK timeout. > + </column> > + > + <column name="timeouts" key="tcp_time_wait"> > + TCP time wait timeout. > + </column> > + > + <column name="timeouts" key="tcp_close"> > + TCP close timeout. > + </column> > + > + <column name="timeouts" key="tcp_syn_sent2"> > + TCP syn sent2 timeout. > + </column> > + > + <column name="timeouts" key="tcp_retransmit"> > + TCP retransmit timeout. > + </column> > + > + <column name="timeouts" key="tcp_unack"> > + TCP unacknowledgment timeout. > + </column> > + </group> > + > + <group title="UDP Timeouts"> > + <column name="timeouts" key="udp_first"> > + First UDP packet timeout. > I want to be very specific about this one: "The timeout of the connection when only the first UDP packet has been seen by conntrack. This timeout is only supported by the userspace datapath." > + </column> > + > + <column name="timeouts" key="udp_single"> > + The timeout in the state that source host sends more than one > packet > + but the destination host has never sent one backs. > + </column> > + > + <column name="timeouts" key="udp_multiple"> > + UDP packets seen in both directions timeout. > + </column> > + </group> > + > + <group title="ICMP Timeouts"> > + <column name="timeouts" key="icmp_first"> > + First ICMP timeout. > + </column> > + > + <column name="timeouts" key="icmp_reply"> > + ICMP reply timeout. > + </column> > + </group> > + </group> > + > + <group title="Common Columns"> > + The overall purpose of these columns is described under <code>Common > + Columns</code> at the beginning of this document. > + > + <column name="external_ids"/> > + </group> > + </table> > + > <table name="SSL"> > SSL configuration for an Open_vSwitch. > > -- > 2.7.4 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
One comment fix: s/ "min": 0, "max": "65535"}},/ "min": 0, "max": "65536"}},/ On Mon, Aug 5, 2019 at 4:09 PM Darrell Ball <dlu998@gmail.com> wrote: > Thanks for the patch > > I avoided duplicate comments from what Justin suggested > > comments inline > > On Thu, Aug 1, 2019 at 3:08 PM Yi-Hung Wei <yihung.wei@gmail.com> wrote: > >> From: Justin Pettit <jpettit@ovn.org> >> >> From: Justin Pettit <jpettit@ovn.org> >> >> Signed-off-by: Justin Pettit <jpettit@ovn.org> >> --- >> vswitchd/vswitch.ovsschema | 43 +++++++- >> vswitchd/vswitch.xml | 252 >> ++++++++++++++++++++++++++++++++++++--------- >> 2 files changed, 246 insertions(+), 49 deletions(-) >> >> diff --git a/vswitchd/vswitch.ovsschema b/vswitchd/vswitch.ovsschema >> index f7c6eb8983cd..d215f4edfefa 100644 >> --- a/vswitchd/vswitch.ovsschema >> +++ b/vswitchd/vswitch.ovsschema >> @@ -1,9 +1,14 @@ >> {"name": "Open_vSwitch", >> - "version": "8.0.0", >> - "cksum": "3962141869 23978", >> + "version": "8.1.0", >> + "cksum": "1566974404 25483", >> "tables": { >> "Open_vSwitch": { >> "columns": { >> + "datapaths": { >> + "type": {"key": {"type": "string"}, >> > > Should 'type' be an enum > something like: > > "type": {"key": {"type": "string", > "enum": ["set", ["system", "netdev"]]}}, > > The schema can still be upgraded by adding new datapath types should more > ever arise. > > > >> + "value": {"type": "uuid", >> + "refTable": "Datapath"}, >> + "min": 0, "max": "unlimited"}}, >> > > accordingly: > > "min": 0, "max": "2"}}, > > > >> "bridges": { >> "type": {"key": {"type": "uuid", >> "refTable": "Bridge"}, >> @@ -629,6 +634,40 @@ >> "min": 0, "max": "unlimited"}, >> "ephemeral": true}}, >> "indexes": [["target"]]}, >> + "Datapath": { >> + "columns": { >> + "datapath_version": { >> + "type": "string"}, >> + "ct_zones": { >> + "type": {"key": {"type": "integer", >> + "minInteger": 0, >> + "maxInteger": 65535}, >> + "value": {"type": "uuid", >> + "refTable": "CT_Zone"}, >> + "min": 0, "max": "unlimited"}}, >> > > > How about ? > > "min": 0, "max": "65535"}}, > s/ "min": 0, "max": "65535"}},/ "min": 0, "max": "65536"}},/ > > I don't think we can have multiple entries for the same zone and if we > did, we don't > handle it. > > > >> + "external_ids": { >> + "type": {"key": "string", "value": "string", >> + "min": 0, "max": "unlimited"}}}}, >> + "CT_Zone": { >> + "columns": { >> + "timeout_policy": { >> + "type": {"key": {"type": "uuid", >> + "refTable": "CT_Timeout_Policy"}, >> + "min": 0, "max": 1}}, >> + "external_ids": { >> + "type": {"key": "string", "value": "string", >> + "min": 0, "max": "unlimited"}}}}, >> + "CT_Timeout_Policy": { >> + "columns": { >> + "timeouts": { >> + "type": {"key": "string", >> + "value": {"type" : "integer", >> + "minInteger" : 0, >> + "maxInteger" : 4294967295}, >> + "min": 0, "max": "unlimited"}}, >> + "external_ids": { >> + "type": {"key": "string", "value": "string", >> + "min": 0, "max": "unlimited"}}}}, >> "SSL": { >> "columns": { >> "private_key": { >> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml >> index 027aee2f523b..a0706c9c0fc1 100644 >> --- a/vswitchd/vswitch.xml >> +++ b/vswitchd/vswitch.xml >> @@ -52,6 +52,13 @@ >> one record in the <ref table="Open_vSwitch"/> table. >> >> <group title="Configuration"> >> + <column name="datapaths"> >> + Map of datapath types to datapaths. The >> + <ref column="datapath_type"/> column of the <ref table="Bridge"/> >> + table is used as a key for this map. The value points to a row >> in >> + the <ref table="Datapath"/> table. >> + </column> >> + >> <column name="bridges"> >> Set of bridges managed by the daemon. >> </column> >> @@ -1192,53 +1199,11 @@ >> </column> >> >> <column name="datapath_version"> >> - <p> >> - Reports the version number of the Open vSwitch datapath in use. >> - This allows management software to detect and report >> discrepancies >> - between Open vSwitch userspace and datapath versions. (The >> <ref >> - column="ovs_version" table="Open_vSwitch"/> column in the <ref >> - table="Open_vSwitch"/> reports the Open vSwitch userspace >> version.) >> - The version reported depends on the datapath in use: >> - </p> >> - >> - <ul> >> - <li> >> - When the kernel module included in the Open vSwitch source >> tree is >> - used, this column reports the Open vSwitch version from >> which the >> - module was taken. >> - </li> >> - >> - <li> >> - When the kernel module that is part of the upstream Linux >> kernel is >> - used, this column reports <code><unknown></code>. >> - </li> >> - >> - <li> >> - When the datapath is built into the <code>ovs-vswitchd</code> >> - binary, this column reports <code><built-in></code>. A >> - built-in datapath is by definition the same version as the >> rest of >> - the Open VSwitch userspace. >> - </li> >> - >> - <li> >> - Other datapaths (such as the Hyper-V kernel datapath) >> currently >> - report <code><unknown></code>. >> - </li> >> - </ul> >> - >> - <p> >> - A version discrepancy between <code>ovs-vswitchd</code> and the >> - datapath in use is not normally cause for alarm. The Open >> vSwitch >> - kernel datapaths for Linux and Hyper-V, in particular, are >> designed >> - for maximum inter-version compatibility: any userspace version >> works >> - with with any kernel version. Some reasons do exist to insist >> on >> - particular user/kernel pairings. First, newer kernel versions >> add >> - new features, that can only be used by new-enough userspace, >> e.g. >> - VXLAN tunneling requires certain minimal userspace and kernel >> - versions. Second, as an extension to the first reason, some >> newer >> - kernel versions add new features for enhancing performance >> that only >> - new-enough userspace versions can take advantage of. >> - </p> >> + Reports the datapath version. This column is maintained for >> + backwards compatibility. The preferred locatation is the >> + <ref column="datapath_id" table="Datapath"/> column of the >> + <ref table="Datapath"/> table. The full documentation for this >> + column is there. >> </column> >> >> <column name="other_config" key="datapath-id"> >> @@ -5560,6 +5525,199 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 >> type=patch options:peer=p1 \ >> </group> >> </table> >> >> + <table name="Datapath"> >> + <p> >> + Configuration for a datapath within <ref table="Open_vSwitch"/>. >> + </p> >> + <p> >> + A datapath is responsible for providing the packet handling in Open >> + vSwitch. There are two primary datapath implementations used by >> + Open vSwitch: kernel and userspace. Kernel datapath >> + implementations are available for Linux and Hyper-V, and selected >> + as <code>system</code> in the <ref column="datapath_type"/> column >> + of the <ref table="Bridge"/> table. The userspace datapath is used >> + by DPDK and AF-XDP, and is selected as <code>netdev</code> in the >> + <ref column="datapath_type"/> column of the <ref table="Bridge"/> >> + table. >> + </p> >> + <p> >> + A datapath of a particular type is shared by all the bridges that >> use >> + that datapath. Thus, configurations applied to this table affect >> + all bridges that use this datapath. >> + </p> >> + >> + <column name="datapath_version"> >> + <p> >> + Reports the version number of the Open vSwitch datapath in use. >> + This allows management software to detect and report >> discrepancies >> + between Open vSwitch userspace and datapath versions. (The <ref >> + column="ovs_version" table="Open_vSwitch"/> column in the <ref >> + table="Open_vSwitch"/> reports the Open vSwitch userspace >> version.) >> + The version reported depends on the datapath in use: >> + </p> >> + >> + <ul> >> + <li> >> + When the kernel module included in the Open vSwitch source >> tree is >> + used, this column reports the Open vSwitch version from which >> the >> + module was taken. >> + </li> >> + >> + <li> >> + When the kernel module that is part of the upstream Linux >> kernel is >> + used, this column reports <code><unknown></code>. >> + </li> >> + >> + <li> >> + When the datapath is built into the <code>ovs-vswitchd</code> >> + binary, this column reports <code><built-in></code>. A >> + built-in datapath is by definition the same version as the >> rest of >> + the Open VSwitch userspace. >> + </li> >> + >> + <li> >> + Other datapaths (such as the Hyper-V kernel datapath) currently >> + report <code><unknown></code>. >> + </li> >> + </ul> >> + >> + <p> >> + A version discrepancy between <code>ovs-vswitchd</code> and the >> + datapath in use is not normally cause for alarm. The Open >> vSwitch >> + kernel datapaths for Linux and Hyper-V, in particular, are >> designed >> + for maximum inter-version compatibility: any userspace version >> works >> + with with any kernel version. Some reasons do exist to insist on >> + particular user/kernel pairings. First, newer kernel versions >> add >> + new features, that can only be used by new-enough userspace, e.g. >> + VXLAN tunneling requires certain minimal userspace and kernel >> + versions. Second, as an extension to the first reason, some >> newer >> + kernel versions add new features for enhancing performance that >> only >> + new-enough userspace versions can take advantage of. >> + </p> >> + </column> >> + >> + <column name="ct_zones"> >> + Configuration for connection tracking zones. Each pair maps from a >> + zone id to a configuration for that zone. Zone <code>0</code> >> applies >> + to the default zone (ie, the one used if a zone is not specified in >> + connection tracking-related OpenFlow matches and actions). >> + </column> >> + >> + <group title="Common Columns"> >> + The overall purpose of these columns is described under >> <code>Common >> + Columns</code> at the beginning of this document. >> + >> + <column name="external_ids"/> >> + </group> >> + </table> >> + >> + <table name="CT_Zone"> >> + Connection tracking zone configuration >> + >> + <column name="timeout_policy"> >> + Connection tracking timeout policy for this zone. If timeout >> policy is >> + not specified, defaults to the timeout policy in the system. >> + </column> >> + >> + <group title="Common Columns"> >> + The overall purpose of these columns is described under >> <code>Common >> + Columns</code> at the beginning of this document. >> + >> + <column name="external_ids"/> >> + </group> >> + </table> >> + >> + <table name="CT_Timeout_Policy"> >> + Connection tracking timeout policy configuration >> + >> + <group title="Timeouts"> >> + <column name="timeouts"> >> + The <code>timeouts</code> column contains key-value pairs used >> + to configure connection tracking timeouts in a datapath. >> + Key-value pairs that are not supported by a datapath are >> + ignored. >> + </column> >> + >> + <group title="TCP Timeouts"> >> + <column name="timeouts" key="tcp_syn_sent"> >> + TCP SYN sent timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_syn_recv"> >> + TCP SYN receive timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_established"> >> + TCP established timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_fin_wait"> >> + TCP FIN wait timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_close_wait"> >> + TCP close wait timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_last_ack"> >> + TCP last ACK timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_time_wait"> >> + TCP time wait timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_close"> >> + TCP close timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_syn_sent2"> >> + TCP syn sent2 timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_retransmit"> >> + TCP retransmit timeout. >> + </column> >> + >> + <column name="timeouts" key="tcp_unack"> >> + TCP unacknowledgment timeout. >> + </column> >> + </group> >> + >> + <group title="UDP Timeouts"> >> + <column name="timeouts" key="udp_first"> >> + First UDP packet timeout. >> > > I want to be very specific about this one: > > "The timeout of the connection when only the first UDP packet has > been seen by conntrack. This timeout is only supported by the > userspace datapath." > > >> + </column> >> + >> + <column name="timeouts" key="udp_single"> >> + The timeout in the state that source host sends more than one >> packet >> + but the destination host has never sent one backs. >> + </column> >> + >> + <column name="timeouts" key="udp_multiple"> >> + UDP packets seen in both directions timeout. >> + </column> >> + </group> >> + >> + <group title="ICMP Timeouts"> >> + <column name="timeouts" key="icmp_first"> >> + First ICMP timeout. >> + </column> >> + >> + <column name="timeouts" key="icmp_reply"> >> + ICMP reply timeout. >> + </column> >> + </group> >> + </group> >> + >> + <group title="Common Columns"> >> + The overall purpose of these columns is described under >> <code>Common >> + Columns</code> at the beginning of this document. >> + >> + <column name="external_ids"/> >> + </group> >> + </table> >> + >> <table name="SSL"> >> SSL configuration for an Open_vSwitch. >> >> -- >> 2.7.4 >> >> _______________________________________________ >> dev mailing list >> dev@openvswitch.org >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >> >
diff --git a/vswitchd/vswitch.ovsschema b/vswitchd/vswitch.ovsschema index f7c6eb8983cd..d215f4edfefa 100644 --- a/vswitchd/vswitch.ovsschema +++ b/vswitchd/vswitch.ovsschema @@ -1,9 +1,14 @@ {"name": "Open_vSwitch", - "version": "8.0.0", - "cksum": "3962141869 23978", + "version": "8.1.0", + "cksum": "1566974404 25483", "tables": { "Open_vSwitch": { "columns": { + "datapaths": { + "type": {"key": {"type": "string"}, + "value": {"type": "uuid", + "refTable": "Datapath"}, + "min": 0, "max": "unlimited"}}, "bridges": { "type": {"key": {"type": "uuid", "refTable": "Bridge"}, @@ -629,6 +634,40 @@ "min": 0, "max": "unlimited"}, "ephemeral": true}}, "indexes": [["target"]]}, + "Datapath": { + "columns": { + "datapath_version": { + "type": "string"}, + "ct_zones": { + "type": {"key": {"type": "integer", + "minInteger": 0, + "maxInteger": 65535}, + "value": {"type": "uuid", + "refTable": "CT_Zone"}, + "min": 0, "max": "unlimited"}}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}}, + "CT_Zone": { + "columns": { + "timeout_policy": { + "type": {"key": {"type": "uuid", + "refTable": "CT_Timeout_Policy"}, + "min": 0, "max": 1}}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}}, + "CT_Timeout_Policy": { + "columns": { + "timeouts": { + "type": {"key": "string", + "value": {"type" : "integer", + "minInteger" : 0, + "maxInteger" : 4294967295}, + "min": 0, "max": "unlimited"}}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}}, "SSL": { "columns": { "private_key": { diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index 027aee2f523b..a0706c9c0fc1 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -52,6 +52,13 @@ one record in the <ref table="Open_vSwitch"/> table. <group title="Configuration"> + <column name="datapaths"> + Map of datapath types to datapaths. The + <ref column="datapath_type"/> column of the <ref table="Bridge"/> + table is used as a key for this map. The value points to a row in + the <ref table="Datapath"/> table. + </column> + <column name="bridges"> Set of bridges managed by the daemon. </column> @@ -1192,53 +1199,11 @@ </column> <column name="datapath_version"> - <p> - Reports the version number of the Open vSwitch datapath in use. - This allows management software to detect and report discrepancies - between Open vSwitch userspace and datapath versions. (The <ref - column="ovs_version" table="Open_vSwitch"/> column in the <ref - table="Open_vSwitch"/> reports the Open vSwitch userspace version.) - The version reported depends on the datapath in use: - </p> - - <ul> - <li> - When the kernel module included in the Open vSwitch source tree is - used, this column reports the Open vSwitch version from which the - module was taken. - </li> - - <li> - When the kernel module that is part of the upstream Linux kernel is - used, this column reports <code><unknown></code>. - </li> - - <li> - When the datapath is built into the <code>ovs-vswitchd</code> - binary, this column reports <code><built-in></code>. A - built-in datapath is by definition the same version as the rest of - the Open VSwitch userspace. - </li> - - <li> - Other datapaths (such as the Hyper-V kernel datapath) currently - report <code><unknown></code>. - </li> - </ul> - - <p> - A version discrepancy between <code>ovs-vswitchd</code> and the - datapath in use is not normally cause for alarm. The Open vSwitch - kernel datapaths for Linux and Hyper-V, in particular, are designed - for maximum inter-version compatibility: any userspace version works - with with any kernel version. Some reasons do exist to insist on - particular user/kernel pairings. First, newer kernel versions add - new features, that can only be used by new-enough userspace, e.g. - VXLAN tunneling requires certain minimal userspace and kernel - versions. Second, as an extension to the first reason, some newer - kernel versions add new features for enhancing performance that only - new-enough userspace versions can take advantage of. - </p> + Reports the datapath version. This column is maintained for + backwards compatibility. The preferred locatation is the + <ref column="datapath_id" table="Datapath"/> column of the + <ref table="Datapath"/> table. The full documentation for this + column is there. </column> <column name="other_config" key="datapath-id"> @@ -5560,6 +5525,199 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \ </group> </table> + <table name="Datapath"> + <p> + Configuration for a datapath within <ref table="Open_vSwitch"/>. + </p> + <p> + A datapath is responsible for providing the packet handling in Open + vSwitch. There are two primary datapath implementations used by + Open vSwitch: kernel and userspace. Kernel datapath + implementations are available for Linux and Hyper-V, and selected + as <code>system</code> in the <ref column="datapath_type"/> column + of the <ref table="Bridge"/> table. The userspace datapath is used + by DPDK and AF-XDP, and is selected as <code>netdev</code> in the + <ref column="datapath_type"/> column of the <ref table="Bridge"/> + table. + </p> + <p> + A datapath of a particular type is shared by all the bridges that use + that datapath. Thus, configurations applied to this table affect + all bridges that use this datapath. + </p> + + <column name="datapath_version"> + <p> + Reports the version number of the Open vSwitch datapath in use. + This allows management software to detect and report discrepancies + between Open vSwitch userspace and datapath versions. (The <ref + column="ovs_version" table="Open_vSwitch"/> column in the <ref + table="Open_vSwitch"/> reports the Open vSwitch userspace version.) + The version reported depends on the datapath in use: + </p> + + <ul> + <li> + When the kernel module included in the Open vSwitch source tree is + used, this column reports the Open vSwitch version from which the + module was taken. + </li> + + <li> + When the kernel module that is part of the upstream Linux kernel is + used, this column reports <code><unknown></code>. + </li> + + <li> + When the datapath is built into the <code>ovs-vswitchd</code> + binary, this column reports <code><built-in></code>. A + built-in datapath is by definition the same version as the rest of + the Open VSwitch userspace. + </li> + + <li> + Other datapaths (such as the Hyper-V kernel datapath) currently + report <code><unknown></code>. + </li> + </ul> + + <p> + A version discrepancy between <code>ovs-vswitchd</code> and the + datapath in use is not normally cause for alarm. The Open vSwitch + kernel datapaths for Linux and Hyper-V, in particular, are designed + for maximum inter-version compatibility: any userspace version works + with with any kernel version. Some reasons do exist to insist on + particular user/kernel pairings. First, newer kernel versions add + new features, that can only be used by new-enough userspace, e.g. + VXLAN tunneling requires certain minimal userspace and kernel + versions. Second, as an extension to the first reason, some newer + kernel versions add new features for enhancing performance that only + new-enough userspace versions can take advantage of. + </p> + </column> + + <column name="ct_zones"> + Configuration for connection tracking zones. Each pair maps from a + zone id to a configuration for that zone. Zone <code>0</code> applies + to the default zone (ie, the one used if a zone is not specified in + connection tracking-related OpenFlow matches and actions). + </column> + + <group title="Common Columns"> + The overall purpose of these columns is described under <code>Common + Columns</code> at the beginning of this document. + + <column name="external_ids"/> + </group> + </table> + + <table name="CT_Zone"> + Connection tracking zone configuration + + <column name="timeout_policy"> + Connection tracking timeout policy for this zone. If timeout policy is + not specified, defaults to the timeout policy in the system. + </column> + + <group title="Common Columns"> + The overall purpose of these columns is described under <code>Common + Columns</code> at the beginning of this document. + + <column name="external_ids"/> + </group> + </table> + + <table name="CT_Timeout_Policy"> + Connection tracking timeout policy configuration + + <group title="Timeouts"> + <column name="timeouts"> + The <code>timeouts</code> column contains key-value pairs used + to configure connection tracking timeouts in a datapath. + Key-value pairs that are not supported by a datapath are + ignored. + </column> + + <group title="TCP Timeouts"> + <column name="timeouts" key="tcp_syn_sent"> + TCP SYN sent timeout. + </column> + + <column name="timeouts" key="tcp_syn_recv"> + TCP SYN receive timeout. + </column> + + <column name="timeouts" key="tcp_established"> + TCP established timeout. + </column> + + <column name="timeouts" key="tcp_fin_wait"> + TCP FIN wait timeout. + </column> + + <column name="timeouts" key="tcp_close_wait"> + TCP close wait timeout. + </column> + + <column name="timeouts" key="tcp_last_ack"> + TCP last ACK timeout. + </column> + + <column name="timeouts" key="tcp_time_wait"> + TCP time wait timeout. + </column> + + <column name="timeouts" key="tcp_close"> + TCP close timeout. + </column> + + <column name="timeouts" key="tcp_syn_sent2"> + TCP syn sent2 timeout. + </column> + + <column name="timeouts" key="tcp_retransmit"> + TCP retransmit timeout. + </column> + + <column name="timeouts" key="tcp_unack"> + TCP unacknowledgment timeout. + </column> + </group> + + <group title="UDP Timeouts"> + <column name="timeouts" key="udp_first"> + First UDP packet timeout. + </column> + + <column name="timeouts" key="udp_single"> + The timeout in the state that source host sends more than one packet + but the destination host has never sent one backs. + </column> + + <column name="timeouts" key="udp_multiple"> + UDP packets seen in both directions timeout. + </column> + </group> + + <group title="ICMP Timeouts"> + <column name="timeouts" key="icmp_first"> + First ICMP timeout. + </column> + + <column name="timeouts" key="icmp_reply"> + ICMP reply timeout. + </column> + </group> + </group> + + <group title="Common Columns"> + The overall purpose of these columns is described under <code>Common + Columns</code> at the beginning of this document. + + <column name="external_ids"/> + </group> + </table> + <table name="SSL"> SSL configuration for an Open_vSwitch.