mbox series

[ovs-dev,v3,0/8] Add ACL Sampling using per-flow IPFIX.

Message ID 20240712151416.992033-1-dceara@redhat.com
Headers show
Series Add ACL Sampling using per-flow IPFIX. | expand

Message

Dumitru Ceara July 12, 2024, 3:14 p.m. UTC 
This series adds support for sampling packets processed by ACLs by using
per-flow IPFIX.  This new feature allows users to configure
(potentially) different sampling options for ACL matched traffic that
creates new connections or that is forwarded on existing connections.

This work is based on Adrian's original RFC:
https://patchwork.ozlabs.org/project/ovn/cover/20221018155936.1394396-1-amorenoz@redhat.com/

In order for the whole feature to work properly some pre-requisite work
is done:
- patches 1-3: simplify northd code assuming that all controllers are
  aware of features included in the previous LTS release (22.03) - the
  current LTS release is 24.03.
- patch 4: fixes an incorrect test that mistakenly fails when the bug
  fix in patch 5 is applied.
- patch 5: fixes a bug in the way ACLs with labels are processed when
  the switches also have load balancers configured

The feature itself is implemented by the last 3 patches:
- patch 6: adds support for users to configure different types of
  sampling applications (drop debug, acl-new-traffic,
  acl-established-traffic)
- patch 7: combines the already existing drop debug sampling
  configuration with the new sampling application configuration (giving
  priority to the latter)
- patch 8: adds sampling support to ACLs

Changes in V3:
- Addressed Ilya's comment and bumped NB schema version on patch 8.
  I didn't bump it on patch 6 too because I don't think these two
  commits will ever be separated in different releases.

Changes in V2:
- Addressed Adrian's comments on patch 8.
- Fixed unit test failure in patch 2.

Adrian Moreno (1):
  northd: Add ACL Sampling.

Dumitru Ceara (7):
  northd: Assume all chassis support the "port-up-notif" feature.
  northd: Assume all chassis support the "ct-no-masked-label" feature.
  northd: Assume all chassis support the "ovn-ct-lb-related" feature.
  tests: Fix unreliable "ACL and committing to conntrack" system test.
  northd: Commit from-lport ACL label (and state) when LBs are used.
  northd: Add Sampling_App table.
  northd: Override NB_Global drop sampling id with Sampling_App config.

 NEWS                                   |   6 +
 controller/lflow.c                     |  39 +-
 controller/lflow.h                     |   1 -
 controller/ovn-controller.c            |  22 -
 lib/logical-fields.c                   |  28 +-
 northd/automake.mk                     |   2 +
 northd/debug.c                         |  12 +-
 northd/debug.h                         |   3 +-
 northd/en-global-config.c              |  68 +--
 northd/en-global-config.h              |   2 -
 northd/en-lflow.c                      |   5 +
 northd/en-sampling-app.c               | 120 ++++
 northd/en-sampling-app.h               |  51 ++
 northd/inc-proc-northd.c               |  15 +-
 northd/northd.c                        | 750 ++++++++++++++++++------
 northd/northd.h                        |   1 +
 northd/ovn-northd.8.xml                |  26 +
 ovn-nb.ovsschema                       |  65 ++-
 ovn-nb.xml                             |  80 +++
 ovn-sb.xml                             |  19 -
 tests/atlocal.in                       |   6 +
 tests/ovn-controller.at                |   8 +-
 tests/ovn-macros.at                    |   4 +
 tests/ovn-nbctl.at                     |  20 +
 tests/ovn-northd.at                    | 774 +++++++++++++------------
 tests/ovn.at                           |  22 +-
 tests/system-common-macros.at          |  11 +
 tests/system-ovn.at                    | 154 ++++-
 utilities/containers/fedora/Dockerfile |   1 +
 utilities/containers/ubuntu/Dockerfile |   1 +
 utilities/ovn-nbctl.8.xml              |   8 +-
 utilities/ovn-nbctl.c                  |  43 +-
 32 files changed, 1618 insertions(+), 749 deletions(-)
 create mode 100644 northd/en-sampling-app.c
 create mode 100644 northd/en-sampling-app.h