From patchwork Wed Dec 1 12:56:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Odintsov X-Patchwork-Id: 1562160 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=My2VvYMN; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4J3zcB5KN2z9sCD for ; Wed, 1 Dec 2021 23:56:26 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 381E66090B; Wed, 1 Dec 2021 12:56:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pbFFOAbM9cmO; Wed, 1 Dec 2021 12:56:21 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTPS id 8CDAC615F2; Wed, 1 Dec 2021 12:56:20 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 77E99C0043; Wed, 1 Dec 2021 12:56:18 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 46D40C003E for ; Wed, 1 Dec 2021 12:56:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 2F0456077D for ; Wed, 1 Dec 2021 12:56:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R_99RGqAsSiU for ; Wed, 1 Dec 2021 12:56:16 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by smtp3.osuosl.org (Postfix) with ESMTPS id 458756074F for ; Wed, 1 Dec 2021 12:56:16 +0000 (UTC) Received: by mail-ed1-x52f.google.com with SMTP id g14so101307820edb.8 for ; Wed, 01 Dec 2021 04:56:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=h/M0Z/mxMFKxerQzRcrPGx8/nuICGphzxiiAiDxbi2k=; b=My2VvYMNlyMuGIDqq5lOnaXqTSX3Sapd8qAG+MZ+u3XBB1pt1ivwWvAU5sNAMLATRh rXWNJW9c6LHqQ9Nj+twsEuENBE6+WzQfTNZfP7iZ4cFBJbd3Vb2MbpmrvL1FEQiIL26f fJ2MUVwED1uRQnxvwyfTdnflvZ2ykHptE4demUJTOPe6s2HFSlHVoZnxc0WgUX+9jkDR 9DayoCUjVo1p0nsqFvOjEpnrv/L8kwYx0X0Lms09eIPrs7wcai4X+ZcCDvqAe+tvYB1q mNsaIqsR7wwi7pEz83xSkyuwZMgKUOuXIApTKfSHU4CJ0kbA7k2zYerBe5cLJrwkW0aQ cyXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=h/M0Z/mxMFKxerQzRcrPGx8/nuICGphzxiiAiDxbi2k=; b=7YgRvNlhtMJ2lvNo9lAxksO/8NQGppqLParp52koR9tjj93HMJ4mXzCz4x6GDM39e7 FxDZWSlGayYLT/RW/gcO8+sFlWSon4WoCXUlVgKVJyNheyXRlR/Qg63RK9z8N9Svq1vD bdpZS1BDGM/t0YELbZoX2LkNMk3PCKc/C2kvFhEmGHHmyKF53MGhmK6Kx2Zlr2cNBnex 0IcDvINWr2qxTH0ECBo255ubCml88b9X7DyR+YyKF5Z7/JLvmMUl+wX9C6WZs2lArZMB 40hRR/SyJ+jY/xcnLL6W9OweTajjRukKyhp15gU+aAZL31qDRRI9Cy89F62VXCxXUXh4 ntKw== X-Gm-Message-State: AOAM533qljcx6bSoN64b5Q/hDdnUXHLBGpg2w1/ES0C4USq9xaim3mrH yiJ0hUlcZFT8uWDEYUvpW/jjqGEJvboi1A== X-Google-Smtp-Source: ABdhPJzPVOcMCvExKQAYm7d6Eb08eq0SfVADnzJjaI+xltX2Bg44zNmhYA0ZFL6R49vIduZb1ZojYw== X-Received: by 2002:a05:6402:445:: with SMTP id p5mr8334362edw.110.1638363374282; Wed, 01 Dec 2021 04:56:14 -0800 (PST) Received: from localhost.localdomain (109-252-131-59.dynamic.spd-mgts.ru. [109.252.131.59]) by smtp.gmail.com with ESMTPSA id dm6sm6499907ejc.89.2021.12.01.04.56.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Dec 2021 04:56:13 -0800 (PST) From: Vladislav Odintsov To: dev@openvswitch.org Date: Wed, 1 Dec 2021 15:56:07 +0300 Message-Id: <20211201125608.36918-3-odivlad@gmail.com> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20211201125608.36918-1-odivlad@gmail.com> References: <20211201125608.36918-1-odivlad@gmail.com> MIME-Version: 1.0 Cc: Vladislav Odintsov Subject: [ovs-dev] [PATCH ovn 2/3] northd: send ingress packets from HW VTEP directly to L2_LKUP table X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Recently the patch [1] fixed the ingress pipeline for packets coming from HW VTEP switch within a stateful datapath. This patch assumes the [1] is reverted and applies more efficient "next(pipeline=ingress, table=S_SWITCH_IN_L2_LKUP);" action to skip unneeded stages for such packets. 1: https://github.com/ovn-org/ovn/commit/62ca8b9620cc1168ace6905575b7d36438363aed Signed-off-by: Vladislav Odintsov --- northd/northd.c | 9 ++++++++- northd/ovn-northd.8.xml | 9 +++++++++ northd/ovn_northd.dl | 16 +++++++++++++--- 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 4c1a2a382..2efc4bb1f 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -5480,7 +5480,14 @@ build_lswitch_input_port_sec_op( if (queue_id) { ds_put_format(actions, "set_queue(%s); ", queue_id); } - ds_put_cstr(actions, "next;"); + + if (!strcmp(op->nbsp->type, "vtep")) { + ds_put_format(actions, "next(pipeline=ingress, table=%d);", + S_SWITCH_IN_L2_LKUP); + } else { + ds_put_cstr(actions, "next;"); + } + ovn_lflow_add_with_lport_and_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, ds_cstr(match), ds_cstr(actions), op->key, &op->nbsp->header_); diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 00fb925f8..bd3c3aa26 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -262,6 +262,15 @@ logical ports on which port security is not enabled, these advance all packets that match the inport. +
  • + For logical ports of type vtep, the above logical flow + will apply the action + next(pipeline=ingress, table=S_SWITCH_IN_L2_LKUP) = 1; + to skip most stages of ingress pipeline and go directly to ingress L2 + lookup table to determine the output port. Packets from VTEP (RAMP) + switch should not be subjected to any ACL checks. Egress pipeline will + do the ACL checks. +

    • diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index ffa2e06db..530bb1e9d 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -3468,9 +3468,19 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name, .ps_eth_addresses } else { i"inport == ${json_name} && eth.src == {${ps_eth_addresses.join(\" \")}}" } in - var actions = match (pbinding.options.get(i"qdisc_queue_id")) { - None -> i"next;", - Some{id} -> i"set_queue(${id}); next;" + + var actions = { + var queue = match (pbinding.options.get(i"qdisc_queue_id")) { + None -> i"next;", + Some{id} -> i"set_queue(${id}); " + }; + var ramp = if (lsp.__type == i"vtep") { + i"next(pipeline=ingress, table=${s_SWITCH_IN_L2_LKUP()});" + } else { + i"next;" + } in + }; + i"${queue}${ramp}" } in Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_L2(),