Putting "static inline" on a function definition in a .c file does not help
the compiler and does suppress warnings for unused functions that one would
want, should the function ever become unused.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
There's no particular reason for the function controlling the number
of threads to be bound up with dpif_recv_set(). This patch breaks
them up, but as a side effect means threads will run doing nothing
when datapath upcall receiving is disabled. By doing this, the udpif
thread creation API becomes a bit easier to reason about once there
are multiple types of thread introduced in future patches.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
They don't really make sense in a multithreaded architecture. Once
flow miss batches are dispatched with, they will be extra useless.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Previously, we iterated through all interfaces in instant_stats_run(),
grabbing up-to-date information about device and port status. After
assembling all of this information for all interfaces, we would
determine whether anything changed and only send an update to
ovsdb-server if something changed.
This patch uses the new global connectivity_seq to determine whether
there have been any changes before polling all interfaces, which reduces
unnecessary processing in the average case. In a test environment of
5000 internal ports and 50 tunnel ports with bfd, this reduces average
CPU usage of the main thread from about 15% to about 5%. When ports
change status more often than every 100ms, CPU usage is expected to
increase to previous rates.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
This greatly simplifies the reconfiguration code, making it much easier
to understand and modify. The old multi-pass configuration had the
property that it didn't delay block packet processing as much, but that's
not much of a worry anymore now that latency critical activities have
been moved outside the main thread.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Add a prefix tree (trie) structure for tracking the used address
space, enabling skipping classifier tables containing longer masks
than necessary for an address field value in a packet header being
classified. This enables less unwildcarding for datapath flows in
parts of the address space without host routes.
Trie lookup is interwoven to the staged lookup, so that a trie is
searched only when the configured trie field becomes relevant
for the lookup. The trie lookup results are retained so that each
trie is checked at most once for each classifier lookup.
This implementation tracks the number of rules at each address prefix
for the whole classifier. More aggressive table skipping would be
possible by maintaining lists of tables that have prefixes at the
lengths encountered on tree traversal, or by maintaining separate
tries for subsets of rules separated by metadata fields.
Prefix tracking is configured via OVSDB. A new column "prefixes" is
added to the database table "Flow_Table". "prefixes" is a set of
string values listing the field names for which prefix lookup should
be used.
As of now, the fields for which prefix lookup can be enabled are:
- tun_id, tun_src, tun_dst
- nw_src, nw_dst (or aliases ip_src and ip_dst)
- ipv6_src, ipv6_dst
There is a maximum number of fields that can be enabled for any one
flow table. Currently this limit is 3.
Examples:
ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- \
--id=@N1 create Flow_Table name=table0
ovs-vsctl set Bridge br0 flow_tables:1=@N1 -- \
--id=@N1 create Flow_Table name=table1
ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
ovs-vsctl set Flow_Table table1 prefixes=[]
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Currently, we refresh STP status (id, state, role) alongside
statistics (rx, tx, errors), all within instant_stats_run(). This
patch splits statistics out, and refreshes them with the 5 second
stats instead. This paves the way to reducing execution of
instant_stats_run().
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Relocating bond.[ch] to allow bond.c to make ofproto calls.
This is needed for upcoming patches that enable megaflow support
for bond ports.
Signed-off-by: Andy Zhou <azhou@nicira.com>
This should behave the same as before but the code reads more naturally to
me this way.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
The "targets" column in IPFIX had a min=1 constraints, so OVSDB
implicitly adds an empty string "" into that column if no value is
given. No connection can be opened to a target with address "", so
the whole IPFIX exporter for that row was disabled until that ""
target was removed by users. That behavior is correct but proved to
be unintuitive to users.
This patch removes the min=1 constraint, to avoid the trouble for
users who insert IPFIX rows with no targets: it eliminates the log
messages due to failed connections to target "", and eliminates the
need to manually remove the "" target after row insertion.
This doesn't impact the behavior for any existing row, whether it has
a "" target or not.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Guard any access to an IPFIX row referenced from
Flow_Sample_Collector_Set by a test that the reference is not NULL.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Commit bdebeece5 (lacp: Require successful LACP negotiations when
configured.) makes successful LACP negotiation mandatory for the
bond to come UP. This patch provides a configuration option to
bring up the bond by falling back to active-backup mode on LACP
negotiation failure.
Several of the physical switches that support LACP block all traffic
for ports that are configured to use LACP, until LACP is negotiated
with the host. When configuring a LACP bond on a OVS host
(eg: XenServer), this means that there will be an interruption of the
network connectivity between the time the ports on the physical
switch and the bond on the OVS host are configured. The interruption
may be relatively long, if different people are responsible for
managing the switches and the OVS host.
Such network connectivity failure can be avoided if LACP can be
configured on the OVS host before configuring the physical switch,
and having the OVS host fall back to a bond mode (active-backup) till
the physical switch LACP configuration is complete. An option
"lacp-fallback-ab" is introduced with this patch to provide such
behavior on openvswitch.
Signed-off-by: Ravi Kondamuru <Ravi.Kondamuru@citrix.com>
Signed-off-by: Dominic Curran <Dominic.Curran@citrix.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
This commit adds a new ovsdb column "cfm_flap_count". It counts the
number of cfm fault flaps since boot.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
The OVS code has always made a distinction between the unencrypted (TCP)
and SSL port numbers for the OpenFlow and OVSDB protocols. The default
port numbers for both protocols has changed, and there continues to be
no distinction between the unencrypted and SSL versions. This
commit removes the distinction in port numbers. A future patch will
recognize the change in default port number.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This commit makes vswitchd clear the 'bfd_status' column
in ovsdb when bfd is disabled or not supported.
Reported-by: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit fixes a place in bridge.c where smap_destroy() is not
always called after smap_init(). Though there is no memory leak
now, it is necessary to fix it and prevent memory leak in the
future when smap_init() may be modified to allocate dynamic memory.
Reported-by: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit removes the CACHE_TIME scheme from timeval module. This
is for eliminating the lock contention over the read/write lock of
the cached time. To get the time, the thread now will directly do
the system call 'clock_gettime()'.
As a side effect, timer can only be warpped after timer is stopped
by 'appctl time/stop' command.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
We have a call chain like this:
iface_configure_qos() calls
netdev_dump_queues(), which calls
netdev_linux_dump_queues(), which calls back through 'cb' to
qos_unixctl_show_cb(), which calls
netdev_delete_queue(), which calls
netdev_linux_delete_queue().
Both netdev_dump_queues() and netdev_linux_delete_queue() take the same
mutex in the same netdev, which deadlocks.
This commit fixes the problem by getting rid of the callback.
netdev_linux_dump_queue_stats() would benefit from the same treatment but
it's less urgent because I don't see any callbacks from that function that
call back into a netdev function.
Bug #19319.
Reported-by: Scott Hendricks <shendricks@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Implement a per-exporter flow cache with active timeout expiration.
Add columns "cache_active_timeout" and "cache_max_flows" into table
"IPFIX" to configure each cache.
Add per-flow elements "octetDeltaSumOfSquares",
"minimumIpTotalLength", and "maximumIpTotalLength" to replace
"ethernetTotalLength". Add per-flow element "flowEndReason" to
indicate whether a flow has expired because of an active timeout, the
cache size limit being reached, or the exporter being stopped.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit adds a new column "n-handler-threads" to the Open_vSwitch
table. This is used to set the number of upcall handler threads created by
the ofproto-dpif-upcall module.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, the async append interface has required async_append_enable()
to be called while the process was still single-threaded, with the
rationale being that async_append_enable() could race with
async_append_write() on some existing async_append object. This was a
difficult problem when the async append interface was introduced, because
at the time Open vSwitch did not have any infrastructure for inter-thread
synchronization.
Now it is easy to solve, by introducing synchronization into the
async append module. However, that's more or less wasted, because the
client is already required to serialize access to async append objects.
Moreover, vlog, the only existing client, needs to serialize access for
other reasons, so it wouldn't even be possible to just drop the client's
synchronization.
This commit therefore takes another approach. It drops the
async_append_enable() interface entirely. Now any existing async_append
object is always enabled. The responsibility for "enabling", then, now
rests in whether the client creates and uses an async_append object, and
so vlog now takes care of that by itself. Also, since vlog now has to
deal with sometimes having an async_append and sometimes not having one,
we might as well allow creating an async_append to fail, thereby slightly
simplifying the "no async I/O" implementation from "write synchronously"
to "always fail creating an async_append".
Reported-by: Shih-Hao Li <shihli@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
When "other-config:enable-vlan-splinters=true" is set, the existing
vlans with ip address must be retained. The bug actually does the
opposite and retains the vlans without ip address. This commit fixes
it.
Reported-by: Roman Sokolkov <rsokolkov@gmail.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit adds an "ifindex" column to the "Interface" table in the db.
Signed-off-by: Neil McKee <neil.mckee@inmon.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This adds support for specifying flow miss handling behaviour at
runtime, through a new "other-config" option in the Open_vSwitch table.
This takes precedence over flow-eviction-threshold.
By default, the behaviour is the same as before. If force-miss-model is
set to 'with-facets', then flow miss handling will always result in the
creation of new facets and flow-eviction-threshold will be ignored. If
force-miss-model is set to 'without-facets', then flow miss handling will never
result in the creation of new facets (effectively the same as setting the
flow-eviction-threshold to 0, which is not currently configurable).
We intend to use this configuration option in the testsuite to force
particular code paths to be used, allowing us to improve test coverage.
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
These functions are used so often, that having an easy to read
helper is worth it.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Until now, datapath ports and openflow ports were both represented by
unsigned integers of various sizes. With implicit conversions, etc., it is
easy to mix them up and use one where the other is expected. This commit
creates two typedefs, ofp_port_t and odp_port_t. Both of these two types
are marked by "__attribute__((bitwise))" so that sparse can be used to
detect any misuse.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
With the single datapath, it no longer makes sense to have a per
ofproto flow eviction threshold. This patch moves the flow
eviction threshold to the Open_vSwitch table making the setting
global, though still treated separately for each ofproto. A future
patch will unify flow eviction on a per datapath basis.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
This patch changes the variable type of "ofport" in "struct if_cfg" and
"struct iface" from int64_t to uint16_t. This is more consistent with
the OpenFlow-1.0 port definition.
Also, before this patch, -1 is used to indicate an unknown port. This
patch uses OFPP_NONE, since "ofport" becomes uint16_t.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
While upgrading openvswitch, it helps to restore openflow flows before
starting packet processing. Typically we want to restart openvswitch,
add the openflow flows and then start packet processing.
To do this, we look for the other_config:flow-restore-wait column
in the Open_vSwitch table during startup. If set as true, we disable
receiving packets from the datapath, expiring or flushing flows and
running any periodic ofproto activities. This option does not prevent
the addition and deletion of ports. Once this option is set to false,
we return to normal processing.
An upcoming commit will use this feature in Open vSwitch startup scripts.
Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
The new CFM "demand mode" (named after BFD's demand mode) uses
data traffic to indicate interface liveness. It's helpful on
heavily congested networks where CCMs may be dropped.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
'netdev' was not initialized at this point in the function, so the cleanup
at the error label referenced a wild pointer.
Introduced in commit 94a538422d (netdev: Prevent using reserved names).
CC: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit adds a function to lib/netdev.c to check that the interface name
is not the same as any of the registered vport providers' dpif_port name
(e.g. gre_system) or the datapath's internal port name (e.g. ovs-system).
Bug #15077.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This gets rid of the only per-instance data in "struct netdev", which
will make it possible to merge "struct netdev_dev" into "struct netdev" in
a later commit.
Ed Maste wrote the netdev-bsd changes in this commit.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ed Maste <emaste@freebsd.org>
Tested-by: Ed Maste <emaste@freebsd.org>
Traditionally, Open vSwitch has used a variant of 802.1ag "CFM" for
interface liveness detection. This has served us well until now,
but has several serious drawbacks which have steadily become more
inconvenient. First, the 802.1ag standard does not implement
several useful features forcing us to (optionally) break
compatibility. Second, 802.1.ag is not particularly popular
outside of carrier grade networking equipment. Third, 802.1ag is
simply quite awkward.
In an effort to solve the aforementioned problems, this patch
implements BFD which is ubiquitous, well designed, straight
forward, and implements required features in a standard way. The
initial cut of the protocol focuses on getting the basics of the
specification correct, leaving performance optimizations, and
advanced features as future work. The protocol should be
considered experimental pending future testing.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
The database documentation says:
If an interface does not support a given statistic, then that pair is
omitted.
but in fact the implementation included the key-value pair for an
unsupported statistic with -1 as the value.
Found by inspection.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
There are very rare cases (ex: ovs-vswitchd.pid is inadvertantly deleted),
when multiple ovs-vswitchd daemons can end up running at the same time.
In a situation like that one of the daemons can wait on the poll()
with a 0 ms wait time as it would be expecting system stats to be collected.
But system stats are never run for the daemon that does not have the
lock on the database and hence it takes up 100% of the CPU if its state
machine for stats collection previously was S_WAITING.
With this patch, we disable the system stats collection for the daemon that
does not have the database lock. When it eventually gets the lock on the
database, system stats are automatically enabled if other_config:\
enable-statistics=true.
Bug #16669.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Normally, the daemon code will detect when multiple instances are run
and print the conflicting PID. However, if ovs-vswitchd is not run in
daemon mode or the pidfile is removed, a database lock is checked. The
message it prints wasn't specific enough about which process was backing
off due to not getting the lock.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding
OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated
into a new SAMPLE "flow_sample" dp action.
Make the userspace action's userdata size vary depending on the union
member used. Add a new "flow_sample" upcall to do per-flow packet
sampling. Add a new "ipfix" upcall to do per-bridge packet sampling
to IPFIX collectors.
Extend the OVSDB schema to support configuring IPFIX collector sets.
Add support for configuring multiple IPFIX collectors for per-flow
packet sampling. Add support for configuring per-bridge IPFIX
sampling.
Automatically generate standard IPFIX entity definitions from the IANA
specs. Send one IPFIX data record message for every packet sampled by
an OpenFlow sample action or received by a bridge configured with
IPFIX sampling, and periodically send IPFIX template set messages.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
If the database was empty, that is, it did not even contain an Open_vSwitch
top-level configuration record, at ovs-vswitchd startup time, then
OVS failed to detach and used 100% CPU. This commit fixes the problem.
This problem was introduced by commit 63ff04e826 (bridge: Only
complete daemonization after db commits initial config.).
This problem did not manifest if the initscripts supplied with Open vSwitch
were used, because those initscripts always initialize the database before
starting ovs-vswitchd, so this problem affects only users with hand-rolled
local OVS startup scripts.
Bug #16090.
Reported-by: Pravin Shelar <pshelar@nicira.com>
Tested-by: Pravin Shelar <pshelar@nicira.com>
Reported-by: Paul Ingram <paul@nicira.com>
Reported-by: Amre Shakimov <ashakimov@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
An earlier commit changed the Open vSwitch startup scripts so that they
connect to remote managers only after ovs-vswitchd does its initial
configuration, as signaled by ovs-vswitchd detaching from its parent
process. However, a race window remains, because ovs-vswitchd detaching
does not mean that the database server has received and committed the
transaction, only that ovs-vswitchd has sent it. This commit fixes that
race window, by changing ovs-vswitchd to complete detaching only after
the database server acknowledges the transaction.
It is still possible for unusual events to cause ovs-vswitchd to detach
before ephemeral columns are filled in. There is always a slim possibility
that the transaction will fail or that some other client has added new
bridges, ports, etc. while ovs-vswitchd was configuring using an old
configuration. The latter race is inherent to the design of the system
and cannot be avoided without radical changes.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
Bug #15983.
Some information in the database must be kept as up-to-date as
possible to allow controllers to respond rapidly to network outages.
We call these statistics "instant" stats.
Until now, the instant stats have been updated on every trip through
the main loop. This work scales with the number of interfaces that
ovs-vswitchd manages. With CFM enabled on 5000 interfaces, even with
a low transmission rate, we see ovs-vswitchd using 100% CPU just to
maintain statistics, even with no actual changes.
This commit rate-limits updates to instant stats to at most 10 times
per second. Earlier tests I did with similar patches showed a major
reduction in CPU usage. I have not rerun those tests with this patch,
but I expect that the CPU usage should similarly decline.
CC: Ram Jothikumar <rjothikumar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
