Following patch adds support for userspace tunneling. Tunneling
needs three more component first is routing table which is configured by
caching kernel routes and second is ARP cache which build automatically
by snooping arp. And third is tunnel protocol table which list all
listening protocols which is populated by vswitchd as tunnel ports
are added. GRE and VXLAN protocol support is added in this patch.
Tunneling works as follows:
On packet receive vswitchd check if this packet is targeted to tunnel
port. If it is then vswitchd inserts tunnel pop action which pops
header and sends packet to tunnel port.
On packet xmit rather than generating Set tunnel action it generate
tunnel push action which has tunnel header data. datapath can use
tunnel-push action data to generate header for each packet and
forward this packet to output port. Since tunnel-push action
contains most of packet header vswitchd needs to lookup routing
table and arp table to build this action.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Ben Pfaff <blp@nicira.com>
AM_LDFLAGS is not automatically passed to individual library LDFLAGS
and must be passed in explicitly.
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
These changes allow for the building of shared libraries by providing
the --enable-shared option to configure. In particular, lib/libopenvwitch.so,
lib/libsflow.so, ofproto/libofproto.so, and ovsdb/libovsdb.so will be built.
Original behavior of building static remains the same.
Additionally, versioning is introduced to each of the libraries objects
paving the way for APIs to be built around them. A detailed comment
outlining the rules for changing a version number is provided in
configure.ac. Note that at this time, the version number is set to
1.0.0, no API is specified yet, and there are no requirements to
maintain any sort of compatibility in any of the libraries.
Signed-off-by: Scott Mann <smann@noironetworks.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The Open vSwitch "make" output was still pretty verbose even when
configured with --enable-silent-rules. This cleans it up.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
Extend IPFIX exporter to export tunnel headers when both input and output
of the port.
Add three other_config options in IPFIX table: enable-input-sampling,
enable-output-sampling and enable-tunnel-sampling, to control whether
sampling tunnel info, on which direction (input or output).
Insert sampling action before output action and the output tunnel port
is sent to datapath in the sampling action.
Make datapath collect output tunnel info and send it back to userpace
in upcall message with a new additional optional attribute.
Add a tunnel ports map to make the tunnel port lookup faster in sampling
upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template
sets with enterprise elements for the tunnel info, save the tunnel info
in IPFIX cache entries, and send IPFIX DATA with tunnel info.
Add flowDirection element in IPFIX templates.
Signed-off-by: Wenyu Zhang <wenyuz@vmware.com>
Acked-by: Romain Lenglet <rlenglet@vmware.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
This is only the communication part of the bundles functionality.
The actual message pre-validation and commits are not implemented.
We also enable OF1.4 for all the tests.
Signed-off-by: Alexandru Copot <alex.mihai.c@gmail.com>
Cc: Daniel Baluta <dbaluta@ixiacom.com>
[blp@nicira.com made ofputil_decode_bundle_add() more obviously correct]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Recirculation ID needs to be unique per datapath. Its usage will be
tracked by the backer that corresponds to the datapath.
In theory, Recirculation ID can be any uint32_t value, except 0. This
implementation limits to a smaller range just for ease of debugging.
Make the range size 0 effectively disables recirculation.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
On errors, don't leave a broken ipfix-entries.def, which might cause
mysterious errors later.
(Probably the most common cause is the lack of python xml libraries.)
Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This patch moves flow installation and eviction from ofproto-dpif and
the main thread, into ofproto-dpif-upcall. This performs
significantly better (approximately 2x TCP_CRR improvement), and
allows ovs-vswitchd to maintain significantly larger datapath flow
tables. On top of that, it significantly simplifies the code,
retiring "struct facet" and friends.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Currently openvswitch builds all libraries static only. However,
libopenvswitch is linked into nearly all openvswitch executables
making it hardly possible to run openvswitch on embedded devices
(for example running OpenWrt).
Convert openvswitch to use libtool for building its internal libs.
This allows "--enable-shared" and "--enable-static" as configure
arguments. Default is "--disable-shared" thus keeping the current
behavior with the only change that static libs are installed by
"make install".
Since the openvswitch library interfaces are internal and thus not
stable (yet) encode the openvswitch version into the library name:
libopenvswitch-2.0.90.so
Binary size is reduced to around 1/3 when using shared libs.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Relocating bond.[ch] to allow bond.c to make ofproto calls.
This is needed for upcoming patches that enable megaflow support
for bond ports.
Signed-off-by: Andy Zhou <azhou@nicira.com>
This commit adds a new module ofproto-dpif-monitor in ofproto
directory. This module is in charge of executing the periodic
functions of monitoring code (e.g. bfd and cfm).
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
This patch factors flow miss handling into its own module,
ofproto-dpif-upcall which can utilize multiple threads to process
misses. For some important benchmarks, this change improves Open
vSwitch flow setup performance by roughly 50x (that's 50 times not
50%) in my testing.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This code modularizes ofproto-dpif's mirror code by moving it to
ofproto-dpif-mirror. Not only does this shorten ofproto-dpif and
hide complexity, but its also necessary for future patches which
modularize ofproto-dpif-xlate in preparation for multi-threading.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Ideally, this patch would move xlate_actions() into it's own module
with a clearly defined regular interface which is minimally
dependent on ofproto-dpif. While, I've done this in a prototype,
moving large amounts of code into a new file while simultaneously
changing the logic and keeping up with changes to master has proved
nearly impossible.
This patch takes a different approach. It simply copies the logic
directly from ofproto-dpif with no changes. Once this is in,
future patches can begin breaking the ties between
ofproto-dpif-xlate and ofproto-dpif proper.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding
OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated
into a new SAMPLE "flow_sample" dp action.
Make the userspace action's userdata size vary depending on the union
member used. Add a new "flow_sample" upcall to do per-flow packet
sampling. Add a new "ipfix" upcall to do per-bridge packet sampling
to IPFIX collectors.
Extend the OVSDB schema to support configuring IPFIX collector sets.
Add support for configuring multiple IPFIX collectors for per-flow
packet sampling. Add support for configuring per-bridge IPFIX
sampling.
Automatically generate standard IPFIX entity definitions from the IANA
specs. Send one IPFIX data record message for every packet sampled by
an OpenFlow sample action or received by a bridge configured with
IPFIX sampling, and periodically send IPFIX template set messages.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The kernel tunneling code currently needs to handle a large number
of operations when tunnel packets are encapsulated and
decapsulated. Some examples of this are: finding the correct
tunnel port on receive, TTL and ToS inheritance, ECN handling, etc.
All of these can be done on a per-flow basis in userspace now that
we have both the inner and outer header information, which allows
us to both simplify the kernel and take advantage of userspace's
information. Once tunnel packets are redirected into this code,
the redundant pieces can be removed from other places.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ethan Jackson <ethan@nicira.com>
These commands will be useful in a future commit that makes multiple
bridges share a single backing datapath. The ovs-dpctl commands will
show information about the backing datapath, so it will be difficult to
determine which information belongs to which bridge. The new "dpif/*"
ovs-appctl commands return information about the bridge--regardless of
how the backing datapath is configured.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Replaced all instances of Nicira Networks(, Inc) to Nicira, Inc.
Feature #10593
Signed-off-by: Raju Subramanian <rsubramanian@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The cost of creating and initializing facets and subfacets and installing,
tracking, and uninstalling kernel flows is significant. When most flows
have only one or a few packets, this overhead is higher than the cost of
handling each packet individually. This commit introduces heuristics that
cheaply count (approximately) the number of packets seen in a flow and
skips most of this expensive bookkeeping until the packet count exceeds a
threshold (currently 5 packets).
Signed-off-by: Ben Pfaff <blp@nicira.com>
The name ofproto-sflow.[ch] implies that this code would work with any
ofproto implementation, but in fact it is specific to the ofproto_dpif
implementation. Rename it to avoid confusion.
In addition to the changes to ofproto, this commit changes all of the
instances of "struct flow" in the tree so that the "in_port" member is an
OpenFlow port number. Previously, this member was an OpenFlow port number
in some cases and an ODP port number in other cases.
I've never heard of anyone actually using controller discovery.
It adds a great deal of code to the source tree, and a little
bit of complication to ofproto, so this commit removes it.
Back in 2008 or so, I introduced this extension as a way to provide
information about switch status to the new "switch UI" program. Since
then, the switch UI program has been removed and the important information
that was provided by the switch status extension is now available in the
database, so we might as well get rid of this extension, and that is what
this commit does.
At one point Nicira had deployment plans for which adding a remote command
execution feature to the OpenFlow stack made a lot of sense. We no longer
have those plans, as far as I know, and leaving the feature in seems like
a huge potential security hole. So this commit blows away the entire
feature.
