classifier: Increase the maximum number of prefixes (tries).

Today users can enable prefix matches for tun_id, tun_src, tun_dst,
ip_src, ip_dst, ipv6_src and ipv6_dst.  However, they are limited to
only 3 of these enabled at the same time.  This means that if our flow
table is handling both IPv4 and IPv6 traffic, we can't optimize all
the addresses, we'll either have to split IPv4 and IPv6 rules into
separate tables or sacrifice one of the fields, as we can select only
3 out of 4 fields (ip_src, ip_dst, ipv6_src and ipv6_dst).

The maximum number of tries is a little arbitrary.  Increasing it will
slightly increase memory usage and may take a couple extra processing
cycles, but should not change classification results, so should be
reasonable.

Actually enabling more prefixes will consume more memory and reduce
efficiency of a single flow classification, but that's a trade user can
make knowing the traffic pattern and how their particular flow table
looks like.  While efficiency of a single flow classification may go
down, the overall performance of the system may be significantly
improved by having way less datapath flows with wider matches.

The number of tunnels in a typical setup is not that high, so I'm not
sure if it makes sense to increase the limit higher.  At the same time
combined IPv4 + IPv6 handling is pretty common.  For example, that's
the case with OVN.

Tests in ofproto-dpif.at cover IPv4 and IPv6 address classification
separately, and these fields can't overlap, so not adding any new tests.

Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>

NEWS

@@ -1,5 +1,13 @@
 Post-v3.4.0
 --------------------
+   - The limit on the number of fields for address prefix tracking in flow
+     tables increased from 3 to 4.  For example, it is now possible to
+     specify both IPv4 and IPv6 address fields at the same time:
+      $ ovs-vsctl set Bridge br0 flow_tables:123=@N -- \
+          --id=@N create Flow_Table \
+                    name=table123 prefixes=nw_dst,nw_src,ipv6_dst,ipv6_src
+     This allows to significantly reduce amount of datapath flows generated
+     from mixed IPv4+IPv6 flow tables, if configured.
    - Userspace datapath:
      * The default zone limit, if set, is now inherited by any zone
        that does not have a specific value defined, rather than being

lib/classifier.h

@@ -170,7 +170,7 @@
  * value of the "prefix" key is a comma separated list of field names.
  *
  * There is a maximum number of fields that can be enabled for any one
- * flow table.  Currently this limit is 3.
+ * flow table.  Currently this limit is 4.
  *
  *
  * Partitioning (Lookup Time and Wildcard Optimization)
@@ -328,7 +328,7 @@ struct cls_trie {
 
 enum {
     CLS_MAX_INDICES = 3,   /* Maximum number of lookup indices per subtable. */
-    CLS_MAX_TRIES = 3      /* Maximum number of prefix trees per classifier. */
+    CLS_MAX_TRIES = 4,     /* Maximum number of prefix trees per classifier. */
 };
 
 /* A flow classifier. */

tests/classifier.at

@@ -180,8 +180,8 @@ Datapath actions: drop
 ])
 
 AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=ipv6_label], [0])
-AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=nw_dst,nw_src,tun_dst,tun_src], [1], [],
-[ovs-vsctl: nw_dst,nw_src,tun_dst,tun_src: 4 value(s) specified but the maximum number is 3
+AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=nw_dst,nw_src,tun_dst,tun_src,ipv6_src], [1], [],
+[ovs-vsctl: nw_dst,nw_src,tun_dst,tun_src,ipv6_src: 5 value(s) specified but the maximum number is 4
 ])
 AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=nw_dst,nw_dst], [1], [],
 [ovs-vsctl: nw_dst,nw_dst: set contains duplicate value

vswitchd/vswitch.ovsschema

@@ -1,6 +1,6 @@
 {"name": "Open_vSwitch",
- "version": "8.7.0",
- "cksum": "3751637058 27869",
+ "version": "8.8.0",
+ "cksum": "2823623553 27869",
  "tables": {
    "Open_vSwitch": {
      "columns": {
@@ -385,7 +385,7 @@
        "groups": {
          "type": {"key": "string", "min": 0, "max": "unlimited"}},
        "prefixes": {
-         "type": {"key": "string", "min": 0, "max": 3}},
+         "type": {"key": "string", "min": 0, "max": 4}},
        "external_ids": {
          "type": {"key": "string", "value": "string",
                   "min": 0, "max": "unlimited"}}}},

vswitchd/vswitch.xml

@@ -4897,7 +4897,7 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
 
         <p>
           There is a maximum number of fields that can be enabled for any
-          one flow table.  Currently this limit is 3.
+          one flow table.  Currently this limit is 4.
         </p>
       </column>
     </group>