Fix a typo that went undetected by tests because we don't have any test
cases for error paths when using database commands with ovn-nbctl.
Fixes: 675b152e99 ("db-ctl-base: Extend ctl_context with an error message.")
Signed-off-by: Jakub Sitnicki <jkbs@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Return the error via the context instead of calling ctl_fatal() so that
the caller can decide how to handle it.
Signed-off-by: Jakub Sitnicki <jkbs@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add unit test for the TCP reset segment sent by OVN logical router when
it receives an IPv6 TCP segment directed to the router's IP address since
the logical router doesn't accept any TCP traffic
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
When decoding a group mod, the current code validates the group type and
command after the whole group mod has been decoded. The OF1.5 decoder,
however, tries to use the type and command earlier, when it might still be
invalid. This caused an assertion failure (via OVS_NOT_REACHED). This
commit fixes the problem.
ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9249
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
When configuring a router port to have a redirect-chassis and using an
IPv6 load balancer rule that specifies a TCP/UDP port, load balancing
would not work as expected. This is because a rule to un-dnat the return
traffic from the load balancer destination was not installed. This is
because this rule was only being installed for IPv4 load balancers.
This change adds the same rule for IPv6 load balancers as well.
Signed-off-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Commits 1e8eeb66db ("ovs-sandbox: Support starting multiple
ovn-northds.") and 047458de40 ("ovs-sandbox: Add option to support
multiple ovn-controllers.") allowed starting multiple instances of
ovn-northd and ovn-controller, respectively. It did this by assigning a
sequence number to to the pidfile name. Unfortunately, this breaks the
method ovs-appctl uses to determine to which process it should connect.
This commit changes the behavior so that a sequence number is not added
to the first instance, so ovs-appctl will connect to that be default.
This commit also uses the same convention for naming the log file.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Commit 047458de40 ("ovs-sandbox: Add option to support multiple
ovn-controllers.") allowed creating multiple instances of
ovn-controller. However, all instances would use the same log file
name. This commit uses the sequence number to name the log file.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Document the new fdb/stats-clear and fdb/stats-show commands
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add two new commands, fdb/stats-show and fdb/stats-clear, to
ovs-appctl to show and clear the new mac_learning statistics.
$ ovs-appctl fdb/stats-show ovs_pvp_br0
Statistics for bridge "ovs_pvp_br0":
Current/maximum MAC entries in the table: 4/2048
Total number of learned MAC entries : 4
Total number of expired MAC entries : 1
Total number of evicted MAC entries : 0
Total number of port moved MAC entries : 32
$ ovs-appctl fdb/stats-clear ovs_pvp_br0
statistics successfully cleared
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch updates the GDB script "ovs_show_fdb" command to include
the new per mac_learning instance counters.
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch adds counters per mac_learning instance.
The following counters are added:
total_learned: Total number of learned MAC entries
total_expired: Total number of expired MAC entries
total_evicted: Total number of evicted MAC entries, i.e. entries moved
out due to the table being full.
total_moved : Total number of port moved MAC entries, i.e. entries
where the MAC address moved to a different port.
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch adds two additional mac-learning coverage counters:
- mac_learning_evicted, entries deleted due to mac table being full
- mac_learning_moved, entries where the port has changed.
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Previously to delete or dump the meter table, separate commands had to
be used depending on whether one wanted to operate on a single or all
meters. This change makes it so that the "meter" argument is always
optional regardless of the command. This is a bit more consistent with
other OVS commands and makes it easier when experimenting to not have to
distinguish between the two cases.
This also fixes an error in the ovs-ofctl man page that show the plural
version of the command supported an optional "meter" argument.
"del-meter" and "dump-meter" can still be used, but their use is no
longer documented.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
This also correct an error that indicated that the burst size is kbps,
when it should be kb.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
This also correct an error that indicated that the burst size is kbps,
when it should be kb.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Support was added in commit 9e638f223f ("ofproto: Support action
upcall meters").
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
This patch is a simple implementation for the proposal discussed in
https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and
https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html.
It enables ovs-vswitchd and other utilities to use DNS names when specifying
OpenFlow and OVSDB remotes.
Below are some of the features and limitations of this patch:
- Resolving is asynchornous in daemon context, avoiding blocking main loop;
- Resolving is synchronous in general utility context;
- Both IPv4 and IPv6 are supported;
- The resolving API is thread-safe;
- Depends on the unbound library;
- When multiple ip addresses are returned, only the first one is used;
- /etc/nsswitch.conf isn't respected as unbound library doesn't look at it;
- For async-resolving, caller need to retry later; there is no callback.
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
When MAX_MTU is larger than hw supported max MTU,
dpif_netlink_rtnl_create will fail. This leads to
testing failure '11: datapath - ping over gre tunnel'
in 'make check-kmod'.
This patch fixes this issue by retrying a smaller MTU
when MAX_MTU is too large.
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add priority-70 flows to generate ICMPv6 address unreachable messages
in reply to IPv6 packets directed to the router's IP address on IP
protocols other than UDP, TCP, and ICMP
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add priority-80 flow to generate ICMPv6 port unreachable messages in
reply to IPv6 UDP datagrams directed to the router's IP address since the
logical router doesn't accept any UDP traffic
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add unit test for the ICMPv6 TTL exceeded packet sent by OVN
logical router when it receives an IPv6 packet whose TTL has
expired (ip.ttl == {0, 1})
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Currently in OvS if we hit "Table-miss" rules (associated with Controller
action) then we send PACKET_IN message to controller with reason as
OFPR_NO_MATCH.
“Table-miss” rule is one whose priority is 0 and its catch all rule.
But if we hit same "Table-miss" rule after executing group entry we will
send the reason as OFPR_ACTION (for OF1.3 and below) and OFPR_GROUP
(for OF1.4 and above).
This is because once we execute group entry we set ctx->in_group and later
when we hit the "Table-miss" rule, Since ctx->in_group is set we send
reason as OFPR_ACTION (for OF1.3) and OFPR_GROUP (for OF1.4 and above).
For eg: for the following pipeline, we will send the reason as OFPR_ACTION
even if we hit The “Table-miss” rule.
cookie=0x8000000, duration=761.189s, table=0, n_packets=1401, n_bytes=67954,
priority=4,in_port=9,vlan_tci=0x0000/0x1fff
actions=write_metadata:0x67870000000000/0xffffff0000000001,goto_table:17
cookie=0x6800001, duration=768.848s, table=17, n_packets=1418, n_bytes=68776,
priority=10,metadata=0x67870000000000/0xffffff0000000000
actions=write_metadata:0xe067870000000000/0xfffffffffffffffe,goto_table:60
cookie=0x6800000, duration=24944.312s, table=60, n_packets=58244,
n_bytes=2519520, priority=0 actions=resubmit(,17)
cookie=0x8040000, duration=785.733s, table=17, n_packets=1450, n_bytes=69724,
priority=10,metadata=0xe067870000000000/0xffffff0000000000
actions=write_metadata:0x67871d4d000000/0xfffffffffffffffe,goto_table:43
cookie=0x822002d, duration=24960.795s, table=43, n_packets=53097,
n_bytes=2230074, priority=100,arp,arp_op=1 actions=group:6000
group_id=6000,type=all,bucket=actions=CONTROLLER:65535,
bucket=actions=resubmit(,48), bucket=actions=resubmit(,81)
cookie=0x8500000, duration=24977.323s, table=48, n_packets=58309, n_bytes=2522634,
priority=0 actions=resubmit(,49),resubmit(,50)
cookie=0x8050000, duration=24984.679s, table=50, n_packets=6, n_bytes=264,
priority=0 actions=CONTROLLER:65535
Currently we are sending table_id as 50 and packet_in reason as OFPR_ACTION.
Instead of sending packet_in reason as OFPR_NO_MATCH.
Signed-off-by: Keshav Gupta <keshav.gupta@ericsson.com>
Co-authored-by: Rohith Basavaraja <rohith.basavaraja@gmail.com>
Signed-off-by: Rohith Basavaraja <rohith.basavaraja@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This commit re-introduces the concept of shared mempools as the default
memory model for DPDK devices. Per port mempools are still available but
must be enabled explicitly by a user.
OVS previously used a shared mempool model for ports with the same MTU
and socket configuration. This was replaced by a per port mempool model
to address issues flagged by users such as:
https://mail.openvswitch.org/pipermail/ovs-discuss/2016-September/042560.html
However the per port model potentially requires an increase in memory
resource requirements to support the same number of ports and configuration
as the shared port model.
This is considered a blocking factor for current deployments of OVS
when upgrading to future OVS releases as a user may have to redimension
memory for the same deployment configuration. This may not be possible for
users.
This commit resolves the issue by re-introducing shared mempools as
the default memory behaviour in OVS DPDK but also refactors the memory
configuration code to allow for per port mempools.
This patch adds a new global config option, per-port-memory, that
controls the enablement of per port mempools for DPDK devices.
ovs-vsctl set Open_vSwitch . other_config:per-port-memory=true
This value defaults to false; to enable per port memory support,
this field should be set to true when setting other global parameters
on init (such as "dpdk-socket-mem", for example). Changing the value at
runtime is not supported, and requires restarting the vswitch
daemon.
The mempool sweep functionality is also replaced with the
sweep functionality from OVS 2.9 found in commits
c77f692 (netdev-dpdk: Free mempool only when no in-use mbufs.)
a7fb0a4 (netdev-dpdk: Add mempool reuse/free debug.)
A new document to discuss the specifics of the memory models and example
memory requirement calculations is also added.
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Tiago Lam <tiago.lam@intel.com>
Tested-by: Tiago Lam <tiago.lam@intel.com>
Add details in the DPDK howto guide on the way to enable the offload along
with the supported NICs and flow types.
The flow offload is marked as experimental.
Signed-off-by: Yuanhan Liu <yliu@fridaylinux.org>
Co-authored-by: Shahaf Shuler <shahafs@mellanox.com>
Signed-off-by: Shahaf Shuler <shahafs@mellanox.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Currently, the major trigger for hw flow offload is at upcall handling,
which is actually in the datapath. Moreover, the hw offload installation
and modification is not that lightweight. Meaning, if there are so many
flows being added or modified frequently, it could stall the datapath,
which could result to packet loss.
To diminish that, all those flow operations will be recorded and appended
to a list. A thread is then introduced to process this list (to do the
real flow offloading put/del operations). This could leave the datapath
as lightweight as possible.
Signed-off-by: Yuanhan Liu <yliu@fridaylinux.org>
Co-authored-by: Shahaf Shuler <shahafs@mellanox.com>
Signed-off-by: Shahaf Shuler <shahafs@mellanox.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
The basic yet the major part of this patch is to translate the "match"
to rte flow patterns. And then, we create a rte flow with MARK + RSS
actions. Afterwards, all packets match the flow will have the mark id in
the mbuf.
The reason RSS is needed is, for most NICs, a MARK only action is not
allowed. It has to be used together with some other actions, such as
QUEUE, RSS, etc. However, QUEUE action can specify one queue only, which
may break the rss. Likely, RSS action is currently the best we could
now. Thus, RSS action is choosen.
For any unsupported flows, such as MPLS, -1 is returned, meaning the
flow offload is failed and then skipped.
Co-authored-by: Yuanhan Liu <yliu@fridaylinux.org>
Signed-off-by: Finn Christensen <fc@napatech.com>
Signed-off-by: Yuanhan Liu <yliu@fridaylinux.org>
Co-authored-by: Shahaf Shuler <shahafs@mellanox.com>
Signed-off-by: Shahaf Shuler <shahafs@mellanox.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
So that we could skip some very costly CPU operations, including but
not limiting to miniflow_extract, emc lookup, dpcls lookup, etc. Thus,
performance could be greatly improved.
A PHY-PHY forwarding with 1000 mega flows (udp,tp_src=1000-1999) and
1 million streams (tp_src=1000-1999, tp_dst=2000-2999) show more that
260% performance boost.
Note that though the heavy miniflow_extract is skipped, we still have
to do per packet checking, due to we have to check the tcp_flags.
Co-authored-by: Finn Christensen <fc@napatech.com>
Signed-off-by: Yuanhan Liu <yliu@fridaylinux.org>
Signed-off-by: Finn Christensen <fc@napatech.com>
Co-authored-by: Shahaf Shuler <shahafs@mellanox.com>
Signed-off-by: Shahaf Shuler <shahafs@mellanox.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
