Implement a per-exporter flow cache with active timeout expiration.
Add columns "cache_active_timeout" and "cache_max_flows" into table
"IPFIX" to configure each cache.
Add per-flow elements "octetDeltaSumOfSquares",
"minimumIpTotalLength", and "maximumIpTotalLength" to replace
"ethernetTotalLength". Add per-flow element "flowEndReason" to
indicate whether a flow has expired because of an active timeout, the
cache size limit being reached, or the exporter being stopped.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit adds a new column "n-handler-threads" to the Open_vSwitch
table. This is used to set the number of upcall handler threads created by
the ofproto-dpif-upcall module.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, the async append interface has required async_append_enable()
to be called while the process was still single-threaded, with the
rationale being that async_append_enable() could race with
async_append_write() on some existing async_append object. This was a
difficult problem when the async append interface was introduced, because
at the time Open vSwitch did not have any infrastructure for inter-thread
synchronization.
Now it is easy to solve, by introducing synchronization into the
async append module. However, that's more or less wasted, because the
client is already required to serialize access to async append objects.
Moreover, vlog, the only existing client, needs to serialize access for
other reasons, so it wouldn't even be possible to just drop the client's
synchronization.
This commit therefore takes another approach. It drops the
async_append_enable() interface entirely. Now any existing async_append
object is always enabled. The responsibility for "enabling", then, now
rests in whether the client creates and uses an async_append object, and
so vlog now takes care of that by itself. Also, since vlog now has to
deal with sometimes having an async_append and sometimes not having one,
we might as well allow creating an async_append to fail, thereby slightly
simplifying the "no async I/O" implementation from "write synchronously"
to "always fail creating an async_append".
Reported-by: Shih-Hao Li <shihli@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
When "other-config:enable-vlan-splinters=true" is set, the existing
vlans with ip address must be retained. The bug actually does the
opposite and retains the vlans without ip address. This commit fixes
it.
Reported-by: Roman Sokolkov <rsokolkov@gmail.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit adds an "ifindex" column to the "Interface" table in the db.
Signed-off-by: Neil McKee <neil.mckee@inmon.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This adds support for specifying flow miss handling behaviour at
runtime, through a new "other-config" option in the Open_vSwitch table.
This takes precedence over flow-eviction-threshold.
By default, the behaviour is the same as before. If force-miss-model is
set to 'with-facets', then flow miss handling will always result in the
creation of new facets and flow-eviction-threshold will be ignored. If
force-miss-model is set to 'without-facets', then flow miss handling will never
result in the creation of new facets (effectively the same as setting the
flow-eviction-threshold to 0, which is not currently configurable).
We intend to use this configuration option in the testsuite to force
particular code paths to be used, allowing us to improve test coverage.
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
These functions are used so often, that having an easy to read
helper is worth it.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Until now, datapath ports and openflow ports were both represented by
unsigned integers of various sizes. With implicit conversions, etc., it is
easy to mix them up and use one where the other is expected. This commit
creates two typedefs, ofp_port_t and odp_port_t. Both of these two types
are marked by "__attribute__((bitwise))" so that sparse can be used to
detect any misuse.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
With the single datapath, it no longer makes sense to have a per
ofproto flow eviction threshold. This patch moves the flow
eviction threshold to the Open_vSwitch table making the setting
global, though still treated separately for each ofproto. A future
patch will unify flow eviction on a per datapath basis.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
This patch changes the variable type of "ofport" in "struct if_cfg" and
"struct iface" from int64_t to uint16_t. This is more consistent with
the OpenFlow-1.0 port definition.
Also, before this patch, -1 is used to indicate an unknown port. This
patch uses OFPP_NONE, since "ofport" becomes uint16_t.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
While upgrading openvswitch, it helps to restore openflow flows before
starting packet processing. Typically we want to restart openvswitch,
add the openflow flows and then start packet processing.
To do this, we look for the other_config:flow-restore-wait column
in the Open_vSwitch table during startup. If set as true, we disable
receiving packets from the datapath, expiring or flushing flows and
running any periodic ofproto activities. This option does not prevent
the addition and deletion of ports. Once this option is set to false,
we return to normal processing.
An upcoming commit will use this feature in Open vSwitch startup scripts.
Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
The new CFM "demand mode" (named after BFD's demand mode) uses
data traffic to indicate interface liveness. It's helpful on
heavily congested networks where CCMs may be dropped.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
'netdev' was not initialized at this point in the function, so the cleanup
at the error label referenced a wild pointer.
Introduced in commit 94a538422d4b (netdev: Prevent using reserved names).
CC: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit adds a function to lib/netdev.c to check that the interface name
is not the same as any of the registered vport providers' dpif_port name
(e.g. gre_system) or the datapath's internal port name (e.g. ovs-system).
Bug #15077.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This gets rid of the only per-instance data in "struct netdev", which
will make it possible to merge "struct netdev_dev" into "struct netdev" in
a later commit.
Ed Maste wrote the netdev-bsd changes in this commit.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ed Maste <emaste@freebsd.org>
Tested-by: Ed Maste <emaste@freebsd.org>
Traditionally, Open vSwitch has used a variant of 802.1ag "CFM" for
interface liveness detection. This has served us well until now,
but has several serious drawbacks which have steadily become more
inconvenient. First, the 802.1ag standard does not implement
several useful features forcing us to (optionally) break
compatibility. Second, 802.1.ag is not particularly popular
outside of carrier grade networking equipment. Third, 802.1ag is
simply quite awkward.
In an effort to solve the aforementioned problems, this patch
implements BFD which is ubiquitous, well designed, straight
forward, and implements required features in a standard way. The
initial cut of the protocol focuses on getting the basics of the
specification correct, leaving performance optimizations, and
advanced features as future work. The protocol should be
considered experimental pending future testing.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
The database documentation says:
If an interface does not support a given statistic, then that pair is
omitted.
but in fact the implementation included the key-value pair for an
unsupported statistic with -1 as the value.
Found by inspection.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
There are very rare cases (ex: ovs-vswitchd.pid is inadvertantly deleted),
when multiple ovs-vswitchd daemons can end up running at the same time.
In a situation like that one of the daemons can wait on the poll()
with a 0 ms wait time as it would be expecting system stats to be collected.
But system stats are never run for the daemon that does not have the
lock on the database and hence it takes up 100% of the CPU if its state
machine for stats collection previously was S_WAITING.
With this patch, we disable the system stats collection for the daemon that
does not have the database lock. When it eventually gets the lock on the
database, system stats are automatically enabled if other_config:\
enable-statistics=true.
Bug #16669.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Normally, the daemon code will detect when multiple instances are run
and print the conflicting PID. However, if ovs-vswitchd is not run in
daemon mode or the pidfile is removed, a database lock is checked. The
message it prints wasn't specific enough about which process was backing
off due to not getting the lock.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding
OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated
into a new SAMPLE "flow_sample" dp action.
Make the userspace action's userdata size vary depending on the union
member used. Add a new "flow_sample" upcall to do per-flow packet
sampling. Add a new "ipfix" upcall to do per-bridge packet sampling
to IPFIX collectors.
Extend the OVSDB schema to support configuring IPFIX collector sets.
Add support for configuring multiple IPFIX collectors for per-flow
packet sampling. Add support for configuring per-bridge IPFIX
sampling.
Automatically generate standard IPFIX entity definitions from the IANA
specs. Send one IPFIX data record message for every packet sampled by
an OpenFlow sample action or received by a bridge configured with
IPFIX sampling, and periodically send IPFIX template set messages.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
If the database was empty, that is, it did not even contain an Open_vSwitch
top-level configuration record, at ovs-vswitchd startup time, then
OVS failed to detach and used 100% CPU. This commit fixes the problem.
This problem was introduced by commit 63ff04e82623e765 (bridge: Only
complete daemonization after db commits initial config.).
This problem did not manifest if the initscripts supplied with Open vSwitch
were used, because those initscripts always initialize the database before
starting ovs-vswitchd, so this problem affects only users with hand-rolled
local OVS startup scripts.
Bug #16090.
Reported-by: Pravin Shelar <pshelar@nicira.com>
Tested-by: Pravin Shelar <pshelar@nicira.com>
Reported-by: Paul Ingram <paul@nicira.com>
Reported-by: Amre Shakimov <ashakimov@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
An earlier commit changed the Open vSwitch startup scripts so that they
connect to remote managers only after ovs-vswitchd does its initial
configuration, as signaled by ovs-vswitchd detaching from its parent
process. However, a race window remains, because ovs-vswitchd detaching
does not mean that the database server has received and committed the
transaction, only that ovs-vswitchd has sent it. This commit fixes that
race window, by changing ovs-vswitchd to complete detaching only after
the database server acknowledges the transaction.
It is still possible for unusual events to cause ovs-vswitchd to detach
before ephemeral columns are filled in. There is always a slim possibility
that the transaction will fail or that some other client has added new
bridges, ports, etc. while ovs-vswitchd was configuring using an old
configuration. The latter race is inherent to the design of the system
and cannot be avoided without radical changes.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
Bug #15983.
Some information in the database must be kept as up-to-date as
possible to allow controllers to respond rapidly to network outages.
We call these statistics "instant" stats.
Until now, the instant stats have been updated on every trip through
the main loop. This work scales with the number of interfaces that
ovs-vswitchd manages. With CFM enabled on 5000 interfaces, even with
a low transmission rate, we see ovs-vswitchd using 100% CPU just to
maintain statistics, even with no actual changes.
This commit rate-limits updates to instant stats to at most 10 times
per second. Earlier tests I did with similar patches showed a major
reduction in CPU usage. I have not rerun those tests with this patch,
but I expect that the CPU usage should similarly decline.
CC: Ram Jothikumar <rjothikumar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Until now, ovs-vsctl has kept trying to the database server until it
succeeded or the timeout expired (if one was specified with --timeout).
This meant that if ovsdb-server wasn't running, then ovs-vsctl would hang.
The result was that almost every ovs-vsctl invocation in scripts specified
a timeout on the off-chance that the database server might not be running.
But it's difficult to choose a good timeout. A timeout that is too short
can cause spurious failures. A timeout that is too long causes long delays
if the server really isn't running.
This commit should alleviate this problem. It changes ovs-vsctl's behavior
so that, if it fails to connect to the server, it exits unsuccessfully.
This makes --timeout obsolete for the purpose of avoiding a hang if the
database server isn't running. (--timeout is still useful to avoid a hang
if ovsdb-server is running but ovs-vswitchd is not, for ovs-vsctl commands
that modify the database. --no-wait also avoids that issue.)
Bug #2393.
Bug #15594.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
It can be useful to remotely determine the MAC addresses of attached
interfaces without going through OpenFlow. This adds the MAC address to
a new 'mac_in_use' column on the Interface table.
Feature #15551
Requested-by: Paul Ingram <paul@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Commit 9a9e3786b3a8 (ofproto: Merge all the CFM query functions into one.)
mistakenly interpreted struct ofproto_cfm_status as always being in the
range [0,100]. It can in fact take the value -1 if the health status is
not currently well-defined.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Commit 9a9e3786b3a8 (ofproto: Merge all the CFM query functions into one.)
mistakenly transformed a tristate variable into a Boolean one. This commit
fixes the problem.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
This eliminates several function calls and in particular several
hash table lookups to find structures corresponding to a port
number from iface_refresh_cfm_stats().
This does not seem to reduce CPU use, but the code is shorter
and more readable.
Bug #15171.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
It makes more sense to use enum ofp12_controller_role here than
to use enum nx_role, because the former is a superset of the latter and
we can then get rid of a bool member too.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, "unix:" and "punix:" paths that are not absolute have
been considered relative to the current working directory. It
is more useful to consider them relative to the rundir, so this
commit makes that change to the C and Python implementations of
the stream code.
This commit also relaxes the whitelist check in the bridge code
so that any name that does not contain a "/" is considered OK.
Signed-off-by: Pavithra Ramesh <paramesh@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Stable bond mode, along with autopath, were trying to implement
functionality close to what we get from the bundle action.
Unfortunately, they are quite clunky, and generally less useful
than bundle, so they're being removed.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
This function has a parameter 'ofp_port' and a local variable 'ofp_port',
so rename the local variable to reduce confusion.
Found by Coverity.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
This is a straight search-and-replace, except that I also removed #include
<assert.h> from each file where there were no assert calls left.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Following patch removes restriction on the listening socket name that gets
configured as bridge controller. Currently, we only connect to sockets in a
specific directory with the name of the bridge. This patch removes the
restriction on the bridge name, keeping the directory restriction.
Bug #14029.
Signed-off-by: Pavithra Ramesh <paramesh@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Felician Nemeth <nemethf@tmit.bme.hu>
[blp@nicira.com refactored the code that this was based on and revised the
patch accordingly]
Signed-off-by: Ben Pfaff <blp@nicira.com>
An ovs_be32 is a more obvious way to represent an IP address than a
pointer to one. It is also more type-safe, especially since "sparse" is
able to check that the argument is in network byte order.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
When built with Clang, vswitchd segfaulted in ovsrec_open_vswitch_init,
from calling memset() on a const struct.
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
We've had a couple of requests for this over the years. It's easy to do,
so let's implement it.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>
Commit 1a8cfb41(bridge: Drop warning about thedefault bridge Ethernet
address.) attempted to reduce unnecessary logging, but deleted some code
that was necessary to set the mac address on local ports when no
physical ports were attached.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Issue #14126
This information is also available via ovs-ofctl and through other means,
and it's not really anything we need to warn about anyhow.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Currently, the 'ofport' column in Interface table is
ephemeral and is populated by vswitchd everytime it is
started or when a new interface is created with vswitchd
running.
Making it persistent lets vswitchd try and assign the
same ofport number to a particular interface across
restarts. This is just a fallback option when
'ofport_request' column is empty.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
