Right now, the following 2 lines are how the header and footer
looks like for ovs-vswitchd.conf.db
@VERSION@(5) Open vSwitch Manual @VERSION@(5)
Open vSwitch Open_vSwitch @VERSION@(5)
After this commit, they look like this:
ovs-vswitchd.conf.db(5) Open vSwitch Manual ovs-vswitchd.conf.db(5)
Open vSwitch 1.12.90 ovs-vswitchd.conf.db(5)
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
When "other-config:enable-vlan-splinters=true" is set, the existing
vlans with ip address must be retained. The bug actually does the
opposite and retains the vlans without ip address. This commit fixes
it.
Reported-by: Roman Sokolkov <rsokolkov@gmail.com>
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This change adds the check_tnl_key functionality for BFD.
When the feature is enabled, BFD will only accept control
packets with a tunnel key of 0.
Signed-off-by: Pavithra Ramesh <paramesh@vmware.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
The "stress" library was introduced years ago. We intended at the time to
start using it to provoke errors in testing, to make sure that Open vSwitch
was resilient against those errors. The intention was good, but there were
few actual implementations of stress options, and the testing never
materialized.
Rather than adapt the stress library for thread safety, this seems like a
good opportunity to remove it, so this commit does so.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The worker process implementation isn't thread-safe and, once OVS
itself is threaded, it doesn't make much sense to have a worker
process anyway.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Testing shows that creation of 5000 internal ports and using it
to do some meaningful tasks works fine on a 12 cpu hardware.
Since a single port needs one file descriptor and a bridge
needs 3 file descriptors, we will have to increase the file
descriptor limit to a higher number from the current limit of 5000.
7500 feels like a decent increase with enough room for further
scale testing.
Bug #18383.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
This commit adds an "ifindex" column to the "Interface" table in the db.
Signed-off-by: Neil McKee <neil.mckee@inmon.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This adds support for specifying flow miss handling behaviour at
runtime, through a new "other-config" option in the Open_vSwitch table.
This takes precedence over flow-eviction-threshold.
By default, the behaviour is the same as before. If force-miss-model is
set to 'with-facets', then flow miss handling will always result in the
creation of new facets and flow-eviction-threshold will be ignored. If
force-miss-model is set to 'without-facets', then flow miss handling will never
result in the creation of new facets (effectively the same as setting the
flow-eviction-threshold to 0, which is not currently configurable).
We intend to use this configuration option in the testsuite to force
particular code paths to be used, allowing us to improve test coverage.
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
These functions are used so often, that having an easy to read
helper is worth it.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Until now, datapath ports and openflow ports were both represented by
unsigned integers of various sizes. With implicit conversions, etc., it is
easy to mix them up and use one where the other is expected. This commit
creates two typedefs, ofp_port_t and odp_port_t. Both of these two types
are marked by "__attribute__((bitwise))" so that sparse can be used to
detect any misuse.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Patch 27a88d1373cbfcceac6d901bbf1c17051aa7845f caused the vswitchd
documentation and the code to digress. This brings them back in line.
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The underlying glibc interface is deprecated because the interface itself
is not thread-safe. That means that there's no way for a layer on top of
it to be thread-safe.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
With the single datapath, it no longer makes sense to have a per
ofproto flow eviction threshold. This patch moves the flow
eviction threshold to the Open_vSwitch table making the setting
global, though still treated separately for each ofproto. A future
patch will unify flow eviction on a per datapath basis.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
This patch changes the variable type of "ofport" in "struct if_cfg" and
"struct iface" from int64_t to uint16_t. This is more consistent with
the OpenFlow-1.0 port definition.
Also, before this patch, -1 is used to indicate an unknown port. This
patch uses OFPP_NONE, since "ofport" becomes uint16_t.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
It has been observed that when we upgrade openvswitch with
thousands of openflow flows already established and there is heavy
traffic going through the switch, restoring flows can take a very
long time (8 minutes in one use case) with CPU running at 100%.
This can make the upgrade very expensive.
This commit starts vswitchd by asking it to wait till flow restore is
finished. Once the flows are restored, it resumes normal operations.
Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
While upgrading openvswitch, it helps to restore openflow flows before
starting packet processing. Typically we want to restart openvswitch,
add the openflow flows and then start packet processing.
To do this, we look for the other_config:flow-restore-wait column
in the Open_vSwitch table during startup. If set as true, we disable
receiving packets from the datapath, expiring or flushing flows and
running any periodic ofproto activities. This option does not prevent
the addition and deletion of ports. Once this option is set to false,
we return to normal processing.
An upcoming commit will use this feature in Open vSwitch startup scripts.
Bug #16086.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
The new CFM "demand mode" (named after BFD's demand mode) uses
data traffic to indicate interface liveness. It's helpful on
heavily congested networks where CCMs may be dropped.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
'netdev' was not initialized at this point in the function, so the cleanup
at the error label referenced a wild pointer.
Introduced in commit 94a538422d4b (netdev: Prevent using reserved names).
CC: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit adds a function to lib/netdev.c to check that the interface name
is not the same as any of the registered vport providers' dpif_port name
(e.g. gre_system) or the datapath's internal port name (e.g. ovs-system).
Bug #15077.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This gets rid of the only per-instance data in "struct netdev", which
will make it possible to merge "struct netdev_dev" into "struct netdev" in
a later commit.
Ed Maste wrote the netdev-bsd changes in this commit.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ed Maste <emaste@freebsd.org>
Tested-by: Ed Maste <emaste@freebsd.org>
Adds tun_src and tun_dst match and set capabilities via new NXM fields
NXM_NX_TUN_IPV4_SRC and NXM_NX_TUN_IPV4_DST. This allows management of
large number of tunnels via the flow tables, without requiring the tunnels
to be pre-configured.
Flow-based tunnels can be configured with options remote_ip=flow and
local_ip=flow. local_ip=flow requires remote_ip=flow. When set, the
tunnel remote IP address and/or local IP address is set from the flow,
instead of the tunnel configuration.
Example:
$ ovs-vsctl add-port br0 gre -- set Interface gre ofport_request=1 type=gre options:remote_ip=flow options:key=flow
$ ovs-ofctl add-flow br0 "in_port=LOCAL actions=set_tunnel:1,set_field:192.168.0.1->tun_dst,output:1"
$ ovs-ofctl add-flow br0 "in_port=1 tun_src=192.168.0.1 tun_id=1 actions=LOCAL"
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Traditionally, Open vSwitch has used a variant of 802.1ag "CFM" for
interface liveness detection. This has served us well until now,
but has several serious drawbacks which have steadily become more
inconvenient. First, the 802.1ag standard does not implement
several useful features forcing us to (optionally) break
compatibility. Second, 802.1.ag is not particularly popular
outside of carrier grade networking equipment. Third, 802.1ag is
simply quite awkward.
In an effort to solve the aforementioned problems, this patch
implements BFD which is ubiquitous, well designed, straight
forward, and implements required features in a standard way. The
initial cut of the protocol focuses on getting the basics of the
specification correct, leaving performance optimizations, and
advanced features as future work. The protocol should be
considered experimental pending future testing.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
The database documentation says:
If an interface does not support a given statistic, then that pair is
omitted.
but in fact the implementation included the key-value pair for an
unsupported statistic with -1 as the value.
Found by inspection.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Reducing non-const static data makes code more obviously thread-safe.
Although option parsing does not normally need to be thread-safe, I
don't know of a drawback to making its data const.
Signed-off-by: Ben Pfaff <blp@nicira.com>
getmntent_r() is a GNU extension so we test for its existence and just
disable this feature of system stats if it is not present, because this
feature is not very important.
Signed-off-by: Ben Pfaff <blp@nicira.com>
There are very rare cases (ex: ovs-vswitchd.pid is inadvertantly deleted),
when multiple ovs-vswitchd daemons can end up running at the same time.
In a situation like that one of the daemons can wait on the poll()
with a 0 ms wait time as it would be expecting system stats to be collected.
But system stats are never run for the daemon that does not have the
lock on the database and hence it takes up 100% of the CPU if its state
machine for stats collection previously was S_WAITING.
With this patch, we disable the system stats collection for the daemon that
does not have the database lock. When it eventually gets the lock on the
database, system stats are automatically enabled if other_config:\
enable-statistics=true.
Bug #16669.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
VXLAN was recently assigned UDP port 4789 by IANA. This
comit updates the OVS VXLAN implementation to reflect the new UDP port
number.
Cc: Kenneth Duda <kduda@aristanetworks.com>
Signed-off-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Normally, the daemon code will detect when multiple instances are run
and print the conflicting PID. However, if ovs-vswitchd is not run in
daemon mode or the pidfile is removed, a database lock is checked. The
message it prints wasn't specific enough about which process was backing
off due to not getting the lock.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding
OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated
into a new SAMPLE "flow_sample" dp action.
Make the userspace action's userdata size vary depending on the union
member used. Add a new "flow_sample" upcall to do per-flow packet
sampling. Add a new "ipfix" upcall to do per-bridge packet sampling
to IPFIX collectors.
Extend the OVSDB schema to support configuring IPFIX collector sets.
Add support for configuring multiple IPFIX collectors for per-flow
packet sampling. Add support for configuring per-bridge IPFIX
sampling.
Automatically generate standard IPFIX entity definitions from the IANA
specs. Send one IPFIX data record message for every packet sampled by
an OpenFlow sample action or received by a bridge configured with
IPFIX sampling, and periodically send IPFIX template set messages.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The administrator can request that OVSDB bind any available TCP port, but
in that case there is no easy way to find out what port it has bound. This
commit adds that information as the "bound_port" key in the "status"
column.
Signed-off-by: Ben Pfaff <blp@nicira.com>
If the database was empty, that is, it did not even contain an Open_vSwitch
top-level configuration record, at ovs-vswitchd startup time, then
OVS failed to detach and used 100% CPU. This commit fixes the problem.
This problem was introduced by commit 63ff04e82623e765 (bridge: Only
complete daemonization after db commits initial config.).
This problem did not manifest if the initscripts supplied with Open vSwitch
were used, because those initscripts always initialize the database before
starting ovs-vswitchd, so this problem affects only users with hand-rolled
local OVS startup scripts.
Bug #16090.
Reported-by: Pravin Shelar <pshelar@nicira.com>
Tested-by: Pravin Shelar <pshelar@nicira.com>
Reported-by: Paul Ingram <paul@nicira.com>
Reported-by: Amre Shakimov <ashakimov@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
An earlier commit changed the Open vSwitch startup scripts so that they
connect to remote managers only after ovs-vswitchd does its initial
configuration, as signaled by ovs-vswitchd detaching from its parent
process. However, a race window remains, because ovs-vswitchd detaching
does not mean that the database server has received and committed the
transaction, only that ovs-vswitchd has sent it. This commit fixes that
race window, by changing ovs-vswitchd to complete detaching only after
the database server acknowledges the transaction.
It is still possible for unusual events to cause ovs-vswitchd to detach
before ephemeral columns are filled in. There is always a slim possibility
that the transaction will fail or that some other client has added new
bridges, ports, etc. while ovs-vswitchd was configuring using an old
configuration. The latter race is inherent to the design of the system
and cannot be avoided without radical changes.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
Bug #15983.
Some information in the database must be kept as up-to-date as
possible to allow controllers to respond rapidly to network outages.
We call these statistics "instant" stats.
Until now, the instant stats have been updated on every trip through
the main loop. This work scales with the number of interfaces that
ovs-vswitchd manages. With CFM enabled on 5000 interfaces, even with
a low transmission rate, we see ovs-vswitchd using 100% CPU just to
maintain statistics, even with no actual changes.
This commit rate-limits updates to instant stats to at most 10 times
per second. Earlier tests I did with similar patches showed a major
reduction in CPU usage. I have not rerun those tests with this patch,
but I expect that the CPU usage should similarly decline.
CC: Ram Jothikumar <rjothikumar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Until now, ovs-vsctl has kept trying to the database server until it
succeeded or the timeout expired (if one was specified with --timeout).
This meant that if ovsdb-server wasn't running, then ovs-vsctl would hang.
The result was that almost every ovs-vsctl invocation in scripts specified
a timeout on the off-chance that the database server might not be running.
But it's difficult to choose a good timeout. A timeout that is too short
can cause spurious failures. A timeout that is too long causes long delays
if the server really isn't running.
This commit should alleviate this problem. It changes ovs-vsctl's behavior
so that, if it fails to connect to the server, it exits unsuccessfully.
This makes --timeout obsolete for the purpose of avoiding a hang if the
database server isn't running. (--timeout is still useful to avoid a hang
if ovsdb-server is running but ovs-vswitchd is not, for ovs-vsctl commands
that modify the database. --no-wait also avoids that issue.)
Bug #2393.
Bug #15594.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
