Hi, > -----Original Message----- > From: Morten Brørup <m...@smartsharesystems.com> > Sent: Thursday, August 18, 2022 4:17 PM > To: Jiang, Cheng1 <cheng1.ji...@intel.com>; Stephen Hemminger > <step...@networkplumber.org> > Cc: maxime.coque...@redhat.com; Xia, Chenbo <chenbo....@intel.com>; > dev@dpdk.org; Hu, Jiayu <jiayu...@intel.com>; Ding, Xuan > <xuan.d...@intel.com>; Ma, WenwuX <wenwux...@intel.com>; Wang, > YuanX <yuanx.w...@intel.com>; Yang, YvonneX <yvonnex.y...@intel.com> > Subject: RE: [RFC 1/2] vhost: add ingress API for port mirroring datapath > > > From: Jiang, Cheng1 [mailto:cheng1.ji...@intel.com] > > Sent: Thursday, 18 August 2022 08.58 > > > > Hi, > > > > > -----Original Message----- > > > From: Stephen Hemminger <step...@networkplumber.org> > > > Sent: Sunday, August 14, 2022 10:58 PM > > > > > > On Sun, 14 Aug 2022 12:49:19 +0000 > > > Cheng Jiang <cheng1.ji...@intel.com> wrote: > > > > > > > From: Wenwu Ma <wenwux...@intel.com> > > > > > > > > Similar to the port mirroring function on the switch or router, > > this > > > > patch also implements an ingress function on the Vhost lib. When > > data > > > > is sent to a front-end, it will also send the data to its mirror > > > > front-end. > > > > > > > > Signed-off-by: Cheng Jiang <cheng1.ji...@intel.com> > > > > Signed-off-by: Wenwu Ma <wenwux...@intel.com> > > > > > > We already have rte_flow, packet capture, and rx/tx callbacks. > > > This seems like re-invention. > > > > Sorry that I didn't make it clear in the v1 commit message. This port > > mirror function is based on async vhost which is accelerated by DMA > > device. Compared with other mirror implements: 1. It's targeted for > > vhost. 2. The performance is really good. Its use scenario is to let > > one front-end(mirror-VM) monitor the traffic of another front-end(VM). > > It's different from the things you mentioned above. So, IMO I don't > > think it's re-invention. > > > > Thanks, > > Cheng > > Thank you for elaborating the use case. > > In other words: This is a performance optimization for a specific use case. > > This raises two questions: > > 1. Please convince us that this is a common use case?
Using VM to monitor the other VM's traffic is a common use case. This is commonly used in an intrusion detection system, passive probe or real user monitoring technology. > 2. What is the performance compared to implementing it at the application > level? > This API is introduced mainly to enable DMA acceleration in vhost port mirror scenario. And leverage DMA's strong performance. > > Overall, I totally agree with Stephen: > > Port Mirroring was removed from ethdev with the 21.11 release [1] for the > reasons mentioned by Stephen. Please don't try to reintroduce it. > > If the application needs to mirror all (or some) packets, why not just let the > application do it? > > Furthermore, the application might need to mirror the packets to a physical > port, and perhaps encapsulate it for remote packet capture. Sampling could > also be required. Here's a prediction for you: More features will creep into > to > this API over time, and it will end up like the ethdev mirroring API being > removed because the alternatives are better and more versatile. First of all, These are Vhost lib APIs based on async vhost which is accelerated by DMA device. And they are provided for Vhost PMD or other Vhost applications. So, I am not sure whether these APIs are similar to ethdev mirroring APIs which are removed. As far as I understand, RTE_FLOW is used for ethdev. I'm not sure there are conflicts between mirror API in Vhost and RTE_FLOW, since vhost/virtio is a virtual protocol. We will consider your suggestion carefully again. Thank you very much. Cheng > > [1]: https://doc.dpdk.org/guides/rel_notes/release_21_11.html#removed- > items
