"dev" <dev-boun...@openvswitch.org> wrote on 07/07/2016 12:07:16 PM:
> From: Zong Kai Li <zealo...@gmail.com> > To: ovs dev <dev@openvswitch.org> > Date: 07/07/2016 12:07 PM > Subject: [ovs-dev] [PATCH] [RFC Patch] ovn-controller: ignore lflow > matching remote VM port > Sent by: "dev" <dev-boun...@openvswitch.org> > > Currently, ovn-controller will install all lflows for a logical > switch, when ovn-controller determines not to skip processing of > that logical switch. > > This will install too many OVS flows. We have 11 tables for logical > switch ingress pipeline, 8 tables for logical switch egress pipeline > now, and more in futrue. > > There are two kind lflows in for logical switch. One has no > inport/outport matching, such as lflows in table ls_in_arp_rsp and > ls_in_l2_lkup. The other one has, and for now, lflows in the following > tables belong to this type: > - ls_in_port_sec_l2 > - ls_in_port_sec_ip > - ls_in_port_sec_nd > - ls_in_acl > - ls_out_pre_acl > - ls_out_acl > - ls_out_port_sec_ip > - ls_out_port_sec_l2 > > Consider how packet trip through flows in network topology > (P: port, S: switch, R: router. > Two VM(or VIF) ports are on different chassis): > - P-S-P: only flows matching remote inport, local VM port as "inport" and > local VM port as "outport" will be matched. There is no chance for > flows matching remote VM port as "inport" or "outport" to be > matched. > - P-S-R-S-P and P-S-R...R-S-P: all these cases seem different from the > above one, but they have the same "last jump". No matter how > many routers(with or without switches) are used, before packet > leaves current chassis, the next jump will be: > destination_switch_gateway -> destination_switch_port, > so it will become a P-S-P case again. > And sinse this patch will not change ingress pipeline for > logical routers, so traffic between router port to router port > will not be impacted. > So, as we can see, we don't need to install flow for a lflow with inport > or outport matching in logical switch ingress pipeline, when it tries to > match > a VM(or VIF) port that doesn't belong to current chassis. > This can help ovn-controller to avoid to install many unnecessary flows. > > Signed-off-by: Zong Kai LI <zealo...@gmail.com> > --- First, how much does this reduce the number of installed flows? Some statistics would be useful... Second, assuming that conditional monitoring lands, will this have any further effect? Ryan _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
