Hi, I am thinking about a scenario where NB has multiple clients. For example, there are two users each managing a datapath, and they do not care about each other. They might accidentally install the same ACL which is then combined by ovn-northd. In this case, one of them can easily find the logical flow in SB by checking the stage-hint, but it is more difficult for the other user to find the logical flow.
Best, Qiaofeng ________________________________ From: Ilya Maximets <i.maxim...@ovn.org> Sent: Friday, March 28, 2025 4:59 AM To: Qin, Qiaofeng <qiaofeng....@intel.com>; ovs-discuss@openvswitch.org <ovs-discuss@openvswitch.org> Cc: i.maxim...@ovn.org <i.maxim...@ovn.org> Subject: Re: [ovs-discuss] [OVN] Logical flows combined in logical_dp_groups lose "stage-hint" information On 3/28/25 10:08, Qin, Qiaofeng via discuss wrote: > Hi all, > > I created some ACLs in OVN, and want to trace each OVN-SB logical flow > to the corresponding OVN-NB ACL table row. To achieve it, I refer to the > "stage-hint" value of Logical_Flow.External_Ids and compare the UUID. > > However, when multiple datapaths have the same ACL rule, these rules will > be combined into a single logical flow with a logical_dp_group. The merged > logical flow has only one "stage-hint" UUID value. Therefore, some OVN-NB > ACL table rows can no longer be tracked in OVN-SB. Hi. What is your use case for tracking NB ACLs in SB? If those ACLs are actually the same, you may reference the same ACL row from all switches and port groups. That will solve the mapping problem, as there will be just one ACL row in both NB and SB. Best regards, Ilya Maximets. > > Would it be possible to keep all stage-hint UUIDs when ovn-northd performs > the flow combination? Or are there any workarounds to prevent an ACL from > being merged? Currently, I am setting different names to each ACL to make > them distinct. However, that also forces ACL logging that creates extra > traffic overheads. > > > Best, > Qiaofeng
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
