Hi Dumitru/Adrian,
I'm working my way through IPFIX test in system-ovn.at, just a couple of
questions.
collector1=$(ovn-nbctl create Sample_Collector id=1 name=c1
probability=65535 set_id=100)
collector2=$(ovn-nbctl create Sample_Collector id=2 name=c2
probability=65535 set_id=200)
check_row_count nb:Sample_Collector 2
check_uuid ovn-nbctl create Sampling_App type="acl-new" id="42"
check_uuid ovn-nbctl create Sampling_App type="acl-est" id="43"
check_row_count nb:Sampling_App 2
dnl Create ACLs that match the 3 types of traffic in all 3 possible
stages:
dnl from-lport, from-lport-after-lb, to-lport.
check_uuid ovn-nbctl \
-- --id=@sample_in_1c_new create Sample collector="$collector1"
metadata=1001 \
I don't follow this syntax, it is not described in the ovn-nbctl man
page, there we just
have
ovn-nbctl --sample-new=<uuid of a row of the Sample table> acl-add
So what is 'id' above?
what is '@sample_in_1c_new' is it "42"?
Is it required to also specify 'create Sample collector', it is not
described in the ovn-nbctl man page.
Is '$collector1' the UUID of the Sample_Collector table row we created
with set_id=100 ?
What is 'metadata' - Is it arbitrary?
Also I see in the ovn-nbctl man page, we have --sample-new and
--sample-est, but no
--sample-drop, even though the ovn-nb man pages says the 'type' in the
Sampling_App
Table can be acl-est, acl-new, or drop
Thanks.
On 14/02/2025 13:40, Dumitru Ceara wrote:
On 2/13/25 7:50 PM, Brendan Doyle via discuss wrote:
Hi,
Hi Brendan,
Does the ACL sampling only work for stateful ACLs?
No, it works for all kinds of ACLs.
Also how is the sample data queried?
The data is forwarded to a collector based on configuration in the local
OVS database. That can be an IPFIX or a local collector:
https://urldefense.com/v3/__https://github.com/openvswitch/ovs/blob/9f7eb58f77da9fd453dbfd211eb619fdb5273416/vswitchd/vswitch.xml*L7094-L7149__;Iw!!ACWV5N9M2RV99hQ!NkknGGZtqABNTqs6tNdA8F21-hcz298CHOF8mVr3GQQwXfIAMStSbj2zXFAlPif8iFdWn1hLx3_9SMDH5w$
And is there any documentation/tutorial on this that shows how to use it?
Here's an end-to-end example from the OVN system tests. This one uses
an IPFIX collector.
https://urldefense.com/v3/__https://github.com/ovn-org/ovn/blob/800fd0681579a553c5d381dfcd30cc7ff1a50798/tests/system-ovn.at*L13353-L13567__;Iw!!ACWV5N9M2RV99hQ!NkknGGZtqABNTqs6tNdA8F21-hcz298CHOF8mVr3GQQwXfIAMStSbj2zXFAlPif8iFdWn1hLx3_edaSFdw$
The ovn-nbctl section on it is pretty minimal
That's true, maybe we should improve the documentation on this front.
In case it helps, however, here's a link to a talk Nadia, Adrian and I
did on OVS/OVN/OVN-K sampling at ovscon '24:
https://urldefense.com/v3/__https://www.openvswitch.org/support/ovscon2024/*t19__;Iw!!ACWV5N9M2RV99hQ!NkknGGZtqABNTqs6tNdA8F21-hcz298CHOF8mVr3GQQwXfIAMStSbj2zXFAlPif8iFdWn1hLx38pGPTlIQ$
https://urldefense.com/v3/__https://www.youtube.com/watch?v=gLwDsaiUuN4&t=2s__;!!ACWV5N9M2RV99hQ!NkknGGZtqABNTqs6tNdA8F21-hcz298CHOF8mVr3GQQwXfIAMStSbj2zXFAlPif8iFdWn1hLx38T5E5Pzw$
I'm not sure why the slides are not linked on the conference page but if
you think you need them I can try to share those too.
Regards,
Dumitru
Thanks
Brendan
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
