On 11/04/2025 13:45, Adrián Moreno wrote:
On Fri, Apr 11, 2025 at 02:11:20PM +0200, Adrián Moreno wrote:
On Thu, Apr 10, 2025 at 12:10:13PM +0100,brendan.do...@oracle.com wrote:
Hi Dumitru/Adrian,
I'm working my way through IPFIX test in system-ovn.at, just a couple of
questions.
collector1=$(ovn-nbctl create Sample_Collector id=1 name=c1
probability=65535 set_id=100)
collector2=$(ovn-nbctl create Sample_Collector id=2 name=c2
probability=65535 set_id=200)
check_row_count nb:Sample_Collector 2
check_uuid ovn-nbctl create Sampling_App type="acl-new" id="42"
check_uuid ovn-nbctl create Sampling_App type="acl-est" id="43"
check_row_count nb:Sampling_App 2
dnl Create ACLs that match the 3 types of traffic in all 3 possible
stages:
dnl from-lport, from-lport-after-lb, to-lport.
check_uuid ovn-nbctl \
-- --id=@sample_in_1c_new create Sample collector="$collector1"
metadata=1001 \
I don't follow this syntax, it is not described in the ovn-nbctl man page,
there we just
have
ovn-nbctl --sample-new=<uuid of a row of the Sample table> acl-add
So what is 'id' above?
what is '@sample_in_1c_new' is it "42"?
All OVS and OVN commands that interact with an OVSDB (such as ovn-nbctl
or ovs-vsctl), apart from some specific "high level" commands,
(such as "acl-add [---sample-new]..."), support interacting with the OVSDB
directly,
See "Database Commands" section in ovn-nbctl(8).
This part of the command is creating an entry in the Sample action and
_storing_ its id in a temporary reference called "sample_in_1c_new"
which can be used in the same OVSDB transaction futher below.
Is it required to also specify 'create Sample collector', it is not
described in the ovn-nbctl man page.
From manpage:
ovn-nbctl [--id=(@name|uuid)] create table column[:key]=value...
Is '$collector1' the UUID of the Sample_Collector table row we created with
set_id=100 ?
Yes
What is 'metadata' - Is it arbitrary?
Since the command is editing the DB directly, you should look at the
ovn-nb(5) for the documentation of each column in the table. Quoting
such manpage:
"""
metadata: integer, in range 1 to 4,294,967,295 (must be unique within table)
Will be used as Observation Point ID in every sample. The Observation
Domain ID will be generated by ovn-northd and includes the logical datapath key
as the least significant 24 bits and the sampling application type (e.g., drop
debugging) as the 8 most significant bits.
"""
Also I see in the ovn-nbctl man page, we have --sample-new and --sample-est,
but no
--sample-drop, even though the ovn-nb man pages says the 'type' in the
Sampling_App
Table can be acl-est, acl-new, or drop
You are right. "--sample-{new,est}" are options to "acl-add". If you
enable those options, _only_ ACL drops will be sampled.
In order to sample _all_ drops (including implicit ones), we used to
have two flags in NB_Global:options but those got superceeded by just
configuring the Sampling_App table. Nevertheless, this was not added as
a "high level" command to ovn-nbctl. Global options tend not to be, plus
this is a debugging-oriented feature.
Thanks.
Adrián
It seems my email client tricked me and did not that Dumitru has already
answered! :-) Please ignore as his answer is more complete.
Yes, thanks, but I did have a few more questions on the unit tests, that
I'd still
like answers for......
dnl Configure the OVS flow sample collector.
ovs-vsctl --id=@br get Bridge br-int \
-- --id=@ipfix create IPFIX targets=\"127.0.0.1:4242\"
template_interval=1 \
-- --id=@cs create Flow_Sample_Collector_Set id=100 bridge=@br
ipfix=@ipfix
So this would need to be done on each controller node where a VM that is
affected
by the IPFIX ACL could run, right?
I don't see a reference to 'template_interval' in ovs-vsctl(8) , is
this how often
flow records are generated?
I don't see a reference to 'Flow_Sample_Collector_Set' in ovs-vsctl(8),
does:
"-id=@cs create Flow_Sample_Collector_Set id=100"
Mean that only records are generated for samples Observation Domain ID 100,
which matches collector1 that we configured earlier:
collector1=$(ovn-nbctl create Sample_Collector id=1 name=c1
probability=65535 set_id=100)
ipfix create IPFIX targets=\"127.0.0.1:4242\"
I assume this can be any IP/port that the samples are sent to?
Also how do you undo the above? in the ovs-vsctl man page I see:
Deconfigure the IPFIX settings from*br0*, which also destroys the
IPFIX record (since it is now unreferenced):
*ovs-vsctl clear Bridge br0 ipfix*
But I assume that would remove everything, but If I just wanted to remove
the record generation for " Flow_Sample_Collector_Set id=100" how would
that be done?
Thanks
Brendan
Adrián
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
