ovn-nbctl create Sample_Collector id=1 name=c1 probability=65535 set_id=100ovn-nbctl: Sample_Collector does not contain a column whose name matches "id"
I guess there was more added after https://patchwork.ozlabs.org/project/ovn/cover/20240708112414.4050943-1-dce...@redhat.com/ Is there a list of patches that relate to sampling. On 14/04/2025 13:41, brendan.do...@oracle.com wrote:
Thanks, that's very helpful On 14/04/2025 11:42, Dumitru Ceara wrote:On 4/14/25 11:56 AM, Brendan Doyle via discuss wrote:On 11/04/2025 13:45, Adrián Moreno wrote:Yes, thanks, but I did have a few more questions on the unit tests, thatOn Fri, Apr 11, 2025 at 02:11:20PM +0200, Adrián Moreno wrote:On Thu, Apr 10, 2025 at 12:10:13PM +0100,brendan.do...@oracle.com wrote:It seems my email client tricked me and did not that Dumitru has alreadyAll OVS and OVN commands that interact with an OVSDB (such as ovn-nbctlHi Dumitru/Adrian, I'm working my way through IPFIX test in system-ovn.at, just a couple of questions.collector1=$(ovn-nbctl create Sample_Collector id=1 name=c1 probability=65535 set_id=100) collector2=$(ovn-nbctl create Sample_Collector id=2 name=c2 probability=65535 set_id=200) check_row_count nb:Sample_Collector 2 check_uuid ovn-nbctl create Sampling_App type="acl-new" id="42" check_uuid ovn-nbctl create Sampling_App type="acl-est" id="43" check_row_count nb:Sampling_App 2 dnl Create ACLs that match the 3 types of traffic in all 3 possible stages: dnl from-lport, from-lport-after-lb, to-lport. check_uuid ovn-nbctl \-- --id=@sample_in_1c_new create Sample collector="$collector1"metadata=1001 \I don't follow this syntax, it is not described in the ovn-nbctl man page, there we just have ovn-nbctl --sample-new=<uuid of a row of the Sample table> acl-add So what is 'id' above? what is '@sample_in_1c_new' is it "42"?or ovs-vsctl), apart from some specific "high level" commands, (such as "acl-add [---sample-new]..."), support interacting with the OVSDB directly, See "Database Commands" section in ovn-nbctl(8).This part of the command is creating an entry in the Sample action and_storing_ its id in a temporary reference called "sample_in_1c_new" which can be used in the same OVSDB transaction futher below.Is it required to also specify 'create Sample collector', it is not described in the ovn-nbctl man page.From manpage: ovn-nbctl [--id=(@name|uuid)] create table column[:key]=value...Is '$collector1' the UUID of the Sample_Collector table row we created with set_id=100 ?YesWhat is 'metadata' - Is it arbitrary?Since the command is editing the DB directly, you should look at the ovn-nb(5) for the documentation of each column in the table. Quoting such manpage: """ metadata: integer, in range 1 to 4,294,967,295 (must be unique within table) Will be used as Observation Point ID in every sample. The Observation Domain ID will be generated by ovn-northd and includes the logical datapath key as the least significant 24 bits and the sampling application type (e.g., drop debugging) as the 8 most significant bits. """Also I see in the ovn-nbctl man page, we have --sample-new and -- sample-est, but no--sample-drop, even though the ovn-nb man pages says the 'type' in theSampling_App Table can be acl-est, acl-new, or dropYou are right. "--sample-{new,est}" are options to "acl-add". If you enable those options, _only_ ACL drops will be sampled. In order to sample _all_ drops (including implicit ones), we used to have two flags in NB_Global:options but those got superceeded by justconfiguring the Sampling_App table. Nevertheless, this was not added as a "high level" command to ovn-nbctl. Global options tend not to be, plusthis is a debugging-oriented feature. Thanks. Adriánanswered! :-) Please ignore as his answer is more complete.I'd still like answers for......Hi Brendan,So this would need to be done on each controller node where a VM that isdnl Configure the OVS flow sample collector. ovs-vsctl --id=@br get Bridge br-int \ -- --id=@ipfix create IPFIX targets=\"127.0.0.1:4242\" template_interval=1 \ -- --id=@cs create Flow_Sample_Collector_Set id=100 bridge=@br ipfix=@ipfixaffected by the IPFIX ACL could run, right?Yes, indeed, this needs to be configured on all nodes that process packets hitting those ACLs.I don't see a reference to 'template_interval' in ovs-vsctl(8) , is this how often flow records are generated?It's actually in the ovs-vswitchd.conf.db(5) man page:https://urldefense.com/v3/__https://www.openvswitch.org/support/dist-docs/ovs-vswitchd.conf.db.5.txt__;!!ACWV5N9M2RV99hQ!I-G4UOljyHcLSCl5B7bitFSrzTjvAOv6TLg7PKET7vLMsqV_bRjE_WxIWSbGIqUKzEQBYIJF2n4uqiVJ1w$template_interval: optional integer, in range 1 to 3,600 Interval (in seconds) for sending IPFIX Template information for each Observation Domain ID. Default value is 600This is also part of ovs-vswitchd.conf.db(5), the "Flow_Sample_Collector_SetI don't see a reference to 'Flow_Sample_Collector_Set' in ovs-vsctl(8),TABLE" section.does: "-id=@cs create Flow_Sample_Collector_Set id=100"Mean that only records are generated for samples Observation Domain ID 100,which matches collector1 that we configured earlier: collector1=$(ovn-nbctl create Sample_Collector id=1 name=c1 probability=65535 set_id=100)"id" is just an unique ID: id: integer, in range 0 to 4,294,967,295The ID of this collector set, unique among the bridge’s collec‐ tor sets, to be used as the collector_set_id in OpenFlow sampleactions. the Observation Domain ID is populated by OVN in the "sample()" logical flow action generated for packets matching the ACLs. Please see the "sample(probability=packets, ...)" definition here:https://urldefense.com/v3/__https://www.ovn.org/support/dist-docs/ovn-sb.5.txt__;!!ACWV5N9M2RV99hQ!I-G4UOljyHcLSCl5B7bitFSrzTjvAOv6TLg7PKET7vLMsqV_bRjE_WxIWSbGIqUKzEQBYIJF2n40oDcCzg$With ACL sampling enabled, the observation point ID ovn generates is actuallythe NB.Sample.metadata value.Right. But keep in mind that in this case these are IPFIX samples so you'll need to run an IPFIX collector on that IP:PORT. In the tests we use nfdump.ipfix create IPFIX targets=\"127.0.0.1:4242\" I assume this can be any IP/port that the samples are sent to?That would be "ovs-vsctl destroy Flow_Sample_Collector_Set <UUID>". E.g.:Also how do you undo the above? in the ovs-vsctl man page I see:But I assume that would remove everything, but If I just wanted to removeDeconfigure the IPFIX settings from*br0*, which also destroys the IPFIX record (since it is now unreferenced): *ovs-vsctl clear Bridge br0 ipfix*the record generation for " Flow_Sample_Collector_Set id=100" how would that be done?ovs-vsctl destroy Flow_Sample_Collector_Set $(ovs-vsctl --bare --columns _uuid find Flow_Sample_Collector_Set id=100)Thanks BrendanRegards, Dumitru
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
