[ovs-dev] [PATCH v2] Support port level IPFIX
This patch enables port level IPFIX. Before this patch, OVS supported
per bridge IPFIX and per flow IPFX, and exporting packet tunnel headers
is only supported by bridge IPFIX. This patch adds port level IPFIX
for easy configuration and port level IPFIX also supports exporting
packet tunnel headers, just the same with bridge level IPFIX.
Three main things are done in this patch.
1) Add a column ipfix in Port table to ref IPFIX table
2) Each interface in the port should use the port IPFiX configuration
3) A hash map is used to manage the port which is configured IPFIX
CLI to configure Port IPFIX:
1) Configure
ovs-vsctl -- set Port port0 ipfix=@i -- --id=@i create IPFIX \
targets=\"10.24.122.72:4739\" sampling=1 obs_domain_id=123 \
obs_point_id=456 cache_active_timeout=1 cache_max_flows=128 \
other_config:enable-tunnel-sampling=true
2) Clear
ovs-vsctl clear Port port0 ipfix
Signed-off-by: Benli Ye
---
lib/odp-util.c| 32 +++-
lib/odp-util.h| 19 +-
ofproto/ofproto-dpif-ipfix.c | 403 +++---
ofproto/ofproto-dpif-ipfix.h | 17 ++
ofproto/ofproto-dpif-upcall.c | 39 +++-
ofproto/ofproto-dpif-xlate.c | 117
ofproto/ofproto-dpif-xlate.h | 3 +-
ofproto/ofproto-dpif.c| 19 +-
ofproto/ofproto-provider.h| 7 +-
ofproto/ofproto.c | 7 +-
ofproto/ofproto.h | 23 +++
tests/odp.at | 6 +-
tests/ofproto-dpif.at | 43 -
vswitchd/bridge.c | 123 +++--
vswitchd/vswitch.ovsschema| 6 +-
vswitchd/vswitch.xml | 34 +++-
16 files changed, 788 insertions(+), 110 deletions(-)
diff --git a/lib/odp-util.c b/lib/odp-util.c
index 10fb6c2..dcf678e 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -316,10 +316,16 @@ format_odp_userspace_action(struct ds *ds, const struct
nlattr *attr)
cookie.flow_sample.collector_set_id,
cookie.flow_sample.obs_domain_id,
cookie.flow_sample.obs_point_id);
-} else if (userdata_len >= sizeof cookie.ipfix
- && cookie.type == USER_ACTION_COOKIE_IPFIX) {
-ds_put_format(ds, ",ipfix(output_port=%"PRIu32")",
- cookie.ipfix.output_odp_port);
+} else if (userdata_len >= sizeof cookie.bridge_ipfix
+ && cookie.type == USER_ACTION_COOKIE_BRIDGE_IPFIX) {
+ds_put_format(ds, ",bridge_ipfix(output_port=%"PRIu32")",
+ cookie.bridge_ipfix.output_odp_port);
+} else if (userdata_len >= sizeof cookie.port_ipfix
+ && cookie.type == USER_ACTION_COOKIE_PORT_IPFIX) {
+ds_put_format(ds, ",port_ipfix(ofp_port=%"PRIu16
+ ",output_port=%"PRIu32")",
+ cookie.port_ipfix.ofp_port,
+ cookie.port_ipfix.output_odp_port);
} else {
userdata_unspec = true;
}
@@ -909,6 +915,7 @@ parse_odp_userspace_action(const char *s, struct ofpbuf
*actions)
{
uint32_t output;
+uint16_t ofp_port;
uint32_t probability;
uint32_t collector_set_id;
uint32_t obs_domain_id;
@@ -963,13 +970,22 @@ parse_odp_userspace_action(const char *s, struct ofpbuf
*actions)
cookie.flow_sample.obs_point_id = obs_point_id;
user_data = &cookie;
user_data_size = sizeof cookie.flow_sample;
-} else if (ovs_scan(&s[n], ",ipfix(output_port=%"SCNi32")%n",
+} else if (ovs_scan(&s[n], ",bridge_ipfix(output_port=%"SCNi32")%n",
&output, &n1) ) {
n += n1;
-cookie.type = USER_ACTION_COOKIE_IPFIX;
-cookie.ipfix.output_odp_port = u32_to_odp(output);
+cookie.type = USER_ACTION_COOKIE_BRIDGE_IPFIX;
+cookie.bridge_ipfix.output_odp_port = u32_to_odp(output);
user_data = &cookie;
-user_data_size = sizeof cookie.ipfix;
+user_data_size = sizeof cookie.bridge_ipfix;
+} else if (ovs_scan(&s[n], ",port_ipfix(ofp_port=%"SCNi16","
+"output_port=%"SCNi32")%n",
+&ofp_port, &output, &n1) ) {
+n += n1;
+cookie.type = USER_ACTION_COOKIE_PORT_IPFIX;
+cookie.port_ipfix.ofp_port = u16_to_ofp(ofp_port);
+cookie.port_ipfix.output_odp_port = u32_to_odp(output);
+user_data = &cookie;
+user_data_size = sizeof cookie.port_ipfix;
} else if
[ovs-dev] [PATCH v1] ipfix: Bug fix for configuring IPFIX for flows
There are two kinds of IPFIX: bridge level IPFIX and flow level
IPFIX. Now if we only configure flow level IPFIX, even if there
is no bridge IPFIX configuration, the datapath flow will contain
a sample action for bridge IPFIX. Fix it.
Steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:LOCAL'
Before this fix, if you only configure flow IPFIX, the datapath flow is:
id(0),in_port(2),eth_type(0x0806), packets:0, bytes:0, used:never,
actions:sample(sample=0.0%,actions(userspace(pid=4294960835,
ipfix(output_port=4294967295,sample(sample=100.0%,
actions(userspace(pid=4294960835,flow_sample(probability=65535,
collector_set_id=1,obs_domain_id=123,obs_point_id=456,
sample(sample=0.0%,actions(userspace(pid=4294960835,
ipfix(output_port=1,1
The datapath flow should only contain the sample action like below:
id(0),in_port(2),eth_type(0x0800),ipv4(frag=no), packets:9, bytes:871,
used:0.656s, actions:sample(sample=100.0%,actions(userspace(pid=4294962911,
flow_sample(probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,1
Signed-off-by: Benli Ye
---
ofproto/ofproto-dpif-ipfix.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ofproto/ofproto-dpif-ipfix.c b/ofproto/ofproto-dpif-ipfix.c
index 59cd884..79ba234 100644
--- a/ofproto/ofproto-dpif-ipfix.c
+++ b/ofproto/ofproto-dpif-ipfix.c
@@ -903,7 +903,7 @@ bool
dpif_ipfix_get_bridge_exporter_input_sampling(const struct dpif_ipfix *di)
OVS_EXCLUDED(mutex)
{
-bool ret = true;
+bool ret = false;
ovs_mutex_lock(&mutex);
if (di->bridge_exporter.options) {
ret = di->bridge_exporter.options->enable_input_sampling;
@@ -916,7 +916,7 @@ bool
dpif_ipfix_get_bridge_exporter_output_sampling(const struct dpif_ipfix *di)
OVS_EXCLUDED(mutex)
{
-bool ret = true;
+bool ret = false;
ovs_mutex_lock(&mutex);
if (di->bridge_exporter.options) {
ret = di->bridge_exporter.options->enable_output_sampling;
--
1.9.1
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH v1] ipfix: add support for exporting ipfix statistics
It is meaningful for user to check the stats of IPFIX.
Using IPFIX stats, user can know how much flows the system
can support. It is also can be used for performance check
of IPFIX.
IPFIX stats is added for per IPFIX exporter. If bridge IPFIX is
enabled on the bridge, the whole bridge will have one exporter.
For flow IPFIX, the system keeps per id (column in
Flow_Sample_Collector_Set) per exporter.
1) Add 'ovs-ofctl dump-ipfix-bridge SWITCH' to export IPFIX stats of
the bridge which enable bridge IPFIX. The output format:
NXST_IPFIX_BRIDGE reply (xid=0x2):
bridge ipfix: flows=0, current flows=0, sampled pkts=0, \
ipv4 ok=0, ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
2) Add 'ovs-ofctl dump-ipfix-flow SWITCH' to export IPFIX stats of
the bridge which enable flow IPFIX. The output format:
NXST_IPFIX_FLOW reply (xid=0x2): 2 ids
id 1: flows=4, current flows=4, sampled pkts=14, ipv4 ok=13, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx pkts=0, tx errs=0
id 2: flows=0, current flows=0, sampled pkts=0, ipv4 ok=0, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx pkts=0, tx errs=0
flows: the number of total flow records, including those exported.
current flows: the number of current flow records cached.
sampled pkts: Successfully sampled packet count.
ipv4 ok: successfully sampled IPv4 flow packet count.
ipv6 ok: Successfully sampled IPv6 flow packet count.
tx pkts: the count of IPFIX exported packets sent to the collector(s).
pkts errs: count of packets failed when sampling, maybe not supported or other
error.
ipv4 errs: Count of IPV4 flow packet in the error packets.
ipv6 errs: Count of IPV6 flow packet in the error packets.
tx errs: the count of IPFIX exported packets failed when sending to the
collector(s).
Signed-off-by: Benli Ye
---
include/openflow/nicira-ext.h| 16
include/openvswitch/ofp-errors.h | 8 ++
include/openvswitch/ofp-msgs.h | 16
include/openvswitch/ofp-util.h | 19
lib/ofp-print.c | 102
lib/ofp-util.c | 102
lib/rconn.c | 4 +
ofproto/collectors.c | 10 +-
ofproto/collectors.h | 2 +-
ofproto/ofproto-dpif-ipfix.c | 201 +++
ofproto/ofproto-dpif-ipfix.h | 2 +
ofproto/ofproto-dpif.c | 20
ofproto/ofproto-provider.h | 9 ++
ofproto/ofproto.c| 66 +
ofproto/ofproto.h| 13 +++
utilities/ovs-ofctl.c| 19
16 files changed, 585 insertions(+), 24 deletions(-)
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
index 8950335..72f803f 100644
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -774,6 +774,22 @@ struct nx_aggregate_stats_request {
*/
};
OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 8);
+
+struct nx_ipfix_stats_reply {
+ovs_be64 collector_set_id; /*range 0 to 4,294,967,295*/
+ovs_be64 total_flows;
+ovs_be64 current_flows;
+ovs_be64 pkts;
+ovs_be64 ipv4_pkts;
+ovs_be64 ipv6_pkts;
+ovs_be64 error_pkts;
+ovs_be64 ipv4_error_pkts;
+ovs_be64 ipv6_error_pkts;
+ovs_be64 tx_pkts;
+ovs_be64 tx_errors;
+};
+OFP_ASSERT(sizeof(struct nx_ipfix_stats_reply) == 88);
+
/* NXT_SET_CONTROLLER_ID.
*
diff --git a/include/openvswitch/ofp-errors.h b/include/openvswitch/ofp-errors.h
index f963d2b..a378909 100644
--- a/include/openvswitch/ofp-errors.h
+++ b/include/openvswitch/ofp-errors.h
@@ -781,6 +781,14 @@ enum ofperr {
* continuation was generated, or continuation was not generated by this
* Open vSwitch instance. */
OFPERR_NXR_STALE,
+
+/* ## -- ## */
+/* ## NXT_STATS ## */
+/* ## -- ## */
+
+/* NX1.0-1.1(1,535), NX1.2+(36). Protocol is not configured on this
+ * Open vSwitch instance. */
+OFPERR_NXST_NOT_CONFIGURED,
};
const char *ofperr_domain_get_name(enum ofp_version);
diff --git a/include/openvswitch/ofp-msgs.h b/include/openvswitch/ofp-msgs.h
index 560cbe0..c8ad1ed 100644
--- a/include/openvswitch/ofp-msgs.h
+++ b/include/openvswitch/ofp-msgs.h
@@ -467,6 +467,18 @@ enum ofpraw {
/* NXT 1.0+ (28): uint8_t[8][]. */
OFPRAW_NXT_RESUME,
+
+/* NXST 1.0+ (3): void. */
+OFPRAW_NXST_IPFIX_BRIDGE_REQUEST,
+
+/*NXST 1.0+ (3): struct nx_ipfix_stats_reply. */
+OFPRAW_NXST_IPFIX_BRIDGE_REPLY,
+
+/* NXST 1.0+ (4): void. */
+OFPRAW_NXST_IPFIX_FLOW_REQUEST,
+
+/*NXST 1.0+ (4): struct nx_ipfix_stats_reply[]. */
+OFPRAW_NXST_IPFIX_FLOW_REPLY,
};
/* Decoding messages into OFPRAW_* values. */
@@ -691,6 +703,10 @@ enum ofptype {
OFPTYPE_NXT_TLV_TABLE_REQUEST, /* OFPRAW_NXT_TLV_TABLE_REQUEST. */
OFPTYPE
[ovs-dev] [PATCH v1] ipfix: support tunnel information for Flow IPFIX
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
In order to support exporting tunnel information, the sample action in step 3
should be modified. In this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
sampling_port=3')',output:3'
'obs_domain_id' and 'obs_point_id' are deleted from flow sample action and
corresponding value in IPFIX table will be used by flow-based IPFIX.
'sampling_port' is added for leting 'xlate' know the output port of the flow.
If the output port is a tunnel port, OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will
be set in the datapath flow sample action. When flow sample action upcall
happens, tunnel information will be retrieved from the datapath and then IPFIX
can export egress tunnel port information. Sampling port can be equel to
ingress port or one of egress ports. If samping_port=65535 (OFPP_NONE),
flow-based IPFIX will keep the same behavior as before.
This patch mainly do three tasks:
1) Modify flow sample action to support exporting tunnel infromation
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information
3) Make sure flow sample action of tunnel port, which is the egress port of
corresponding flow is behind set_tunnel action.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge
UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456 \
cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
sampling_port=3')',output:3'
Note: The output port and sampling_port are both open flow port and the
output port is the GRE tunnel port.
6) Ping from the contain whose host enable IPFIX
6) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye
---
include/openvswitch/ofp-actions.h | 3 +-
lib/odp-util.c| 17 ++--
lib/odp-util.h| 5 +-
lib/ofp-actions.c | 22 ++---
ofproto/ofproto-dpif-ipfix.c | 78 +++--
ofproto/ofproto-dpif-ipfix.h | 7 +-
ofproto/ofproto-dpif-upcall.c | 11 ++-
ofproto/ofproto-dpif-xlate.c | 116 ++--
ofproto/ofproto.h | 3 +
tests/odp.at | 4 +-
tests/ofp-actions.at | 8 +-
tests/ovs-ofctl.at| 24 ++---
vswitchd/bridge.c | 7 ++
vswitchd/vswitch.xml | 180 +++---
14 files changed, 330 insertions(+), 155 deletions(-)
diff --git a/include/openvswitch/ofp-actions.h
b/include/openvswitch/ofp-actions.h
index 038ef87..fc098a1 100644
--- a/include/openvswitch/ofp-actions.h
+++ b/include/openvswitch/ofp-actions.h
@@ -780,8 +780,7 @@ struct ofpact_sample {
struct ofpact ofpact;
uint16_t probability; // Always >0.
uint32_t collector_set_id;
-uint32_t obs_domain_id;
-uint32_t obs_point_id;
+uint16_t sampling_port;
};
/* OFPACT_DEC_TTL.
diff --git a/lib/odp-util.c b/lib/odp-util.c
index d9ace90..70d2ea9 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -310,12 +310,10 @@ format_odp_userspace_action(struct ds *ds, const struct
nlattr *attr)
[ovs-dev] [PATCH v2] ipfix: add support for exporting ipfix statistics
It is meaningful for user to check the stats of IPFIX.
Using IPFIX stats, user can know how much flows the system
can support. It is also can be used for performance check
of IPFIX.
IPFIX stats is added for per IPFIX exporter. If bridge IPFIX is
enabled on the bridge, the whole bridge will have one exporter.
For flow IPFIX, the system keeps per id (column in
Flow_Sample_Collector_Set) per exporter.
1) Add 'ovs-ofctl dump-ipfix-bridge SWITCH' to export IPFIX stats of
the bridge which enable bridge IPFIX. The output format:
NXST_IPFIX_BRIDGE reply (xid=0x2):
bridge ipfix: flows=0, current flows=0, sampled pkts=0, \
ipv4 ok=0, ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
2) Add 'ovs-ofctl dump-ipfix-flow SWITCH' to export IPFIX stats of
the bridge which enable flow IPFIX. The output format:
NXST_IPFIX_FLOW reply (xid=0x2): 2 ids
id 1: flows=4, current flows=4, sampled pkts=14, ipv4 ok=13, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx pkts=0, tx errs=0
id 2: flows=0, current flows=0, sampled pkts=0, ipv4 ok=0, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx pkts=0, tx errs=0
flows: the number of total flow records, including those exported.
current flows: the number of current flow records cached.
sampled pkts: Successfully sampled packet count.
ipv4 ok: successfully sampled IPv4 flow packet count.
ipv6 ok: Successfully sampled IPv6 flow packet count.
tx pkts: the count of IPFIX exported packets sent to the collector(s).
pkts errs: count of packets failed when sampling, maybe not supported or other
error.
ipv4 errs: Count of IPV4 flow packet in the error packets.
ipv6 errs: Count of IPV6 flow packet in the error packets.
tx errs: the count of IPFIX exported packets failed when sending to the
collector(s).
Signed-off-by: Benli Ye
---
include/openflow/nicira-ext.h| 16 +++
include/openvswitch/ofp-errors.h | 8 ++
include/openvswitch/ofp-msgs.h | 16 +++
include/openvswitch/ofp-util.h | 19
lib/ofp-print.c | 102
lib/ofp-util.c | 102
lib/rconn.c | 4 +
ofproto/collectors.c | 10 +-
ofproto/collectors.h | 2 +-
ofproto/ofproto-dpif-ipfix.c | 204 +++
ofproto/ofproto-dpif-ipfix.h | 2 +
ofproto/ofproto-dpif.c | 20
ofproto/ofproto-provider.h | 9 ++
ofproto/ofproto.c| 66 +
ofproto/ofproto.h| 13 +++
tests/ofproto-dpif.at| 39
utilities/ovs-ofctl.c| 19
17 files changed, 627 insertions(+), 24 deletions(-)
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
index 8950335..72f803f 100644
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -774,6 +774,22 @@ struct nx_aggregate_stats_request {
*/
};
OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 8);
+
+struct nx_ipfix_stats_reply {
+ovs_be64 collector_set_id; /*range 0 to 4,294,967,295*/
+ovs_be64 total_flows;
+ovs_be64 current_flows;
+ovs_be64 pkts;
+ovs_be64 ipv4_pkts;
+ovs_be64 ipv6_pkts;
+ovs_be64 error_pkts;
+ovs_be64 ipv4_error_pkts;
+ovs_be64 ipv6_error_pkts;
+ovs_be64 tx_pkts;
+ovs_be64 tx_errors;
+};
+OFP_ASSERT(sizeof(struct nx_ipfix_stats_reply) == 88);
+
/* NXT_SET_CONTROLLER_ID.
*
diff --git a/include/openvswitch/ofp-errors.h b/include/openvswitch/ofp-errors.h
index f963d2b..a378909 100644
--- a/include/openvswitch/ofp-errors.h
+++ b/include/openvswitch/ofp-errors.h
@@ -781,6 +781,14 @@ enum ofperr {
* continuation was generated, or continuation was not generated by this
* Open vSwitch instance. */
OFPERR_NXR_STALE,
+
+/* ## -- ## */
+/* ## NXT_STATS ## */
+/* ## -- ## */
+
+/* NX1.0-1.1(1,535), NX1.2+(36). Protocol is not configured on this
+ * Open vSwitch instance. */
+OFPERR_NXST_NOT_CONFIGURED,
};
const char *ofperr_domain_get_name(enum ofp_version);
diff --git a/include/openvswitch/ofp-msgs.h b/include/openvswitch/ofp-msgs.h
index 560cbe0..c8ad1ed 100644
--- a/include/openvswitch/ofp-msgs.h
+++ b/include/openvswitch/ofp-msgs.h
@@ -467,6 +467,18 @@ enum ofpraw {
/* NXT 1.0+ (28): uint8_t[8][]. */
OFPRAW_NXT_RESUME,
+
+/* NXST 1.0+ (3): void. */
+OFPRAW_NXST_IPFIX_BRIDGE_REQUEST,
+
+/*NXST 1.0+ (3): struct nx_ipfix_stats_reply. */
+OFPRAW_NXST_IPFIX_BRIDGE_REPLY,
+
+/* NXST 1.0+ (4): void. */
+OFPRAW_NXST_IPFIX_FLOW_REQUEST,
+
+/*NXST 1.0+ (4): struct nx_ipfix_stats_reply[]. */
+OFPRAW_NXST_IPFIX_FLOW_REPLY,
};
/* Decoding messages into OFPRAW_* values. */
@@ -691,6 +703,10 @@ enum ofptype {
OFPTYPE_NXT_TLV_TABLE_REQUEST, /* OFPRAW_N
[ovs-dev] [PATCH v3] ipfix: add support for exporting ipfix statistics
It is meaningful for user to check the stats of IPFIX.
Using IPFIX stats, user can know how much flows the system
can support. It is also can be used for performance check
of IPFIX.
IPFIX stats is added for per IPFIX exporter. If bridge IPFIX is
enabled on the bridge, the whole bridge will have one exporter.
For flow IPFIX, the system keeps per id (column in
Flow_Sample_Collector_Set) per exporter.
1) Add 'ovs-ofctl dump-ipfix-bridge SWITCH' to export IPFIX stats of
the bridge which enable bridge IPFIX. The output format:
NXST_IPFIX_BRIDGE reply (xid=0x2):
bridge ipfix: flows=0, current flows=0, sampled pkts=0, \
ipv4 ok=0, ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
2) Add 'ovs-ofctl dump-ipfix-flow SWITCH' to export IPFIX stats of
the bridge which enable flow IPFIX. The output format:
NXST_IPFIX_FLOW reply (xid=0x2): 2 ids
id 1: flows=4, current flows=4, sampled pkts=14, ipv4 ok=13, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
id 2: flows=0, current flows=0, sampled pkts=0, ipv4 ok=0, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
flows: the number of total flow records, including those exported.
current flows: the number of current flow records cached.
sampled pkts: Successfully sampled packet count.
ipv4 ok: successfully sampled IPv4 flow packet count.
ipv6 ok: Successfully sampled IPv6 flow packet count.
tx pkts: the count of IPFIX exported packets sent to the collector(s).
pkts errs: count of packets failed when sampling, maybe not supported or other
error.
ipv4 errs: Count of IPV4 flow packet in the error packets.
ipv6 errs: Count of IPV6 flow packet in the error packets.
tx errs: the count of IPFIX exported packets failed when sending to the
collector(s).
Signed-off-by: Benli Ye
---
NEWS | 2 +
include/openflow/nicira-ext.h| 17
include/openvswitch/ofp-errors.h | 8 ++
include/openvswitch/ofp-msgs.h | 16
include/openvswitch/ofp-util.h | 19
lib/ofp-print.c | 92 +++
lib/ofp-util.c | 90 +++
lib/rconn.c | 4 +
ofproto/collectors.c | 10 ++-
ofproto/collectors.h | 2 +-
ofproto/ofproto-dpif-ipfix.c | 190 +++
ofproto/ofproto-dpif-ipfix.h | 2 +
ofproto/ofproto-dpif.c | 16
ofproto/ofproto-provider.h | 12 +++
ofproto/ofproto.c| 66 ++
tests/ofp-print.at | 79
tests/ofproto-dpif.at| 154 ++-
utilities/ovs-ofctl.8.in | 20 +
utilities/ovs-ofctl.c| 19
19 files changed, 794 insertions(+), 24 deletions(-)
diff --git a/NEWS b/NEWS
index ba201cf..08094c5 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,8 @@ Post-v2.5.0
* queue-get-config command now allows a queue ID to be specified.
* '--bundle' option can now be used with OpenFlow 1.3.
* New option "--color" to produce colorized output for some commands.
+ * New commands "dump-ipfix-bridge" and "dump-ipfix-flow" to dump bridge
+ IPFIX statistics and flow based IPFIX statistics.
- DPDK:
* New option "n_rxq" for PMD interfaces.
Old 'other_config:n-dpdk-rxqs' is no longer supported.
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
index 8950335..4a792e8 100644
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -774,6 +774,23 @@ struct nx_aggregate_stats_request {
*/
};
OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 8);
+
+struct nx_ipfix_stats_reply {
+ovs_be64 total_flows;
+ovs_be64 current_flows;
+ovs_be64 pkts;
+ovs_be64 ipv4_pkts;
+ovs_be64 ipv6_pkts;
+ovs_be64 error_pkts;
+ovs_be64 ipv4_error_pkts;
+ovs_be64 ipv6_error_pkts;
+ovs_be64 tx_pkts;
+ovs_be64 tx_errors;
+ovs_be32 collector_set_id; /* Range 0 to 4,294,967,295. */
+uint8_t pad[4];/* Pad to a multiple of 8. */
+};
+OFP_ASSERT(sizeof(struct nx_ipfix_stats_reply) == 88);
+
/* NXT_SET_CONTROLLER_ID.
*
diff --git a/include/openvswitch/ofp-errors.h b/include/openvswitch/ofp-errors.h
index f963d2b..a378909 100644
--- a/include/openvswitch/ofp-errors.h
+++ b/include/openvswitch/ofp-errors.h
@@ -781,6 +781,14 @@ enum ofperr {
* continuation was generated, or continuation was not generated by this
* Open vSwitch instance. */
OFPERR_NXR_STALE,
+
+/* ## -- ## */
+/* ## NXT_STATS ## */
+/* ## -- ## */
+
+/* NX1.0-1.1(1,535), NX1.2+(36). Protocol is not configured on this
+ * Open vSwitch instance. */
+OFPERR_NXST_NOT_CONFIGURED,
[ovs-dev] [PATCH v2] ipfix: support tunnel information for Flow IPFIX
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added. With NXAST_SAMPLE2 action in
this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample
action.
When flow sample action upcall happens, tunnel information will be retrieved
from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) Flow sample action for egress tunnel port is moved to the point that
is just before output action. It makes sure that flow sample action
for egress tunnel port is always behind corresponding set_tunnel
action.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge
UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye
---
include/openvswitch/ofp-actions.h | 3 +-
lib/odp-util.c| 13 +++-
lib/odp-util.h| 3 +-
lib/ofp-actions.c | 116 +++
ofproto/ofproto-dpif-ipfix.c | 65 ++--
ofproto/ofproto-dpif-ipfix.h | 7 +-
ofproto/ofproto-dpif-upcall.c | 13 +++-
ofproto/ofproto-dpif-xlate.c | 115 ++-
ofproto/ofproto.h | 1 +
tests/odp.at | 4 +-
tests/ofp-actions.at | 3 +
tests/ovs-ofctl.at| 12 +++
utilities/ovs-ofctl.8.in | 6 ++
vswitchd/bridge.c | 3 +
vswitchd/vswitch.xml | 160 +++---
15 files changed, 405 insertions(+), 119 deletions(-)
diff --git a/include/openvswitch/ofp-actions.h
b/include/openvswitch/ofp-actions.h
index 038ef87..bfd0581 100644
--- a/include/openvswitch/ofp-actions.h
+++ b/include/openvswitch/ofp-actions.h
@@ -775,13 +775,14 @@ struct ofpact_note {
/* OFPACT_SAMPLE.
*
- * Used for NXAST_SAMPLE. */
+ * Used for NXAST_SAMPLE and NXAST_SAMPLE2. */
struct ofpact_sample {
struct ofpact ofpact;
uint16_t probability; // Always >0.
uint32_t collector_set_id;
uint32_t
[ovs-dev] [PATCH v4] ipfix: add support for exporting ipfix statistics
It is meaningful for user to check the stats of IPFIX.
Using IPFIX stats, user can know how much flows the system
can support. It is also can be used for performance check
of IPFIX.
IPFIX stats is added for per IPFIX exporter. If bridge IPFIX is
enabled on the bridge, the whole bridge will have one exporter.
For flow IPFIX, the system keeps per id (column in
Flow_Sample_Collector_Set) per exporter.
1) Add 'ovs-ofctl dump-ipfix-bridge SWITCH' to export IPFIX stats of
the bridge which enable bridge IPFIX. The output format:
NXST_IPFIX_BRIDGE reply (xid=0x2):
bridge ipfix: flows=0, current flows=0, sampled pkts=0, \
ipv4 ok=0, ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
2) Add 'ovs-ofctl dump-ipfix-flow SWITCH' to export IPFIX stats of
the bridge which enable flow IPFIX. The output format:
NXST_IPFIX_FLOW reply (xid=0x2): 2 ids
id 1: flows=4, current flows=4, sampled pkts=14, ipv4 ok=13, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
id 2: flows=0, current flows=0, sampled pkts=0, ipv4 ok=0, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
flows: the number of total flow records, including those exported.
current flows: the number of current flow records cached.
sampled pkts: Successfully sampled packet count.
ipv4 ok: successfully sampled IPv4 flow packet count.
ipv6 ok: Successfully sampled IPv6 flow packet count.
tx pkts: the count of IPFIX exported packets sent to the collector(s).
pkts errs: count of packets failed when sampling, maybe not supported or other
error.
ipv4 errs: Count of IPV4 flow packet in the error packets.
ipv6 errs: Count of IPV6 flow packet in the error packets.
tx errs: the count of IPFIX exported packets failed when sending to the
collector(s).
Signed-off-by: Benli Ye
---
NEWS | 2 +
include/openflow/nicira-ext.h| 17
include/openvswitch/ofp-errors.h | 8 ++
include/openvswitch/ofp-msgs.h | 16
include/openvswitch/ofp-util.h | 19
lib/ofp-print.c | 92 +++
lib/ofp-util.c | 90 +++
lib/rconn.c | 4 +
ofproto/collectors.c | 10 ++-
ofproto/collectors.h | 2 +-
ofproto/ofproto-dpif-ipfix.c | 190 +++
ofproto/ofproto-dpif-ipfix.h | 2 +
ofproto/ofproto-dpif.c | 16
ofproto/ofproto-provider.h | 11 +++
ofproto/ofproto.c| 66 ++
tests/ofp-print.at | 79
tests/ofproto-dpif.at| 167 --
utilities/ovs-ofctl.8.in | 22 -
utilities/ovs-ofctl.c| 19
19 files changed, 804 insertions(+), 28 deletions(-)
diff --git a/NEWS b/NEWS
index ba201cf..08094c5 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,8 @@ Post-v2.5.0
* queue-get-config command now allows a queue ID to be specified.
* '--bundle' option can now be used with OpenFlow 1.3.
* New option "--color" to produce colorized output for some commands.
+ * New commands "dump-ipfix-bridge" and "dump-ipfix-flow" to dump bridge
+ IPFIX statistics and flow based IPFIX statistics.
- DPDK:
* New option "n_rxq" for PMD interfaces.
Old 'other_config:n-dpdk-rxqs' is no longer supported.
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
index 8950335..4a792e8 100644
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -774,6 +774,23 @@ struct nx_aggregate_stats_request {
*/
};
OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 8);
+
+struct nx_ipfix_stats_reply {
+ovs_be64 total_flows;
+ovs_be64 current_flows;
+ovs_be64 pkts;
+ovs_be64 ipv4_pkts;
+ovs_be64 ipv6_pkts;
+ovs_be64 error_pkts;
+ovs_be64 ipv4_error_pkts;
+ovs_be64 ipv6_error_pkts;
+ovs_be64 tx_pkts;
+ovs_be64 tx_errors;
+ovs_be32 collector_set_id; /* Range 0 to 4,294,967,295. */
+uint8_t pad[4];/* Pad to a multiple of 8. */
+};
+OFP_ASSERT(sizeof(struct nx_ipfix_stats_reply) == 88);
+
/* NXT_SET_CONTROLLER_ID.
*
diff --git a/include/openvswitch/ofp-errors.h b/include/openvswitch/ofp-errors.h
index f963d2b..a378909 100644
--- a/include/openvswitch/ofp-errors.h
+++ b/include/openvswitch/ofp-errors.h
@@ -781,6 +781,14 @@ enum ofperr {
* continuation was generated, or continuation was not generated by this
* Open vSwitch instance. */
OFPERR_NXR_STALE,
+
+/* ## -- ## */
+/* ## NXT_STATS ## */
+/* ## -- ## */
+
+/* NX1.0-1.1(1,535), NX1.2+(36). Protocol is not configured on this
+ * Open vSwitch instance. */
+OFPERR_NXST_NOT_CONFIGURED,
[ovs-dev] [PATCH v3] ipfix: support tunnel information for Flow IPFIX
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added. With NXAST_SAMPLE2 action in
this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample
action.
When flow sample action upcall happens, tunnel information will be retrieved
from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) Flow sample action for egress tunnel port is moved to the point that
is just before output action. It makes sure that flow sample action
for egress tunnel port is always behind corresponding set_tunnel
action.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge
UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye
---
include/openvswitch/ofp-actions.h | 5 +-
lib/odp-util.c| 13 ++-
lib/odp-util.h| 3 +-
lib/ofp-actions.c | 85 ---
ofproto/ofproto-dpif-ipfix.c | 63 --
ofproto/ofproto-dpif-ipfix.h | 7 +-
ofproto/ofproto-dpif-upcall.c | 13 ++-
ofproto/ofproto-dpif-xlate.c | 120 +--
ofproto/ofproto.h | 1 +
tests/odp.at | 4 +-
tests/ofp-actions.at | 3 +
tests/ofproto-dpif.at | 80 ++
tests/ovs-ofctl.at| 12 +++
utilities/ovs-ofctl.8.in | 7 +-
vswitchd/bridge.c | 3 +
vswitchd/vswitch.xml | 168 --
16 files changed, 467 insertions(+), 120 deletions(-)
diff --git a/include/openvswitch/ofp-actions.h
b/include/openvswitch/ofp-actions.h
index 038ef87..91c7ee5 100644
--- a/include/openvswitch/ofp-actions.h
+++ b/include/openvswitch/ofp-actions.h
@@ -775,13 +775,14 @@ struct ofpact_note {
/* OFPACT_SAMPLE.
*
- * Used for NXAST_SAMPLE. */
+ * Used for NXAST_SAMPLE and NXAST_SAMPLE2. */
struct ofpact_sample {
str
[ovs-dev] [PATCH v5] ipfix: add support for exporting ipfix statistics
It is meaningful for user to check the stats of IPFIX.
Using IPFIX stats, user can know how much flows the system
can support. It is also can be used for performance check
of IPFIX.
IPFIX stats is added for per IPFIX exporter. If bridge IPFIX is
enabled on the bridge, the whole bridge will have one exporter.
For flow IPFIX, the system keeps per id (column in
Flow_Sample_Collector_Set) per exporter.
1) Add 'ovs-ofctl dump-ipfix-bridge SWITCH' to export IPFIX stats of
the bridge which enable bridge IPFIX. The output format:
NXST_IPFIX_BRIDGE reply (xid=0x2):
bridge ipfix: flows=0, current flows=0, sampled pkts=0, \
ipv4 ok=0, ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
2) Add 'ovs-ofctl dump-ipfix-flow SWITCH' to export IPFIX stats of
the bridge which enable flow IPFIX. The output format:
NXST_IPFIX_FLOW reply (xid=0x2): 2 ids
id 1: flows=4, current flows=4, sampled pkts=14, ipv4 ok=13, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
id 2: flows=0, current flows=0, sampled pkts=0, ipv4 ok=0, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
flows: the number of total flow records, including those exported.
current flows: the number of current flow records cached.
sampled pkts: Successfully sampled packet count.
ipv4 ok: successfully sampled IPv4 flow packet count.
ipv6 ok: Successfully sampled IPv6 flow packet count.
tx pkts: the count of IPFIX exported packets sent to the collector(s).
pkts errs: count of packets failed when sampling, maybe not supported or other
error.
ipv4 errs: Count of IPV4 flow packet in the error packets.
ipv6 errs: Count of IPV6 flow packet in the error packets.
tx errs: the count of IPFIX exported packets failed when sending to the
collector(s).
Signed-off-by: Benli Ye
---
NEWS | 2 +
include/openflow/nicira-ext.h| 17
include/openvswitch/ofp-errors.h | 8 ++
include/openvswitch/ofp-msgs.h | 16
include/openvswitch/ofp-util.h | 19
lib/ofp-print.c | 92 +++
lib/ofp-util.c | 90 ++
lib/rconn.c | 4 +
ofproto/collectors.c | 10 +-
ofproto/collectors.h | 2 +-
ofproto/ofproto-dpif-ipfix.c | 194 ++-
ofproto/ofproto-dpif-ipfix.h | 2 +
ofproto/ofproto-dpif.c | 16
ofproto/ofproto-provider.h | 10 ++
ofproto/ofproto.c| 66 +
tests/ofp-print.at | 79
tests/ofproto-dpif.at| 161 +++-
utilities/ovs-ofctl.8.in | 22 -
utilities/ovs-ofctl.c| 19
19 files changed, 799 insertions(+), 30 deletions(-)
diff --git a/NEWS b/NEWS
index ba201cf..08094c5 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,8 @@ Post-v2.5.0
* queue-get-config command now allows a queue ID to be specified.
* '--bundle' option can now be used with OpenFlow 1.3.
* New option "--color" to produce colorized output for some commands.
+ * New commands "dump-ipfix-bridge" and "dump-ipfix-flow" to dump bridge
+ IPFIX statistics and flow based IPFIX statistics.
- DPDK:
* New option "n_rxq" for PMD interfaces.
Old 'other_config:n-dpdk-rxqs' is no longer supported.
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
index 8950335..4a792e8 100644
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -774,6 +774,23 @@ struct nx_aggregate_stats_request {
*/
};
OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 8);
+
+struct nx_ipfix_stats_reply {
+ovs_be64 total_flows;
+ovs_be64 current_flows;
+ovs_be64 pkts;
+ovs_be64 ipv4_pkts;
+ovs_be64 ipv6_pkts;
+ovs_be64 error_pkts;
+ovs_be64 ipv4_error_pkts;
+ovs_be64 ipv6_error_pkts;
+ovs_be64 tx_pkts;
+ovs_be64 tx_errors;
+ovs_be32 collector_set_id; /* Range 0 to 4,294,967,295. */
+uint8_t pad[4];/* Pad to a multiple of 8. */
+};
+OFP_ASSERT(sizeof(struct nx_ipfix_stats_reply) == 88);
+
/* NXT_SET_CONTROLLER_ID.
*
diff --git a/include/openvswitch/ofp-errors.h b/include/openvswitch/ofp-errors.h
index f963d2b..a378909 100644
--- a/include/openvswitch/ofp-errors.h
+++ b/include/openvswitch/ofp-errors.h
@@ -781,6 +781,14 @@ enum ofperr {
* continuation was generated, or continuation was not generated by this
* Open vSwitch instance. */
OFPERR_NXR_STALE,
+
+/* ## -- ## */
+/* ## NXT_STATS ## */
+/* ## -- ## */
+
+/* NX1.0-1.1(1,535), NX1.2+(36). Protocol is not configured on this
+ * Open vSwitch instance. */
+OFPERR_NXST_NOT_CONFIGURED,
[ovs-dev] [PATCH v1] ipfix: Bug fix for not sending template packets on 32-bit OS
'last_template_set_time' in truct dpif_ipfix_exporter is declared
as time_t and time_t is long int type. If we initialize
'last_template_set_time' as TIME_MIN, whose value is -2147483648
on 32-bit OS and -2^63 on 64-bit OS. There will be a problem on
32-bit OS when comparing 'last_template_set_time' with a unisgned int
type variable, because type casting will happen and negative value
could be a large positive number. Fix this problem by simply initialize
'last_template_set_time' as 0.
---
ofproto/ofproto-dpif-ipfix.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ofproto/ofproto-dpif-ipfix.c b/ofproto/ofproto-dpif-ipfix.c
index 79ba234..b1b2237 100644
--- a/ofproto/ofproto-dpif-ipfix.c
+++ b/ofproto/ofproto-dpif-ipfix.c
@@ -495,7 +495,7 @@ dpif_ipfix_exporter_init(struct dpif_ipfix_exporter
*exporter)
{
exporter->collectors = NULL;
exporter->seq_number = 1;
-exporter->last_template_set_time = TIME_MIN;
+exporter->last_template_set_time = 0;
hmap_init(&exporter->cache_flow_key_map);
ovs_list_init(&exporter->cache_flow_start_timestamp_list);
exporter->cache_active_timeout = 0;
@@ -511,7 +511,7 @@ dpif_ipfix_exporter_clear(struct dpif_ipfix_exporter
*exporter)
collectors_destroy(exporter->collectors);
exporter->collectors = NULL;
exporter->seq_number = 1;
-exporter->last_template_set_time = TIME_MIN;
+exporter->last_template_set_time = 0;
exporter->cache_active_timeout = 0;
exporter->cache_max_flows = 0;
}
--
1.9.1
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH v4] ipfix: support tunnel information for Flow IPFIX
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added. With NXAST_SAMPLE2 action in
this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample
action.
When flow sample action upcall happens, tunnel information will be retrieved
from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) Flow sample action for egress tunnel port is moved to the point that
is just before output action. It makes sure that flow sample action
for egress tunnel port is always behind corresponding set_tunnel
action.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge
UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye
---
include/openvswitch/ofp-actions.h | 5 +-
lib/odp-util.c| 13 ++-
lib/odp-util.h| 3 +-
lib/ofp-actions.c | 85 ---
ofproto/ofproto-dpif-ipfix.c | 63 --
ofproto/ofproto-dpif-ipfix.h | 7 +-
ofproto/ofproto-dpif-upcall.c | 13 ++-
ofproto/ofproto-dpif-xlate.c | 120 +--
ofproto/ofproto.h | 1 +
tests/odp.at | 4 +-
tests/ofp-actions.at | 3 +
tests/ofproto-dpif.at | 74 +
tests/ovs-ofctl.at| 12 +++
utilities/ovs-ofctl.8.in | 6 ++
vswitchd/bridge.c | 3 +
vswitchd/vswitch.xml | 168 --
16 files changed, 461 insertions(+), 119 deletions(-)
diff --git a/include/openvswitch/ofp-actions.h
b/include/openvswitch/ofp-actions.h
index 038ef87..91c7ee5 100644
--- a/include/openvswitch/ofp-actions.h
+++ b/include/openvswitch/ofp-actions.h
@@ -775,13 +775,14 @@ struct ofpact_note {
/* OFPACT_SAMPLE.
*
- * Used for NXAST_SAMPLE. */
+ * Used for NXAST_SAMPLE and NXAST_SAMPLE2. */
struct ofpact_sample {
struct ofpact ofpact;
-ui
[ovs-dev] [PATCH v5] ipfix: support tunnel information for Flow IPFIX
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added. With NXAST_SAMPLE2 action in
this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=4294967295,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample
action.
When flow sample action upcall happens, tunnel information will be retrieved
from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port' and 32bit probability instead if 16bit probability.
NXAST_SAMPLE2 Supports 32bit probability, as datapath actually
uses 32bit usigned interger as probability and bridge IPFIX and
sFlow are both using 32bit probability.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) Flow sample action for egress tunnel port is moved to the point that
is just before output action. It makes sure that flow sample action
for egress tunnel port is always behind corresponding set_tunnel
action.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge
UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye
---
include/openvswitch/ofp-actions.h | 5 +-
lib/odp-util.c| 15 ++--
lib/odp-util.h| 5 +-
lib/ofp-actions.c | 88 +---
ofproto/ofproto-dpif-ipfix.c | 66 +--
ofproto/ofproto-dpif-ipfix.h | 7 +-
ofproto/ofproto-dpif-upcall.c | 13 ++-
ofproto/ofproto-dpif-xlate.c | 131 ++---
ofproto/ofproto.h | 1 +
tests/odp.at | 4 +-
tests/ofp-actions.at | 3 +
tests/ofproto-dpif.at | 76 +
tests/ovs-ofctl.at| 12 +++
utilities/ovs-ofctl.8.in | 8 ++
vswitchd/bridge.c | 3 +
vswitchd/vswitch.xml | 168 --
16 files changed, 478 insertions(+), 127 deletions(-)
diff --git a/include/openvswitch/ofp-actions.h
b/include/openvswitch/ofp-actions.h
index 038ef87..b060997 100644
--- a/include/openvswitch/ofp-a
[ovs-dev] [PATCH v6] ipfix: support tunnel information for Flow IPFIX
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added and with NXAST_SAMPLE2 action
in this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample
action.
When flow sample action upcall happens, tunnel information will be retrieved
from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) Flow sample action for egress tunnel port is moved to the point that
is just before output action. It makes sure that flow sample action
for egress tunnel port is always behind corresponding set_tunnel
action.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge
UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye
---
include/openvswitch/ofp-actions.h | 5 +-
lib/odp-util.c| 13 ++-
lib/odp-util.h| 3 +-
lib/ofp-actions.c | 85 ---
ofproto/ofproto-dpif-ipfix.c | 63 --
ofproto/ofproto-dpif-ipfix.h | 7 +-
ofproto/ofproto-dpif-upcall.c | 13 ++-
ofproto/ofproto-dpif-xlate.c | 120 +--
ofproto/ofproto.h | 1 +
tests/odp.at | 4 +-
tests/ofp-actions.at | 3 +
tests/ofproto-dpif.at | 74 +
tests/ovs-ofctl.at| 12 +++
utilities/ovs-ofctl.8.in | 6 ++
vswitchd/bridge.c | 3 +
vswitchd/vswitch.xml | 168 --
16 files changed, 461 insertions(+), 119 deletions(-)
diff --git a/include/openvswitch/ofp-actions.h
b/include/openvswitch/ofp-actions.h
index 038ef87..91c7ee5 100644
--- a/include/openvswitch/ofp-actions.h
+++ b/include/openvswitch/ofp-actions.h
@@ -775,13 +775,14 @@ struct ofpact_note {
/* OFPACT_SAMPLE.
*
- * Used for NXAST_SAMPLE. */
+ * Used for NXAST_SAMPLE and NXAST_SAMPLE2. */
struct ofpact_sample {
str
[ovs-dev] [PATCH v6] ipfix: add support for exporting ipfix statistics
It is meaningful for user to check the stats of IPFIX.
Using IPFIX stats, user can know how much flows the system
can support. It is also can be used for performance check
of IPFIX.
IPFIX stats is added for per IPFIX exporter. If bridge IPFIX is
enabled on the bridge, the whole bridge will have one exporter.
For flow IPFIX, the system keeps per id (column in
Flow_Sample_Collector_Set) per exporter.
1) Add 'ovs-ofctl dump-ipfix-bridge SWITCH' to export IPFIX stats of
the bridge which enable bridge IPFIX. The output format:
NXST_IPFIX_BRIDGE reply (xid=0x2):
bridge ipfix: flows=0, current flows=0, sampled pkts=0, \
ipv4 ok=0, ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
2) Add 'ovs-ofctl dump-ipfix-flow SWITCH' to export IPFIX stats of
the bridge which enable flow IPFIX. The output format:
NXST_IPFIX_FLOW reply (xid=0x2): 2 ids
id 1: flows=4, current flows=4, sampled pkts=14, ipv4 ok=13, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
id 2: flows=0, current flows=0, sampled pkts=0, ipv4 ok=0, \
ipv6 ok=0, tx pkts=0
pkts errs=0, ipv4 errs=0, ipv6 errs=0, tx errs=0
flows: the number of total flow records, including those exported.
current flows: the number of current flow records cached.
sampled pkts: Successfully sampled packet count.
ipv4 ok: successfully sampled IPv4 flow packet count.
ipv6 ok: Successfully sampled IPv6 flow packet count.
tx pkts: the count of IPFIX exported packets sent to the collector(s).
pkts errs: count of packets failed when sampling, maybe not supported or other
error.
ipv4 errs: Count of IPV4 flow packet in the error packets.
ipv6 errs: Count of IPV6 flow packet in the error packets.
tx errs: the count of IPFIX exported packets failed when sending to the
collector(s).
Signed-off-by: Benli Ye
---
NEWS | 2 +
include/openflow/nicira-ext.h| 17
include/openvswitch/ofp-errors.h | 8 ++
include/openvswitch/ofp-msgs.h | 16
include/openvswitch/ofp-util.h | 19
lib/ofp-print.c | 92 +++
lib/ofp-util.c | 90 ++
lib/rconn.c | 4 +
ofproto/collectors.c | 10 +-
ofproto/collectors.h | 2 +-
ofproto/ofproto-dpif-ipfix.c | 194 ++-
ofproto/ofproto-dpif-ipfix.h | 2 +
ofproto/ofproto-dpif.c | 16
ofproto/ofproto-provider.h | 10 ++
ofproto/ofproto.c| 66 +
tests/ofp-print.at | 79
tests/ofproto-dpif.at| 146 -
utilities/ovs-ofctl.8.in | 22 -
utilities/ovs-ofctl.c| 19
19 files changed, 784 insertions(+), 30 deletions(-)
diff --git a/NEWS b/NEWS
index ba201cf..08094c5 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,8 @@ Post-v2.5.0
* queue-get-config command now allows a queue ID to be specified.
* '--bundle' option can now be used with OpenFlow 1.3.
* New option "--color" to produce colorized output for some commands.
+ * New commands "dump-ipfix-bridge" and "dump-ipfix-flow" to dump bridge
+ IPFIX statistics and flow based IPFIX statistics.
- DPDK:
* New option "n_rxq" for PMD interfaces.
Old 'other_config:n-dpdk-rxqs' is no longer supported.
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
index 8950335..5ab026c 100644
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -774,6 +774,23 @@ struct nx_aggregate_stats_request {
*/
};
OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 8);
+
+struct nx_ipfix_stats_reply {
+ovs_be64 total_flows;
+ovs_be64 current_flows;
+ovs_be64 pkts;
+ovs_be64 ipv4_pkts;
+ovs_be64 ipv6_pkts;
+ovs_be64 error_pkts;
+ovs_be64 ipv4_error_pkts;
+ovs_be64 ipv6_error_pkts;
+ovs_be64 tx_pkts;
+ovs_be64 tx_errors;
+ovs_be32 collector_set_id; /* Range 0 to 4,294,967,295. */
+uint8_t pad[4];/* Pad to a multiple of 8 bytes. */
+};
+OFP_ASSERT(sizeof(struct nx_ipfix_stats_reply) == 88);
+
/* NXT_SET_CONTROLLER_ID.
*
diff --git a/include/openvswitch/ofp-errors.h b/include/openvswitch/ofp-errors.h
index f963d2b..a378909 100644
--- a/include/openvswitch/ofp-errors.h
+++ b/include/openvswitch/ofp-errors.h
@@ -781,6 +781,14 @@ enum ofperr {
* continuation was generated, or continuation was not generated by this
* Open vSwitch instance. */
OFPERR_NXR_STALE,
+
+/* ## -- ## */
+/* ## NXT_STATS ## */
+/* ## -- ## */
+
+/* NX1.0-1.1(1,535), NX1.2+(36). Protocol is not configured on this
+ * Open vSwitch instance. */
+OFPERR_NXST_NOT_CONFIGURED,
[ovs-dev] [PATCH v2] ipfix: Bug fix for not sending template packets on 32-bit OS
'last_template_set_time' in truct dpif_ipfix_exporter is declared
as time_t and time_t is long int type. If we initialize
'last_template_set_time' as TIME_MIN, whose value is -2147483648
on 32-bit OS and -2^63 on 64-bit OS. There will be a problem on
32-bit OS when comparing 'last_template_set_time' with a unisgned int
type variable, because type casting will happen and negative value
could be a large positive number. Fix this problem by simply initialize
'last_template_set_time' as 0.
Signed-off-by: Benli Ye
---
ofproto/ofproto-dpif-ipfix.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ofproto/ofproto-dpif-ipfix.c b/ofproto/ofproto-dpif-ipfix.c
index 79ba234..b1b2237 100644
--- a/ofproto/ofproto-dpif-ipfix.c
+++ b/ofproto/ofproto-dpif-ipfix.c
@@ -495,7 +495,7 @@ dpif_ipfix_exporter_init(struct dpif_ipfix_exporter
*exporter)
{
exporter->collectors = NULL;
exporter->seq_number = 1;
-exporter->last_template_set_time = TIME_MIN;
+exporter->last_template_set_time = 0;
hmap_init(&exporter->cache_flow_key_map);
ovs_list_init(&exporter->cache_flow_start_timestamp_list);
exporter->cache_active_timeout = 0;
@@ -511,7 +511,7 @@ dpif_ipfix_exporter_clear(struct dpif_ipfix_exporter
*exporter)
collectors_destroy(exporter->collectors);
exporter->collectors = NULL;
exporter->seq_number = 1;
-exporter->last_template_set_time = TIME_MIN;
+exporter->last_template_set_time = 0;
exporter->cache_active_timeout = 0;
exporter->cache_max_flows = 0;
}
--
1.9.1
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH v7] ipfix: support tunnel information for Flow IPFIX
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added and with NXAST_SAMPLE2 action
in this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample
action.
When flow sample action upcall happens, tunnel information will be retrieved
from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) If 'sampling_port' is equal to output port and output port is a tunnel
port, the translation of OpenFlow "sample" action should first emit
set(tunnel(...)), then the sample action itself. It makes sure the
egress tunnel information can be sampled.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge
UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye
---
include/openvswitch/ofp-actions.h | 5 +-
lib/odp-util.c| 13 ++-
lib/odp-util.h| 3 +-
lib/ofp-actions.c | 85 ---
ofproto/ofproto-dpif-ipfix.c | 52 ++--
ofproto/ofproto-dpif-ipfix.h | 6 +-
ofproto/ofproto-dpif-upcall.c | 13 ++-
ofproto/ofproto-dpif-xlate.c | 71 ++--
ofproto/ofproto.h | 1 +
tests/odp.at | 4 +-
tests/ofp-actions.at | 3 +
tests/ofproto-dpif.at | 76 -
tests/ovs-ofctl.at| 12 +++
utilities/ovs-ofctl.8.in | 6 ++
vswitchd/bridge.c | 3 +
vswitchd/vswitch.xml | 168 --
16 files changed, 402 insertions(+), 119 deletions(-)
diff --git a/include/openvswitch/ofp-actions.h
b/include/openvswitch/ofp-actions.h
index 038ef87..91c7ee5 100644
--- a/include/openvswitch/ofp-actions.h
+++ b/include/openvswitch/ofp-actions.h
@@ -775,13 +775,14 @@ struct ofpact_note {
/* OFPACT_SAMPLE.
*
- * Used for NXAST_SAMPLE. */
+ * Used for NXAST_SAMPLE and NXAST_SAMPLE2. *
[ovs-dev] [PATCH v1] Fix IPFIX test cases issue
IPFIX statistics 'tx pkts' means the number of successfully sending IPFIX packets, while 'tx errs' means sending error IPFIX packets. These two parameters can be affected by whether listening on port 4739 on local host. This case should be solved entirely by introducing PARSE_LISTENING_PORT as sFlow, but it depends on implementing IPFIX packet analysis and it will take some time. Disable these field first, as IPFIX statistics check are failed on Windows due to 'tx pkts' and 'tx errs' fields. Windows marks all packets sending successfully, even if port 4739 on local host is not listened. Remove XFAIL check for 'Flow IPFIX sanity check - tunnel set', as this test had “UNEXPECTED PASS” on Windows. More detail, please refer the following link. https://www.mail-archive.com/dev@openvswitch.org/msg65229.html Reported-by: Paul Boca Signed-off-by: Benli Ye --- tests/ofproto-dpif.at | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at index 8287d90..a24d4ed 100644 --- a/tests/ofproto-dpif.at +++ b/tests/ofproto-dpif.at @@ -6196,10 +6196,10 @@ for i in `seq 1 20`; do done dnl There are 4 extra IPFIX template packets. -AT_CHECK([ovs-ofctl dump-ipfix-bridge br0], [0], [dnl +AT_CHECK([ovs-ofctl dump-ipfix-bridge br0 | sed 's/tx pkts=[[0-9]]*/tx pkts=24/' | sed 's/tx errs=[[0-9]]*/tx errs=0/'], [0], [dnl NXST_IPFIX_BRIDGE reply (xid=0x2): - bridge ipfix: flows=20, current flows=0, sampled pkts=20, ipv4 ok=0, ipv6 ok=0, tx pkts=12 -pkts errs=20, ipv4 errs=20, ipv6 errs=0, tx errs=12 + bridge ipfix: flows=20, current flows=0, sampled pkts=20, ipv4 ok=0, ipv6 ok=0, tx pkts=24 +pkts errs=20, ipv4 errs=20, ipv6 errs=0, tx errs=0 ]) dnl Remove the IPFIX configuration. @@ -6261,7 +6261,6 @@ AT_CLEANUP dnl Flow IPFIX sanity check for tunnel set AT_SETUP([ofproto-dpif - Flow IPFIX sanity check - tunnel set]) -AT_XFAIL_IF([test "$IS_WIN32" = "yes"]) OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=gre \ options:remote_ip=1.1.1.1 options:local_ip=2.2.2.2 \ options:key=5 ofport_request=1\ @@ -6361,10 +6360,10 @@ for i in `seq 1 20`; do done dnl There are 4 extra IPFIX template packets. -AT_CHECK([ovs-ofctl dump-ipfix-flow br0], [0], [dnl +AT_CHECK([ovs-ofctl dump-ipfix-flow br0 | sed 's/tx pkts=[[0-9]]*/tx pkts=24/' | sed 's/tx errs=[[0-9]]*/tx errs=0/'], [0], [dnl NXST_IPFIX_FLOW reply (xid=0x2): 1 ids - id 1: flows=20, current flows=0, sampled pkts=20, ipv4 ok=0, ipv6 ok=0, tx pkts=12 - pkts errs=20, ipv4 errs=20, ipv6 errs=0, tx errs=12 + id 1: flows=20, current flows=0, sampled pkts=20, ipv4 ok=0, ipv6 ok=0, tx pkts=24 + pkts errs=20, ipv4 errs=20, ipv6 errs=0, tx errs=0 ]) dnl Remove the flow which contains sample action. -- 1.9.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH v1] Support port level IPFIX
From: Benli Ye
This patch enables port level IPFIX. Before this patch, OVS supported
per bridge IPFIX and per flow IPFX, and exporting packet tunnel headers
is only supported by bridge IPFIX. This patch adds port level IPFIX
for easy configuration and port level IPFIX also supports exporting
packet tunnel headers, just the same with bridge level IPFIX.
Three main things are done in this patch.
1) Add a column ipfix in Port table to ref IPFIX table
2) Each interface in the port should use the port IPFiX configuration
3) A hash map is used to manage the port which is configured IPFIX
CLI to configure Port IPFIX:
1) Configure
ovs-vsctl -- set Port port0 ipfix=@i -- --id=@i create IPFIX \
targets=\"10.24.122.72:4739\" sampling=1 obs_domain_id=123 \
obs_point_id=456 cache_active_timeout=1 cache_max_flows=128 \
other_config:enable-tunnel-sampling=true
2) Clear
ovs-vsctl clear Port port0 ipfix
---
lib/odp-util.c| 29 ++-
lib/odp-util.h| 19 +-
ofproto/ofproto-dpif-ipfix.c | 403 +++---
ofproto/ofproto-dpif-ipfix.h | 17 ++
ofproto/ofproto-dpif-upcall.c | 39 +++-
ofproto/ofproto-dpif-xlate.c | 117
ofproto/ofproto-dpif-xlate.h | 3 +-
ofproto/ofproto-dpif.c| 19 +-
ofproto/ofproto-provider.h| 7 +-
ofproto/ofproto.c | 7 +-
ofproto/ofproto.h | 23 +++
vswitchd/bridge.c | 123 +++--
vswitchd/vswitch.ovsschema| 6 +-
vswitchd/vswitch.xml | 34 +++-
14 files changed, 741 insertions(+), 105 deletions(-)
diff --git a/lib/odp-util.c b/lib/odp-util.c
index b4689cc..453ae4f 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -316,10 +316,16 @@ format_odp_userspace_action(struct ds *ds, const struct
nlattr *attr)
cookie.flow_sample.collector_set_id,
cookie.flow_sample.obs_domain_id,
cookie.flow_sample.obs_point_id);
-} else if (userdata_len >= sizeof cookie.ipfix
- && cookie.type == USER_ACTION_COOKIE_IPFIX) {
-ds_put_format(ds, ",ipfix(output_port=%"PRIu32")",
- cookie.ipfix.output_odp_port);
+} else if (userdata_len >= sizeof cookie.bridge_ipfix
+ && cookie.type == USER_ACTION_COOKIE_BRIDGE_IPFIX) {
+ds_put_format(ds, ",bridge_ipfix(output_port=%"PRIu32")",
+ cookie.bridge_ipfix.output_odp_port);
+} else if (userdata_len >= sizeof cookie.port_ipfix
+ && cookie.type == USER_ACTION_COOKIE_PORT_IPFIX) {
+ds_put_format(ds, ",port_ipfix(ofp_port=%"PRIu16
+ ",output_port=%"PRIu32")",
+ cookie.port_ipfix.ofp_port,
+ cookie.port_ipfix.output_odp_port);
} else {
userdata_unspec = true;
}
@@ -963,13 +969,20 @@ parse_odp_userspace_action(const char *s, struct ofpbuf
*actions)
cookie.flow_sample.obs_point_id = obs_point_id;
user_data = &cookie;
user_data_size = sizeof cookie.flow_sample;
-} else if (ovs_scan(&s[n], ",ipfix(output_port=%"SCNi32")%n",
+} else if (ovs_scan(&s[n], ",bridge_ipfix(output_port=%"SCNi32")%n",
&output, &n1) ) {
n += n1;
-cookie.type = USER_ACTION_COOKIE_IPFIX;
-cookie.ipfix.output_odp_port = u32_to_odp(output);
+cookie.type = USER_ACTION_COOKIE_BRIDGE_IPFIX;
+cookie.bridge_ipfix.output_odp_port = u32_to_odp(output);
user_data = &cookie;
-user_data_size = sizeof cookie.ipfix;
+user_data_size = sizeof cookie.bridge_ipfix;
+} else if (ovs_scan(&s[n], ",port_ipfix(output_port=%"SCNi32")%n",
+&output, &n1) ) {
+n += n1;
+cookie.type = USER_ACTION_COOKIE_PORT_IPFIX;
+cookie.port_ipfix.output_odp_port = u32_to_odp(output);
+user_data = &cookie;
+user_data_size = sizeof cookie.port_ipfix;
} else if (ovs_scan(&s[n], ",userdata(%n",
&n1)) {
char *end;
diff --git a/lib/odp-util.h b/lib/odp-util.h
index 51cf5c3..4c9f271 100644
--- a/lib/odp-util.h
+++ b/lib/odp-util.h
@@ -274,10 +274,11 @@ enum slow_path_reason commit_odp_actions(const struct
flow *,
enum user_action_cookie_type {
USER_ACTION_COOKIE_UNSPEC,
-USER_ACTION_COOKIE_SFLOW,/* Packet for per-bridge sFlow sampling.
*
[ovs-dev] [PATCH v1] ipfix: Add ingress and egress interface in exporting flows
In virtual evironment, IPFIX is unable to differentiate flows
between pair of VMs on different virtual network if their IP/mac
are same.
Network:
VM1 < VNI1 > VM3
VM2 < VNI2 > VM4
In terms of IP/mac:
VM1 == VM2
VM3 == VM4
Send 10 packets each from VM1 - VM3 and VM2 - VM4
Expectation:
- Normal IPFIX record for 10 packets from VM1-VM3
- Tunnel IPFIX record for 10 packets from VM1-VM3
- Normal IPFIX record for 10 packets from VM2-VM4
- Tunnel IPFIX record for 10 packets from VM2-VM4
What really is:
- Normal IPFIX record for 20 packets from VM1-VM3 (or VM2-VM4)
- Tunnel IPFIX record for 10 packets from VM1-VM3
- Tunnel IPFIX record for 10 packets from VM2-VM4
IPFIX is unable to differentiate that VM1-VM3 and VM2-VM4 are actually
2 different flows for normal record.
Add ingress and egress interface which are the ofp_port in the OVS
bridge to differentiate the flows above.
Signed-off-by: Daniel Benli Ye
---
ofproto/ofproto-dpif-ipfix.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/ofproto/ofproto-dpif-ipfix.c b/ofproto/ofproto-dpif-ipfix.c
index 59cd884..2d1f7a8 100644
--- a/ofproto/ofproto-dpif-ipfix.c
+++ b/ofproto/ofproto-dpif-ipfix.c
@@ -239,8 +239,10 @@ struct ipfix_data_record_flow_key_common {
struct eth_addr destination_mac_address; /* DESTINATION_MAC_ADDRESS */
ovs_be16 ethernet_type; /* ETHERNET_TYPE */
uint8_t ethernet_header_length; /* ETHERNET_HEADER_LENGTH */
+ovs_be32 ingress_interface; /* INGRESS_INTERFACE */
+ovs_be32 egress_interface; /* EGRESS_INTERFACE */
});
-BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_common) == 20);
+BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_common) == 28);
/* Part of data record flow key for VLAN entities. */
OVS_PACKED(
@@ -1063,6 +1065,8 @@ ipfix_define_template_fields(enum ipfix_proto_l2 l2, enum
ipfix_proto_l3 l3,
DEF(DESTINATION_MAC_ADDRESS);
DEF(ETHERNET_TYPE);
DEF(ETHERNET_HEADER_LENGTH);
+DEF(INGRESS_INTERFACE);
+DEF(EGRESS_INTERFACE);
if (l2 == IPFIX_PROTO_L2_VLAN) {
DEF(VLAN_ID);
@@ -1446,6 +1450,8 @@ ipfix_cache_entry_init(struct ipfix_flow_cache_entry
*entry,
data_common->destination_mac_address = flow->dl_dst;
data_common->ethernet_type = flow->dl_type;
data_common->ethernet_header_length = ethernet_header_length;
+data_common->ingress_interface =
htonl((ovs_be32)flow->in_port.ofp_port);
+data_common->egress_interface = htonl((ovs_be32)flow->actset_output);
}
if (l2 == IPFIX_PROTO_L2_VLAN) {
--
1.9.1
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH v2] ipfix: Add ingress and egress interface in exporting flows
In virtual evironment, IPFIX is unable to differentiate flows
between pair of VMs on different virtual network if their IP/mac
are same.
Network:
VM1 < VNI1 > VM3
VM2 < VNI2 > VM4
In terms of IP/mac:
VM1 == VM2
VM3 == VM4
Send 10 packets each from VM1 - VM3 and VM2 - VM4
Expectation:
- Normal IPFIX record for 10 packets from VM1-VM3
- Tunnel IPFIX record for 10 packets from VM1-VM3
- Normal IPFIX record for 10 packets from VM2-VM4
- Tunnel IPFIX record for 10 packets from VM2-VM4
What really is:
- Normal IPFIX record for 20 packets from VM1-VM3 (or VM2-VM4)
- Tunnel IPFIX record for 10 packets from VM1-VM3
- Tunnel IPFIX record for 10 packets from VM2-VM4
IPFIX is unable to differentiate that VM1-VM3 and VM2-VM4 are actually
2 different flows for normal record.
Add ingress and egress interface which are the odp_port in the OVS
bridge to differentiate the flows above. Use IPFIX Information Element
identifiers "ingressInterface" and "egressInterface" in rfc5102 to
carry the information.
Signed-off-by: Benli Ye
---
v1 -> v2:
- Use 32bit odp_port instead of ofp_port.
- Fix some "sparse" warnings.
---
---
ofproto/ofproto-dpif-ipfix.c | 24 +---
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/ofproto/ofproto-dpif-ipfix.c b/ofproto/ofproto-dpif-ipfix.c
index 5744abb..4858ed5 100644
--- a/ofproto/ofproto-dpif-ipfix.c
+++ b/ofproto/ofproto-dpif-ipfix.c
@@ -253,8 +253,10 @@ struct ipfix_data_record_flow_key_common {
struct eth_addr destination_mac_address; /* DESTINATION_MAC_ADDRESS */
ovs_be16 ethernet_type; /* ETHERNET_TYPE */
uint8_t ethernet_header_length; /* ETHERNET_HEADER_LENGTH */
+ovs_be32 ingress_interface; /* INGRESS_INTERFACE */
+ovs_be32 egress_interface; /* EGRESS_INTERFACE */
});
-BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_common) == 20);
+BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_common) == 28);
/* Part of data record flow key for VLAN entities. */
OVS_PACKED(
@@ -1156,6 +1158,8 @@ ipfix_define_template_fields(enum ipfix_proto_l2 l2, enum
ipfix_proto_l3 l3,
DEF(DESTINATION_MAC_ADDRESS);
DEF(ETHERNET_TYPE);
DEF(ETHERNET_HEADER_LENGTH);
+DEF(INGRESS_INTERFACE);
+DEF(EGRESS_INTERFACE);
if (l2 == IPFIX_PROTO_L2_VLAN) {
DEF(VLAN_ID);
@@ -1576,7 +1580,8 @@ static enum ipfix_sampled_packet_type
ipfix_cache_entry_init(struct ipfix_flow_cache_entry *entry,
const struct dp_packet *packet, const struct flow *flow,
uint64_t packet_delta_count, uint32_t obs_domain_id,
- uint32_t obs_point_id, odp_port_t output_odp_port,
+ uint32_t obs_point_id, odp_port_t input_odp_port,
+ odp_port_t output_odp_port,
const struct dpif_ipfix_port *tunnel_port,
const struct flow_tnl *tunnel_key)
{
@@ -1668,6 +1673,8 @@ ipfix_cache_entry_init(struct ipfix_flow_cache_entry
*entry,
data_common->destination_mac_address = flow->dl_dst;
data_common->ethernet_type = flow->dl_type;
data_common->ethernet_header_length = ethernet_header_length;
+data_common->ingress_interface = htonl(odp_to_u32(input_odp_port));
+data_common->egress_interface = htonl(odp_to_u32(output_odp_port));
}
if (l2 == IPFIX_PROTO_L2_VLAN) {
@@ -1904,7 +1911,8 @@ static void
dpif_ipfix_sample(struct dpif_ipfix_exporter *exporter,
const struct dp_packet *packet, const struct flow *flow,
uint64_t packet_delta_count, uint32_t obs_domain_id,
- uint32_t obs_point_id, odp_port_t output_odp_port,
+ uint32_t obs_point_id, odp_port_t input_odp_port,
+ odp_port_t output_odp_port,
const struct dpif_ipfix_port *tunnel_port,
const struct flow_tnl *tunnel_key)
{
@@ -1916,8 +1924,8 @@ dpif_ipfix_sample(struct dpif_ipfix_exporter *exporter,
sampled_packet_type = ipfix_cache_entry_init(entry, packet,
flow, packet_delta_count,
obs_domain_id, obs_point_id,
- output_odp_port, tunnel_port,
- tunnel_key);
+ input_odp_port,
output_odp_port,
+ tunnel_port, tunnel_key);
ipfix_cache_update(exporter, entry, sampled_packet_type);
}
@@ -1980,7 +1988,8 @@ dpif_ipfix_bridge_sample(struct dpif_ipfix *di, const
struct dp_packet *packet,
packet_delta_count,
di->bridge_exporter.options->obs_domain_id,
di->bridge_exporter
