[ovs-dev] [PATCH ovn v3] controller: Allow br-int connection via other methods.

The br-int connection is hardcoded to use unix socket, which requires for the socket to be visible for ovn-controller. This is achievable in container by mounting the socket, but in turn the container requires additional privileges. Add option to vswitchd external-ids that allows to specify

[ovs-dev] [PATCH ovn v2] controller: Change dns resolution to async.

Currently DNS resolution is a blocking call in OVN controller. If DNS server is not reachable for any reason then, ovn-controller thread blocks for longer time and other events are not processed. Ex: If we try to run ovn-appctl commands during this then, ovn-controller will not respond for a

Re: [ovs-dev] [PATCH ovn v2] controller: Allow br-int connection via other methods.

On Thu, Apr 4, 2024 at 9:56 PM Mark Michelson wrote: > Hi Ales, > > The patch looks good to me except for one problem. > > On 4/3/24 04:53, Ales Musil wrote: > > The br-int connection is hardcoded to use unix socket, which requires > > for the socket to be visible for ovn-controller. This is

Re: [ovs-dev] [PATCH ovn] northd: Add support for disabling vxlan mode.

On Wed, Apr 3, 2024 at 3:01 PM Vladislav Odintsov wrote: > Hi Ihar, > > thanks for your quick reaction! > I didn’t see mentioned thread, but think that it is not safe enough to > have automatic detection of this scenario here. > Imagine: for VXLAN with HW VTEP scenario besides VXLAN encap one

Re: [ovs-dev] [PATCH ovn v2 2/2] missed during test simplification.

Thanks Jacob and Ales. I fixed the subject line and fixed the typo below (as well as s/referances/references/) and pushed both patches in the series to main. On 3/28/24 05:04, Ales Musil wrote: On Tue, Mar 26, 2024 at 5:32 PM Jacob Tanenbaum wrote: Hi Jacob, thank you for the v2. As 0-day

[ovs-dev] [PATCH ovn] Start mcast id allocations from OVN_MIN_IP_MULTICAST.

Strictly speaking, this is not *essential* to start from MIN and not MIN+1 (once the hint reaches max, it will wrap back to MIN anyway), but this is inconsistent with how we handle datapath and port keys (we start with hint = 0 there). Signed-off-by: Ihar Hrachyshka --- northd/northd.c | 3 ++-

Re: [ovs-dev] [PATCH ovn v2] acl-log: Properly log the "pass" verdict.

Thanks for the review Ales. I merged this to main and all branches down to 23.06. On 3/26/24 02:26, Ales Musil wrote: On Mon, Mar 25, 2024 at 6:48 PM Mark Michelson > wrote: The "pass" verdict was not explicitly defined in the list of verdicts for ACL

Re: [ovs-dev] [PATCH ovn] Make tunnel ids exhaustion test case trigger the problem.

On Thu, Apr 4, 2024 at 3:56 PM Vladislav Odintsov wrote: > Thanks Ihar for the patch. > > It definitely triggers the bug mentioned in Fixes commit, but how do you > like next diff as an alternative? > It seems a little easier to me, because it shows the real limit and the > situation where the

Re: [ovs-dev] [PATCH ovn] tests: Add macro for checking flows after recompute.

Hi Xavier, the patch looks good, but I have one question down below. On 3/26/24 07:56, Xavier Simonart wrote: The macro CHECK_FLOWS_AFTER_RECOMPUTE dumps the Openflows, then recomputes, then dumps again the Openflows, and finally compares both sets of flows. The test fails if flows are

Re: [ovs-dev] [PATCH ovn] automake: Make system tests dependent of ovn-macro.

Thank you Xavier and Ales. I pushed this change to main and all branches back to 23.06. On 3/28/24 04:37, Ales Musil wrote: On Tue, Mar 26, 2024 at 12:56 PM Xavier Simonart wrote: So system testsuite will be recompiled when ovn-macro is changed. Signed-off-by: Xavier Simonart ---

Re: [ovs-dev] [PATCH ovn] northd: fix infinite loop in ovn_allocate_tnlid()

> On 4 Apr 2024, at 22:51, Mark Michelson wrote: > > On 4/4/24 12:46, Dumitru Ceara wrote: >> On 4/4/24 17:52, Vladislav Odintsov wrote: >>> Thanks Dumitru! >>> I’m totally fine with your change. >>> Should I send backport patches with resolved conflicts for remaining >>> branches at least

Re: [ovs-dev] [PATCH ovn] controller: change dns resolution to async.

Thanks Naveen, Aside from what 0-day robot pointed out, Acked-by: Mark Michelson On 4/3/24 07:29, Naveen Yerramneni wrote: Currently DNS resolution is a blocking call in OVN controller. If DNS server is not reachable for any reason then, ovn-controller thread blocks for longer time and other

Re: [ovs-dev] [PATCH ovn] ovn-ctl: Use the current user for default file permissions.

Thanks Ales, Acked-by: Mark Michelson On 3/25/24 06:40, Ales Musil wrote: The ovn-ctl utility was assuming that the user/group is always root, when not specified otherwise by the --ovn-user/--ovn-group options. This has the consequence of trying to change permissions of OVN directories to

Re: [ovs-dev] [PATCH ovn] Make tunnel ids exhaustion test case trigger the problem.

Thanks Ihar for the patch. It definitely triggers the bug mentioned in Fixes commit, but how do you like next diff as an alternative? It seems a little easier to me, because it shows the real limit and the situation where the problem was (separate ls-add): diff --git a/tests/ovn-northd.at

Re: [ovs-dev] [PATCH ovn v2] controller: Allow br-int connection via other methods.

Hi Ales, The patch looks good to me except for one problem. On 4/3/24 04:53, Ales Musil wrote: The br-int connection is hardcoded to use unix socket, which requires for the socket to be visible for ovn-controller. This is achievable in container by mounting the socket, but in turn the

Re: [ovs-dev] [PATCH ovn] northd: fix infinite loop in ovn_allocate_tnlid()

On 4/4/24 12:46, Dumitru Ceara wrote: On 4/4/24 17:52, Vladislav Odintsov wrote: Thanks Dumitru! I’m totally fine with your change. Should I send backport patches with resolved conflicts for remaining branches at least till 22.03, which is an LTS? Well, 24.03 is the most recent LTS. We

Re: [ovs-dev] [PATCH ovn] northd: fix infinite loop in ovn_allocate_tnlid()

> On 4 Apr 2024, at 21:07, Ihar Hrachyshka wrote: > > On Thu, Apr 4, 2024 at 1:46 PM Dumitru Ceara > wrote: >> On 4/4/24 19:17, Ihar Hrachyshka wrote: >> > I tried to revert the util change and the test case passed just fine. >> > >> >> I had done that before

Re: [ovs-dev] [PATCH ovn] northd: Add support for disabling vxlan mode.

On Thu, Apr 4, 2024 at 6:06 AM Dumitru Ceara wrote: > On 4/3/24 22:05, Vladislav Odintsov wrote: > > re-sending email because ovs list rejected previous its content for some > reason: > > > > Hi Ihar, > > > > Hi Vladislav, Ihar, > > > thanks for your quick reaction! > > I didn’t see mentioned

Re: [ovs-dev] [PATCH] Use listen backlog = 64 for all connections.

On Thu, Apr 4, 2024 at 2:36 AM Eelco Chaudron wrote: > > > On 3 Apr 2024, at 23:18, Ihar Hrachyshka wrote: > > > Before the patch, the size of the backlog depended on the type of socket > > (UNIX vs INET) as well as on the language (C vs Python), specifically: > > > > - python used backlog size

Re: [ovs-dev] [PATCH ovn v2 3/3] ofctrl: Introduce ecmp_nexthop_monitor.

Hi Lorenzo, The code looks fine to me, but I'm a bit confused by the new test. My understanding of the new feature is that each ECMP nexthop has an ID associated with it. This ID gets placed in the ct.label. If the ECMP route is removed, then we can find the associated ID, and remove the

Re: [ovs-dev] [PATCH ovn] ovn-controller.at: Fix flaky test "ofctrl wait before clearing flows".

On Thu, Apr 4, 2024 at 10:03 AM Mark Michelson wrote: > > Thanks for the fix, Han. > > Acked-by: Mark Michelson Thanks Mark. Applied to main and backported. Han > > On 4/4/24 02:47, Han Zhou wrote: > > Fixes: bbf2f941965a ("ofctrl: Wait at S_WAIT_BEFORE_CLEAR only once.") > > Signed-off-by:

[ovs-dev] [PATCH ovn v3] northd: Add support for disabling vxlan mode.

Commit [1] introduced a "vxlan mode" concept. It brought a limitation for available tunnel IDs because of lack of space in VXLAN VNI. In vxlan mode OVN is limited by 4095 datapaths (LRs or non-transit LSs) and 2047 logical switch ports per datapath. Prior to this patch vxlan mode was enabled

Re: [ovs-dev] [PATCH ovn v2] northd: Add support for disabling vxlan mode.

Oh, my bad. I’ll send out v3. Sorry. > On 4 Apr 2024, at 19:53, Dumitru Ceara wrote: > > On 4/4/24 18:06, Vladislav Odintsov wrote: >> Commit [1] introduced a "vxlan mode" concept. It brought a limitation >> for available tunnel IDs because of lack of space in VXLAN VNI. >> In vxlan mode OVN

Re: [ovs-dev] [PATCH ovn] northd: fix infinite loop in ovn_allocate_tnlid()

On Thu, Apr 4, 2024 at 1:46 PM Dumitru Ceara wrote: > On 4/4/24 19:17, Ihar Hrachyshka wrote: > > I tried to revert the util change and the test case passed just fine. > > > > I had done that before pushing the patch but.. I got tricked by the fact > that northd was spinning and using cpu 100%

Re: [ovs-dev] [PATCH ovn] northd: fix infinite loop in ovn_allocate_tnlid()

On 4/4/24 19:17, Ihar Hrachyshka wrote: > I tried to revert the util change and the test case passed just fine. > I had done that before pushing the patch but.. I got tricked by the fact that northd was spinning and using cpu 100% while the switches were added. My bad. > I think the scenario

Re: [ovs-dev] [PATCH ovn] northd: fix infinite loop in ovn_allocate_tnlid()

I tried to revert the util change and the test case passed just fine. I think the scenario that may get the hint out of bounds is 1) start with no vxlan chassis; 2) create 4097 DPs; 3) add a vxlan chassis - this makes northd downgrade its max key to 4096. Now when we create a DP, it will spin in

Re: [ovs-dev] [PATCH] Make tunnel ids exhaustion test case trigger the problem.

Bleep bloop. Greetings Ihar Hrachyshka, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. git-am: error: sha1 information is lacking or useless (tests/ovn-northd.at). error: could not build

Re: [ovs-dev] [PATCH] Make tunnel ids exhaustion test case trigger the problem.

Sorry, missing 'ovn' in the subject. Resent to ovn queue. On Thu, Apr 4, 2024 at 1:13 PM Ihar Hrachyshka wrote: > The original version of the scenario passed with or without the fix. > > Fixes: a1f165a7b807 ("northd: fix infinite loop in ovn_allocate_tnlid()") > Signed-off-by: Ihar Hrachyshka

[ovs-dev] [PATCH ovn] Make tunnel ids exhaustion test case trigger the problem.

The original version of the scenario passed with or without the fix. Fixes: a1f165a7b807 ("northd: fix infinite loop in ovn_allocate_tnlid()") Signed-off-by: Ihar Hrachyshka --- tests/ovn-northd.at | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) diff --git

[ovs-dev] [PATCH] Make tunnel ids exhaustion test case trigger the problem.

The original version of the scenario passed with or without the fix. Fixes: a1f165a7b807 ("northd: fix infinite loop in ovn_allocate_tnlid()") Signed-off-by: Ihar Hrachyshka --- tests/ovn-northd.at | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) diff --git

Re: [ovs-dev] [PATCH ovn] ovn-controller.at: Fix flaky test "ofctrl wait before clearing flows".

Thanks for the fix, Han. Acked-by: Mark Michelson On 4/4/24 02:47, Han Zhou wrote: Fixes: bbf2f941965a ("ofctrl: Wait at S_WAIT_BEFORE_CLEAR only once.") Signed-off-by: Han Zhou --- tests/ovn-controller.at | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git

Re: [ovs-dev] [PATCH ovn v2] northd: Add support for disabling vxlan mode.

On 4/4/24 18:06, Vladislav Odintsov wrote: > Commit [1] introduced a "vxlan mode" concept. It brought a limitation > for available tunnel IDs because of lack of space in VXLAN VNI. > In vxlan mode OVN is limited by 4095 datapaths (LRs or non-transit LSs) > and 2047 logical switch ports per

Re: [ovs-dev] [PATCH ovn] northd: fix infinite loop in ovn_allocate_tnlid()

On 4/4/24 17:52, Vladislav Odintsov wrote: > Thanks Dumitru! > I’m totally fine with your change. > Should I send backport patches with resolved conflicts for remaining branches > at least till 22.03, which is an LTS? > Well, 24.03 is the most recent LTS. We don't really backport patches to

Re: [ovs-dev] [PATCH ovn] northd: Add support for disabling vxlan mode.

I’ve sent v2: https://patchwork.ozlabs.org/project/ovn/patch/20240404160628.970615-1-odiv...@gmail.com/ > On 4 Apr 2024, at 18:27, Dumitru Ceara wrote: > > On 4/4/24 14:38, Vladislav Odintsov wrote: >> *Patch [1] is >>

[ovs-dev] [PATCH ovn v2] northd: Add support for disabling vxlan mode.

Commit [1] introduced a "vxlan mode" concept. It brought a limitation for available tunnel IDs because of lack of space in VXLAN VNI. In vxlan mode OVN is limited by 4095 datapaths (LRs or non-transit LSs) and 2047 logical switch ports per datapath. Prior to this patch vxlan mode was enabled

Re: [ovs-dev] [PATCH ovn] northd: fix infinite loop in ovn_allocate_tnlid()

Thanks Dumitru! I’m totally fine with your change. Should I send backport patches with resolved conflicts for remaining branches at least till 22.03, which is an LTS? > On 4 Apr 2024, at 18:26, Dumitru Ceara wrote: > > On 4/1/24 16:27, Mark Michelson wrote: >> Thanks Vladislav, >> >>

Re: [ovs-dev] [PATCH ovn] northd: Add support for disabling vxlan mode.

On 4/4/24 14:38, Vladislav Odintsov wrote: > *Patch [1] is > https://patchwork.ozlabs.org/project/ovn/patch/20240401121510.758326-1-odiv...@gmail.com/ > >> On 4 Apr 2024, at 15:33, Vladislav Odintsov wrote: >> >> Hi Dumitru, >> >> thanks for your attention on this! >> >>> On 4 Apr 2024, at

Re: [ovs-dev] [PATCH ovn] northd: fix infinite loop in ovn_allocate_tnlid()

On 4/1/24 16:27, Mark Michelson wrote: > Thanks Vladislav, > > Acked-by: Mark Michelson > Thanks, Vladislav and Mark! Applied to main and backported down to 23.06 with a minor test change, please see below. > On 4/1/24 08:15, Vladislav Odintsov wrote: >> In case if all tunnel ids are

Re: [ovs-dev] [PATCH v2] Rename primary development branch as main.

Simon Horman writes: > Recently OVS adopted a policy of using the inclusive naming word list v1 > [1, 2]. > > In keeping with this policy rename the primary development branch from > 'master' to 'main'. This patch does not actually make that change, > but rather updates references to the branch

Re: [ovs-dev] [PATCH v7 2/2] netlink-conntrack: Optimize flushing ct zone.

Felix Huettner via dev writes: > Previously the kernel did not provide a netlink interface to flush/list > only conntrack entries matching a specific zone. With [1] and [2] it is now > possible to flush and list conntrack entries filtered by zone. Older > kernels not yet supporting this feature

Re: [ovs-dev] [PATCH v2] netdev-dpdk: Fallback to non tunnel offloading API.

On Wed, Apr 3, 2024 at 8:13 PM Ilya Maximets wrote: > > - This patch fixes some misusage of the DPDK API. > > Hmm, I understand that the driver does something funny when it gets > outer flags set without any inner flags, but how is that a misuse > of the DPDK API? Could you point me to the API

Re: [ovs-dev] [PATCH ovn] northd: Add support for disabling vxlan mode.

*Patch [1] is https://patchwork.ozlabs.org/project/ovn/patch/20240401121510.758326-1-odiv...@gmail.com/ > On 4 Apr 2024, at 15:33, Vladislav Odintsov wrote: > > Hi Dumitru, > > thanks for your attention on this! > >> On 4 Apr 2024, at 13:06, Dumitru Ceara wrote: >> >> On 4/3/24 22:05,

Re: [ovs-dev] [PATCH ovn] northd: Add support for disabling vxlan mode.

Hi Dumitru, thanks for your attention on this! > On 4 Apr 2024, at 13:06, Dumitru Ceara wrote: > > On 4/3/24 22:05, Vladislav Odintsov wrote: >> re-sending email because ovs list rejected previous its content for some >> reason: >> >> Hi Ihar, >> > > Hi Vladislav, Ihar, > >> thanks for

[ovs-dev] [PATCH] ofproto-dpif-upcall: Fix ukey installation failure logs and counters.

ukey_install() returns boolean signaling if the ukey was installed or not. Installation may fail for a few reasons: 1. Conflicting ukey. 2. Mutex contention while trying to replace existing ukey. 3. The same ukey already exists and active. Only the first case here signals an actual problem.

Re: [ovs-dev] [PATCH ovn] northd: Add support for disabling vxlan mode.

On 4/3/24 22:05, Vladislav Odintsov wrote: > re-sending email because ovs list rejected previous its content for some > reason: > > Hi Ihar, > Hi Vladislav, Ihar, > thanks for your quick reaction! > I didn’t see mentioned thread, but I think that it is not safe enough to have > automatic

Re: [ovs-dev] [PATCH net] net: openvswitch: fix unwanted error log on timeout policy probing

On 3 Apr 2024, at 22:38, Ilya Maximets wrote: > On startup, ovs-vswitchd probes different datapath features including > support for timeout policies. While probing, it tries to execute > certain operations with OVS_PACKET_ATTR_PROBE or OVS_FLOW_ATTR_PROBE > attributes set. These attributes

[ovs-dev] [PATCH ovn] ovn-controller.at: Fix flaky test "ofctrl wait before clearing flows".

Fixes: bbf2f941965a ("ofctrl: Wait at S_WAIT_BEFORE_CLEAR only once.") Signed-off-by: Han Zhou --- tests/ovn-controller.at | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index 3202f0beff46..f2c792c9cdf6 100644 ---

Re: [ovs-dev] [PATCH] Use listen backlog = 64 for all connections.

On 3 Apr 2024, at 23:18, Ihar Hrachyshka wrote: > Before the patch, the size of the backlog depended on the type of socket > (UNIX vs INET) as well as on the language (C vs Python), specifically: > > - python used backlog size = 10 for all sockets; > - C used 64 for UNIX sockets but 10 for