Move stateful lb rules for logical switches in
build_lswitch_flows_for_lb routine in order to reduce cpu utilization
Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com>
---
northd/ovn-northd.c | 42 ++++++++++++++++++------------------------
1 file changed, 18 insertions(+), 24 deletions(-)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index e653b0dd5..3ae2b8d9f 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6028,8 +6028,7 @@ build_qos(struct ovn_datapath *od, struct hmap *lflows) {
}
static void
-build_lb_rules(struct ovn_datapath *od, struct hmap *lflows,
- struct ovn_northd_lb *lb)
+build_lb_rules(struct hmap *lflows, struct ovn_northd_lb *lb)
{
struct ds action = DS_EMPTY_INITIALIZER;
struct ds match = DS_EMPTY_INITIALIZER;
@@ -6079,15 +6078,15 @@ build_lb_rules(struct ovn_datapath *od, struct hmap
*lflows,
ds_put_format(&match, "ct.new && %s.dst == %s", ip_match,
lb_vip->vip_str);
+ int priority = 110;
if (lb_vip->vip_port) {
ds_put_format(&match, " && %s.dst == %d", proto, lb_vip->vip_port);
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_STATEFUL, 120,
- ds_cstr(&match), ds_cstr(&action),
- &lb->nlb->header_);
- } else {
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_STATEFUL, 110,
- ds_cstr(&match), ds_cstr(&action),
- &lb->nlb->header_);
+ priority += 10;
+ }
+ for (int j = 0; j < lb->n_nb_ls; j++) {
+ ovn_lflow_add_with_hint(lflows, lb->nb_ls[j], S_SWITCH_IN_STATEFUL,
+ priority, ds_cstr(&match),
+ ds_cstr(&action), &lb->nlb->header_);
}
}
ds_destroy(&action);
@@ -6095,7 +6094,7 @@ build_lb_rules(struct ovn_datapath *od, struct hmap
*lflows,
}
static void
-build_stateful(struct ovn_datapath *od, struct hmap *lflows, struct hmap *lbs)
+build_stateful(struct ovn_datapath *od, struct hmap *lflows)
{
/* Ingress and Egress stateful Table (Priority 0): Packets are
* allowed by default. */
@@ -6112,19 +6111,6 @@ build_stateful(struct ovn_datapath *od, struct hmap
*lflows, struct hmap *lbs)
ovn_lflow_add(lflows, od, S_SWITCH_OUT_STATEFUL, 100,
REGBIT_CONNTRACK_COMMIT" == 1",
"ct_commit { ct_label.blocked = 0; }; next;");
-
- /* Load balancing rules for new connections get committed to conntrack
- * table. So even if REGBIT_CONNTRACK_COMMIT is set in a previous table
- * a higher priority rule for load balancing below also commits the
- * connection, so it is okay if we do not hit the above match on
- * REGBIT_CONNTRACK_COMMIT. */
- for (int i = 0; i < od->nbs->n_load_balancer; i++) {
- struct ovn_northd_lb *lb =
- ovn_northd_lb_find(lbs, &od->nbs->load_balancer[i]->header_.uuid);
-
- ovs_assert(lb);
- build_lb_rules(od, lflows, lb);
- }
}
static void
@@ -6892,7 +6878,7 @@ build_lswitch_lflows_pre_acl_and_acl(struct ovn_datapath
*od,
build_acl_hints(od, lflows);
build_acls(od, lflows, port_groups, meter_groups);
build_qos(od, lflows);
- build_stateful(od, lflows, lbs);
+ build_stateful(od, lflows);
build_lb_hairpin(od, lflows);
}
}
@@ -8988,6 +8974,7 @@ build_lswitch_flows_for_lb(struct ovn_northd_lb *lb,
struct hmap *lflows,
ds_clear(&action);
ds_clear(&match);
+ /* pre-stateful lb */
if (build_empty_lb_event_flow(lb_vip, lb->nlb, meter_groups,
&match, &action)) {
for (int j = 0; j < lb->n_nb_ls; j++) {
@@ -9006,6 +8993,13 @@ build_lswitch_flows_for_lb(struct ovn_northd_lb *lb,
struct hmap *lflows,
ds_destroy(&action);
ds_destroy(&match);
+ /* stateful lb
+ * Load balancing rules for new connections get committed to conntrack
+ * table. So even if REGBIT_CONNTRACK_COMMIT is set in a previous table
+ * a higher priority rule for load balancing below also commits the
+ * connection, so it is okay if we do not hit the above match on
+ * REGBIT_CONNTRACK_COMMIT. */
+ build_lb_rules(lflows, lb);
}
static void
--
2.31.1
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
