Re: [ovs-dev] [PATCH v3 ovn 9/9] northd: move build_lb_rules in build_lswitch_flows_for_lb

Fri, 02 Jul 2021 05:18:52 -0700 

On 6/30/21 11:34 AM, Lorenzo Bianconi wrote:
> Move stateful lb rules for logical switches in
> build_lswitch_flows_for_lb routine in order to reduce cpu utilization
> 
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com>
> ---
>  northd/ovn-northd.c | 42 ++++++++++++++++++------------------------
>  1 file changed, 18 insertions(+), 24 deletions(-)
> 
> diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> index e653b0dd5..3ae2b8d9f 100644
> --- a/northd/ovn-northd.c
> +++ b/northd/ovn-northd.c
> @@ -6028,8 +6028,7 @@ build_qos(struct ovn_datapath *od, struct hmap *lflows) 
> {
>  }
>  
>  static void
> -build_lb_rules(struct ovn_datapath *od, struct hmap *lflows,
> -               struct ovn_northd_lb *lb)
> +build_lb_rules(struct hmap *lflows, struct ovn_northd_lb *lb)
>  {
>      struct ds action = DS_EMPTY_INITIALIZER;
>      struct ds match = DS_EMPTY_INITIALIZER;
> @@ -6079,15 +6078,15 @@ build_lb_rules(struct ovn_datapath *od, struct hmap 
> *lflows,
>  
>          ds_put_format(&match, "ct.new && %s.dst == %s", ip_match,
>                        lb_vip->vip_str);
> +        int priority = 110;
>          if (lb_vip->vip_port) {
>              ds_put_format(&match, " && %s.dst == %d", proto, 
> lb_vip->vip_port);
> -            ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_STATEFUL, 120,
> -                                    ds_cstr(&match), ds_cstr(&action),
> -                                    &lb->nlb->header_);
> -        } else {
> -            ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_STATEFUL, 110,
> -                                    ds_cstr(&match), ds_cstr(&action),
> -                                    &lb->nlb->header_);
> +            priority += 10;

Probably better to be explicit:

priority = 120;

Thanks,
Dumitru

> +        }
> +        for (int j = 0; j < lb->n_nb_ls; j++) {
> +            ovn_lflow_add_with_hint(lflows, lb->nb_ls[j], 
> S_SWITCH_IN_STATEFUL,
> +                                    priority, ds_cstr(&match),
> +                                    ds_cstr(&action), &lb->nlb->header_);
>          }
>      }
>      ds_destroy(&action);
> @@ -6095,7 +6094,7 @@ build_lb_rules(struct ovn_datapath *od, struct hmap 
> *lflows,
>  }
>  
>  static void
> -build_stateful(struct ovn_datapath *od, struct hmap *lflows, struct hmap 
> *lbs)
> +build_stateful(struct ovn_datapath *od, struct hmap *lflows)
>  {
>      /* Ingress and Egress stateful Table (Priority 0): Packets are
>       * allowed by default. */
> @@ -6112,19 +6111,6 @@ build_stateful(struct ovn_datapath *od, struct hmap 
> *lflows, struct hmap *lbs)
>      ovn_lflow_add(lflows, od, S_SWITCH_OUT_STATEFUL, 100,
>                    REGBIT_CONNTRACK_COMMIT" == 1",
>                    "ct_commit { ct_label.blocked = 0; }; next;");
> -
> -    /* Load balancing rules for new connections get committed to conntrack
> -     * table.  So even if REGBIT_CONNTRACK_COMMIT is set in a previous table
> -     * a higher priority rule for load balancing below also commits the
> -     * connection, so it is okay if we do not hit the above match on
> -     * REGBIT_CONNTRACK_COMMIT. */
> -    for (int i = 0; i < od->nbs->n_load_balancer; i++) {
> -        struct ovn_northd_lb *lb =
> -            ovn_northd_lb_find(lbs, 
> &od->nbs->load_balancer[i]->header_.uuid);
> -
> -        ovs_assert(lb);
> -        build_lb_rules(od, lflows, lb);
> -    }
>  }
>  
>  static void
> @@ -6892,7 +6878,7 @@ build_lswitch_lflows_pre_acl_and_acl(struct 
> ovn_datapath *od,
>          build_acl_hints(od, lflows);
>          build_acls(od, lflows, port_groups, meter_groups);
>          build_qos(od, lflows);
> -        build_stateful(od, lflows, lbs);
> +        build_stateful(od, lflows);
>          build_lb_hairpin(od, lflows);
>      }
>  }
> @@ -8988,6 +8974,7 @@ build_lswitch_flows_for_lb(struct ovn_northd_lb *lb, 
> struct hmap *lflows,
>          ds_clear(&action);
>          ds_clear(&match);
>  
> +        /* pre-stateful lb */
>          if (build_empty_lb_event_flow(lb_vip, lb->nlb, meter_groups,
>                                         &match, &action)) {
>              for (int j = 0; j < lb->n_nb_ls; j++) {
> @@ -9006,6 +8993,13 @@ build_lswitch_flows_for_lb(struct ovn_northd_lb *lb, 
> struct hmap *lflows,
>      ds_destroy(&action);
>      ds_destroy(&match);
>  
> +    /* stateful lb
> +     * Load balancing rules for new connections get committed to conntrack
> +     * table.  So even if REGBIT_CONNTRACK_COMMIT is set in a previous table
> +     * a higher priority rule for load balancing below also commits the
> +     * connection, so it is okay if we do not hit the above match on
> +     * REGBIT_CONNTRACK_COMMIT. */
> +    build_lb_rules(lflows, lb);
>  }
>  
>  static void
> 

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to