Some NICs support HW offloading for datapath flows, but masked access to the 128-bit ct_label field may prevent a flow being offloaded due to HW limitations. OVN's use of ct_label currently includes: - ct_label.blocked (1 bit) - ct_label.natted (1 bit) - ct_label.ecmp_reply_port (16 bits) - ct_label.ecmp_reply_eth (48 bits) - ct_label.label (32 bits)
This patch moves the bits blocked, natted and ecmp_reply_port to use ct_mark (18 bits in total among the 32-bit ct_mark), and keep the rest of the fields in ct_label: - ct_mark.blocked (1 bit) - ct_mark.natted (1 bit) - ct_mark.ecmp_reply_port (16 bits) - ct_label.ecmp_reply_eth (48 bits) - ct_label.label (32 bits) This would allow HW offloading to work for most of the cases. For ct_label.ecmp_reply_eth, the flow matching it still uses masked access, but it doesn't matter because the flow is for new connections and requires ct_commit in its actions, so it wouldn't be offloaded anyway for those NICs. There is a flow for established connections that would access the masked field in the actions, while in this patch it avoids masked access by using a register xxreg1 to temporarily read the whole ct_label, and then use masked access to xxreg1 to read the actual value. The only exception is for ct_label.label, there is a flow that matches the masked field for ACL logging of reply direction. This patch cannot avoid the masked access to ct_label in this case. This flow is enabled only for the feature "log-related". So offloading may still not work for some NICs when an ACL is configured with a label and with "log-related" enabled. There are no other flows relying on masked ct_label match, but it's worth noting that the LB hairpin related flows using ct_label.natted which were hardcoded directly in ovn-controller are still kept to avoid traffic breaking during upgrading. It relies on the northd-internal-version to internally determine if it is currently upgrading from a version that requires the ct_label flows being kept, and automatically removes the flows when northd-internal-version is up-to-date. Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1957786 v1 -> v2: Fixed two system test cases. v2 -> v3: - Addressed Numan's comment regarding hairpin flow upgrading problem by keeping ct_label flows together with ct_mark flows for hairpin, and provided an option to disable ct_label after upgrading. - Moved a misplaced chunk from patch2 to patch5 to fix related system tests. v3 -> v4: - Avoid the extra option to disable ct_label after upgrading for hairpin flows. Instead, reuse the north-internal-ver to determine automatically. For this to work, a new patch is added to handle SB_Global changes in I-P engine of ovn-controller. Han Zhou (6): ovn-sb.xml: Fix ct_lb documentation. actions: Add action ct_lb_mark. actions: Add stack push and pop actions. ovn-northd: Improve the doc and tests for ecmp-symmetric-reply. ovn-controller: Handle SB_Global:options:northd_internal_version in I-P engine. Use ct_mark for masked access to make flows HW-offloading friendly. NEWS | 2 + controller/lflow.c | 33 ++- controller/lflow.h | 1 + controller/ovn-controller.c | 79 ++++++ include/ovn/actions.h | 11 +- include/ovn/logical-fields.h | 3 + lib/actions.c | 128 ++++++++- lib/logical-fields.c | 17 +- lib/ovn-util.c | 25 +- lib/ovn-util.h | 4 + northd/northd.c | 107 ++++--- northd/ovn-northd.8.xml | 59 ++-- ovn-sb.xml | 54 +++- tests/ovn-controller.at | 46 +++ tests/ovn-northd.at | 526 ++++++++++++++++++----------------- tests/ovn.at | 208 +++++++------- tests/system-ovn.at | 178 ++++++------ utilities/ovn-trace.c | 72 ++++- 18 files changed, 1017 insertions(+), 536 deletions(-) -- 2.30.2 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev