On Thu, Jul 04, 2024 at 09:52:41AM GMT, Adrian Moreno wrote:
> (Was: Add psample support to NXAST_SAMPLE action)
>
> This is the userspace counterpart of the work being done in the kernel
> [1] which is still not merged (hence the RFC state). There, a new
> datapath action is added, called "psample".
>
> From the PoV of ovs-vswitchd, this new action is used to implement
> "local sampling". Local sampling (or lsample for short) is configured
> in a similar way as current per-flow IPFIX sampling, i.e: using the
> Flow_Sample_Collector_Set table and the NXAST_SAMPLE action.
>
> However, instead of sending the sample to an external IPFIX collector
> though the network, the sample is emitted using the new action and
> made available to locally running sample collector.
>
> The specific way emit_sample sends the sample (and the way the local
> collector shall collect it) is datapath-specific.
> Currently, currently only the Linux kernel datapath implements it using
> the psample netlink multicast group.
>
> ~~ Configuration ~~
> Local sampling is configured via a new column in the
> Flow_Sample_Collector_Set (FSCS) table called "local_sample_group".
> Configuring this value is orthogonal to also associating the FSCS
> entry to an entry in the IPFIX table.
>
> Once that entry in the OVSDB is configured, NXAST_SAMPLE actions coming
> from the controller will be translated into the following odp action:
>
> sample(sample={P}%, actions(emit_sample(group={G},cookie={C})))
>
> Where:
> P: Is the sampling probability from NXAST_SAMPLE
> G: Is the group id in the FSCS entry whose "id" matches the one in
> the NXAST_SAMPLE.
> C: Is a 64bit cookie result of concatenating the obs_domain and
> obs_point from the NXAST_SAMPLE in network order, i.e:
> "htonl(obs_domain) << 32 | htonl(obs_point)"
> Notes:
> - The parent sample action might be omitted if the probability is
> 100% and there is no IPFIX sampling that requires the use of a
> meter.
>
> ~~ Dpif-lsample ~~
> Internally, a new object called "dpif-lsample" is introduced to track
> the configured local sampling exporters and track statistics based on
> odp flow stats (using xcache).
> It exposes the list of configured exporters and their statistics on a
> new unixctl command called "lsample/show".
>
I just realized I forgot to add a comment explicitly stating that the
above two sections below (which translate to patches 11/13, 12/13 and
13/13) are new in this version of the RFC series.
I know this can be problematic given the late stage we're in so I'll add
a bit os context on why I added them.
> ~~ Drop monitoring ~~
> A common use-case for this action can be to sample drops. However,
> adding sample actions to drops makes the existing drop statistics
> disappear. In order to fix this, patches 11 and 12 make use of explicit
> drop actions to ensure statistics still report drops even if sampled.
>
Drop monitoring and the interaction with local (or even non-local)
sampling has been discussed in the kernel series as I originally tried
to solve the problem in the kernel. After some discussions with Ilya we
agreed to explore the solution to the problem in userspace. That is why
I feel these patches are related to the series.
In any case, IMHO, both patches fix existing bugs: Enabling sampling
(local or not, per-bridge or per-flow) should not hide drop statistics.
One visibility feature should not break an existing one.
> ~~ Extended OpenFlow sample action ~~
> Given the series aims at making sampling production ready, conntrack
> integration must be considered. A common use-case for state-full
> pipelines is to calculate the observation metadata at connection
> establishment, store it in ct_label and then use it for packets of
> established connections. However, this forces OVN to create a big number
> of OFP Flows (one per distinct cookie). Patch 13 solves this by allowing
> controllers to specify the obs_domain and point ids from another OFP
> field.
>
This is an addition that, although discussed informally, did not come
directly from the kernel series but from experimentation and interaction
with the OVN team.
It can be considered a follow-up optimization so if there is controversy
around it, I'm OK postponing it to a future release.
> ~~ Testing ~~
> The series includes an test utility program than can be executed by
> running "tests/ovstest test-psample". This utility listens
> to packets multicasted by the psample module and prints them (also
> printing the obs_domain and obs_point ids).
>
> ~~ HW Offload ~~
> tc offload is not being introduced in this series as existing sample
> or userspace actions are not currently offloadable. Also some
> improvements need to be implemented in tc for it to be feasible.
>
> ~~ DPDK datapath ~~
> By naming the action "psample" it was intentionally restricted to the
> Linux datapath only. A follow up task would be spawned to think of a
> good way of implementing local-sampling in the userspace datapath.
>
> [1]
> https://patchwork.kernel.org/project/netdevbpf/cover/20240702095336.596506-1-amore...@redhat.com/
>
> Adrian Moreno (13):
> ofproto-dpif: Allow forcing dp features.
> odp-util: Add support OVS_ACTION_ATTR_PSAMPLE.
> ofproto_dpif: Check for psample support.
> ofproto: Add ofproto-dpif-lsample.
> vswitchd: Add local sampling to vswitchd schema.
> ofproto-dpif-xlate: Use psample for local sample.
> ofproto-dpif-xlate-cache: Add lsample to xcache.
> ofproto-dpif-lsample: Show stats via unixctl.
> tests: Add test-psample testing utility.
> tests: Test local sampling.
> ofproto: xlate: Make flow-sampled drops explicit.
> ofproto: xlate: Make bridge-sampled drops explicit.
> ofp-actions: Load data from fields in sample action.
>
> NEWS | 6 +
> include/linux/automake.mk | 1 +
> include/linux/openvswitch.h | 28 +++
> include/linux/psample.h | 68 ++++++
> include/openvswitch/ofp-actions.h | 8 +-
> lib/dpif-netdev.c | 1 +
> lib/dpif.c | 8 +
> lib/dpif.h | 1 +
> lib/odp-execute.c | 25 +-
> lib/odp-util.c | 93 ++++++++
> lib/odp-util.h | 3 +
> lib/ofp-actions.c | 249 ++++++++++++++++++--
> ofproto/automake.mk | 2 +
> ofproto/ofproto-dpif-ipfix.c | 1 +
> ofproto/ofproto-dpif-lsample.c | 332 ++++++++++++++++++++++++++
> ofproto/ofproto-dpif-lsample.h | 46 ++++
> ofproto/ofproto-dpif-sflow.c | 1 +
> ofproto/ofproto-dpif-xlate-cache.c | 11 +-
> ofproto/ofproto-dpif-xlate-cache.h | 6 +
> ofproto/ofproto-dpif-xlate.c | 323 +++++++++++++++++++-------
> ofproto/ofproto-dpif-xlate.h | 5 +-
> ofproto/ofproto-dpif.c | 122 +++++++++-
> ofproto/ofproto-dpif.h | 8 +-
> ofproto/ofproto-provider.h | 9 +
> ofproto/ofproto.c | 12 +
> ofproto/ofproto.h | 8 +
> python/ovs/flow/odp.py | 8 +
> python/ovs/flow/ofp.py | 8 +-
> python/ovs/flow/ofp_act.py | 4 +-
> tests/automake.mk | 3 +-
> tests/drop-stats.at | 109 +++++++++
> tests/odp.at | 16 ++
> tests/ofp-actions.at | 5 +
> tests/ofproto-dpif.at | 194 +++++++++++++++-
> tests/system-common-macros.at | 4 +
> tests/system-traffic.at | 359 +++++++++++++++++++++++++++++
> tests/test-psample.c | 284 +++++++++++++++++++++++
> vswitchd/bridge.c | 78 ++++++-
> vswitchd/vswitch.ovsschema | 9 +-
> vswitchd/vswitch.xml | 40 +++-
> 40 files changed, 2357 insertions(+), 141 deletions(-)
> create mode 100644 include/linux/psample.h
> create mode 100644 ofproto/ofproto-dpif-lsample.c
> create mode 100644 ofproto/ofproto-dpif-lsample.h
> create mode 100644 tests/test-psample.c
>
> --
> 2.45.2
>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
