On 6/26/24 07:56, Ales Musil wrote:
> Add support for limiting the CT zone usage per Ls, LR or LSP.
> When the limit is configured on logical switch it will also implicitly
> set limits for all ports in that logical switch. The port configuration
> can be overwritten individually and has priority over the whole logical
> switch configuration.
>
> The value 0 means unlimited, when the value is not specified it is
> derived from OvS default CT limit specified for given OvS datapath.
>
> Reported-at: https://bugzilla.redhat.com/2189924
> Signed-off-by: Ales Musil <amu...@redhat.com>
> ---
> v4: Rebase on top of latest main.
> Change naming of the ct_zone_limit_sync to avoid potential confusion as
> suggested by Lorenzo.
> v3: Rebase on top of latest main.
> ---
Hi Ales,
Sorry for reviewing this so late in the cycle. I think the patch looks
OK. I mostly have some performance related concerns, it would be great
to get some scale testing numbers. The other comment I had is minor.
> NEWS | 3 +
> controller/ct-zone.c | 175 ++++++++++++++++++++++++++++++++----
> controller/ct-zone.h | 12 ++-
> controller/ovn-controller.c | 25 +++++-
> lib/ovn-util.c | 17 ++++
> lib/ovn-util.h | 3 +
> northd/northd.c | 8 ++
> ovn-nb.xml | 29 ++++++
> tests/ovn-controller.at | 99 ++++++++++++++++++++
> 9 files changed, 349 insertions(+), 22 deletions(-)
>
> diff --git a/NEWS b/NEWS
> index 01db77d57..f50d68a82 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -34,6 +34,9 @@ Post v24.03.0
> - NATs can now be given an arbitrary match condition and priority. This
> allows for conditional NATs to be configured. See the ovn-nb(5) man
> page for more information.
> + - Add support for CT zone limit that can be specified per LR
> + (options:ct-zone-limit), LS (other_config:ct-zone-limit) or LSP
> + (options:ct-zone-limit).
>
> OVN v24.03.0 - 01 Mar 2024
> --------------------------
> diff --git a/controller/ct-zone.c b/controller/ct-zone.c
> index 6ed1e4108..97f0de6c3 100644
> --- a/controller/ct-zone.c
> +++ b/controller/ct-zone.c
> @@ -34,6 +34,18 @@ static bool ct_zone_assign_unused(struct ct_zone_ctx *ctx,
> static bool ct_zone_remove(struct ct_zone_ctx *ctx, const char *name);
> static void ct_zone_add(struct ct_zone_ctx *ctx, const char *name,
> uint16_t zone, bool set_pending);
> +static void
> +ct_zone_limits_update_per_dp(struct ct_zone_ctx *ctx,
> + const struct sbrec_datapath_binding *dp,
> + const char *name,
> + struct ovsdb_idl_index *pb_by_dp);
> +static void ct_zone_limit_update(struct ct_zone_ctx *ctx, const char *name,
> + int64_t limit);
> +static int64_t ct_zone_get_dp_limit(const struct sbrec_datapath_binding *dp);
> +static int64_t ct_zone_get_pb_limit(const struct sbrec_port_binding *pb);
> +static int64_t ct_zone_limit_normalize(int64_t limit);
> +static struct ovsrec_ct_zone *
> +ct_zone_find_ovsrec(const struct ovsrec_datapath *dp, uint16_t zone_id);
>
> void
> ct_zones_restore(struct ct_zone_ctx *ctx,
> @@ -196,11 +208,14 @@ ct_zones_update(const struct sset *local_lports,
>
> void
> ct_zones_commit(const struct ovsrec_bridge *br_int,
> + const struct ovsrec_datapath *ovs_dp,
> + struct ovsdb_idl_txn *ovs_idl_txn,
> struct shash *pending_ct_zones)
> {
> struct shash_node *iter;
> SHASH_FOR_EACH (iter, pending_ct_zones) {
> struct ct_zone_pending_entry *ctzpe = iter->data;
> + struct ct_zone *ct_zone = &ctzpe->ct_zone;
>
> /* The transaction is open, so any pending entries in the
> * CT_ZONE_DB_QUEUED must be sent and any in CT_ZONE_DB_QUEUED
> @@ -212,7 +227,7 @@ ct_zones_commit(const struct ovsrec_bridge *br_int,
>
> char *user_str = xasprintf("ct-zone-%s", iter->name);
> if (ctzpe->add) {
> - char *zone_str = xasprintf("%"PRIu16, ctzpe->ct_zone.zone);
> + char *zone_str = xasprintf("%"PRIu16, ct_zone->zone);
> struct smap_node *node =
> smap_get_node(&br_int->external_ids, user_str);
> if (!node || strcmp(node->value, zone_str)) {
> @@ -227,6 +242,19 @@ ct_zones_commit(const struct ovsrec_bridge *br_int,
> }
> free(user_str);
>
> + struct ovsrec_ct_zone *ovs_zone =
> + ct_zone_find_ovsrec(ovs_dp, ct_zone->zone);
Does this create a measurable performance impact? We're going to
potentially walk all already assigned CT zones every time a new port is
bound locally. Should we cache the ovs_zone records and index them by
zone_id? That probably also means that we might need to add incremental
processing support for ovsrec_ct_zone.
On the other hand, I tried a quick test of binding 500 ovs interfaces to
LSPs in a sandbox (ovs and ovn compiled with gcc and -O2 and debug
logging disabled) and I didn't see any noticeable performance degradation.
Just to be sure, would it be possible to do some e2e performance
measurements with ovn-heater with this patch?
> + if ((!ctzpe->add || ct_zone->limit < 0) && ovs_zone) {
> + ovsrec_datapath_update_ct_zones_delkey(ovs_dp, ct_zone->zone);
> + } else if (ctzpe->add && ct_zone->limit >= 0) {
> + if (!ovs_zone) {
> + ovs_zone = ovsrec_ct_zone_insert(ovs_idl_txn);
> + ovsrec_datapath_update_ct_zones_setkey(ovs_dp, ct_zone->zone,
> + ovs_zone);
> + }
> + ovsrec_ct_zone_set_limit(ovs_zone, &ct_zone->limit, 1);
> + }
> +
> ctzpe->state = CT_ZONE_DB_SENT;
> }
> }
> @@ -247,8 +275,19 @@ ct_zones_pending_clear_commited(struct shash *pending)
> /* Returns "true" when there is no need for full recompute. */
> bool
> ct_zone_handle_dp_update(struct ct_zone_ctx *ctx,
> - const struct sbrec_datapath_binding *dp)
> + const struct sbrec_datapath_binding *dp,
> + struct ovsdb_idl_index *pb_by_dp)
> {
> + const char *name = smap_get(&dp->external_ids, "name");
> + if (!name) {
> + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
> + VLOG_ERR_RL(&rl, "Missing name for datapath '"UUID_FMT"' skipping"
> + "zone check.", UUID_ARGS(&dp->header_.uuid));
> + return true;
> + }
> +
> + ct_zone_limits_update_per_dp(ctx, dp, name, pb_by_dp);
> +
> int req_snat_zone = ct_zone_get_snat(dp);
> if (req_snat_zone == -1) {
> /* datapath snat ct zone is not set. This condition will also hit
> @@ -259,14 +298,6 @@ ct_zone_handle_dp_update(struct ct_zone_ctx *ctx,
> return true;
> }
>
> - const char *name = smap_get(&dp->external_ids, "name");
> - if (!name) {
> - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
> - VLOG_ERR_RL(&rl, "Missing name for datapath '"UUID_FMT"' skipping"
> - "zone check.", UUID_ARGS(&dp->header_.uuid));
> - return true;
> - }
> -
> /* Check if the requested snat zone has changed for the datapath
> * or not. If so, then fall back to full recompute of
> * ct_zone engine. */
> @@ -290,14 +321,18 @@ ct_zone_handle_dp_update(struct ct_zone_ctx *ctx,
>
> /* Returns "true" if there was an update to the context. */
> bool
> -ct_zone_handle_port_update(struct ct_zone_ctx *ctx, const char *name,
> +ct_zone_handle_port_update(struct ct_zone_ctx *ctx,
> + const struct sbrec_port_binding *pb,
> bool updated, int *scan_start)
> {
> - struct shash_node *node = shash_find(&ctx->current, name);
> - if (updated && !node) {
> - ct_zone_assign_unused(ctx, name, scan_start);
> + struct shash_node *node = shash_find(&ctx->current, pb->logical_port);
> + if (updated) {
> + if (!node) {
> + ct_zone_assign_unused(ctx, pb->logical_port, scan_start);
> + }
> + ct_zone_limit_update(ctx, pb->logical_port,
> ct_zone_get_pb_limit(pb));
> return true;
> - } else if (!updated && node && ct_zone_remove(ctx, node->name)) {
> + } else if (node && ct_zone_remove(ctx, node->name)) {
> return true;
> }
>
> @@ -311,6 +346,25 @@ ct_zone_find_zone(const struct shash *ct_zones, const
> char *name)
> return ct_zone ? ct_zone->zone : 0;
> }
>
> +void
> +ct_zones_limits_sync(struct ct_zone_ctx *ctx,
> + const struct hmap *local_datapaths,
> + struct ovsdb_idl_index *pb_by_dp)
> +{
> + const struct local_datapath *ld;
> + HMAP_FOR_EACH (ld, hmap_node, local_datapaths) {
> + const char *name = smap_get(&ld->datapath->external_ids, "name");
> + if (!name) {
> + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
> + VLOG_ERR_RL(&rl, "Missing name for datapath '"UUID_FMT"' "
> + "skipping zone assignment.",
> + UUID_ARGS(&ld->datapath->header_.uuid));
> + continue;
> + }
> +
> + ct_zone_limits_update_per_dp(ctx, ld->datapath, name, pb_by_dp);
> + }
> +}
>
> static bool
> ct_zone_assign_unused(struct ct_zone_ctx *ctx, const char *zone_name,
> @@ -363,7 +417,10 @@ ct_zone_add(struct ct_zone_ctx *ctx, const char *name,
> uint16_t zone,
> shash_add(&ctx->current, name, ct_zone);
> }
>
> - ct_zone->zone = zone;
> + *ct_zone = (struct ct_zone) {
> + .zone = zone,
> + .limit = -1,
> + };
>
> if (set_pending) {
> ct_zone_add_pending(&ctx->pending, CT_ZONE_OF_QUEUED,
> @@ -446,6 +503,7 @@ ct_zone_restore(const struct sbrec_datapath_binding_table
> *dp_table,
>
> struct ct_zone ct_zone = {
> .zone = zone,
> + .limit = -1,
> };
> /* Make sure we remove the uuid one in the next OvS DB commit without
> * flush. */
> @@ -461,3 +519,88 @@ ct_zone_restore(const struct
> sbrec_datapath_binding_table *dp_table,
> ct_zone_add(ctx, current_name, zone, false);
> free(new_name);
> }
> +
> +static void
> +ct_zone_limits_update_per_dp(struct ct_zone_ctx *ctx,
> + const struct sbrec_datapath_binding *dp,
> + const char *name,
> + struct ovsdb_idl_index *pb_by_dp)
> +{
> + if (smap_get(&dp->external_ids, "logical-switch")) {
> + struct sbrec_port_binding *target =
> + sbrec_port_binding_index_init_row(pb_by_dp);
> + sbrec_port_binding_index_set_datapath(target, dp);
> +
> + const struct sbrec_port_binding *pb;
> + SBREC_PORT_BINDING_FOR_EACH_EQUAL (pb, target, pb_by_dp) {
> + ct_zone_limit_update(ctx, pb->logical_port,
> + ct_zone_get_pb_limit(pb));
> + }
> +
> + sbrec_port_binding_index_destroy_row(target);
> + }
> +
> + int64_t dp_limit = ct_zone_get_dp_limit(dp);
> + char *dnat = alloc_nat_zone_key(name, "dnat");
> + char *snat = alloc_nat_zone_key(name, "snat");
> +
> + ct_zone_limit_update(ctx, dnat, dp_limit);
> + ct_zone_limit_update(ctx, snat, dp_limit);
> +
> + free(dnat);
> + free(snat);
> +}
> +
> +static void
> +ct_zone_limit_update(struct ct_zone_ctx *ctx, const char *name, int64_t
> limit)
> +{
> + struct ct_zone *ct_zone = shash_find_data(&ctx->current, name);
> +
> + if (!ct_zone) {
> + return;
> + }
> +
> + if (ct_zone->limit != limit) {
> + ct_zone->limit = limit;
> + /* Add pending entry only for DB store to avoid flushing the zone. */
> + ct_zone_add_pending(&ctx->pending, CT_ZONE_DB_QUEUED, ct_zone,
> + true, name);
> + VLOG_DBG("setting ct zone %"PRIu16" limit to %"PRId64,
> + ct_zone->zone, ct_zone->limit);
> + }
> +}
> +
> +static int64_t
> +ct_zone_get_dp_limit(const struct sbrec_datapath_binding *dp)
> +{
> + int64_t limit = ovn_smap_get_llong(&dp->external_ids, "ct-zone-limit",
> -1);
> + return ct_zone_limit_normalize(limit);
> +}
> +
> +static int64_t
> +ct_zone_get_pb_limit(const struct sbrec_port_binding *pb)
> +{
> + int64_t dp_limit = ovn_smap_get_llong(&pb->datapath->external_ids,
> + "ct-zone-limit", -1);
> + int64_t limit = ovn_smap_get_llong(&pb->options,
> + "ct-zone-limit", dp_limit);
> + return ct_zone_limit_normalize(limit);
> +}
> +
> +static int64_t
> +ct_zone_limit_normalize(int64_t limit)
> +{
> + return limit >= 0 && limit <= UINT32_MAX ? limit : -1;
> +}
> +
> +static struct ovsrec_ct_zone *
> +ct_zone_find_ovsrec(const struct ovsrec_datapath *dp, uint16_t zone_id)
> +{
> + for (int i = 0; i < dp->n_ct_zones; i++) {
Nit: size_t
> + if (dp->key_ct_zones[i] == zone_id) {
> + return dp->value_ct_zones[i];
> + }
> + }
> +
> + return NULL;
> +}
> diff --git a/controller/ct-zone.h b/controller/ct-zone.h
> index af68de2d6..5d7f66224 100644
> --- a/controller/ct-zone.h
> +++ b/controller/ct-zone.h
> @@ -43,6 +43,7 @@ struct ct_zone_ctx {
> date
> struct ct_zone {
> uint16_t zone;
> + int64_t limit;
> };
>
> /* States to move through when a new conntrack zone has been allocated. */
> @@ -70,12 +71,19 @@ void ct_zones_update(const struct sset *local_lports,
> const struct hmap *local_datapaths,
> struct ct_zone_ctx *ctx);
> void ct_zones_commit(const struct ovsrec_bridge *br_int,
> + const struct ovsrec_datapath *ovs_dp,
> + struct ovsdb_idl_txn *ovs_idl_txn,
> struct shash *pending_ct_zones);
> void ct_zones_pending_clear_commited(struct shash *pending);
> bool ct_zone_handle_dp_update(struct ct_zone_ctx *ctx,
> - const struct sbrec_datapath_binding *dp);
> -bool ct_zone_handle_port_update(struct ct_zone_ctx *ctx, const char *name,
> + const struct sbrec_datapath_binding *dp,
> + struct ovsdb_idl_index *pb_by_dp);
> +bool ct_zone_handle_port_update(struct ct_zone_ctx *ctx,
> + const struct sbrec_port_binding *pb,
> bool updated, int *scan_start);
> uint16_t ct_zone_find_zone(const struct shash *ct_zones, const char *name);
> +void ct_zones_limits_sync(struct ct_zone_ctx *ctx,
> + const struct hmap *local_datapaths,
> + struct ovsdb_idl_index *pb_by_dp);
>
> #endif /* controller/ct-zone.h */
> diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
> index a47ed5d9a..1b4c89cda 100644
> --- a/controller/ovn-controller.c
> +++ b/controller/ovn-controller.c
> @@ -798,6 +798,7 @@ ctrl_register_ovs_idl(struct ovsdb_idl *ovs_idl)
> ovsdb_idl_add_column(ovs_idl, &ovsrec_ssl_col_private_key);
> ovsdb_idl_add_table(ovs_idl, &ovsrec_table_datapath);
> ovsdb_idl_add_column(ovs_idl, &ovsrec_datapath_col_capabilities);
> + ovsdb_idl_add_column(ovs_idl, &ovsrec_datapath_col_ct_zones);
> ovsdb_idl_add_table(ovs_idl, &ovsrec_table_flow_sample_collector_set);
> ovsdb_idl_add_table(ovs_idl, &ovsrec_table_qos);
> ovsdb_idl_add_column(ovs_idl, &ovsrec_qos_col_other_config);
> @@ -807,6 +808,8 @@ ctrl_register_ovs_idl(struct ovsdb_idl *ovs_idl)
> ovsdb_idl_add_column(ovs_idl, &ovsrec_queue_col_other_config);
> ovsdb_idl_add_column(ovs_idl, &ovsrec_queue_col_external_ids);
> ovsdb_idl_add_column(ovs_idl, &ovsrec_interface_col_link_state);
> + ovsdb_idl_add_table(ovs_idl, &ovsrec_table_ct_zone);
> + ovsdb_idl_add_column(ovs_idl, &ovsrec_ct_zone_col_limit);
>
> chassis_register_ovs_idl(ovs_idl);
> encaps_register_ovs_idl(ovs_idl);
> @@ -2219,6 +2222,10 @@ en_ct_zones_run(struct engine_node *node, void *data)
> struct ed_type_ct_zones *ct_zones_data = data;
> struct ed_type_runtime_data *rt_data =
> engine_get_input_data("runtime_data", node);
> + struct ovsdb_idl_index *sbrec_port_binding_by_datapath =
> + engine_ovsdb_node_get_index(
> + engine_get_input("SB_port_binding", node),
> + "datapath");
>
> const struct ovsrec_open_vswitch_table *ovs_table =
> EN_OVSDB_GET(engine_get_input("OVS_open_vswitch", node));
> @@ -2232,6 +2239,8 @@ en_ct_zones_run(struct engine_node *node, void *data)
> ct_zones_restore(&ct_zones_data->ctx, ovs_table, dp_table, br_int);
> ct_zones_update(&rt_data->local_lports, &rt_data->local_datapaths,
> &ct_zones_data->ctx);
> + ct_zones_limits_sync(&ct_zones_data->ctx, &rt_data->local_datapaths,
> + sbrec_port_binding_by_datapath);
Same question about potential performance impact here too. Instead of
doing this in two steps wouldn't it make sense to actually store in the
ct_zone structure the requested limit already when we create the
structure (or the pending one)? We'd avoid this O(n log n) - I think -
complexity.
But, as mentioned above, if there's no visible e2e performance impact we
can probably avoid the complication and keep it as is.
>
> ct_zones_data->recomputed = true;
> engine_set_node_state(node, EN_UPDATED);
> @@ -2249,6 +2258,10 @@ ct_zones_datapath_binding_handler(struct engine_node
> *node, void *data)
> engine_get_input_data("runtime_data", node);
> const struct sbrec_datapath_binding_table *dp_table =
> EN_OVSDB_GET(engine_get_input("SB_datapath_binding", node));
> + struct ovsdb_idl_index *sbrec_port_binding_by_datapath =
> + engine_ovsdb_node_get_index(
> + engine_get_input("SB_port_binding", node),
> + "datapath");
>
> SBREC_DATAPATH_BINDING_TABLE_FOR_EACH_TRACKED (dp, dp_table) {
> if (!get_local_datapath(&rt_data->local_datapaths,
> @@ -2262,7 +2275,8 @@ ct_zones_datapath_binding_handler(struct engine_node
> *node, void *data)
> return false;
> }
>
> - if (!ct_zone_handle_dp_update(&ct_zones_data->ctx, dp)) {
> + if (!ct_zone_handle_dp_update(&ct_zones_data->ctx, dp,
> + sbrec_port_binding_by_datapath)) {
> return false;
> }
> }
> @@ -2311,8 +2325,8 @@ ct_zones_runtime_data_handler(struct engine_node *node,
> void *data)
> t_lport->tracked_type == TRACKED_RESOURCE_NEW ||
> t_lport->tracked_type == TRACKED_RESOURCE_UPDATED;
> updated |= ct_zone_handle_port_update(&ct_zones_data->ctx,
> - t_lport->pb->logical_port,
> - port_updated, &scan_start);
> + t_lport->pb, port_updated,
> + &scan_start);
> }
> }
>
> @@ -5154,6 +5168,9 @@ main(int argc, char *argv[])
> ct_zones_datapath_binding_handler);
> engine_add_input(&en_ct_zones, &en_runtime_data,
> ct_zones_runtime_data_handler);
> + /* The CT node just needs the index for port bindings by name. The data
> + * for ports are processed in the runtime handler. */
> + engine_add_input(&en_ct_zones, &en_sb_port_binding, engine_noop_handler);
>
> engine_add_input(&en_ovs_interface_shadow, &en_ovs_interface,
> ovs_interface_shadow_ovs_interface_handler);
> @@ -5558,7 +5575,7 @@ main(int argc, char *argv[])
> if (ct_zones_data) {
> stopwatch_start(CT_ZONE_COMMIT_STOPWATCH_NAME,
> time_msec());
> - ct_zones_commit(br_int,
> + ct_zones_commit(br_int, br_int_dp, ovs_idl_txn,
> &ct_zones_data->ctx.pending);
> stopwatch_stop(CT_ZONE_COMMIT_STOPWATCH_NAME,
> time_msec());
> diff --git a/lib/ovn-util.c b/lib/ovn-util.c
> index 58e941193..1ad347419 100644
> --- a/lib/ovn-util.c
> +++ b/lib/ovn-util.c
> @@ -816,6 +816,23 @@ str_tolower(const char *orig)
> return copy;
> }
>
> +/* This is a wrapper function which get the value associated with 'key' in
> + * 'smap' and converts it to a long long. If 'key' is not in 'smap' or a
> + * valid unsigned integer can't be parsed from its value, returns 'def'.
> + */
> +long long
> +ovn_smap_get_llong(const struct smap *smap, const char *key, long long def)
> +{
> + const char *value = smap_get(smap, key);
> + long long ll_value;
> +
> + if (!value || !str_to_llong(value, 10, &ll_value)) {
> + return def;
> + }
> +
> + return ll_value;
> +}
> +
> /* For a 'key' of the form "IP:port" or just "IP", sets 'port',
> * 'ip_address' and 'ip' ('struct in6_addr' IPv6 or IPv4 mapped address).
> * The caller must free() the memory allocated for 'ip_address'.
> diff --git a/lib/ovn-util.h b/lib/ovn-util.h
> index f75b821b6..ae971ce5a 100644
> --- a/lib/ovn-util.h
> +++ b/lib/ovn-util.h
> @@ -211,6 +211,9 @@ char *normalize_v46_prefix(const struct in6_addr *prefix,
> unsigned int plen);
> */
> char *str_tolower(const char *orig);
>
> +long long ovn_smap_get_llong(const struct smap *smap, const char *key,
> + long long def);
> +
> /* OVN daemon options. Taken from ovs/lib/daemon.h. */
> #define OVN_DAEMON_OPTION_ENUMS \
> OVN_OPT_DETACH, \
> diff --git a/northd/northd.c b/northd/northd.c
> index 7e474a7b8..7d3ad63a1 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -737,6 +737,14 @@ ovn_datapath_update_external_ids(struct ovn_datapath *od)
> smap_add(&ids, "name2", name2);
> }
>
> + int64_t ct_zone_limit = ovn_smap_get_llong(od->nbs ?
> + &od->nbs->other_config :
> + &od->nbr->options,
> + "ct-zone-limit", -1);
> + if (ct_zone_limit > 0) {
> + smap_add_format(&ids, "ct-zone-limit", "%"PRId64, ct_zone_limit);
> + }
> +
> /* Set interconn-ts. */
> if (od->nbs) {
> const char *ts = smap_get(&od->nbs->other_config, "interconn-ts");
> diff --git a/ovn-nb.xml b/ovn-nb.xml
> index b0f8d3687..53e697308 100644
> --- a/ovn-nb.xml
> +++ b/ovn-nb.xml
> @@ -721,6 +721,17 @@
> this timeout will be automatically removed. The value defaults
> to 0, which means disabled.
> </column>
> +
> + <column name="other_config" key="ct-zone-limit"
> + type='{"type": "integer", "minInteger": 0, "maxInteger":
> 4294967295}'>
> + CT zone <code>limit</code> value for given
> + <ref table="Logical_Switch"/>. This value will be propagated to all
> + <ref table="Logical_Switch_Port"/> when configured, but can be
> + overwritten individually per <ref table="Logical_Switch_Port"/>. The
> + value 0 means unlimited, when the option is not present the limit
> + is not set and the zone limit is derived from OvS default datapath
> + limit.
> + </column>
> </group>
>
> <group title="IP Multicast Snooping Options">
> @@ -1122,6 +1133,16 @@
> <code>false</code>.
> </column>
>
> + <column name="options" key="ct-zone-limit"
> + type='{"type": "integer", "minInteger": 0, "maxInteger":
> 4294967295}'>
> + CT zone <code>limit</code> value for given
> + <ref table="Logical_Switch_Port"/>. This value has priority over
> + limit specified on <ref table="Logical_Switch"/> when configured.
> + The value 0 means unlimited, when the option is not present the
> limit
> + is not set and the zone limit is derived from OvS default datapath
> + limit.
> + </column>
> +
> </group>
>
> <group title="Options for localnet ports">
> @@ -2785,6 +2806,14 @@ or
> </p>
>
> </column>
> +
> + <column name="options" key="ct-zone-limit"
> + type='{"type": "integer", "minInteger": 0, "maxInteger":
> 4294967295}'>
> + CT zone <code>limit</code> value for given
> + <ref table="Logical_Router"/>. The value 0 means unlimited, when the
> + option is not present the limit is not set and the zone limit is
> + derived from OvS default datapath limit.
> + </column>
> </group>
>
> <group title="Common Columns">
> diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
> index 2cb86dc98..0a20cbc09 100644
> --- a/tests/ovn-controller.at
> +++ b/tests/ovn-controller.at
> @@ -3127,3 +3127,102 @@ OVS_WAIT_UNTIL([grep -q 'tcp:127.0.0.1:1235:
> connected' hv1/ovn-controller.log])
>
> OVN_CLEANUP([hv1])
> AT_CLEANUP
> +
> +OVN_FOR_EACH_NORTHD([
> +AT_SETUP([ovn-controller - CT zone limit])
> +ovn_start
> +
> +net_add n1
> +sim_add hv1
> +as hv1
> +check ovs-vsctl add-br br-phys
> +ovn_attach n1 br-phys 192.168.0.1
> +
> +check ovn-appctl -t ovn-controller vlog/set dbg:ct_zone
> +
> +check ovs-vsctl add-port br-int lsp \
> + -- set Interface lsp external-ids:iface-id=lsp
> +
> +check ovn-nbctl lr-add lr
> +
> +check ovn-nbctl ls-add ls
> +check ovn-nbctl lsp-add ls ls-lr
> +check ovn-nbctl lsp-set-type ls-lr router
> +check ovn-nbctl lsp-set-addresses ls-lr router
> +check ovn-nbctl lrp-add lr lr-ls 00:00:00:00:00:01 10.0.0.1
> +
> +check ovn-nbctl lsp-add ls lsp
> +check ovn-nbctl lsp-set-addresses lsp "00:00:00:00:00:02 10.0.0.2"
> +
> +check ovn-nbctl lrp-add lr lrp-gw 01:00:00:00:00:01 172.16.0.1
> +check ovn-nbctl lrp-set-gateway-chassis lrp-gw hv1
> +
> +wait_for_ports_up
> +check ovn-nbctl --wait=hv sync
> +
> +get_zone_num() {
> + output=$1
> + name=$2
> +
> + printf "$output" | grep $name | cut -d ' ' -f 2
> +}
> +
> +check_ovs_ct_limit() {
> + zone=$1
> + limit=$2
> +
> + AT_CHECK_UNQUOTED([ovs-appctl dpctl/ct-get-limits zone=$zone | sed
> "s/count=.*/count=?/;s/default limit=.*/default limit=?/" | sort], [0], [dnl
> +default limit=?
> +zone=$zone,limit=$limit,count=?
> +])
> +}
> +
> +wait_ovs_ct_limit_count() {
> + count=$1
> +
> + OVS_WAIT_UNTIL([test $count -eq $(ovs-vsctl --no-headings --format=table
> list CT_Zone | wc -l)])
> +}
> +
> +ct_zones=$(ovn-appctl -t ovn-controller ct-zone-list)
> +lr_dnat=$(get_zone_num "$ct_zones" lr_dnat)
> +lr_snat=$(get_zone_num "$ct_zones" lr_snat)
> +
> +ls_dnat=$(get_zone_num "$ct_zones" ls_dnat)
> +ls_snat=$(get_zone_num "$ct_zones" ls_snat)
> +
> +lsp=$(get_zone_num "$ct_zones" lsp)
> +
> +wait_ovs_ct_limit_count 0
> +
> +check ovn-nbctl --wait=hv set Logical_Router lr options:ct-zone-limit=5
> +wait_ovs_ct_limit_count 2
> +check_ovs_ct_limit $lr_dnat 5
> +check_ovs_ct_limit $lr_snat 5
> +
> +check ovn-nbctl --wait=hv remove Logical_Router lr options ct-zone-limit
> +wait_ovs_ct_limit_count 0
> +
> +check ovn-nbctl --wait=hv set Logical_Switch ls other_config:ct-zone-limit=10
> +wait_ovs_ct_limit_count 3
> +check_ovs_ct_limit $ls_dnat 10
> +check_ovs_ct_limit $ls_snat 10
> +check_ovs_ct_limit $lsp 10
> +
> +check ovn-nbctl --wait=hv set Logical_Switch_Port lsp options:ct-zone-limit=5
> +wait_ovs_ct_limit_count 3
> +check_ovs_ct_limit $ls_dnat 10
> +check_ovs_ct_limit $ls_snat 10
> +check_ovs_ct_limit $lsp 5
> +
> +check ovn-nbctl --wait=hv remove Logical_Switch_Port lsp options
> ct-zone-limit
> +wait_ovs_ct_limit_count 3
> +check_ovs_ct_limit $ls_dnat 10
> +check_ovs_ct_limit $ls_snat 10
> +check_ovs_ct_limit $lsp 10
> +
> +check ovn-nbctl --wait=hv remove Logical_Switch ls other_config ct-zone-limit
> +wait_ovs_ct_limit_count 0
> +
> +OVN_CLEANUP([hv1])
> +AT_CLEANUP
> +])
Regards,
Dumitru
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
