New tables:
Network_Function: Each row contains {inport, outport, health_check}
Network_Function_Group: Each row contains a list of Network_Function entities
and a unique id (between 1 and 255).
Min and max length of this list is 1.
Northd sets a reference to the current active NF.
The mode field is for future extension when we want
to support both inline and mirror modes. Currently
only inline is supported.
Network_Function_Health_Check: Each row contains configuration for probes in
options field:
{interval, timeout, success_count, failure_count}
Modified table:
ACL: The ACL entity would have a new optional field that is a reference to a
Network_Function_Group entity. Only accepted for stateful allow ACLs.
Signed-off-by: Sragdhara Datta Chaudhuri <[email protected]>
Acked-by: Naveen Yerramneni <[email protected]>
Acked-by: Numan Siddique <[email protected]>
---
ovn-nb.ovsschema | 67 ++++++++++++++++++++++-
ovn-nb.xml | 137 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 202 insertions(+), 2 deletions(-)
diff --git a/ovn-nb.ovsschema b/ovn-nb.ovsschema
index f55930a2e..1d04e0e37 100644
--- a/ovn-nb.ovsschema
+++ b/ovn-nb.ovsschema
@@ -1,7 +1,7 @@
{
"name": "OVN_Northbound",
- "version": "7.12.0",
- "cksum": "2749576410 39903",
+ "version": "7.13.0",
+ "cksum": "489138816 43149",
"tables": {
"NB_Global": {
"columns": {
@@ -184,6 +184,64 @@
"min": 0, "max": "unlimited"}}},
"indexes": [["name"]],
"isRoot": false},
+ "Network_Function_Health_Check": {
+ "columns": {
+ "name": {"type": "string"},
+ "options": {
+ "type": {"key": "string",
+ "value": "string",
+ "min": 0,
+ "max": "unlimited"}},
+ "external_ids": {
+ "type": {"key": "string", "value": "string",
+ "min": 0, "max": "unlimited"}}},
+ "indexes": [["name"]],
+ "isRoot": false},
+ "Network_Function": {
+ "columns": {
+ "name": {"type": "string"},
+ "outport": {"type": {"key": {"type": "uuid",
+ "refTable": "Logical_Switch_Port",
+ "refType": "strong"},
+ "min": 1, "max": 1}},
+ "inport": {"type": {"key": {"type": "uuid",
+ "refTable": "Logical_Switch_Port",
+ "refType": "strong"},
+ "min": 1, "max": 1}},
+ "health_check": {"type": {
+ "key": {"type": "uuid",
+ "refTable": "Network_Function_Health_Check",
+ "refType": "strong"},
+ "min": 0, "max": 1}},
+ "external_ids": {
+ "type": {"key": "string", "value": "string",
+ "min": 0, "max": "unlimited"}}},
+ "indexes": [["name"]],
+ "isRoot": true},
+ "Network_Function_Group": {
+ "columns": {
+ "name": {"type": "string"},
+ "network_function": {"type":
+ {"key": {"type": "uuid",
+ "refTable": "Network_Function",
+ "refType": "strong"},
+ "min": 0, "max": "unlimited"}},
+ "network_function_active": {"type":
+ {"key": {"type": "uuid",
+ "refTable": "Network_Function",
+ "refType": "strong"},
+ "min": 0, "max": 1}},
+ "mode": {"type": {"key": {"type": "string",
+ "enum": ["set", ["inline"]]}}},
+ "id": {
+ "type": {"key": {"type": "integer",
+ "minInteger": 1,
+ "maxInteger": 255}}},
+ "external_ids": {
+ "type": {"key": "string", "value": "string",
+ "min": 0, "max": "unlimited"}}},
+ "indexes": [["name"], ["id"]],
+ "isRoot": true},
"Forwarding_Group": {
"columns": {
"name": {"type": "string"},
@@ -297,6 +355,11 @@
["allow", "allow-related",
"allow-stateless", "drop",
"reject", "pass"]]}}},
+ "network_function_group": {
+ "type": {"key": {"type": "uuid",
+ "refTable": "Network_Function_Group",
+ "refType": "strong"},
+ "min": 0, "max": 1}},
"log": {"type": "boolean"},
"severity": {"type": {"key": {"type": "string",
"enum": ["set",
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 1f5c58490..246b6155d 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -2716,6 +2716,13 @@ or
</p>
</column>
+ <column name="network_function_group">
+ <p>
+ Group of network functions to which the traffic matching this ACL
+ is redirected.
+ </p>
+ </column>
+
<group title="options">
<p>
ACLs options.
@@ -6051,4 +6058,134 @@ or
</column>
</group>
</table>
+
+ <table name="Network_Function_Group"
+ title="network function group">
+ <p>
+ Each row contains a list of <ref table="Network_Function"/>. Traffic
+ redirection is achieved by referencing a
+ <code>Network_Function_Group</code> from an <ref table="ACL"/>. Health
+ monitoring of each <code>Network_Function</code> is performed based on
+ parameters defined in <ref table="Network_Function_Health_Check"/>.
+ Traffic matching the ACL is redirected to one of the active
+ <code>Network_Functions</code>. If all are detected as down, traffic is
+ redirected to one of the <code>Network_Functions</code> regardless of
+ status.
+ </p>
+
+ <column name="name">
+ Name of the <ref table="Network_Function_Group"/>. Name should be unique.
+ </column>
+
+ <column name="id">
+ A unique integer between 1 and 255 must be assigned to each
+ <code>Network_Function_Group</code>.
+ </column>
+
+ <column name="network_function">
+ A list of network functions which belong to this group.
+ </column>
+
+ <column name="network_function_active">
+ Current active Network_Function. This column is populated by northd
+ based on health monitoring status.
+ </column>
+
+ <column name="mode">
+ Traffic forwarding mode, with default and only value as "inline". The
+ "inline" mode means that the network function is directly in the path
+ of traffic, with traffic being redirected through it.
+ </column>
+
+ <group title="Common Columns">
+ <column name="external_ids">
+ See <em>External IDs</em> at the beginning of this document.
+ </column>
+ </group>
+ </table>
+
+ <table name="Network_Function" title="network function">
+ <p>
+ Each row represents one network function entity. This contains a pair
+ of logical_switch_ports. Traffic that matches the ACL is redirected to
+ <code>inport</code> for from-lport ACLs and to <code>outport</code>
+ for to-lport ACLs. Once the traffic is received on the other port, it
+ continues through the standard OVN pipeline.
+ Response traffic follows the reverse path: it is redirected to the
+ <code>outport</code> for from-lport ACLs and to the <code>inport</code>
+ for to-lport ACLs. Once the traffic is received on the other port, it is
+ processed by the regular OVN pipeline.
+
+ <code>NOTE</code>:
+ 1. The Network Function MUST NOT modify the packet headers.
+ 2. The Network Function is not supported when used in conjunction with
+ Load Balancer.
+ </p>
+
+ <column name="name">
+ Name of the <ref table="Network_Function"/>. Name should be unique.
+ </column>
+
+ <column name="inport">
+ <ref table="Logical_Switch_Port"/> where request traffic for from-lport
+ ACL and response traffic for to-lport ACL is redirected.
+ </column>
+
+ <column name="outport">
+ <ref table="Logical_Switch_Port"/> where request traffic for to-lport ACL
+ and response traffic for from-lport ACL is redirected.
+ </column>
+
+ <column name="health_check">
+ <ref table="Network_Function_Health_Check"/> associated with this network
+ function.
+ </column>
+
+ <group title="Common Columns">
+ <column name="external_ids">
+ See <em>External IDs</em> at the beginning of this document.
+ </column>
+ </group>
+ </table>
+
+ <table name="Network_Function_Health_Check"
+ title="network function health check">
+ <p>
+ Each row represents one network function health check.
+ </p>
+
+ <column name="name">
+ Name of the <ref table="Network_Function_Health_Check"/>.
+ Name should be unique.
+ </column>
+
+
+ <group title="Health check options">
+ <column name="options" key="interval" type='{"type": "integer"}'>
+ The interval, in seconds, between health checks. Default: 5s.
+ </column>
+
+ <column name="options" key="timeout" type='{"type": "integer"}'>
+ The time, in seconds, after which a health check times out.
+ Default: 3s.
+ </column>
+
+ <column name="options" key="success_count" type='{"type": "integer"}'>
+ The number of successful checks after which the Network_Function is
+ considered online. Default: 1.
+ </column>
+
+ <column name="options" key="failure_count" type='{"type": "integer"}'>
+ The number of failure checks after which the Network_Function is
+ considered offline. Default: 1.
+ </column>
+ </group>
+
+ <group title="Common Columns">
+ <column name="external_ids">
+ See <em>External IDs</em> at the beginning of this document.
+ </column>
+ </group>
+ </table>
+
</database>
--
2.39.3
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
