Hello, my OVN gurus! I've been looking at ACLs with logging. Using Meters is a great way to keep the ovn-controllers from getting overwhelmed with ACL log events. Since multiple ACL rows with logging enabled can refer to the same Meter, I ran a little experiment to better understand how that behaves [1].
My findings were not ideal. A 'noisy' ACL match can consume all the events allowed by the meter, shadowing logs for other ACL(s) that also use the same meter. The thought of maintaining a meter row per ACL at the NB side seems like overkill. A much better approach would be to leverage northd to take care of this on behalf of the ACL. Following the same line of thought that Dumitru/Numan had when splitting the SB port group per datapath [2], I would like to pursue a change where a single meter on the NB may represent multiple meters at the SB side. In summary, I would love to hear your opinion on this. I can't imagine a case where ACLs sharing the same meter would benefit from getting smothered by a noisy neighbor. But maybe I'm not being creative enough. ;) Adding a boolean in the ACL to explicitly say "protect my log events from other users of the same Meter" would allow for both cases and that is what I'm thinking of [3] at the moment. What do you think? Thanks, -- flaviof [1]: https://github.com/flavio-fernandes/ovsdbapp_playground/blob/acl_meter_issue/scripts/acl_meter.sh [2]: https://github.com/ovn-org/ovn/commit/0db5cbf65283fb41a7d28e5d0ad2f8ac14725d73 [3]: https://github.com/flavio-fernandes/ovn/commit/f265b01fcb7866bdc697eccc151b7dedebd0085b
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
