Recently the patch [1] fixed the ingress pipeline for packets coming from HW VTEP switch within a stateful datapath. This patch assumes the [1] is reverted and applies more efficient "next(pipeline=ingress, table=S_SWITCH_IN_L2_LKUP);" action to skip unneeded stages for such packets.
1: https://github.com/ovn-org/ovn/commit/62ca8b9620cc1168ace6905575b7d36438363aed Signed-off-by: Vladislav Odintsov <odiv...@gmail.com> --- northd/northd.c | 9 ++++++++- northd/ovn-northd.8.xml | 9 +++++++++ northd/ovn_northd.dl | 16 +++++++++++++--- 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 4c1a2a382..2efc4bb1f 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -5480,7 +5480,14 @@ build_lswitch_input_port_sec_op( if (queue_id) { ds_put_format(actions, "set_queue(%s); ", queue_id); } - ds_put_cstr(actions, "next;"); + + if (!strcmp(op->nbsp->type, "vtep")) { + ds_put_format(actions, "next(pipeline=ingress, table=%d);", + S_SWITCH_IN_L2_LKUP); + } else { + ds_put_cstr(actions, "next;"); + } + ovn_lflow_add_with_lport_and_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, ds_cstr(match), ds_cstr(actions), op->key, &op->nbsp->header_); diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 00fb925f8..bd3c3aa26 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -262,6 +262,15 @@ logical ports on which port security is not enabled, these advance all packets that match the <code>inport</code>. </li> + <li> + For logical ports of type <code>vtep</code>, the above logical flow + will apply the action + <code>next(pipeline=ingress, table=S_SWITCH_IN_L2_LKUP) = 1;</code> + to skip most stages of ingress pipeline and go directly to ingress L2 + lookup table to determine the output port. Packets from VTEP (RAMP) + switch should not be subjected to any ACL checks. Egress pipeline will + do the ACL checks. + </li> </ul> <p> diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index ffa2e06db..530bb1e9d 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -3468,9 +3468,19 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name, .ps_eth_addresses } else { i"inport == ${json_name} && eth.src == {${ps_eth_addresses.join(\" \")}}" } in - var actions = match (pbinding.options.get(i"qdisc_queue_id")) { - None -> i"next;", - Some{id} -> i"set_queue(${id}); next;" + + var actions = { + var queue = match (pbinding.options.get(i"qdisc_queue_id")) { + None -> i"next;", + Some{id} -> i"set_queue(${id}); " + }; + var ramp = if (lsp.__type == i"vtep") { + i"next(pipeline=ingress, table=${s_SWITCH_IN_L2_LKUP()});" + } else { + i"next;" + } in + }; + i"${queue}${ramp}" } in Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_L2(), -- 2.30.0 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
