Using meters is a great way to keep the ovn-controllers from getting overwhelmed with ACL log events. Since multiple ACL rows with logging enabled can refer to the same meter name, I ran a little experiment to better understand how that behaves [1].
>From that experiment, we see that a 'noisy' ACL match could consume all the events allowed by the meter, shadowing logs for other ACLs that also use the same meter. The thought of maintaining a meter row per ACL at the NB side is a solution, but it could easily become a management burden for the CMS. A much better approach would be to leverage northd to take care of this on behalf of the ACLs. As northd populates SB meter table from NB meter table, a new logic checks if the meter is configured as 'fair'. Such config is kept as a new column in the Meter table. Fair meters result in additional rows in the SB that have the same attributes of the original (aka template) meter except for its name has the ACL UUID appended to it. Last but not least, northd takes care of using the corresponding meter name as the logical flow action for the logging of the ACL. This change can be tracked in the following github clone/branch: https://github.com/flavio-fernandes/ovn/commits/acl-meters.v4.merge [1]: https://github.com/flavio-fernandes/ovsdbapp_playground/blob/acl_meter_issue/scripts/acl_meter.sh Flavio Fernandes (2): northd: Fair ACL log meters. ddlog for ACL log meters. NEWS | 2 + northd/ovn-northd.c | 184 +++++++++++++++++++-------- northd/ovn_northd.dl | 281 ++++++++++++++++++++++++------------------ ovn-nb.ovsschema | 5 +- ovn-nb.xml | 16 ++- tests/ovn-nbctl.at | 6 +- tests/ovn-northd.at | 99 +++++++++++++++ utilities/ovn-nbctl.c | 16 ++- 8 files changed, 429 insertions(+), 180 deletions(-) -- 2.18.4 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
