[ovs-dev] implementation details on megaflows ?

Jesse Gross jesse at nicira.com
Thu Oct 10 21:16:52 UTC 2013


On Thu, Oct 10, 2013 at 7:21 AM, Jarno Rajahalme <jrajahalme at nicira.com> wrote:
>
>> On Oct 9, 2013, at 6:32 PM, Luigi Rizzo <rizzo at iet.unipi.it> wrote:
>>
>>> On Wed, Oct 09, 2013 at 06:22:25PM -0700, Reid Price wrote:
>>> Hi Luigi,
>>>
>>> At some level it is a logical error to create flows that:
>>> - have the same priority
>>> - have overlapping match criteria
>>> - have different actions
>>>
>>> You are already in trouble if you have
>>>
>>>  priority=100, nw_src=1.2.3.0/24,actions=1
>>>  priority=100, nw_dst=5.6.7.0/24,actions=2
>>
>> Sorry if i was unclear, i am not too familiar with ovs syntax.
>>
>> In the example i meant that the four entries should be analysed in
>> order of appeareance (similar to what happens e.g. in ipfw)
>> so that the first match wins. Does it translate to have to use
>> different priorities ? So then, does the priority field
>> also affect the creation and ordering of hash tables ?
>> That would explain things
>>
>
> The match order is determined with priorities rather than the order of the flow entries. When a match is found, all other entries with same or lower priority are ignored. This has the corresponding effect on the kernel masks, as you suspected.

This is true but I think somewhat misleading.

There is no concept of priority or mask ordering at the kernel level.
All flows that are installed must be non-overlapping, which means that
ordering matters only for performance and not correctness as there is
only a single valid match.

The flows that userspace installs are not exactly the same as those
given by the user, rather they are expanded to include all fields that
could possibly have an effect, which in this case is both nw_src and
nw_dst with the values dynamically populated based on traffic. The
hash tables are then generated based on the unique sets of wildcards
in those flows. You can see this for yourself if you set up OVS with
your flows, send some traffic through it and then run ovs-appctl
dpif/dump-flows



More information about the dev mailing list