[ovs-dev] [PATCH V2] ovn-controller: Reduce the number of flows by use conjunction action

Numan Siddique nusiddiq at redhat.com
Mon Feb 5 16:41:40 UTC 2018


On Mon, Feb 5, 2018 at 3:21 PM, Numan Siddique <nusiddiq at redhat.com> wrote:

>
>
> On Feb 5, 2018 12:32 PM, "Wei Li" <liw at dtdream.com> wrote:
>
> your patch is better, pls ignore my patch, it has some bugs.
>
> and I have a question, have you considered that situasion:
>
> and(or(and(or))), it have 'or' in 2 level.
>
>
>
Can you please give an example for this use case - like an acl rule.
> I will try it out.
>
>
I tested with this expression [1] and the present RFC patch doesn't handle
it. But I am fairly confident it can be handled.

[1]-
'ip4 && ip4.src == {10.0.0.4, 10.0.0.5, 10.0.0.6} && ((ip4.dst ==
{20.0.0.4, 20.0.0.7, 20.0.0.8} && tcp.dst >= 1000 && tcp.dst <= 2000 &&
tcp.src >=1000 && tcp.src <= 2000) || ip4.dst == 20.0.0.5 || ip4.dst ==
20.0.0.6) '

Thanks
Numan


> Thanks
> Numan
>
>
> I do not know how to deal with the conjunction of 'or' in level 2.
> 在 2018/2/3 18:12, Numan Siddique 写道:
>
>
>
> On Sat, Feb 3, 2018 at 4:37 AM, Ben Pfaff <blp at ovn.org> wrote:
>
>> On Wed, Oct 18, 2017 at 10:39:12AM +0800, wei wrote:
>> > This patch convert ovn-sb lflow match expr "(1 or 2) and (3 or 4)" to
>> > match 1 aciton connjunction(1, 1/2)
>> > match 2 aciton connjunction(1, 1/2)
>> > match 3 aciton connjunction(1, 2/2)
>> > match 4 aciton connjunction(1, 2/2)
>> > match conj_id=1, action=XXX
>> >
>> > NOT support nested conjunction, only use conjunction action in
>> situation "or in level 0"
>> > Like (1 or 2) and (3 or ((4 or 5) and (6 or 7))), (4 or 5) and (6 or 7)
>> will not be converted conjunction action,
>> > We could call this situation as "or in level 1", in this situation (4
>> or 5) and (6 or 7) will be crossproduct,
>> > so (1 or 2) and (3 or ((4 or 5) and (6 or 7))) -> (1 or 2) and (3 or (4
>> and 6) or (4 and 7) or (5 and 6) or (5 and 7))
>> >
>> > In openstack, security group rule will match remote security group and
>> tcp port, like
>> > match=(ip4.src == $as_ip4_6a8f4283_ba60_4d1c_9dec_28d027eadef2 &&
>> tcp.dst >= 10000 && tcp.dst <= 20000))
>> >
>> > Use this patch, the number of flows will be significantly reduced
>> >
>> > Signed-off-by: wei <liw at dtdream.com>
>>
>> I'm awfully sorry that I took far too long to review this.  Somehow I
>> missed it, even though it is a really important topic.
>>
>> This patch causes numerous test failures:
>>
>> 2316: ovn -- 4-term mixed expression normalization    FAILED (ovn.at:483)
>> 2321: ovn -- 4-term string expressions to flows       FAILED (ovn.at:515)
>> 2320: ovn -- 4-term numeric expressions to flows      FAILED (ovn.at:508)
>> 2314: ovn -- 4-term numeric expression normalization  FAILED (ovn.at:471)
>> 2322: ovn -- 4-term mixed expressions to flows        FAILED (ovn.at:522)
>> 2315: ovn -- 4-term string expression normalization   FAILED (ovn.at:477)
>> 2318: ovn -- 5-term string expression normalization   FAILED (ovn.at:495)
>> 2319: ovn -- 5-term mixed expression normalization    FAILED (ovn.at:501)
>> 2324: ovn -- converting expressions to flows -- string fields FAILED (
>> ovn.at:560)
>> 2317: ovn -- 5-term numeric expression normalization  FAILED (ovn.at:489)
>> 2358: ovn -- ACL logging                              FAILED (ovn.at:5955
>> )
>>
>> which all take the following form:
>>
>>     #                             -*- compilation -*-
>>     2314. ovn.at:470: testing ovn -- 4-term numeric expression
>> normalization ...
>>     ../../tests/ovn.at:471: ovstest test-ovn exhaustive
>> --operation=normalize --nvars=3 --svars=0 --bits=1 4
>>     --- /dev/null   2017-07-26 15:46:07.674034656 -0700
>>     +++ /home/blp/nicira/ovs/_build/tests/testsuite.dir/at-groups/2314/stderr
>>      2018-02-02 15:05:06.998858676 -0800
>>     @@ -0,0 +1,2 @@
>>     +test-ovn: ../tests/test-ovn.c:874: assertion
>> expr_is_normalized(modified) failed in test_tree_shape_exhaustively()
>>     +/home/blp/nicira/ovs/_build/tests/testsuite.dir/at-groups/2314/test-source:
>> line 27: 18216 Aborted                 (core dumped) ovstest test-ovn
>> exhaustive --operation=normalize --nvars=3 --svars=0 --bits=1 4
>>     --- -   2018-02-02 15:05:07.018262584 -0800
>>     +++ /home/blp/nicira/ovs/_build/tests/testsuite.dir/at-groups/2314/stdout
>>      2018-02-02 15:05:07.002858553 -0800
>>     @@ -1,2 +1 @@
>>     -Tested normalizing 1874026 expressions of 4 terminals with 3 numeric
>> vars (each 1 bits) in terms of operators == != < <= > >=.
>>
>>     ../../tests/ovn.at:471: exit code was 134, expected 0
>>     2314. ovn.at:470: 2314. ovn -- 4-term numeric expression
>> normalization (ovn.at:470): FAILED (ovn.at:471)
>>
>> There is another patch that purports to improve the same thing:
>> https://patchwork.ozlabs.org/patch/868639/
>> I'm going to look at that one soon, too.
>>
>
> Oops. I missed this patch completely. Else I would have tried this first
> before working myself on this feature.
>
> Thanks
> Numan
>
>
>
>> _______________________________________________
>> dev mailing list
>> dev at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>
>
>
>
>


More information about the dev mailing list