[ovs-dev] [PATCH V2] ovn-controller: Reduce the number of flows by use conjunction action
Wei Li
liw at dtdream.com
Tue Feb 6 03:14:09 UTC 2018
在 2018/2/6 0:41, Numan Siddique 写道:
>
>
> On Mon, Feb 5, 2018 at 3:21 PM, Numan Siddique <nusiddiq at redhat.com
> <mailto:nusiddiq at redhat.com>> wrote:
>
>
>
> On Feb 5, 2018 12:32 PM, "Wei Li" <liw at dtdream.com
> <mailto:liw at dtdream.com>> wrote:
>
> your patch is better, pls ignore my patch, it has some bugs.
>
> and I have a question, have you considered that situasion:
>
> and(or(and(or))), it have 'or' in 2 level.
>
>
> Can you please give an example for this use case - like an acl rule.
> I will try it out.
>
>
> I tested with this expression [1] and the present RFC patch doesn't
> handle it. But I am fairly confident it can be handled.
>
> [1]-
> 'ip4 && ip4.src == {10.0.0.4, 10.0.0.5, 10.0.0.6} && ((ip4.dst ==
> {20.0.0.4, 20.0.0.7, 20.0.0.8} && tcp.dst >= 1000 && tcp.dst <= 2000
> && tcp.src >=1000 && tcp.src <= 2000) || ip4.dst == 20.0.0.5 ||
> ip4.dst == 20.0.0.6) '
Maybe we need a recursive processing in 'expr_eval_conj' to create a
expression like 'EXPR_T_CONJ(EXPR_T_CONJ(.....))'.
>
> Thanks
> Numan
>
> Thanks
> Numan
>
>
> I do not know how to deal with the conjunction of 'or' in level 2.
>
> 在 2018/2/3 18:12, Numan Siddique 写道:
>>
>>
>> On Sat, Feb 3, 2018 at 4:37 AM, Ben Pfaff <blp at ovn.org
>> <mailto:blp at ovn.org>> wrote:
>>
>> On Wed, Oct 18, 2017 at 10:39:12AM +0800, wei wrote:
>> > This patch convert ovn-sb lflow match expr "(1 or 2)
>> and (3 or 4)" to
>> > match 1 aciton connjunction(1, 1/2)
>> > match 2 aciton connjunction(1, 1/2)
>> > match 3 aciton connjunction(1, 2/2)
>> > match 4 aciton connjunction(1, 2/2)
>> > match conj_id=1, action=XXX
>> >
>> > NOT support nested conjunction, only use conjunction
>> action in situation "or in level 0"
>> > Like (1 or 2) and (3 or ((4 or 5) and (6 or 7))), (4 or
>> 5) and (6 or 7) will not be converted conjunction action,
>> > We could call this situation as "or in level 1", in
>> this situation (4 or 5) and (6 or 7) will be crossproduct,
>> > so (1 or 2) and (3 or ((4 or 5) and (6 or 7))) -> (1 or
>> 2) and (3 or (4 and 6) or (4 and 7) or (5 and 6) or (5
>> and 7))
>> >
>> > In openstack, security group rule will match remote
>> security group and tcp port, like
>> > match=(ip4.src ==
>> $as_ip4_6a8f4283_ba60_4d1c_9dec_28d027eadef2 && tcp.dst
>> >= 10000 && tcp.dst <= 20000))
>> >
>> > Use this patch, the number of flows will be
>> significantly reduced
>> >
>> > Signed-off-by: wei <liw at dtdream.com
>> <mailto:liw at dtdream.com>>
>>
>> I'm awfully sorry that I took far too long to review
>> this. Somehow I
>> missed it, even though it is a really important topic.
>>
>> This patch causes numerous test failures:
>>
>> 2316: ovn -- 4-term mixed expression normalization FAILED
>> (ovn.at:483 <http://ovn.at:483>)
>> 2321: ovn -- 4-term string expressions to flows FAILED
>> (ovn.at:515 <http://ovn.at:515>)
>> 2320: ovn -- 4-term numeric expressions to flows FAILED
>> (ovn.at:508 <http://ovn.at:508>)
>> 2314: ovn -- 4-term numeric expression normalization
>> FAILED (ovn.at:471 <http://ovn.at:471>)
>> 2322: ovn -- 4-term mixed expressions to flows FAILED
>> (ovn.at:522 <http://ovn.at:522>)
>> 2315: ovn -- 4-term string expression normalization
>> FAILED (ovn.at:477 <http://ovn.at:477>)
>> 2318: ovn -- 5-term string expression normalization
>> FAILED (ovn.at:495 <http://ovn.at:495>)
>> 2319: ovn -- 5-term mixed expression normalization FAILED
>> (ovn.at:501 <http://ovn.at:501>)
>> 2324: ovn -- converting expressions to flows -- string
>> fields FAILED (ovn.at:560 <http://ovn.at:560>)
>> 2317: ovn -- 5-term numeric expression normalization
>> FAILED (ovn.at:489 <http://ovn.at:489>)
>> 2358: ovn -- ACL logging FAILED
>> (ovn.at:5955 <http://ovn.at:5955>)
>>
>> which all take the following form:
>>
>> # -*- compilation -*-
>> 2314. ovn.at:470 <http://ovn.at:470>: testing ovn --
>> 4-term numeric expression normalization ...
>> ../../tests/ovn.at:471 <http://ovn.at:471>: ovstest
>> test-ovn exhaustive --operation=normalize --nvars=3
>> --svars=0 --bits=1 4
>> --- /dev/null 2017-07-26 15:46:07.674034656 -0700
>> +++
>> /home/blp/nicira/ovs/_build/tests/testsuite.dir/at-groups/2314/stderr
>> 2018-02-02 15:05:06.998858676 -0800
>> @@ -0,0 +1,2 @@
>> +test-ovn: ../tests/test-ovn.c:874: assertion
>> expr_is_normalized(modified) failed in
>> test_tree_shape_exhaustively()
>> +/home/blp/nicira/ovs/_build/tests/testsuite.dir/at-groups/2314/test-source:
>> line 27: 18216 Aborted (core dumped) ovstest
>> test-ovn exhaustive --operation=normalize --nvars=3
>> --svars=0 --bits=1 4
>> --- - 2018-02-02 15:05:07.018262584 -0800
>> +++
>> /home/blp/nicira/ovs/_build/tests/testsuite.dir/at-groups/2314/stdout
>> 2018-02-02 15:05:07.002858553 -0800
>> @@ -1,2 +1 @@
>> -Tested normalizing 1874026 expressions of 4
>> terminals with 3 numeric vars (each 1 bits) in terms of
>> operators == != < <= > >=.
>>
>> ../../tests/ovn.at:471 <http://ovn.at:471>: exit code
>> was 134, expected 0
>> 2314. ovn.at:470 <http://ovn.at:470>: 2314. ovn --
>> 4-term numeric expression normalization (ovn.at:470
>> <http://ovn.at:470>): FAILED (ovn.at:471 <http://ovn.at:471>)
>>
>> There is another patch that purports to improve the same
>> thing:
>> https://patchwork.ozlabs.org/patch/868639/
>> <https://patchwork.ozlabs.org/patch/868639/>
>> I'm going to look at that one soon, too.
>>
>>
>> Oops. I missed this patch completely. Else I would have tried
>> this first before working myself on this feature.
>>
>> Thanks
>> Numan
>>
>> _______________________________________________
>> dev mailing list
>> dev at openvswitch.org <mailto:dev at openvswitch.org>
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>> <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>
>>
>>
>
>
>
More information about the dev
mailing list