[ovs-dev] [PATCH V2] ovn-controller: Reduce the number of flows by use conjunction action

Wei Li liw at dtdream.com
Tue Feb 6 03:14:09 UTC 2018



在 2018/2/6 0:41, Numan Siddique 写道:
>
>
> On Mon, Feb 5, 2018 at 3:21 PM, Numan Siddique <nusiddiq at redhat.com 
> <mailto:nusiddiq at redhat.com>> wrote:
>
>
>
>     On Feb 5, 2018 12:32 PM, "Wei Li" <liw at dtdream.com
>     <mailto:liw at dtdream.com>> wrote:
>
>         your patch is better, pls ignore my patch, it has some bugs.
>
>         and I have a question, have you considered that situasion:
>
>         and(or(and(or))), it have 'or' in 2 level.
>
>
>     Can you please give an example for this use case - like an acl rule.
>     I will try it out.
>
>
> I tested with this expression [1] and the present RFC patch doesn't 
> handle it. But I am fairly confident it can be handled.
>
> [1]-
> 'ip4 && ip4.src == {10.0.0.4, 10.0.0.5, 10.0.0.6} && ((ip4.dst == 
> {20.0.0.4, 20.0.0.7, 20.0.0.8} && tcp.dst >= 1000 && tcp.dst <= 2000 
> && tcp.src >=1000 && tcp.src <= 2000) || ip4.dst == 20.0.0.5 || 
> ip4.dst == 20.0.0.6) '

Maybe we need a recursive processing in 'expr_eval_conj' to create a 
expression like 'EXPR_T_CONJ(EXPR_T_CONJ(.....))'.
>
> Thanks
> Numan
>
>     Thanks
>     Numan
>
>
>         I do not know how to deal with the conjunction of 'or' in level 2.
>
>         在 2018/2/3 18:12, Numan Siddique 写道:
>>
>>
>>         On Sat, Feb 3, 2018 at 4:37 AM, Ben Pfaff <blp at ovn.org
>>         <mailto:blp at ovn.org>> wrote:
>>
>>             On Wed, Oct 18, 2017 at 10:39:12AM +0800, wei wrote:
>>             > This patch convert ovn-sb lflow match expr "(1 or 2)
>>             and (3 or 4)" to
>>             > match 1 aciton connjunction(1, 1/2)
>>             > match 2 aciton connjunction(1, 1/2)
>>             > match 3 aciton connjunction(1, 2/2)
>>             > match 4 aciton connjunction(1, 2/2)
>>             > match conj_id=1, action=XXX
>>             >
>>             > NOT support nested conjunction, only use conjunction
>>             action in situation "or in level 0"
>>             > Like (1 or 2) and (3 or ((4 or 5) and (6 or 7))), (4 or
>>             5) and (6 or 7) will not be converted conjunction action,
>>             > We could call this situation as "or in level 1", in
>>             this situation (4 or 5) and (6 or 7) will be crossproduct,
>>             > so (1 or 2) and (3 or ((4 or 5) and (6 or 7))) -> (1 or
>>             2) and (3 or (4 and 6) or (4 and 7) or (5 and 6) or (5
>>             and 7))
>>             >
>>             > In openstack, security group rule will match remote
>>             security group and tcp port, like
>>             > match=(ip4.src ==
>>             $as_ip4_6a8f4283_ba60_4d1c_9dec_28d027eadef2 && tcp.dst
>>             >= 10000 && tcp.dst <= 20000))
>>             >
>>             > Use this patch, the number of flows will be
>>             significantly reduced
>>             >
>>             > Signed-off-by: wei <liw at dtdream.com
>>             <mailto:liw at dtdream.com>>
>>
>>             I'm awfully sorry that I took far too long to review
>>             this.  Somehow I
>>             missed it, even though it is a really important topic.
>>
>>             This patch causes numerous test failures:
>>
>>             2316: ovn -- 4-term mixed expression normalization FAILED
>>             (ovn.at:483 <http://ovn.at:483>)
>>             2321: ovn -- 4-term string expressions to flows  FAILED
>>             (ovn.at:515 <http://ovn.at:515>)
>>             2320: ovn -- 4-term numeric expressions to flows FAILED
>>             (ovn.at:508 <http://ovn.at:508>)
>>             2314: ovn -- 4-term numeric expression normalization
>>             FAILED (ovn.at:471 <http://ovn.at:471>)
>>             2322: ovn -- 4-term mixed expressions to flows FAILED
>>             (ovn.at:522 <http://ovn.at:522>)
>>             2315: ovn -- 4-term string expression normalization
>>              FAILED (ovn.at:477 <http://ovn.at:477>)
>>             2318: ovn -- 5-term string expression normalization
>>              FAILED (ovn.at:495 <http://ovn.at:495>)
>>             2319: ovn -- 5-term mixed expression normalization FAILED
>>             (ovn.at:501 <http://ovn.at:501>)
>>             2324: ovn -- converting expressions to flows -- string
>>             fields FAILED (ovn.at:560 <http://ovn.at:560>)
>>             2317: ovn -- 5-term numeric expression normalization
>>             FAILED (ovn.at:489 <http://ovn.at:489>)
>>             2358: ovn -- ACL logging                         FAILED
>>             (ovn.at:5955 <http://ovn.at:5955>)
>>
>>             which all take the following form:
>>
>>                 #    -*- compilation -*-
>>                 2314. ovn.at:470 <http://ovn.at:470>: testing ovn --
>>             4-term numeric expression normalization ...
>>                 ../../tests/ovn.at:471 <http://ovn.at:471>: ovstest
>>             test-ovn exhaustive --operation=normalize --nvars=3
>>             --svars=0 --bits=1 4
>>                 --- /dev/null   2017-07-26 15:46:07.674034656 -0700
>>                 +++
>>             /home/blp/nicira/ovs/_build/tests/testsuite.dir/at-groups/2314/stderr
>>                  2018-02-02 15:05:06.998858676 -0800
>>                 @@ -0,0 +1,2 @@
>>                 +test-ovn: ../tests/test-ovn.c:874: assertion
>>             expr_is_normalized(modified) failed in
>>             test_tree_shape_exhaustively()
>>             +/home/blp/nicira/ovs/_build/tests/testsuite.dir/at-groups/2314/test-source:
>>             line 27: 18216 Aborted          (core dumped) ovstest
>>             test-ovn exhaustive --operation=normalize --nvars=3
>>             --svars=0 --bits=1 4
>>                 --- -   2018-02-02 15:05:07.018262584 -0800
>>                 +++
>>             /home/blp/nicira/ovs/_build/tests/testsuite.dir/at-groups/2314/stdout
>>                  2018-02-02 15:05:07.002858553 -0800
>>                 @@ -1,2 +1 @@
>>                 -Tested normalizing 1874026 expressions of 4
>>             terminals with 3 numeric vars (each 1 bits) in terms of
>>             operators == != < <= > >=.
>>
>>                 ../../tests/ovn.at:471 <http://ovn.at:471>: exit code
>>             was 134, expected 0
>>                 2314. ovn.at:470 <http://ovn.at:470>: 2314. ovn --
>>             4-term numeric expression normalization (ovn.at:470
>>             <http://ovn.at:470>): FAILED (ovn.at:471 <http://ovn.at:471>)
>>
>>             There is another patch that purports to improve the same
>>             thing:
>>             https://patchwork.ozlabs.org/patch/868639/
>>             <https://patchwork.ozlabs.org/patch/868639/>
>>             I'm going to look at that one soon, too.
>>
>>
>>         Oops. I missed this patch completely. Else I would have tried
>>         this first before working myself on this feature.
>>
>>         Thanks
>>         Numan
>>
>>             _______________________________________________
>>             dev mailing list
>>             dev at openvswitch.org <mailto:dev at openvswitch.org>
>>             https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>             <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>
>>
>>
>
>
>



More information about the dev mailing list