[ovs-dev] [PATCH OVS v2 0/4] ovs-tc: support OvS internal port offload

John Hurley john.hurley at netronome.com
Thu Apr 4 16:05:09 UTC 2019


Common use-cases in OvS can produce datapath rules that match on OvS
internal ports. For example, when the endpoint IP address of a VXLAN
tunnel is on the OvS bridge itself, datapath rules may take the form:

1. in_port(eth1),actions:set(tunnel(...)),vxlan_sys_4789
2. in_port(br0),eth(src=...,dst=...),actions:eth2

Here, the first rule outputs to the vxlan port which determines the next
hop to be the OvS bridge. The user-space NORMAL rule can then be used
to form rule 2 that forwards the tunnelled packet to a physical port.

Similarly, OvS can add rules that redirect to an internal port, e.g.:

1. in_port(eth2),eth(src=...,dst=...),actions:br0
2. in_port(vxlan_sys_4789),tunnel(...),actions:eth1

In this case, tunnelled packets arriving on eth2 are matched on their MAC
addresses and forwarded to internal port br0. As the tunnel endpoint IP
exists here, the packet can be decapped and match on rule 2.

Currently, rules applied to internal ports are not offloaded to the TC
datapath. This patchset proposes changes to addresses that. 

The implimentation of OvS internal ports in Linux means that if a packet
is sent to them (via a datapath rule) then the packet is redirected
through the network stack as if it had been received on that port. If a
packet egresses an internal port (via its xmit ndo) then packet is passed
back into the OvS datapath with an ingress port set to that of the
internal port.

To offload rules sending to internal ports as TC filters, the OvS-TC API
is modified to make use of the ingress mirred action. This allows us to
direct packets through the network stack from TC.

For packets egressing internal ports, OvS-TC is modified to apply and use
egress filters. The start xmit ndo in OvS internal ports pushes packets
into the OvS kernel datapath with ingress set to the given internal port.
This is essentially what happens when packets RX on other ports that have
an OvS bridge as their master. Therefore, applying flower filters to the
egress path of an internal port is akin to the current practice of adding
the filters to the ingress path of non internal ports.

Once such filters exist in TC, it enables drivers to interpret OvS
internal ports with the potential to offload a representation of them to
harware devices.

Patch v1 -> Patch v2
- use kernel header define for PACKET_HOST (patch 2)
- add enum rather than bool to distinguish ingress/egress qdisc hooks
  (patch 3/4)
- fix typos spotted by Roi Dayan

John Hurley (4):
  compat: add compatibility headers for tc skbedit action
  ovs-tc: allow offloading of ingress mirred TC actions to datapath
  ovs-tc: allow offloading TC rules to egress qdiscs
  ovs-tc: offload datapath rules matching on internal ports

 acinclude.m4                      |   7 +++
 include/linux/automake.mk         |   1 +
 include/linux/tc_act/tc_skbedit.h |  57 ++++++++++++++++++
 lib/dpif.c                        |  13 ++---
 lib/netdev-linux.c                |  18 +++---
 lib/netdev-tc-offloads.c          |  86 ++++++++++++++++++++-------
 lib/tc.c                          | 119 ++++++++++++++++++++++++++++++--------
 lib/tc.h                          |  31 +++++++---
 8 files changed, 263 insertions(+), 69 deletions(-)
 create mode 100644 include/linux/tc_act/tc_skbedit.h

-- 
2.7.4



More information about the dev mailing list