[ovs-dev] [PATCH 00/12] Support zone-based conntrack timeout policy

William Tu u9012063 at gmail.com
Fri Jul 26 21:19:41 UTC 2019


I did my first round of review by just reading through the code.
I plan to test it next week.

btw, can you update NEWS?

Thanks
William

On Thu, Jul 25, 2019 at 04:24:02PM -0700, Yi-Hung Wei wrote:
> This patch series enables zone-based conntrack timeout policy support in OVS.
> Timeout policy is a set of timeout attributes that can be associated with a
> connection when it is committed.  Then, the connection tracking system will
> expire a connection based on its connection state.  For example, one use
> case would be to extend the timeout of TCP connection in the established
> state to avoid re-connect overhead. Or use case is to shorten the connection
> timeout so that the system can reclaim resources faster.
> The idea of zone-based conntrack timeout policy is to group connections
> with similar characteristics in a conntrack zone, and assign timeout policy
> to the conntrack zone. Therefore, all the connections in that zone will share
> the same timeout policy.
> 
> For zone-based timeout policy configuration, the association of conntrack
> zone and conntrack timeout policy is defined per datapath in vswitch ovsdb
> schema.  User can program the database through ovs-vsctl or using ovsdb
> protocol directly.  Once the zone-based timeout policy configuration is
> in the database, vswitchd will read those configuration and orgaznie it
> in internal datapath strcture, and push the timeout policy into datapath.
> Currenlty, only the kernel datapath supports customized timeout policy.
> 
> When a packet is committed to connection tracking system, during flow
> translation in ofproto-dpif-xlate, vsiwtchd will lookup the internal
> data structure to figure out which timeout policy to associate with
> the connection.  If timeout policy is not specified to the committed
> zone, it defaults to the timeout policy in the default zone (zone 0).
> If the timeout policy is not specified in the default zone, it defaults
> to the system default timeouts.
> 
> Here are some more details about each patch
> * p01, p04, p06: Some utility functions.
> * p02: Introduce ovsdb schema for ct timeout policy.
> * p03: ovs-vsctl commands to configure zone-based ct timeout policy.
> * p05: dpif interface to support ct timeout policy.
> * p07: dpif-netlink implementation to support ct timeout policy.
> * p08: Consume ct timeout policy configuration from ovsdb server,
>        keep it in interal data structure, and push configuration to
>        datapath.
> * p09-10: Kernel datapath support for the new ct action attribute.
> * p11: Translate timeout policy in ofproto-dpif-xlate
> * p12: System traffic test
> 
> Travis CI:
> * https://travis-ci.org/YiHungWei/ovs/builds/563768546
> 
> Appveyor CI:
> * https://ci.appveyor.com/project/YiHungWei/ovs/builds/26250549
> 
> 
> Ben Pfaff (1):
>   simap: Add utility function to help compare two simaps.
> 
> Justin Pettit (1):
>   vswitchd: Add datapath, CT_Zone, and CT_Timeout_Policy tables.
> 
> William Tu (1):
>   ovs-vsctl: Add datapath and CT zone commands.
> 
> Yi-Hung Wei (9):
>   ct-dpif: Export ct_dpif_format_ipproto()
>   ct-dpif: Add conntrack timeout policy support in dpif layer
>   ct-dpif: Add timeout policy related utility functions.
>   dpif-netlink: Add conntrack timeout policy support
>   datapath-config: Consume datapath, CT_Zone, and CT_Timeout_Policy
>     tables
>   datapath: compat: Backport nf_conntrack_timeout support
>   datapath: Add support for conntrack timeout policy
>   ofproto-dpif-xlate: Translate timeout policy in ct action
>   system-traffic: Add zone-based conntrack timeout policy test
> 
>  acinclude.m4                                       |   7 +
>  datapath-windows/include/OvsDpInterfaceCtExt.h     | 114 ++++++
>  datapath-windows/ovsext/Netlink/NetlinkProto.h     |   1 +
>  datapath/conntrack.c                               |  30 +-
>  datapath/linux/Modules.mk                          |   2 +
>  datapath/linux/compat/include/linux/openvswitch.h  |   4 +
>  .../include/net/netfilter/nf_conntrack_timeout.h   |  34 ++
>  datapath/linux/compat/nf_conntrack_timeout.c       | 102 +++++
>  include/windows/automake.mk                        |   1 +
>  .../windows/linux/netfilter/nfnetlink_cttimeout.h  |   0
>  lib/automake.mk                                    |   2 +
>  lib/ct-dpif.c                                      | 117 +++++-
>  lib/ct-dpif.h                                      |  60 +++
>  lib/datapath-config.c                              | 409 +++++++++++++++++++
>  lib/datapath-config.h                              |  27 ++
>  lib/dpif-netdev.c                                  |  11 +
>  lib/dpif-netlink.c                                 | 436 +++++++++++++++++++++
>  lib/dpif-netlink.h                                 |   2 +-
>  lib/dpif-provider.h                                |  48 +++
>  lib/netlink-conntrack.c                            | 363 +++++++++++++++++
>  lib/netlink-conntrack.h                            |  29 ++
>  lib/netlink-protocol.h                             |   1 +
>  lib/odp-util.c                                     |  29 +-
>  lib/simap.c                                        |  15 +-
>  lib/simap.h                                        |   1 +
>  ofproto/ofproto-dpif-xlate.c                       |  23 ++
>  tests/odp.at                                       |   1 +
>  tests/ovs-vsctl.at                                 |  20 +-
>  tests/system-kmod-macros.at                        |   9 +
>  tests/system-traffic.at                            |  65 +++
>  tests/system-userspace-macros.at                   |  10 +
>  utilities/ovs-vsctl.8.in                           |  29 ++
>  utilities/ovs-vsctl.c                              | 245 ++++++++++++
>  vswitchd/bridge.c                                  |   3 +
>  vswitchd/vswitch.ovsschema                         |  44 ++-
>  vswitchd/vswitch.xml                               | 254 +++++++++---
>  36 files changed, 2488 insertions(+), 60 deletions(-)
>  create mode 100644 datapath/linux/compat/include/net/netfilter/nf_conntrack_timeout.h
>  create mode 100644 datapath/linux/compat/nf_conntrack_timeout.c
>  create mode 100644 include/windows/linux/netfilter/nfnetlink_cttimeout.h
>  create mode 100644 lib/datapath-config.c
>  create mode 100644 lib/datapath-config.h
> 
> -- 
> 2.7.4
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev


More information about the dev mailing list