[ovs-dev] Fix for hashing fragmented UDP packets

Van Bemmel, Jeroen (Nokia - US) jeroen.van_bemmel at nokia.com
Wed Jun 5 23:26:41 UTC 2019 

Ben,

Looking into the current OVS behavior w.r.t. IP fragments: Based on datapath/flow.c function key_extract, it looks like OVS would treat a multi-fragment UDP packet as 2 different flows:
1) Unfragmented packets + first fragments for a given 5-tuple
2) Subsequent fragments ( for src/dst ip/proto 3-tuple )

That means the multipath hash calculation is performed twice, not for each fragment but for each flow.

For consistency, it could be considered to change this key_extract logic to group together fragmented packets ( first + subsequent fragments ) versus unfragmented packets instead. 
That way, the first fragment would get the same treatment as subsequent fragments ( e.g. logging, hashing, mirroring, DSCP rewriting, whatever people do with a flow ). It is very likely that a first fragment is soon followed by a next fragment of that same flow, so memory access wise the flow cache would benefit from hashing these packets to the same slot.

A potential downside or caveat would be that logic depending on flow port matching ( e.g. ACLs ) would no longer match on first fragments, so fragment processing further downstream would have to be evaluated.

I would say it's a potentially disruptive change with unclear benefits ( although it would fix the fragment hashing issue, in a different way )

Regards,
Jeroen

-----Original Message-----
From: Ben Pfaff <blp at ovn.org> 
Sent: Wednesday, June 5, 2019 3:54 PM
To: Van Bemmel, Jeroen (Nokia - US) <jeroen.van_bemmel at nokia.com>
Cc: Gregory Rose <gvrose8192 at gmail.com>; ovs-dev at openvswitch.org
Subject: Re: [ovs-dev] Fix for hashing fragmented UDP packets

On Wed, Jun 05, 2019 at 08:34:50PM +0000, Van Bemmel, Jeroen (Nokia - US) wrote:
> Hi Greg, Ben,
> 
> I doubt we would see a measurable difference in performance, with the 
> additional conditional jump based on the packet flags. That does bring 
> up an interesting question: Shouldn't fragmented packets all hash to 
> the same single flow, and shouldn't the resulting multipath hash value 
> get cached ( for at least 5 secs or so )? Based on our observations it 
> looks like the hash is calculated for each individual fragment, which 
> would be sub-optimal.

Hmm.  That *is* suboptimal.  If you figure out anything about why it is not doing better, then please do follow up on it.

> We would still need to exclude ports for the first fragment, in case 
> some subsequent fragments arrive after the flow entry disappeared - 
> but in theory, the hash could be done once, for the first packet in 
> each flow ( if there is space in the flow cache entry )

Yes.

> In our case, it's not only that packets could get reordered due to 
> taking different paths - the ECMP destinations are end systems ( like 
> an anycast IP ) and reassembly fails because the first packet is sent 
> to one host, and the rest of the fragments to another host.
> 
> Ben - you are correct that it also applies to TCP and SCTP in theory, 
> just that you won't typically see fragments for those protocols. I'll 
> prepare a formal patch to fix it for all protocols

Great.  Thank you.

More information about the dev mailing list