[ovs-dev] [PATCH v2 ovn 0/1] northd: Enhance the implementation of ACL log meters.

[Flavio Fernandes]

Using meters is a great way to keep the ovn-controllers from getting
overwhelmed with ACL log events. Since multiple ACL rows with logging
enabled can refer to the same meter name, I ran a little experiment
to better understand how that behaves [1].

>From that experiment, we see that a 'noisy' ACL match could consume
all the events allowed by the meter, shadowing logs for other ACLs
that also use the same meter. The thought of maintaining a meter row
per ACL at the NB side is a solution, but it could easily become a
management burden for the CMS. A much better approach would be to
leverage northd to take care of this on behalf of the ACLs.

As northd populates SB meter table from NB meter table, a new logic
checks if the meter is configured as 'shared'. Such config is kept
as a new option in nb_global. Shared meters result in additional
rows in the SB that have the same attributes of the original (aka
template) meter except for its name has the ACL UUID appended to
it.

Last but not least, northd takes care of using the corresponding
meter name as the action in the logging of the ACL.

    
[1]: https://github.com/flavio-fernandes/ovsdbapp_playground/blob/acl_meter_issue/scripts/acl_meter.sh
    
Flavio Fernandes (1):
  northd: Enhance the implementation of ACL log meters.

 northd/ovn-northd.c | 201 ++++++++++++++++++++++++++++++++------------
 ovn-nb.xml          |  14 +++
 tests/ovn-northd.at |  99 ++++++++++++++++++++++
 3 files changed, 262 insertions(+), 52 deletions(-)

-- 
2.17.1