[ovs-dev] [PATCH v3 ovn 0/2] Optimize Stateful ACL flow generation and add Stateless_Filter.

Dumitru Ceara dceara at redhat.com
Wed Sep 2 15:04:52 UTC 2020


The first patch of the series adds a new stage in the ingress/egress
to help classifying the type of traffic that will be processed in the
ACL stage. The effect is that ACL logical flow matches are simplified
and will generate less openflows (due to not having as many OR clauses
as before).

The second patch of the series adds support for Stateless_Filters, a
mechanism that allows bypassing conntrack for ACLs for specific types
of traffic.

CC: Han Zhou <hzhou at ovn.org>
CC: Numan Siddique <numans at ovn.org>
Signed-off-by: Dumitru Ceara <dceara at redhat.com>

Dumitru Ceara (2):
      ovn-northd: Reduce number of flows generated for stateful ACLs.
      ovn-northd: Support mixing stateless/stateful ACLs with Stateless_Filter.


 NEWS                          |    3 
 northd/ovn-northd.8.xml       |  159 +++++++++++++++++++----
 northd/ovn-northd.c           |  281 +++++++++++++++++++++++++++++++---------
 ovn-nb.ovsschema              |   26 +++-
 ovn-nb.xml                    |   56 ++++++++
 tests/ovn-nbctl.at            |   53 ++++++++
 tests/ovn-northd.at           |  289 +++++++++++++++++++++++++++++++++++++++--
 tests/ovn.at                  |   58 ++++----
 tests/system-common-macros.at |    8 +
 tests/system-ovn.at           |  117 ++++++++++++++++-
 utilities/ovn-detrace.in      |   12 ++
 utilities/ovn-nbctl.c         |  213 +++++++++++++++++++++++++++++-
 12 files changed, 1132 insertions(+), 143 deletions(-)


---
V3:
- split the patch in a series.
- patch1:
  - implement Han's suggestion to optimize openflow generation for ACLs.
- patch2:
  - address Han's comments regarding Stateless_Filters.
V2:
- address Numan's comments:
  - fix spacing in the logical flow match.
  - add a new table to the NB DB instead of using a config option on the
    logical switch.
- add ovn-nbctl CLI commands for the new table and also unit tests for
  them.
- reword the commit message.

NOTE: checkpatch.py will complain about lines lacking whitespacec around
operators in the ovn-nbctl help string but this is a false positive and
should be ignored.



More information about the dev mailing list