[ovs-dev] [PATCH ovn v3 5/5] ovn-controller: Fix port group conjunction flow explosion problem.
Mark Gray
mark.d.gray at redhat.com
Thu Apr 29 16:58:31 UTC 2021
On 29/04/2021 17:56, Han Zhou wrote:
> On Thu, Apr 29, 2021 at 9:33 AM Mark Gray <mark.d.gray at redhat.com> wrote:
>>
>> On 28/04/2021 00:41, Han Zhou wrote:
>>> For an ACL with match: outport == @PG && ip4.src == $PG_AS, given below
>>> scale:
>>>
>>> P: PG size
>>> LP: number of local lports
>>> D: number of all datapaths (logical switches)
>>> LD: number of datapaths that contain local lports
>>>
>>> With current OVN implementation, the total number of OF flows is:
>>> LP + (P * D) + D
>>>
>>> The reason is, firstly, datapath is not part of the conjunction, so for
>>> each datapath the lflow is reparsed.
>>>
>>> Secondly, although ovn-controller tries to filter out the flows that are
>>> for non-local lports, with the conjunction match, the logic that filters
>>> out non-local flows doesn't work for the conjunction part that doesn't
>>> have the lport in the match (the P * D part). When there is only one
>>> port on each LS it is fine, because no conjunction will be used because
>>> SB port groups are split per datapath, so each port group would have
>>> only one port. However, when more than one ports are on each LS the flow
>>> explosion happens.
>>>
>>> This patch deal with the second reason above, by refining the SB port
>>> groups to store only locally bound lports: empty const sets will not
>>> generate any flows. This reduces the related flow number from
>>> LP + (P * D) + D to LP + (P * LD) + LD.
>>>
>>> Since LD is expected to be small, so even if it is a multiplier, the
>>> total number is reduced significantly. In particular, in ovn-k8s use
>>> cases the LD is always 1, so the formula above becomes LP + P + LD.
>>>
>>> With a scale of 1k k8s nodes, each has 4 ports for the same PG: P = 4k,
>>> LP = 4, D = 1k, LD = 1. The current implementation generates ~4m flows.
>>> With this patch it becomes only ~4k.
>>>
>>> Reported-by: Girish Moodalbail <gmoodalbail at nvidia.com>
>>> Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2021-March/381082.html
>>> Reported-by: Dumitru Ceara <dceara at redhat.com>
>>> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1944098
>>> Tested-by: Zhen Wang <zhewang at nvidia.com>
>>> Signed-off-by: Han Zhou <hzhou at ovn.org>
>>> ---
>>>
>>
>> I think I would like to see someone else with a bit more ovn experience
>> to ack this one to make sure the approach makes sense.
>>
>> Acked-by: Mark D. Gray <mark.d.gray at redhat.com>
>>
>
> Thanks Mark. I applied the first 4 patches of the series with your ack, and
> leave this one for now to wait for someone else to review it.
>
Thanks, I'm just not sure if I am missing something or if there would be
a better way to do it but it seems sensible to me,
More information about the dev
mailing list