[ovs-discuss] OpenVSwitch - Able to add more than maximum number of flow entries in Flow table

Prabina Pattnaik Prabina.Pattnaik at nechclst.in
Mon May 21 11:20:00 UTC 2012 

Hi,

 I have found following issue while working on OVS 1.2.2

Bug Description
As per openflow 1.0 spec,  the Table Statistics structure define the variable.
uint32_t max_entries; /* Max number of entries supported. */

This variable value is hard coded with 1000000 with OVS-1.2.2 and we are able to add more than 1000000 entries in a same flow table.

 * What you did that make the problem appear?

  1. I made following bridge.
------------------------------------
e999897a-932f-4a57-81ce-252adc12cce9
    Bridge "br0"
       Controller "ptcp:6633"
        fail_mode: secure
        Port "br0"
            Interface "br0"
                type: internal
        Port "em1"
            Interface "em1"
        Port "vnet0"
            Interface "vnet0"

2. I have added 10,00,000 (MAX_ENTRIES) flow entries to switch from controller by ovs-ofctl.
3. I tried to add few more flow entries to switch from controller and the flow table was updated with new entries , which are above the max limit of flow table.


* What you expected to happen?
  Entries should not add in table when table is full (MAX_ENTRIES) and "OFPFMFC_ALL_TABLES_FULL" error should come.

* What actually happened.
The flow entries were added in a flow table, see log below

ovs-ofctl dump-tables br0
OFPST_TABLE reply (xid=0x1): 1 tables
  0: classifier: wild=0x3fffff, max=1000000, active=1000002
               lookup=5122, matched=5065

* The Open vSwitch version number (as output by "ovs-vswitchd
    --version").
------------------------
# ovs-vswitchd --version
ovs-vswitchd (Open vSwitch) 1.2.2
Compiled May 21 2012 11:23:22
OpenFlow versions 0x1:0x1
--------------------------------

* The Git commit number (as output by "git rev-parse HEAD"),
   if you built from a Git snapshot.
   Not from git.

 * Any local patches or changes you have applied (if any).
   No patches are applied.

 * The kernel version on which Open vSwitch is running (from
   /proc/version) and the distribution and version number of
   your OS (e.g. "Centos 5.0").
   Distribution is Fedora 15.
   kernel is:
   Linux version 2.6.38.6-26.rc1.fc15.x86_64 (mockbuild at x86-04.phx2.fedoraproject.org<mailto:mockbuild at x86-04.phx2.fedoraproject.org>) (gcc version 4.6.0 20110428 (Red Hat 4.6.0-6) (GCC) ) #1 SMP Mon May 9 20:45:15 UTC 2011


* The output of "ovs-dpctl show"
system at br0:
                lookups: frags:0, hit:8653, missed:3144, lost:0
                port 0: br0 (internal)
                port 1: em1
                port 3: vent0

* If you have Open vSwitch configured to connect to an
   OpenFlow controller, the output of "ovs-ofctl show <bridge>"
   for each <bridge> configured in the vswitchd configuration
   database.

# ovs-ofctl show br0
OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:00002c27d71aec58
n_tables:1, n_buffers:256
features: capabilities:0x87, actions:0xfff
 1(em1): addr:2c:27:d7:1a:ec:58
     config:     0
     state:      0
     current:    100MB-FD COPPER AUTO_NEG
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
     supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
 3(vnet0): addr:fe:54:00:a1:59:5f
     config:     0
     state:      0
     current:    10MB-FD COPPER
 LOCAL(br0): addr:2c:27:d7:1a:ec:58
     config:     0
     state:      0
OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0

* A fix or workaround, if you have one.
We have a tested workaround for this bug with maximum entries as 1000000
Workaround Approach:

1.      Before adding the flow in a table, put the condition for checking the number of flows in a table whether it is more than MAX_ENTRIES or not.

2.      In case table is full and if table having overlap flow, the existing flow should be replace by new flow otherwise All Tables full error message ("OFPFMFC_ALL_TABLES_FULL") will generate.

3.      If table is full and adding existing flow with different priority  then the error message "OFPFMFC_ALL_TABLES_FULL" should come.

* Any other information that you think might be relevant.
We have verified this on OVS-1.4.1, In this release, multiple flow tables are supported (0-254) unlike OVS-1.2.2. So in each table, it should not be allow to add flow entry more than MAX_ENTRIES.

Regards,
Prabina



DISCLAIMER:

-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and
intended

for the named recipient(s) only. 

It shall not attach any liability on the originator or NECHCL or its

affiliates. Any views or opinions presented in 

this email are solely those of the author and may not necessarily reflect the

opinions of NECHCL or its affiliates. 

Any form of reproduction, dissemination, copying, disclosure, modification,

distribution and / or publication of 

this message without the prior written consent of the author of this e-mail is

strictly prohibited. If you have 

received this email in error please delete it and notify the sender

immediately. .

-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20120521/e73c86b8/attachment.html>

More information about the discuss mailing list