[ovs-discuss] Too granular megaflows

Justin Pettit jpettit at nicira.com
Tue Sep 17 21:36:59 UTC 2013


On Sep 17, 2013, at 1:23 PM, Crasta Denis-B22176 <B22176 at freescale.com> wrote:

> This situation is observed with traffic between hosts on same network.  The test setup is as follows:
> ·         Openvswitch with megaflow support in openstack/neutron environment
> ·         Created a private network with 3 VMs on that network
> ·         Create traffic between them and observe megaflows pushed to datapath
>  
> The relevant openflow rule was this:
> stack at openstk-x86-compute:~/devstack$ sudo ovs-ofctl dump-flows br-int
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=41004.845s, table=0, n_packets=908, n_bytes=102701, idle_age=1, priority=1 actions=NORMAL
>  
> When we start traffic from VM1 to VM2, we observe the following ipv4 flows in the datapath.
> stack at openstk-x86-compute:~/devstack$ sudo ovs-dpctl dump-flows
> skb_priority(0),in_port(4),eth(src=fa:16:3e:73:c5:22,dst=fa:16:3e:e1:e9:eb),eth_type(0x0800),ipv4(src=11.1.1.2/0.0.0.0,dst=11.1.1.5/0.0.0.0,proto=1/0,tos=0/0,ttl=64/0,frag=no/0xff), packets:1998, bytes:195804, used:0.896s, actions:6
> skb_priority(0),in_port(6),eth(src=fa:16:3e:e1:e9:eb,dst=fa:16:3e:73:c5:22),eth_type(0x0800),ipv4(src=11.1.1.5/0.0.0.0,dst=11.1.1.2/0.0.0.0,proto=1/0,tos=0/0,ttl=64/0,frag=no/0xff), packets:1998, bytes:195804, used:0.896s, actions:4
>  
> Similar set of flows is created for every communicating pair of VMs.  This is because of not having wildcards on Ethernet addresses in the pushed flow.  When there are a large number of communicating nodes on the same network, this can give rise to large number of datapath flows.
>  
> Is it possible to remove unwildcarding for this case?

I'm not sure how that would be possible.  If you select the "normal" action, then OVS is doing mac learning.  We have to un-wildcard the destination Ethernet address in order to properly determine where to send the packet.  We un-wildcard the source Ethernet address because we want to learn MAC addresses.  If you're very worried about the number of flows and you know where all the addresses are, I suppose you could manually program the userspace flow table and not use the "normal" action, but you'll also need to handle things like BUM traffic properly.

--Justin





More information about the discuss mailing list