[ovs-discuss] An issue that the deleted flow tables in kernel based datapath couldn't be established again

pei Jikui jkpei at hotmail.com
Thu May 23 11:57:05 UTC 2019


Hi,

1)    I found a case in the netlink based datapth, that if we delete the existing datapath flow tables via ¡°ovs-dpctl del-flows¡±, the according datpath flow tables could not be created again and then  all the consecutive packets need to go through the user-space slow path.


2)    I also found the potential root cause.  It is because when we delete the datapath flow tables, their according ufid keys stored in the userspace vswitchd are not deleted accordingly.  So, when the coming packets¡¯ packet_missing upcall sent to vswitchd, they ufid key is still in the UKEY_OPERATIONAL status so that the DPIF_FP_CREATE message will not be sent to datapath anymore.


3)    That will be causing the above case.  The possible fixinges are,

a) Send the DPIF_FP_CREATE message to datapath regardless if the according ufid key exists or not. (I have verified this fix).

b) More fine-graind fix is when we execute ¡°ovs-dpctl del-flows **¡±, we also should clean up the according ufid cach in vswitch.


4)    The topology used for testing,

a)     topology

[cid:a29e324b-5e60-46be-864c-3bf6358e6bf2]



b)    configuration

Machine A:

ovs-vsctl add-br0 br0

ovs-vsctl add-port br0 vxlan ¨C set interface vxlan type=vxlan options:remote_ip=10.128.0.157 options:key=123

ip link set dev br0 up

ip addr add 1.2.3.4/24 dev br0

Machine B:

ovs-vsctl add-br0 br0

ovs-vsctl add-port br0 vxlan ¨C set interface vxlan type=vxlan options:remote_ip=10.128.0.156 options:key=123

ip link set dev br0 up

ip addr add 1.2.3.5/24 dev br0

c)     steps for testing

a)     ping 1.2.3.4 from Machine B. It works.

b)    ovs-dpctl dump-flows in Machine A, we could catch the datapath flow tables.

c)     ovs-dpctl del-flows in Machine A and then ¡°ovs_dpctl del-flows¡± we could see the flow tables could never come back again.

d)    Add the logs in datatpath and vswitch, we could see for every ping packets, a packet miss upcall was sent to vswtichd while the DPIF_FP_CREATE message is not sent to datapath since their according ufid cash¡¯s status is UKEY_OPERATIONAL.


Thanks


Jikui

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20190523/40ae1c79/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23829 bytes
Desc: image.png
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20190523/40ae1c79/attachment-0001.png>


More information about the discuss mailing list