[ovs-git] [ovn-org/ovn] 022ea3: lflow: Use learn() action to generate LB hairpin r...
Dumitru Ceara
noreply at github.com
Tue Feb 9 07:08:03 UTC 2021
Branch: refs/heads/master
Home: https://github.com/ovn-org/ovn
Commit: 022ea339c8e22824ba6f6f1257da0d1b6c66d401
https://github.com/ovn-org/ovn/commit/022ea339c8e22824ba6f6f1257da0d1b6c66d401
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2021-02-09 (Tue, 09 Feb 2021)
Changed paths:
M controller/lflow.c
M tests/ofproto-macros.at
M tests/ovn.at
Log Message:
-----------
lflow: Use learn() action to generate LB hairpin reply flows.
The main trait of load balancer hairpin traffic is that it never leaves
the local hypervisor. Essentially this means that only hairpin
openflows installed for logical switches that have at least one logical
switch port bound locally can ever be hit.
Until now, if a load balancer was applied on multiple logical switches
that are connected through a distributed router, ovn-controller would
install flows to detect hairpin replies for all logical switches. In
practice this leads to a very high number of openflows out of which
most will never be used.
Instead we now use an additional action, learn(), on flows that match on
packets that create the hairpin session. The learn() action will then
generate the necessary flows to handle hairpin replies, but only for
the local datapaths which actually generate hairpin traffic.
For example, simulating how ovn-k8s uses load balancer for services,
in a "switch per node" scenario, the script below would generate
10K (n_nodes * n_vips * n_backends) openflows on every node in table=69
(hairpin reply). With this patch the maximum number of openflows that
can be created for hairpin replies is 200 (n_vips * n_backends).
In general, for deployments that leverage switch-per-node topologies,
the number of openflows is reduced by a factor of N, where N is the
number of nodes.
$ cat lbs.sh
NODES=50
VIPS=20
BACKENDS=10
ovn-nbctl lr-add rtr
for ((i = 1; i <= $NODES; i++)); do
ovn-nbctl \
-- ls-add ls$i \
-- lsp-add ls$i vm$i \
-- lsp-add ls$i ls$i-rtr \
-- lsp-set-type ls$i-rtr router \
-- lsp-set-options ls$i-rtr router-port=rtr-ls$i \
-- lrp-add rtr rtr-ls$i 00:00:00:00:01:00 42.42.42.$i/24
done
for ((i = 1; i <= $VIPS; i++)); do
lb=lb$i
vip=10.10.10.$i:1
bip=20.20.20.1:2
for ((j = 2; j <= $BACKENDS; j++)); do
bip="$bip,20.20.20.$j:2"
done
ovn-nbctl lb-add $lb $vip $backends
done
for ((i = 1; i <= $NODES; i++)); do
for ((j = 1; j <= $VIPS; j++)); do
ovn-nbctl ls-lb-add ls$i lb$j
done
done
ovs-vsctl add-port br-int vm1 \
-- set interface vm1 type=internal \
-- set interface vm1 external-ids:iface-id=vm1
Suggested-by: Ilya Maximets <i.maximets at ovn.org>
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <numans at ovn.org>
More information about the git
mailing list