[ovs-git] [ovn-org/ovn] 022ea3: lflow: Use learn() action to generate LB hairpin r...

Dumitru Ceara noreply at github.com
Tue Feb 9 07:08:03 UTC 2021


  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: 022ea339c8e22824ba6f6f1257da0d1b6c66d401
      https://github.com/ovn-org/ovn/commit/022ea339c8e22824ba6f6f1257da0d1b6c66d401
  Author: Dumitru Ceara <dceara at redhat.com>
  Date:   2021-02-09 (Tue, 09 Feb 2021)

  Changed paths:
    M controller/lflow.c
    M tests/ofproto-macros.at
    M tests/ovn.at

  Log Message:
  -----------
  lflow: Use learn() action to generate LB hairpin reply flows.

The main trait of load balancer hairpin traffic is that it never leaves
the local hypervisor.  Essentially this means that only hairpin
openflows installed for logical switches that have at least one logical
switch port bound locally can ever be hit.

Until now, if a load balancer was applied on multiple logical switches
that are connected through a distributed router, ovn-controller would
install flows to detect hairpin replies for all logical switches. In
practice this leads to a very high number of openflows out of which
most will never be used.

Instead we now use an additional action, learn(), on flows that match on
packets that create the hairpin session.  The learn() action will then
generate the necessary flows to handle hairpin replies, but only for
the local datapaths which actually generate hairpin traffic.

For example, simulating how ovn-k8s uses load balancer for services,
in a "switch per node" scenario, the script below would generate
10K (n_nodes * n_vips * n_backends) openflows on every node in table=69
(hairpin reply).  With this patch the maximum number of openflows that
can be created for hairpin replies is 200 (n_vips * n_backends).

In general, for deployments that leverage switch-per-node topologies,
the number of openflows is reduced by a factor of N, where N is the
number of nodes.

  $ cat lbs.sh
  NODES=50
  VIPS=20
  BACKENDS=10
  ovn-nbctl lr-add rtr
  for ((i = 1; i <= $NODES; i++)); do
      ovn-nbctl \
          -- ls-add ls$i \
          -- lsp-add ls$i vm$i \
          -- lsp-add ls$i ls$i-rtr \
          -- lsp-set-type ls$i-rtr router \
          -- lsp-set-options ls$i-rtr router-port=rtr-ls$i \
          -- lrp-add rtr rtr-ls$i 00:00:00:00:01:00 42.42.42.$i/24
  done

  for ((i = 1; i <= $VIPS; i++)); do
      lb=lb$i
      vip=10.10.10.$i:1
      bip=20.20.20.1:2
      for ((j = 2; j <= $BACKENDS; j++)); do
          bip="$bip,20.20.20.$j:2"
      done
      ovn-nbctl lb-add $lb $vip $backends
  done

  for ((i = 1; i <= $NODES; i++)); do
      for ((j = 1; j <= $VIPS; j++)); do
          ovn-nbctl ls-lb-add ls$i lb$j
      done
  done

  ovs-vsctl add-port br-int vm1 \
      -- set interface vm1 type=internal \
      -- set interface vm1 external-ids:iface-id=vm1

Suggested-by: Ilya Maximets <i.maximets at ovn.org>
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <numans at ovn.org>




More information about the git mailing list