[ovs-git] [ovn-org/ovn] 5336b5: northd: Skip matching on ct flags for stateless co...

Dumitru Ceara noreply at github.com
Wed Feb 10 17:05:26 UTC 2021


  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: 5336b5cb342b8f81115299540f3268f734a6d009
      https://github.com/ovn-org/ovn/commit/5336b5cb342b8f81115299540f3268f734a6d009
  Author: Dumitru Ceara <dceara at redhat.com>
  Date:   2021-02-10 (Wed, 10 Feb 2021)

  Changed paths:
    M northd/ovn-northd.8.xml
    M northd/ovn-northd.c
    M tests/ovn-northd.at

  Log Message:
  -----------
  northd: Skip matching on ct flags for stateless configurations.

If no load balancers or "allow-related" ACLs are configured on a logical
switch, no packets will be sent to conntrack in the logical switch
pipeline and ACL flows in tables ls_in/out_acl will not match on
conntrack state.  In this case there's no need to try to set ACL hints
in tables ls_in/out_acl_hint.

Furthermore, setting the hints translates to always generating flows
that match on ct.state.  Depending on the underlying hardware such flows
may not be offloadable inducing a hit in performance even when no
conntrack recirculations are required.

To avoid iterating through all configured ACLs and load balancers
multiple times, we now store two new fields in the 'ovn_datapath'
structure:
- has_stateful_acl
- has_lb_vip

Also, rename the 'has_lb_vip()' and 'has_stateful_acl()' functions,
prefixing them with 'ls_' to match other helper function names.

Fixes: 209ea46bbf9d ("ovn-northd: Reduce number of flows generated for stateful ACLs.")
Reported-by: Haresh Khandelwal <hakhande at redhat.com>
Reported-at: https://bugzilla.redhat.com/1927211
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Mark Michelson <mmichels at redhat.com>
Acked-by: Mark Michelson <mmichels at redhat.com>




More information about the git mailing list