Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-55

[RFE] Expand OpenFlow NXT_CT_FLUSH extension to support label and mark filtering TLVs.

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • openvswitch3.1
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      OVS currently supports filtered conntrack flushing.  The filter may consist of a combination of zone-id and/or original/reply tuple:

      https://github.com/openvswitch/ovs/blob/1b8fa4a66aa410e9083d49c5a1fbbe524ae25024/include/openflow/nicira-ext.h#L1060-L1102

      /* NXT_CT_FLUSH_ZONE.
 *
 * Flushes the connection tracking table. */
struct nx_zone_id {
    uint8_t zero[6];            /* Must be zero. */
    ovs_be16 zone_id;           /* Connection tracking zone. */
};
OFP_ASSERT(sizeof(struct nx_zone_id) == 8);/* CT flush available TLVs. */
enum nx_ct_flush_tlv_type {
    /* Outer types. */
    NXT_CT_ORIG_TUPLE = 0,     /* Outer type for original tuple TLV.
                                * Nested TLVs are specified
                                * by 'enum nx_ct_flush_tuple_tlv_type'. */
    NXT_CT_REPLY_TUPLE = 1,    /* Outer type for reply tuple TLV. *
                                * Nested TLVs are specified
                                * by 'enum nx_ct_flush_tuple_tlv_type'*/
    /* Primitive types. */
    NXT_CT_ZONE_ID = 2,        /* be16 zone id. */
};/* CT flush nested TLVs. */
enum nx_ct_flush_tuple_tlv_type {
    NXT_CT_TUPLE_SRC = 0,            /* IPv6 or mapped IPv4 address. */
    NXT_CT_TUPLE_DST = 1,            /* IPv6 or mapped IPv4 address. */
    NXT_CT_TUPLE_SRC_PORT = 2,       /* be16 source port. */
    NXT_CT_TUPLE_DST_PORT = 3,       /* be16 destination port. */
    NXT_CT_TUPLE_ICMP_ID = 4,        /* be16 ICMP id. */
    NXT_CT_TUPLE_ICMP_TYPE = 5,      /* u8 ICMP type. */
    NXT_CT_TUPLE_ICMP_CODE = 6,      /* u8 ICMP code. */
};/* NXT_CT_FLUSH.
 *
 * Flushes the connection tracking entries specified by 5-tuple.
 * The struct should be followed by TLVs specifying the matching parameters.
 * Currently there is a limitation for ICMP, in order to partially match on
 * ICMP parameters the tuple should include at least SRC/DST. */
struct nx_ct_flush {
    uint8_t ip_proto;          /* IP protocol. */
    uint8_t pad[7];            /* Align to 64 bits (must be zero). */
    /* Followed by optional TLVs of type 'enum nx_ct_flush_tlv_type'. */
};
OFP_ASSERT(sizeof(struct nx_ct_flush) == 8);

      In some cases, controllers (e.g., ovn-controller), might want to filter on other conntrack record fields: label and mark.  

      Use case:
      OVN's ecmp-symmetric-reply feature for example stores the reply traffic overriding next-hop mac address and egress port into a conntrack entry label/mark for that session.  When a next-hop goes away, ovn-controller will have to clear all conntrack entries (in a given zone) that use that next-hop's mac address in the label/mark.

      Today that's not possible without first dumping all current conntrack entries that exist in the system.

              amusil@redhat.com Ales Musil
              dceara@redhat.com Dumitru Ceara
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: