Thursday, 2020-07-02

« Wednesday, 2020-07-01 Index Friday, 2020-07-03 »
*** yamamoto has joined #openvswitch00:57
*** armax has quit IRC01:07
*** yamamoto has quit IRC01:11
*** yamamoto has joined #openvswitch01:37
*** dholler has quit IRC02:09
*** dholler has joined #openvswitch02:23
*** psahoo has joined #openvswitch02:57
*** armax has joined #openvswitch03:08
*** acidfu has quit IRC03:31
*** JamesBenson has joined #openvswitch03:31
*** JamesBenson has quit IRC03:36
*** acidfu has joined #openvswitch03:38
*** psahoo has quit IRC04:50
*** psahoo has joined #openvswitch04:52
*** blahdodo has quit IRC05:50
*** blahdodo has joined #openvswitch05:54
*** eelco has joined #openvswitch06:09
*** links has joined #openvswitch06:23
*** apus has quit IRC06:34
*** apus has joined #openvswitch06:35
*** slaweq has joined #openvswitch06:57
*** maciejjozefczyk has joined #openvswitch06:57
*** JamesBenson has joined #openvswitch07:33
*** JamesBenson has quit IRC07:38
*** rcernin has quit IRC07:45
*** imaximets_ has quit IRC08:04
*** imaximets has joined #openvswitch08:04
*** imaximets_ has joined #openvswitch08:11
*** imaximets has quit IRC08:13
*** imaximets_ is now known as imaximets08:42
*** jaicaa has quit IRC09:05
*** jaicaa has joined #openvswitch09:07
*** JamesBenson has joined #openvswitch09:34
*** JamesBenson has quit IRC09:38
*** mmirecki has joined #openvswitch09:49
*** psahoo has quit IRC10:25
*** troulouliou_div2 has joined #openvswitch10:35
*** psahoo has joined #openvswitch10:38
*** psahoo has quit IRC10:46
*** psahoo has joined #openvswitch10:58
*** yamamoto has quit IRC11:02
*** yamamoto has joined #openvswitch11:09
*** EisNerd has quit IRC11:26
*** JamesBenson has joined #openvswitch11:35
*** JamesBenson has quit IRC11:39
*** JamesBenson has joined #openvswitch11:45
*** JamesBenson has quit IRC11:47
*** JamesBenson has joined #openvswitch11:47
*** psahoo has quit IRC11:49
*** osmanlicilegi has quit IRC11:50
*** psahoo has joined #openvswitch11:56
*** yamamoto has quit IRC12:01
*** osmanlicilegi has joined #openvswitch12:07
*** yamamoto has joined #openvswitch12:12
*** jraju__ has joined #openvswitch12:25
*** links has quit IRC12:25
*** jraju__ is now known as Jaison}afk12:40
*** bostondriver has joined #openvswitch12:40
*** yamamoto has quit IRC12:42
*** rtjure has quit IRC12:46
*** rtjure has joined #openvswitch12:47
*** donhw_ has joined #openvswitch12:49
*** donhw has quit IRC12:52
*** Jaison}afk is now known as Jaison13:02
*** Jaison is now known as jraju13:02
*** thaller has quit IRC13:05
*** thaller has joined #openvswitch13:05
*** thaller has quit IRC13:07
*** thaller has joined #openvswitch13:07
*** thaller has quit IRC13:12
*** thaller has joined #openvswitch13:15
*** thaller_ has joined #openvswitch13:18
*** yamamoto has joined #openvswitch13:19
*** thaller has quit IRC13:21
*** yamamoto has quit IRC13:22
*** psahoo has quit IRC13:39
*** psahoo has joined #openvswitch13:45
*** yamamoto has joined #openvswitch13:46
*** yamamoto has quit IRC13:53
*** rtjure has quit IRC14:14
*** rtjure has joined #openvswitch14:14
*** yamamoto has joined #openvswitch14:36
*** yamamoto has quit IRC14:42
*** rtjure has quit IRC14:49
*** mmirecki has quit IRC14:58
*** dcbw has joined #openvswitch15:03
*** ktraynor_ has joined #openvswitch15:10
*** blahdodo_ has joined #openvswitch15:11
*** dobson has joined #openvswitch15:12
*** jaicaa_ has joined #openvswitch15:13
*** blahdodo has quit IRC15:14
*** jaicaa has quit IRC15:14
*** mnasiadka has quit IRC15:14
*** JamesBen_ has joined #openvswitch15:14
*** mnasiadka_ has joined #openvswitch15:14
*** ktraynor has quit IRC15:14
*** dobson` has quit IRC15:14
*** dcbw has quit IRC15:14
*** JamesBenson has quit IRC15:14
*** strondeak has quit IRC15:14
*** donhw_ has quit IRC15:15
*** strondeak has joined #openvswitch15:15
*** _lore_ has quit IRC15:15
*** a5m0 has quit IRC15:15
*** dcbw has joined #openvswitch15:15
*** donhw has joined #openvswitch15:16
*** a5m0 has joined #openvswitch15:16
*** _lore_ has joined #openvswitch15:18
*** eelco has quit IRC15:36
*** yamamoto has joined #openvswitch15:40
*** troulouliou_div2 has quit IRC15:50
*** dmellado has joined #openvswitch16:00
*** yamamoto has quit IRC16:04
*** dmellado has quit IRC16:20
*** factor has joined #openvswitch16:21
*** icarusfactor has quit IRC16:21
*** dmellado has joined #openvswitch16:22
*** factor has quit IRC16:28
*** EisNerd has joined #openvswitch16:28
*** yamamoto has joined #openvswitch16:36
*** yamamoto has quit IRC16:45
*** armax has quit IRC16:50
*** armax has joined #openvswitch16:51
*** dceara has joined #openvswitch17:07
*** psahoo has quit IRC17:08
*** Franky_T has joined #openvswitch17:14
*** zhouhan_ has quit IRC17:16
numansHello17:16
panda'lo17:16
*** zhouhan has joined #openvswitch17:16
dcearaHi17:16
* numans checking if mmichelson is there to start the meeting.17:17
*** rtjure has joined #openvswitch17:17
numans#help17:18
numansI guess we can start the meeting ?17:18
panda:)17:19
numans#startmeeting ovn_community_development_discussion17:19
openstackMeeting started Thu Jul  2 17:19:32 2020 UTC and is due to finish in 60 minutes.  The chair is numans. Information about MeetBot at http://wiki.debian.org/MeetBot.17:19
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.17:19
openstackThe meeting name has been set to 'ovn_community_development_discussion'17:19
numansHello17:19
pandao/17:19
numansWho want to go first17:19
numansOk. I can go quick.17:20
numansI did some code reviews this week and a few small patches.17:20
numansThis week I mostly worked on trying/exploring to optimize the conntrack usage in OVN17:21
numansso that we don't send the packet to conntrack to all the packets even if there is one ACL with allow-related.17:21
numansLets see how that goes.17:21
_lore_hi all17:22
numansI plan to look into dceara's lflow patches tomorrow.17:22
numans_lore_, Hi17:22
numansThat's it from me.17:22
numansIf some want to go next, then please.17:22
*** ktraynor_ has quit IRC17:23
dcearaI can go next17:24
dcearaThanks numans for reviewing the Port_Group split v2 I sent earlier this week.17:26
numansdceara, welcome17:26
dcearaWhile working on it I was thinking it might be useful to have a way to incrementally process Port_Group.ports updates. E.g. when a port is added/deleted from a port. However I don't see a easy way to implement it right now.17:27
dcearaComplementary to numans investigation into conntrack I'm also looking into the possibility for the CMS to configure explicit rules to have part of the traffic skip conntrack. The end goal would be to be able to combine stateful and stateless ACLs in the same logical switch.17:28
*** warewolf has quit IRC17:28
dcearaAnd today I sent new revisions of the DNAT lflow reduction patches and also a v8 of the IDL recovery patch.17:29
dcearaThat's it on my side, thanks.17:29
mmichelsonSorry, I just got back in.17:30
mmichelsonI guess I can go next17:31
numansmmichelson, no worries. We start few minutes back.17:31
mmichelsonTo run counter to what dceara is doing, I'm looking to add some new conntrack usage in the case where ECMP routes are used. The idea is that if traffic is received over an ECMP route, then we want to send reply traffic out the same route.17:31
mmichelsonBased on numans' and dceara's changes now being in master and 20.06, I plan next week to tag 20.06.1.17:32
mmichelsonAnd I believe that's all for me to report.17:32
mmichelsonDo we have anybody else that wishes to share?17:33
imaximetsI could.17:33
imaximetsA quick update on stable releases for those who do not read mail-list carefully.17:34
imaximetsWe discussed a little bit with Ben and, apparently, now I will prepare stable OVS releases.17:35
numansimaximets++17:35
imaximetsTarget date to release new stables on all branches starting from 2.5 is not decided yet, but it should be somewhere soon.17:36
imaximetsTechnically, I'm waiting for patches to recommend new stable DPDK releases that should be very soon.17:36
imaximetsAfter that I'll prepare patches and tag releases after review/merge.17:37
imaximetsFor the main OVS release we're now at the date of soft freeze.17:37
imaximetsBut, I think we need an official email for that.17:37
imaximetsI wanted to catch blp here to ask, but it seems I will write an email to him to coordinate the dates.17:38
mmichelsonimaximets, I was just about to ask if blp was going to be the one to send out that official email :)17:38
mmichelsonBut I guess you'll work that out with him17:39
flaviofimaximets++ Thanks a lot for doing this!17:39
imaximetsmmichelson, yes, I think so.17:39
imaximetsFor the dates, my assumption is that branch should be created somewhere on July 17 (wraping to the end of the week as it was last time)17:40
imaximetsBut we will discuss that on a list, I suppose.17:40
imaximetsFrom the non release related things:17:40
imaximetsI sent out stream record/replay patch set.17:41
imaximetsI told about it long time ago.  To summarize: it allowes to record all the dats on the streams and replay it afterwards.17:42
imaximetsMore details here:17:42
imaximets#link https://patchwork.ozlabs.org/project/openvswitch/list/?series=18654917:42
imaximetsAnd that's it from my side.17:42
dcearaimaximets: The record/replay functionality seems really cool! I plan to try it out next week.17:42
*** dholler has quit IRC17:44
imaximetsdceara, thanks!17:44
zhouhanimaximets: This is cool. I will try to find some time to review it, too.17:45
imaximetszhouhan, cool!17:45
zhouhanimaximets: could you also review dceara's IDL patch. I acked it.17:46
*** apus has quit IRC17:46
imaximetszhouhan, yes.  v7 looked fine, so I asked dceara to post v8.  Will look at v8 closely.17:46
zhouhanmmichelson: Question on ECMP with conntrack, even if we can use conntrack for reply in OVN, maybe it doesn't help for traffic initiated from OVN to external network. The ECMP implementation on external routers (physical) would decide the return path.17:47
mmichelsonzhouhan, Yes, that's a possibility. In the case I'm working to fix, each ECMP route is going to a separate physical router, and we know that the far end routes back to those same physical routers.17:49
*** apus has joined #openvswitch17:50
zhouhanmmichelson: I see. I guess it helps for debugging. Is there any other reason for that?17:51
zhouhannumans: dceara: Could you explain the idea how to avoid conntrack for ACL? Does it require that the stateless ACLs have higher priority than stateful ACLs?17:52
mmichelsonzhouhan, I don't understand what you mean. It's to ensure the return traffic traverses the same return path.17:53
zhouhanmmichelson: I mean, why is it required to be on same return path? One obvious reason I can think is to make trouble shooting easier, but I think there might be other benefits you are thinking about.17:54
zhouhanmmichelson: or, is it because the physical routers have stateful features enabled, so it is mandatory to ensure it returns on same path?17:55
mmichelsonzhouhan, https://bugzilla.redhat.com/show_bug.cgi?id=1849683 is the bug report that describes the problem in more detail. One cited reason in the report is ensuring that connection-oriented traffic follows the same path. it likely is due to stateful features enabled in the router as you mention17:56
openstackbugzilla.redhat.com bug 1849683 in OVN "[RFE] Add support for stateful next hop (ECMP bypass)" [Urgent,New] - Assigned to mmichels17:56
zhouhanmmichelson: got it, thanks17:56
dcearazhouhan: What I was looking at (for conntrack) was that if the CMS decides that, for example, "UDP traffic doesn't need stateful ACLs" we could add a filter in pre-ACL tables, set a bit in a register and based on that decide later if we send the packet to conntrack or not and if we match on ct_state or not.17:57
dcearazhouhan: this would allow the CMS to decide what traffic should be stateful firewalled and what traffic should be stateless firewalled17:57
numanszhouhan, right now even if one ACL with allow-related is present we send the traffic to conntrack (both in the ingress and egress pipeline of the ls)17:58
numanszhouhan, datapath testing done by our ovs team and dceara shows significant performance drops because of conntrack in general being slow17:58
zhouhandceara: it means you will do the actual ACL matching for stateless ACLs in "pre-ACL" table, otherwise, how do you know if the packet should have the bit set or not?17:59
zhouhannumans: yes, I understand the motivation, but just wonder the "how" part.18:00
numanszhouhan, that's the challenging part. I did  some poc by adding few actions like this :18:01
numans table=10(ls_in_stateful     ), priority=100  , match=(reg0[1] == 1 && ip4), action=(ct_commit(ct_label=0/1); next; ct_save(ip4.src,ip4.dst); )18:01
numansct_save would actually translate to learn action18:01
numansand another ovn action - ct_is_saved(..) to check if we need to send the traffic to conntrack or not for the reply traffic.18:01
numanszhouhan, I'm just doing some poc now. Honestly don't know if its worth or not.18:02
numansand also planning to add a new acl type - allow-reply18:02
dcearazhouhan: It would be hierarchical in a way, in pre-acl we'd say, if traffic matches a pattern (e.g., is UDP) set a bit. Then in the ACL tables rules that have "allow", e.g. "match=udp.dport==4242" will translate to two openflows: 1) if register bit is 0 add match on ct_state 2) if register bit is 1 don't add match on ct_state.18:02
numansfor ACLs of type allow-related, we would still keep the present implementation.18:02
dcearazhouhan: I'll try to send out an rfc soon so we can discuss about it on the mailing list.18:03
zhouhandceara: I see. So pre-ACL checks more general rule, like is it UDP. That makes sense.18:03
numansdceara, The approach I'm taking kind of might come in your way. Like I'm determing if we need to send the pkt to conntrack or not in pre-acl stage.18:03
numansbut not sure :)18:04
dcearanumans: I call dibs on the highest priority in table pre-acl :)18:04
numansdceara, :)18:04
dcearanumans: joking, we can definitely find a way to have both work together18:04
numansdceara, yeah provided the approach I'm taking makes sense.18:05
numansofcourse there are few concerns with the approach I'm taking.18:05
zhouhandceara: and it is implies that the "general" rules are with higher priority than anything else, e.g. if there is an ACL without TCP/UDP, but only IP and ports.18:05
zhouhandceara: that ACL will be handled partially as stateful, even if it has "allow-related"18:06
zhouhandceara: for UDP packet, it will not be tracked.18:06
dcearazhouhan: I was actually thinking only of acls with action "allow"18:07
dcearazhouhan: Those get changed "under the hood" to allow-related right now if there's at least one allow-related ACL configured on the LS.18:07
numansdceara, how would skip the conntrack in the egress pipeline ?18:07
zhouhandceara: I mean, in pre-ACL stage you already marked the bit to skip conntrack, so even if the packet matches a "allow-related" rule, it won't get processed as stateful.18:07
mmichelsonThat sounds like a conflicting configuration18:08
zhouhanmmichelson: yes, it would be. But if we consider the "general" rules as high priority and overrides the specific rules, it might still work. (if documented well enough)18:09
dcearazhouhan: Yes, but as mmichelson said, it would be the job of the CMS to come up with a good general match.18:09
zhouhanok, I think we are on the same page :)18:10
dceara:)18:10
zhouhannumans: Regarding "learn" action, there were problems of flow explosion.18:10
numanszhouhan, I also thought of translating ct_save to controller action.18:11
numansmay be it can be done that way.18:11
numanszhouhan, but right now I'm just exploring if it is possible to do or not18:11
numansand not worring about flow explosion or hardtimeout of the flows.18:12
zhouhannumans: I am not sure about the details of your approach yet, no comment. It is great if you already thought about those problems :)18:12
numanszhouhan, Honestly I haven't thought much :). I'm thinking to tackle that as step 2.18:13
numanszhouhan, and throw away the code/approach if it can't solve it18:13
zhouhannumans: understand :)18:13
zhouhanI don't have much to update this week except some quick reviews. I will continue reviewing dceara's IP_INPUT flow reducing patches.18:14
zhouhanI will probably not attend the next 2 week's meetings.18:15
zhouhan(that's my update)18:15
mmichelsonHopefully you're doing something fun the next 2 weeks18:15
dcearazhouhan: thanks for the reviews!18:15
flaviofzhouhan: you will be missed18:15
zhouhanmmichelson: hopefully (PTO :)18:16
numanszhouhan, have a good PTO18:16
zhouhanflaviof: will miss you all!18:16
flaviof+118:16
zhouhannumans: thx!18:16
mmichelsonOK, so anybody else, or have we reached the end of the meeting?18:16
imaximetsquick question18:16
imaximetszhouhan, what with the raft issue you told a few weeks ago?18:17
imaximetszhouhan, have you managed to find a root cause?18:17
zhouhanimaximets: I didn't reproduce it (didn't try hard either)18:17
* dceara is curious too about that18:17
imaximetszhouhan, ack.18:17
mmichelsonAll right, thanks everybody.18:18
imaximetsnumans, I guess, you should stop the meeting as you started it. :)18:20
numansimaximets, ack.18:20
numanswaiting for the signal18:20
numans#endmeeting18:20
openstackMeeting ended Thu Jul  2 18:20:40 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)18:20
openstackMinutes:        http://eavesdrop.openstack.org/meetings/ovn_community_development_discussion/2020/ovn_community_development_discussion.2020-07-02-17.19.html18:20
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/ovn_community_development_discussion/2020/ovn_community_development_discussion.2020-07-02-17.19.txt18:20
openstackLog:            http://eavesdrop.openstack.org/meetings/ovn_community_development_discussion/2020/ovn_community_development_discussion.2020-07-02-17.19.log.html18:20
dcearaBye!18:21
imaximetsBye.18:21
numansmmichelson, your script will take care of sending the MoM to the ML right ?18:21
numansBye18:21
* flaviof wishes of a great long weekend to those of us in the US18:21
numansflaviof, yeah happy independence day18:21
zhouhanbye all18:22
mmichelsonnumans, yes18:23
numansmmichelson, cool18:23
mmichelsonnumans, done!18:23
*** dceara has quit IRC18:35
*** Franky_T has quit IRC18:53
*** armax has quit IRC19:39
*** zhouhan_ has joined #openvswitch20:17
*** zhouhan has quit IRC20:18
*** zhouhan_ has quit IRC21:11
*** zhouhan has joined #openvswitch21:16
*** bostondriver has quit IRC21:44
*** slaweq has quit IRC22:04
*** erig has quit IRC22:06
*** rtjure has quit IRC22:07
*** rebrec has joined #openvswitch22:21
*** rebrec has quit IRC22:34
*** armax has joined #openvswitch22:42
*** rcernin has joined #openvswitch22:42
*** armax has quit IRC23:25
*** zhouhan_ has joined #openvswitch23:39
*** zhouhan has quit IRC23:42
« Wednesday, 2020-07-01 Index Friday, 2020-07-03 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!