classifier: Increase the maximum number of prefixes (tries).

Today users can enable prefix matches for tun_id, tun_src, tun_dst, ip_src, ip_dst, ipv6_src and ipv6_dst. However, they are limited to only 3 of these enabled at the same time. This means that if our flow table is handling both IPv4 and IPv6 traffic, we can't optimize all the addresses, we'll either have to split IPv4 and IPv6 rules into separate tables or sacrifice one of the fields, as we can select only 3 out of 4 fields (ip_src, ip_dst, ipv6_src and ipv6_dst). The maximum number of tries is a little arbitrary. Increasing it will slightly increase memory usage and may take a couple extra processing cycles, but should not change classification results, so should be reasonable. Actually enabling more prefixes will consume more memory and reduce efficiency of a single flow classification, but that's a trade user can make knowing the traffic pattern and how their particular flow table looks like. While efficiency of a single flow classification may go down, the overall performance of the system may be significantly improved by having way less datapath flows with wider matches. The number of tunnels in a typical setup is not that high, so I'm not sure if it makes sense to increase the limit higher. At the same time combined IPv4 + IPv6 handling is pretty common. For example, that's the case with OVN. Tests in ofproto-dpif.at cover IPv4 and IPv6 address classification separately, and these fields can't overlap, so not adding any new tests. Acked-by: Mike Pattrick <[email protected]> Signed-off-by: Ilya Maximets <[email protected]>
openvswitch · Nov 27, 2024 · 87efb3c · 87efb3c
1 parent 5338f3e
commit 87efb3c
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 8 deletions.
diff --git a/NEWS b/NEWS
@@ -1,5 +1,13 @@
 v3.4.2 - xx xxx xxxx
 --------------------
+   - The limit on the number of fields for address prefix tracking in flow
+     tables increased from 3 to 4.  For example, it is now possible to
+     specify both IPv4 and IPv6 address fields at the same time:
+      $ ovs-vsctl set Bridge br0 flow_tables:123=@N -- \
+          --id=@N create Flow_Table \
+                    name=table123 prefixes=nw_dst,nw_src,ipv6_dst,ipv6_src
+     This allows to significantly reduce amount of datapath flows generated
+     from mixed IPv4+IPv6 flow tables, if configured.
 
 v3.4.1 - 15 Nov 2024
 --------------------

diff --git a/lib/classifier.h b/lib/classifier.h
@@ -170,7 +170,7 @@
  * value of the "prefix" key is a comma separated list of field names.
  *
  * There is a maximum number of fields that can be enabled for any one
- * flow table.  Currently this limit is 3.
+ * flow table.  Currently this limit is 4.
  *
  *
  * Partitioning (Lookup Time and Wildcard Optimization)
@@ -328,7 +328,7 @@ struct cls_trie {
 
 enum {
     CLS_MAX_INDICES = 3,   /* Maximum number of lookup indices per subtable. */
-    CLS_MAX_TRIES = 3      /* Maximum number of prefix trees per classifier. */
+    CLS_MAX_TRIES = 4,     /* Maximum number of prefix trees per classifier. */
 };
 
 /* A flow classifier. */

diff --git a/tests/classifier.at b/tests/classifier.at
@@ -180,8 +180,8 @@ Datapath actions: drop
 ])
 
 AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=ipv6_label], [0])
-AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=nw_dst,nw_src,tun_dst,tun_src], [1], [],
-[ovs-vsctl: nw_dst,nw_src,tun_dst,tun_src: 4 value(s) specified but the maximum number is 3
+AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=nw_dst,nw_src,tun_dst,tun_src,ipv6_src], [1], [],
+[ovs-vsctl: nw_dst,nw_src,tun_dst,tun_src,ipv6_src: 5 value(s) specified but the maximum number is 4
 ])
 AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=nw_dst,nw_dst], [1], [],
 [ovs-vsctl: nw_dst,nw_dst: set contains duplicate value

diff --git a/vswitchd/vswitch.ovsschema b/vswitchd/vswitch.ovsschema
@@ -1,6 +1,6 @@
 {"name": "Open_vSwitch",
- "version": "8.7.0",
- "cksum": "3751637058 27869",
+ "version": "8.8.0",
+ "cksum": "2823623553 27869",
  "tables": {
    "Open_vSwitch": {
      "columns": {
@@ -385,7 +385,7 @@
        "groups": {
          "type": {"key": "string", "min": 0, "max": "unlimited"}},
        "prefixes": {
-         "type": {"key": "string", "min": 0, "max": 3}},
+         "type": {"key": "string", "min": 0, "max": 4}},
        "external_ids": {
          "type": {"key": "string", "value": "string",
                   "min": 0, "max": "unlimited"}}}},

diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
@@ -4897,7 +4897,7 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
 
         <p>
           There is a maximum number of fields that can be enabled for any
-          one flow table.  Currently this limit is 3.
+          one flow table.  Currently this limit is 4.
         </p>
       </column>
     </group>