Implement flow aging triggered by TCP state machine

Review in progress for https://review.opencontrail.org/11308
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/11308
Committed: http://github.org/Juniper/contrail-vrouter/commit/31eb1cea262763027c61d2bcce686a2afcf9e944
Submitter: Zuul
Branch: master

commit 31eb1cea262763027c61d2bcce686a2afcf9e944
Author: Anand H. Krishnan <email address hidden>
Date: Fri Jun 5 16:12:17 2015 +0530

TCP connection state awareness for faster flow aging

If a flow has already seen a tcp session close (either through the FIN
mechanism or through the RST mechanism), that flow can be dismantled
immediately instead of waiting for the flow aging time. vRouter will
now track the connection closure (RST as well as FIN/FIN-ACK/ACK or
FIN-ACK-FIN-ACK) and when it comprehends a session close will send a
trap to agent to indicate that the flow(forward/reverse) can be
dismantled.

Similarly, connections to non-existent systems can result in inactive
flows that could be dismantled after proper backouts. vRouter will track
SYN, SYN-ACK, ACK sequence to mark the flow with flags indicating that
it has seen SYN and a session establishment (if the cycle goes through),
which can be used to dismantle dummy flows.

Change-Id: I343fb6d56ef16a08d1a9dabe1027d3426249a17a
Partial-BUG: #1362701

Review in progress for https://review.opencontrail.org/12663
Submitter: Naveen N (<email address hidden>)

Review in progress for https://review.opencontrail.org/12695
Submitter: Naveen N (<email address hidden>)

Reviewed: https://review.opencontrail.org/12663
Committed: http://github.org/Juniper/contrail-controller/commit/c6906d1476196157428f5636536a7bdc1b5fbb53
Submitter: Zuul
Branch: master

commit c6906d1476196157428f5636536a7bdc1b5fbb53
Author: Naveen N <email address hidden>
Date: Tue Jul 28 04:14:50 2015 -0700

* Agent changes for TCP connection state awareness for faster flow aging

1> Flow eviction by vrouter
If a closed or reset TCP session flow is present in a flow bucket
then vrouter could evict the flow and use the slot for
a new flow, agent would then delete the evicted flow internally
and send a message to delete reverse flow
2> Closes or reset flow would be deleted by agent during aging
cycle.
3> If a flow is stuck in SYN state for more than 180 seconds
delete the flow.

TBD:
Update stats for deleted flow
Make SYN flow timeout configurable
Partial-BUG: #1362701

Change-Id: Iebfd584794794bbea7e8fec3a7c5d646fd983809

Review in progress for https://review.opencontrail.org/12945
Submitter: Prabhjot Singh Sethi (<email address hidden>)

Review in progress for https://review.opencontrail.org/12952
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/12945
Committed: http://github.org/Juniper/contrail-controller/commit/e0720c761167e12506433c97969be0a6d7d65e9c
Submitter: Zuul
Branch: master

commit e0720c761167e12506433c97969be0a6d7d65e9c
Author: Prabhjot Singh Sethi <email address hidden>
Date: Mon Aug 10 09:38:18 2015 +0530

Fix Flow Delete message send to vrouter

Issue:
------
during flow delete due to translation from Non-NAT to NAT
vrouter-agent finds that reverse flow for an entry exists
with an index -1, so we skip deleting the forward flow.

Fix:
----
logic for skipping message based on reverse flow should
not be done for DEL OP.

Closes-Bug: 1483110
Related-Bug: 1362701
Change-Id: I5408ebf6fcbcce74cab7808495e0d28b68ab0f7a

Review in progress for https://review.opencontrail.org/13210
Submitter: Anand H. Krishnan (<email address hidden>)

Review in progress for https://review.opencontrail.org/13515
Submitter: Naveen N (<email address hidden>)

Review in progress for https://review.opencontrail.org/13541
Submitter: Naveen N (<email address hidden>)

Reviewed: https://review.opencontrail.org/13515
Committed: http://github.org/Juniper/contrail-vrouter/commit/716b126ea6a1d7bea3f67793199403836bcc2f75
Submitter: Zuul
Branch: R2.22-dev

commit 716b126ea6a1d7bea3f67793199403836bcc2f75
Author: Naveen N <email address hidden>
Date: Wed Sep 2 05:59:49 2015 -0700

* Add trap code to trap packet which are marked for trapping HOLD flow

This is a partial cherry-pick from mainline review
https://review.opencontrail.org/#/c/13210/
to get agent changes review in R2.2-dev
Partial-BUG: #1362701

Change-Id: I7dd4385fd592fc46a20d51369f40fba5e125232d

Review in progress for https://review.opencontrail.org/13210
Submitter: Anand H. Krishnan (<email address hidden>)

Review in progress for https://review.opencontrail.org/13541
Submitter: Naveen N (<email address hidden>)

Reviewed: https://review.opencontrail.org/13541
Committed: http://github.org/Juniper/contrail-controller/commit/c2b95c01ec0a5d57269e6894b4d9d3628752c00c
Submitter: Zuul
Branch: R2.22-dev

commit c2b95c01ec0a5d57269e6894b4d9d3628752c00c
Author: Naveen N <email address hidden>
Date: Tue Aug 25 02:14:08 2015 -0700

* Agent changes for TCP connection state awareness for faster flow aging

1> Flow eviction by vrouter
If a closed or reset TCP session flow is present in a flow bucket
then vrouter could evict the flow and use the slot for
a new flow, agent would then delete the evicted flow internally
and send a message to delete reverse flow
2> Closes or reset flow would be deleted by agent during aging
cycle.
3> If a flow is stuck in SYN state for more than 180 seconds
delete the flow.

TBD:
Update stats for deleted flow
Make SYN flow timeout configurable
Partial-BUG: #1362701

Change-Id: I8ba40e808bb238b6fc17a32532a6b8e31e696b81

Review in progress for https://review.opencontrail.org/13969
Submitter: Naveen N (<email address hidden>)

Review in progress for https://review.opencontrail.org/13210
Submitter: Anand H. Krishnan (<email address hidden>)

Review in progress for https://review.opencontrail.org/14256
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/14256
Committed: http://github.org/Juniper/contrail-vrouter/commit/eef346699c89ee9a06b6d7c9775cd696f3c8de62
Submitter: Zuul
Branch: R2.20

commit eef346699c89ee9a06b6d7c9775cd696f3c8de62
Author: Anand H. Krishnan <email address hidden>
Date: Fri Jun 5 16:12:17 2015 +0530

TCP connection state awareness for faster flow aging

If a flow has already seen a tcp session close (either through the FIN
mechanism or through the RST mechanism), that flow can be dismantled
immediately instead of waiting for the flow aging time. vRouter will
now track the connection closure (RST as well as FIN/FIN-ACK/ACK or
FIN-ACK-FIN-ACK) and when it comprehends a session close will send a
trap to agent to indicate that the flow(forward/reverse) can be
dismantled.

Similarly, connections to non-existent systems can result in inactive
flows that could be dismantled after proper backouts. vRouter will track
SYN, SYN-ACK, ACK sequence to mark the flow with flags indicating that
it has seen SYN and a session establishment (if the cycle goes through),
which can be used to dismantle dummy flows.

Change-Id: I343fb6d56ef16a08d1a9dabe1027d3426249a17a
Partial-BUG: #1362701

Review in progress for https://review.opencontrail.org/13210
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/13210
Committed: http://github.org/Juniper/contrail-vrouter/commit/507fda3d5deb22c6549d4fd253624bea44534b73
Submitter: Zuul
Branch: master

commit 507fda3d5deb22c6549d4fd253624bea44534b73
Author: Anand H. Krishnan <email address hidden>
Date: Thu Aug 20 14:40:13 2015 +0530

Flow eviction by datapath based on TCP states

Inactive TCP flows (flows that have already seen the closure cycle -
FIN/ACK or the RESET flags) should additionally be considered as a
free flow entry so that vRouter does not have to wait for agent to
accommodate new flows. This logic will provide better service under
severe occupancy. This modification also removes the previous logic
of trapping packets to agent when datapath detects closure of a TCP
stream.

Change-Id: I1009b10f990ea2bf904ac0daec59378d1da07acd
Partial-BUG: #1362701

Review in progress for https://review.opencontrail.org/14384
Submitter: Naveen N (<email address hidden>)

Review in progress for https://review.opencontrail.org/14391
Submitter: Praveen K V (<email address hidden>)

Review in progress for https://review.opencontrail.org/14384
Submitter: Ashok Singh (<email address hidden>)

Reviewed: https://review.opencontrail.org/14391
Committed: http://github.org/Juniper/contrail-controller/commit/187cf8830648bcf061e471edd586d2b6186bdf9b
Submitter: Zuul
Branch: master

commit 187cf8830648bcf061e471edd586d2b6186bdf9b
Author: Praveen K V <email address hidden>
Date: Wed Jul 29 16:08:06 2015 +0530

Flow optimizations - Run flow management in a work-queue

As part of flow processing we need to maintain data structures to keep
the flow action in-sync with config changes. Building these changes and
also revaluating flows when config change is notified can result in
significant latencies.

With this change we move the flow management part to a work-queue. The
flow management module is resposible to keep the flow in-sync with
config changed.

Few other slow operations operations such as logging/UVE also will be
moved to this module in subsequent commits.

Partial-Bug: #1479295

Removing the config listener

After IFmap dependency manager is introduced for all the objects in Agent,
the config listener does not play any role other than invoking node observers
and link observers, which is taken care in dependency manager itself.

As part of the same, Uuid change of node is also detected and handled.

Couple of test cases are moved out of flaky tests.

closes-bug: #1480124

Split flow_table.cc to create new file flow_entry.cc

Move FlowEntry methods to new file flow_entry.cc and flow_entry.h
No changes in functionality

Partial-Bug: #1479295

Move Flow logging to Flow Management module

Define a message to enqueue Flow Export requests in Flow Management module. Move FlowExport functionality from FlowTable to
Flow Management module. Replace FlowExport API calls in Flow Stats collector and Flow Table with a message to Flow Management
module.

Partial-Bug: #1479295

Run FlowTable processing from work-queue

This change is a step towards running Flow setup in multiple threads. Flow
creation is a two step process,

FlowHandler :
FlowEntry are created and flow action are determined in this context.
This stage can potentially run in multiple threads (future commits)
FlowHandler runs from a workqueue in "Agent::FlowHandler" task context

FlowTable :
1. Manage flow_entry_map_ which contains all flows
2. Enforce the per-VM flow limits
3. Generate events to KSync and FlowMgmt modueles
FlowTable runs from a workqueue in "Agent::FlowTable" task context

Partial-Bug: #1479295

Optimize packet processing ASIO context

Method PktHandler::HandleRcvPkt is called from ASIO context. Following
processing was done in HandleRcvPkt within this context,

- Decode of the packet including decoding on tunnel headers
- In case of bare-metas identification of interface based on MAC address

This commit minimizes processing in ASIO context. Packet are enqueued to
module work-queue baesd on the agent-header. The packet decode is
subsequently done when work-queue is scheduled.

Partial-Bug: #1479295

* Track static and floating ip preference based on instance ip

1> Floating ip, static route and allowed address pair in ecmp
mode would have preference published based on instance-ip
preference
2> If allowed-address pair address is configured in active-stdby
mode, r...

Review in progress for https://review.opencontrail.org/14544
Submitter: Anand H. Krishnan (<email address hidden>)

Review in progress for https://review.opencontrail.org/14384
Submitter: Naveen N (<email address hidden>)

Reviewed: https://review.opencontrail.org/14384
Committed: http://github.org/Juniper/contrail-controller/commit/d5d1f1a0b95649fb16bc6dc4d44742cdf6b7adce
Submitter: Zuul
Branch: R2.20

commit d5d1f1a0b95649fb16bc6dc4d44742cdf6b7adce
Author: Naveen N <email address hidden>
Date: Tue Oct 20 03:48:38 2015 -0700

Agent changes for TCP connection state awareness for faster flow aging
1> Flow eviction by vrouter
If a closed or reset TCP session flow is present in a flow bucket
then vrouter could evict the flow and use the slot for
a new flow, agent would then delete the evicted flow internally
and send a message to delete reverse flow
2> Closes or reset flow would be deleted by agent during aging
cycle.
3> If a flow is stuck in SYN state for more than 180 seconds
delete the flow.
TBD:
Update stats for deleted flow
Partial-BUG: #1362701

Change-Id: Iceb358c835d805809224ed2f876858e9450ba6d9

Review in progress for https://review.opencontrail.org/14544
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/14544
Committed: http://github.org/Juniper/contrail-vrouter/commit/32ff12b67f62dd9ec7a8e68c3b426a1e45ce9756
Submitter: Zuul
Branch: R2.20

commit 32ff12b67f62dd9ec7a8e68c3b426a1e45ce9756
Author: Anand H. Krishnan <email address hidden>
Date: Thu Aug 20 14:40:13 2015 +0530

Flow eviction by datapath based on TCP states

Inactive TCP flows (flows that have already seen the closure cycle -
FIN/ACK or the RESET flags) should additionally be considered as a
free flow entry so that vRouter does not have to wait for agent to
accommodate new flows. This logic will provide better service under
severe occupancy. This modification also removes the previous logic
of trapping packets to agent when datapath detects closure of a TCP
stream.

Change-Id: I1009b10f990ea2bf904ac0daec59378d1da07acd
Partial-BUG: #1362701

Review in progress for https://review.opencontrail.org/15477
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/15477
Committed: http://github.org/Juniper/contrail-vrouter/commit/8d9a87f2c34b61ddb1bb295604515053e2fd7860
Submitter: Zuul
Branch: R2.20

commit 8d9a87f2c34b61ddb1bb295604515053e2fd7860
Author: Anand H. Krishnan <email address hidden>
Date: Mon Nov 30 14:14:14 2015 +0530

Logic to reset statistics of the evicted reverse flow

The point where we reset statistics for an evicted flow is when we
trap the first packet to the agent. The trap message carries the
old statistics. However, for the reverse flow, there is no trap.
Hence, the statistics of the evicted reverse flow entry is sent
back to the agent in the sandesh flow message and reset once the
agent tries to add the reverse flow entry.

Change-Id: Ic67318b9632f39560292512be503f90eb6f33068
Closes-BUG: 1362701

Review in progress for https://review.opencontrail.org/15709
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/15709
Committed: http://github.org/Juniper/contrail-vrouter/commit/d752dcfc645d2c38045f6a649c00e7fbf785dcc4
Submitter: Zuul
Branch: R2.20

commit d752dcfc645d2c38045f6a649c00e7fbf785dcc4
Author: Anand H. Krishnan <email address hidden>
Date: Wed Dec 9 14:22:43 2015 +0530

Set appropriate TCP flags in reverse flow at creation

When agent creates a reverse flow for an existing forward flow,
appropriate TCP flags should also be set based on the TCP flags
that are set in the forward flow. Otherwise, eviction
(and other features that depend on flags in both forward and
reverse entries) might not work. Case in point is the D flag.

Any fragment other than the first fragment of the packet should
not be allowed to create a new flow.

While creating a defer call back, unset the evict flags only if
the context that led to creation of the defer was because of
eviction. Otherwise, there could be some misbehavior.

Allow eviction for flows even if there is only one way link
between forward and the reverse flow

Change-Id: I7bccd256e4d33eaf4623a89e49c40d0928c372c4
Closes-BUG: 1362701

Review in progress for https://review.opencontrail.org/15822
Submitter: Anand H. Krishnan (<email address hidden>)

Review in progress for https://review.opencontrail.org/15827
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/15822
Committed: http://github.org/Juniper/contrail-vrouter/commit/a345a66a4446ea5c5ddab4f83fd8f8c758d68b46
Submitter: Zuul
Branch: master

commit a345a66a4446ea5c5ddab4f83fd8f8c758d68b46
Author: Anand H. Krishnan <email address hidden>
Date: Mon Nov 30 14:14:14 2015 +0530

Logic to reset statistics of the evicted reverse flow

The point where we reset statistics for an evicted flow is when we
trap the first packet to the agent. The trap message carries the
old statistics. However, for the reverse flow, there is no trap.
Hence, the statistics of the evicted reverse flow entry is sent
back to the agent in the sandesh flow message and reset once the
agent tries to add the reverse flow entry.

Change-Id: Ic67318b9632f39560292512be503f90eb6f33068
Closes-BUG: 1362701

Reviewed: https://review.opencontrail.org/15827
Committed: http://github.org/Juniper/contrail-vrouter/commit/7e8bbfd8c994ef5230d27ce67fd734d861edcb4b
Submitter: Zuul
Branch: master

commit 7e8bbfd8c994ef5230d27ce67fd734d861edcb4b
Author: Anand H. Krishnan <email address hidden>
Date: Wed Dec 9 14:22:43 2015 +0530

Set appropriate TCP flags in reverse flow at creation

When agent creates a reverse flow for an existing forward flow,
appropriate TCP flags should also be set based on the TCP flags
that are set in the forward flow. Otherwise, eviction
(and other features that depend on flags in both forward and
reverse entries) might not work. Case in point is the D flag.

Any fragment other than the first fragment of the packet should
not be allowed to create a new flow.

While creating a defer call back, unset the evict flags only if
the context that led to creation of the defer was because of
eviction. Otherwise, there could be some misbehavior.

Allow eviction for flows even if there is only one way link
between forward and the reverse flow

Change-Id: I7bccd256e4d33eaf4623a89e49c40d0928c372c4
Closes-BUG: 1362701

Review in progress for https://review.opencontrail.org/16232
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/16232
Committed: http://github.org/Juniper/contrail-vrouter/commit/3844e209ac5a3d3cc43a2cc14ab8a67143751d40
Submitter: Zuul
Branch: master

commit 3844e209ac5a3d3cc43a2cc14ab8a67143751d40
Author: Anand H. Krishnan <email address hidden>
Date: Tue Jan 12 15:23:54 2016 +0530

Retain EVICTED flag and flow type for evicted flows

Change-Id: I876d0c0ad883d786c146a3c2ee1649a01f4fd8f5
Closes-BUG: #1362701

Review in progress for https://review.opencontrail.org/17175
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/17175
Committed: http://github.org/Juniper/contrail-vrouter/commit/81a2a0336897b7f690485c1e1b64c7689fb838c4
Submitter: Zuul
Branch: master

commit 81a2a0336897b7f690485c1e1b64c7689fb838c4
Author: Anand H. Krishnan <email address hidden>
Date: Fri Feb 12 14:55:20 2016 +0530

Do not zero the flow key at deletion

In case of eviction, it helps to know what key was present in the
flow entry. Hence, do not zero out the key during eviction.

Change-Id: If98c1367f37d8185d563ffbe9ad8872a3f4f5859
Closes-BUG: #1362701