neutron

[RFE] pps limitation on neutron ports for openvswitch agent

Bug #1938966 reported by LIU Yulong on 2021-08-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	In Progress	Wishlist	Unassigned

Bug Description

Since neutron supports packet rate limit rule [1][2], it's time for us to support real pps limitation in agent side for neutron ports and IPs. So this RFE is for real pps limitation functionality. We are going to implement neutron port's pps limitation with ovs meter first. IPs pps limitaion will be considered in a new approach.

Implementation notes [3]:
1. ovs kernel datapath based on kernel version <= 4.14 does not support meter.
2. kernel version >=4.15 + ovs >= 2.10 will support meter.
3. user space ovs data path should use ovs with version >= 2.7

So, this will be only available for kernel >=4.15 and ovs>=2.10.

Basic limit pipeline is:
Ingress: packets get into br-int table 0, before send to table 60, check the destanation MAC and local_vlan ID, if the dest is resident in this host, do the meter pps action and send to table 60.
Egress: match src MAC and in_port, before send to table 60, do the meter pps action and send to table 60.

Neutron ovs-agent process workflow:
1. port pluging detected
2. reterieve the port information
3. do the flow installation
4. handle_port in the pps limitation QoS agent extension (or a new pps agent extension)
5. create the meter rule for port based on the binding qos policy's QosPacketRateLimitRule
6. applied the Ingress and Egress ovs flows

[1] https://bugs.launchpad.net/neutron/+bug/1912460
[2] https://review.opendev.org/c/openstack/neutron/+/796363
[3] https://github.com/openvswitch/ovs/blob/master/Documentation/faq/releases.rst

See original description

Tags:

Oleg Bondarev (obondarev) on 2021-08-05

tags:	added: rfe
Changed in neutron:
importance:	Undecided → Wishlist

LIU Yulong (dragon889) on 2021-08-05

description:

updated

Revision history for this message

Slawek Kaplonski (slaweq) wrote on 2021-08-10:

Do we really need to treat it as new RFE? We already accepted https://bugs.launchpad.net/neutron/+bug/1912460 and that is only for backend implementation which IMO was obvious we would like to have at some point.

Revision history for this message

LIU Yulong (dragon889) wrote on 2021-08-11:

Sure, so I will directly submit the code. : )

Revision history for this message

LIU Yulong (dragon889) wrote on 2021-08-11:

I registered a BP for all pps related works:
https://blueprints.launchpad.net/neutron/+spec/packet-rate-limit

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-11: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/804213

Changed in neutron:
status:	New → In Progress

Revision history for this message

Slawek Kaplonski (slaweq) wrote on 2021-08-26:

I removed rfe tag from that one. Let's just implement it :)

tags:	removed: rfe
tags:	added: ovs qos

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-11-05: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/816800

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-11-26:

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/819418

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-02-15:

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/829145

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-02-15:

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/829161

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-02-17: Related fix merged to neutron (master)

#10

Reviewed: https://review.opendev.org/c/openstack/neutron/+/804213
Committed: https://opendev.org/openstack/neutron/commit/053a9d24eca2c9372bd2b767504dd6b6db30643f
Submitter: "Zuul (22348)"
Branch: master

commit 053a9d24eca2c9372bd2b767504dd6b6db30643f
Author: LIU Yulong <email address hidden>
Date: Fri Aug 6 14:11:00 2021 +0800

Add table for pps limitaion

    Table 59 will be used for pps limitation, the pipeline change is:
    all original flows with ``goto table 60`` will be changed to
    ``goto table 59``, while table 59 has a default rule is goto
    table 60. Then we can add pps flows to table 59 for all ports.

    Basic limit pipeline is:
    Ingress: packets get into br-int table 0, before send to table 60,
    in table 59, check the destanation MAC and local_vlan ID, if the
    dest is resident in this host, do the meter pps action and send
    to table 60.
    Egress: match src MAC and in_port, before send to table 60,
    in table 59, do the meter pps action and send to table 60.

    Why table 59? Because for ovs-agent flow structure, all packets
    will be send to table 60 to do next actions such as security group.
    Between table 0 and table 60, there are tables for ARP poison/spoofing
    prevention rules and MAC spoof filtering. We want similar security
    checks to take effect first, so it can drop packets before filling
    our limit queues (pps limitation based on data forwarding queue).
    And we do not want packets go through the long march of security group
    flows, in case of performance side effect when there are large amount
    of packets try to send, so limit it before goto security group flows.

    Partially-Implements: bp/packet-rate-limit
    Related-Bug: #1938966
    Related-Bug: #1912460
    Change-Id: I943f610c3b6bcf05e2e752ca3b57981f523f88a8

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-02-25:

#11

Reviewed: https://review.opendev.org/c/openstack/neutron/+/829145
Committed: https://opendev.org/openstack/neutron/commit/b4a192a74c32d70278510b0a768c42220ff03b6f
Submitter: "Zuul (22348)"
Branch: master

commit b4a192a74c32d70278510b0a768c42220ff03b6f
Author: LIU Yulong <email address hidden>
Date: Tue Feb 15 08:49:36 2022 +0800

Bump python-neutronclient version to 7.8.0

    Fullstack test cases need this release [1] of python-neutronclient.
    Update the cliff version because:
        python-neutronclient 7.8.0 depends on cliff>=3.4.0
        cliff==3.4.0 requires stevedore>=2.0.1
        python-neutronclient 7.8.0 depends on osc-lib>=1.12.0

[1] https://review.opendev.org/c/openstack/releases/+/828442

    Partially-Implements: bp/packet-rate-limit
    Related-Bug: #1938966
    Related-Bug: #1912460
    Change-Id: Ibc1fbb90bf22128cd783c8d8598fb3c49591eae2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-06-14:

#12

Reviewed: https://review.opendev.org/c/openstack/neutron/+/816800
Committed: https://opendev.org/openstack/neutron/commit/0232ead2c33eccc2ccd67f96a12381f2ce7fb470
Submitter: "Zuul (22348)"
Branch: master

commit 0232ead2c33eccc2ccd67f96a12381f2ce7fb470
Author: LIU Yulong <email address hidden>
Date: Wed Aug 11 18:44:38 2021 +0800

Meter flows and ovsdb action for ovs bridge

    Add meter flows actions and ovsdb actions for pps
    limitation. Meter flow actions are:
    * list_meter_features
    * create_meter
    * delete_meter
    * update_meter
    * apply_meter_to_port
    * remove_meter_from_port

    Ovsdb actions are:
    * get_port_tag_by_name
    * get_value_from_other_config
    * set_value_to_other_config
    * remove_value_from_other_config

    Partially-Implements: bp/packet-rate-limit
    Related-Bug: #1938966
    Related-Bug: #1912460
    Change-Id: Idc9a2b1f39964fc3b603310ac7f22c1bc58d27f7

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-06-14:

#13

Reviewed: https://review.opendev.org/c/openstack/neutron/+/816802
Committed: https://opendev.org/openstack/neutron/commit/5765186516ae6af3477fc1c1cdd0367e8c878189
Submitter: "Zuul (22348)"
Branch: master

commit 5765186516ae6af3477fc1c1cdd0367e8c878189
Author: LIU Yulong <email address hidden>
Date: Thu Sep 2 16:22:03 2021 +0800

Support pps limitation for openvswitch agent

    Add packet rate limit rule to the openvswitch QoS
    driver SUPPORTED_RULES list. This patch adds the
    ability to limit neutron port packet I/O rate. We
    will leverage the ovs meter to achieve the limitation.

    The meter action is only supoorted when datapath is
    in user mode (with ovs >= 2.7) or ovs kernel datapath with
    kernel version >= 4.15 (and ovs >= 2.10).

[1] https://docs.openvswitch.org/en/latest/faq/releases/

    Partially-Implements: bp/packet-rate-limit
    Related-Bug: #1938966
    Related-Bug: #1912460
    Change-Id: Ib6341ad539afc9f94f1783a721cf5f793ccdc7d8

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-06-24:

#14

Reviewed: https://review.opendev.org/c/openstack/neutron/+/819418
Committed: https://opendev.org/openstack/neutron/commit/f1a082ce5066ff4b9f74a7628e1133f521423b6e
Submitter: "Zuul (22348)"
Branch: master

commit f1a082ce5066ff4b9f74a7628e1133f521423b6e
Author: LIU Yulong <email address hidden>
Date: Mon Nov 22 16:08:02 2021 +0800

Fullstack tests of packet rate limit for ovs qos driver

Depends-On: https://review.opendev.org/c/openstack/python-neutronclient/+/818717

    Partially-Implements: bp/packet-rate-limit
    Related-Bug: #1938966
    Related-Bug: #1912460
    Change-Id: If2d8f4e89987dcb55fcbef126a02bff4433c6aa8

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-06-27:

#15

Reviewed: https://review.opendev.org/c/openstack/neutron/+/829161
Committed: https://opendev.org/openstack/neutron/commit/b80f152edfd082de66ab474d7c8c191d8765bd99
Submitter: "Zuul (22348)"
Branch: master

commit b80f152edfd082de66ab474d7c8c191d8765bd99
Author: LIU Yulong <email address hidden>
Date: Tue Feb 15 14:16:31 2022 +0800

Add policy for packet rate limit rules

This is going to add policy rules for packet rate limit
rules of https://review.opendev.org/c/openstack/neutron/+/796363

    Partially-Implements: bp/packet-rate-limit
    Related-Bug: #1938966
    Related-Bug: #1912460
    Change-Id: I20e45f73869d23f93acf4d7bc4cd378d1fa9a986

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-24: Related fix proposed to neutron (master)

#16

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/865590

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-25: Related fix merged to neutron (master)

#17

Reviewed: https://review.opendev.org/c/openstack/neutron/+/865590
Committed: https://opendev.org/openstack/neutron/commit/c5640eee1164cd88b3d9b01848638eeb57d2efb0
Submitter: "Zuul (22348)"
Branch: master

commit c5640eee1164cd88b3d9b01848638eeb57d2efb0
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Thu Nov 17 06:15:39 2022 +0100

Use the neutron-lib constant for PACKET_RATE_LIMIT table number

    In neutron-lib 3.2.0, the table PACKET_RATE_LIMIT changes from 59
    to 58. This patch uses the imported n-lib constant instead of a
    hardcoded number. That will allow the neutron-lib version bump.
    See [1].

[1]https://review.opendev.org/c/openstack/requirements/+/864899

Related-Bug: #1938966
Change-Id: I0929e5ad59bfdd1ec7477adef3a52ec8d25ccfa6

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-28: Related fix proposed to neutron (master)

#18

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/865871