From: "Jiang, Cheng1" <cheng1.jiang@intel.com>
To: "Morten Brørup" <mb@smartsharesystems.com>,
"Stephen Hemminger" <stephen@networkplumber.org>
Cc: "maxime.coquelin@redhat.com" <maxime.coquelin@redhat.com>,
"Xia, Chenbo" <chenbo.xia@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>, "Hu, Jiayu" <jiayu.hu@intel.com>,
"Ding, Xuan" <xuan.ding@intel.com>,
"Ma, WenwuX" <wenwux.ma@intel.com>,
"Wang, YuanX" <yuanx.wang@intel.com>,
"Yang, YvonneX" <yvonnex.yang@intel.com>
Subject: RE: [RFC 1/2] vhost: add ingress API for port mirroring datapath
Date: Thu, 25 Aug 2022 13:53:43 +0000 [thread overview]
Message-ID: <BL0PR11MB318765ABA06FB9C015439BEFDC729@BL0PR11MB3187.namprd11.prod.outlook.com> (raw)
In-Reply-To: <98CBD80474FA8B44BF855DF32C47DC35D87282@smartserver.smartshare.dk>
Hi,
> -----Original Message-----
> From: Morten Brørup <mb@smartsharesystems.com>
> Sent: Thursday, August 18, 2022 4:17 PM
> To: Jiang, Cheng1 <cheng1.jiang@intel.com>; Stephen Hemminger
> <stephen@networkplumber.org>
> Cc: maxime.coquelin@redhat.com; Xia, Chenbo <chenbo.xia@intel.com>;
> dev@dpdk.org; Hu, Jiayu <jiayu.hu@intel.com>; Ding, Xuan
> <xuan.ding@intel.com>; Ma, WenwuX <wenwux.ma@intel.com>; Wang,
> YuanX <yuanx.wang@intel.com>; Yang, YvonneX <yvonnex.yang@intel.com>
> Subject: RE: [RFC 1/2] vhost: add ingress API for port mirroring datapath
>
> > From: Jiang, Cheng1 [mailto:cheng1.jiang@intel.com]
> > Sent: Thursday, 18 August 2022 08.58
> >
> > Hi,
> >
> > > -----Original Message-----
> > > From: Stephen Hemminger <stephen@networkplumber.org>
> > > Sent: Sunday, August 14, 2022 10:58 PM
> > >
> > > On Sun, 14 Aug 2022 12:49:19 +0000
> > > Cheng Jiang <cheng1.jiang@intel.com> wrote:
> > >
> > > > From: Wenwu Ma <wenwux.ma@intel.com>
> > > >
> > > > Similar to the port mirroring function on the switch or router,
> > this
> > > > patch also implements an ingress function on the Vhost lib. When
> > data
> > > > is sent to a front-end, it will also send the data to its mirror
> > > > front-end.
> > > >
> > > > Signed-off-by: Cheng Jiang <cheng1.jiang@intel.com>
> > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> > >
> > > We already have rte_flow, packet capture, and rx/tx callbacks.
> > > This seems like re-invention.
> >
> > Sorry that I didn't make it clear in the v1 commit message. This port
> > mirror function is based on async vhost which is accelerated by DMA
> > device. Compared with other mirror implements: 1. It's targeted for
> > vhost. 2. The performance is really good. Its use scenario is to let
> > one front-end(mirror-VM) monitor the traffic of another front-end(VM).
> > It's different from the things you mentioned above. So, IMO I don't
> > think it's re-invention.
> >
> > Thanks,
> > Cheng
>
> Thank you for elaborating the use case.
>
> In other words: This is a performance optimization for a specific use case.
>
> This raises two questions:
>
> 1. Please convince us that this is a common use case?
Using VM to monitor the other VM's traffic is a common use case. This is commonly used in an intrusion detection system, passive probe or real user monitoring technology.
> 2. What is the performance compared to implementing it at the application
> level?
>
This API is introduced mainly to enable DMA acceleration in vhost port mirror scenario. And leverage DMA's strong performance.
>
> Overall, I totally agree with Stephen:
>
> Port Mirroring was removed from ethdev with the 21.11 release [1] for the
> reasons mentioned by Stephen. Please don't try to reintroduce it.
>
> If the application needs to mirror all (or some) packets, why not just let the
> application do it?
>
> Furthermore, the application might need to mirror the packets to a physical
> port, and perhaps encapsulate it for remote packet capture. Sampling could
> also be required. Here's a prediction for you: More features will creep into to
> this API over time, and it will end up like the ethdev mirroring API being
> removed because the alternatives are better and more versatile.
First of all, These are Vhost lib APIs based on async vhost which is accelerated by DMA device.
And they are provided for Vhost PMD or other Vhost applications. So, I am not sure whether these APIs are similar to ethdev mirroring APIs which are removed.
As far as I understand, RTE_FLOW is used for ethdev. I'm not sure there are conflicts between mirror API in Vhost and RTE_FLOW, since vhost/virtio is a virtual protocol.
We will consider your suggestion carefully again.
Thank you very much.
Cheng
>
> [1]: https://doc.dpdk.org/guides/rel_notes/release_21_11.html#removed-
> items
next prev parent reply other threads:[~2022-08-25 13:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-14 12:49 [RFC 0/2] vhost: add port mirroring function in the vhost lib Cheng Jiang
2022-08-14 12:49 ` [RFC 1/2] vhost: add ingress API for port mirroring datapath Cheng Jiang
2022-08-14 14:58 ` Stephen Hemminger
2022-08-18 6:58 ` Jiang, Cheng1
2022-08-18 8:16 ` Morten Brørup
2022-08-25 13:53 ` Jiang, Cheng1 [this message]
2022-08-14 12:49 ` [RFC 2/2] vhost: add egress " Cheng Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BL0PR11MB318765ABA06FB9C015439BEFDC729@BL0PR11MB3187.namprd11.prod.outlook.com \
--to=cheng1.jiang@intel.com \
--cc=chenbo.xia@intel.com \
--cc=dev@dpdk.org \
--cc=jiayu.hu@intel.com \
--cc=maxime.coquelin@redhat.com \
--cc=mb@smartsharesystems.com \
--cc=stephen@networkplumber.org \
--cc=wenwux.ma@intel.com \
--cc=xuan.ding@intel.com \
--cc=yuanx.wang@intel.com \
--cc=yvonnex.yang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).