From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AFB8DA0553; Mon, 14 Nov 2022 10:41:33 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 920BF40150; Mon, 14 Nov 2022 10:41:33 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id E1BFC4014F for ; Mon, 14 Nov 2022 10:41:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1668418891; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kbs5C/lDEnr1WrTlZS9cwprn0nN3+gq4E0cVQ69lln4=; b=W0AUFfdcf9pDS0foQKB7sp/hv7+F1QWUjxJWQ+0kR2vbqf65pBO5Tn0lRF7EN09wxFH9JH xyVUdJghyQ8KpaMMTsZ/pzKrGSFG8gMPy6WQaACwQGomebxw+QIloNIUmVGeDve7sv/cFc 9elwpC6AVdUqv/hZhmKFBS2OdQ8BuEU= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-649-S3crjTFePwy-04_YU7Jtfg-1; Mon, 14 Nov 2022 04:41:30 -0500 X-MC-Unique: S3crjTFePwy-04_YU7Jtfg-1 Received: by mail-wm1-f70.google.com with SMTP id u9-20020a05600c00c900b003cfb12839d6so2728467wmm.5 for ; Mon, 14 Nov 2022 01:41:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:subject:content-language :references:cc:to:from:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kbs5C/lDEnr1WrTlZS9cwprn0nN3+gq4E0cVQ69lln4=; b=wBlEeaik0yquH8hX2+LRabxaK6rlj/kswM9fvDFSQrsgnCkclcxeFKSN/2lCkPmM5F U/RtbgXFwwpqbTiXoRAz9JnJvDilB0oq1NL+Bs1foRjOY17kGRQo/KKEswvWeKmNe/SD B+XpPIS9gBYzP+t6MV2ZV27MqaPLWLxn6azLXTMIF0mmDkTY6A7G4n1k08sniCCnlRdE HUSR33Y8XmleIjJmdnNUe0TcBBK1Rdn/3y9eFFFx2GGlWZhOHt0uVdfcOJ+CYmvJEo1d HEJ6YWU8HB4+HQ345o2RIt/BQPgjy+pz0XAimTTxrgQ1JH8iwGLemoLT8rDArgOWj2WR RGIw== X-Gm-Message-State: ANoB5pmLFFUhfQcbiv0/Piu8+rVxp7QmqhQ4jj5wA2ZdH9Vbr7JqBbcg Hp9qkFCvcxNDwrwJLOYFgy7Y1ZHQweXol78SiOj8inP48quSdXH1wr2w2KX4jBd8vHLDdav8xOm 5KZg= X-Received: by 2002:adf:f84f:0:b0:22c:dd26:3c0 with SMTP id d15-20020adff84f000000b0022cdd2603c0mr7165007wrq.18.1668418888262; Mon, 14 Nov 2022 01:41:28 -0800 (PST) X-Google-Smtp-Source: AA0mqf70ssLHtmRgEnMz8HkkDGvBaLFwlrf5vHhl9aqMs6yPHqE6uCP6qVxXA4mES08SoGIqPwOsjQ== X-Received: by 2002:adf:f84f:0:b0:22c:dd26:3c0 with SMTP id d15-20020adff84f000000b0022cdd2603c0mr7164990wrq.18.1668418887841; Mon, 14 Nov 2022 01:41:27 -0800 (PST) Received: from [192.168.0.36] ([78.19.102.117]) by smtp.gmail.com with ESMTPSA id r15-20020a05600c35cf00b003a84375d0d1sm19500729wmq.44.2022.11.14.01.41.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Nov 2022 01:41:27 -0800 (PST) Message-ID: <41768f2f-9b0a-85d6-b5fe-59e4046745d4@redhat.com> Date: Mon, 14 Nov 2022 09:41:25 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.1 From: Kevin Traynor To: Robin Jarry , "dev@dpdk.org" , "dev@openvswitch.org" Cc: Christophe Fontaine , Ori Kam References: <20221021145308.141933-1-rjarry@redhat.com> <10a1224e-40f2-b9e1-b522-a271ec122cbe@redhat.com> Subject: Re: [PATCH v3] netdev-dpdk: add control plane protection support In-Reply-To: <10a1224e-40f2-b9e1-b522-a271ec122cbe@redhat.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Fixing To: to add back in OVS ML. +cc Ori, as mlx5 operation discussed below. On 11/11/2022 18:15, Kevin Traynor wrote: > Hi Robin, > > On 21/10/2022 15:53, Robin Jarry wrote: >> Some control protocols are used to maintain link status between >> forwarding engines (e.g. LACP). When the system is not sized properly, >> the PMD threads may not be able to process all incoming traffic from the >> configured Rx queues. When a signaling packet of such protocols is >> dropped, it can cause link flapping, worsening the situation. >> >> Use the RTE flow API to redirect these protocols into a dedicated Rx >> queue. The assumption is made that the ratio between control protocol >> traffic and user data traffic is very low and thus this dedicated Rx >> queue will never get full. The RSS redirection table is re-programmed to >> only use the other Rx queues. The RSS table size is stored in the >> netdev_dpdk structure at port initialization to avoid requesting the >> information again when changing the port configuration. >> >> The additional Rx queue will be assigned a PMD core like any other Rx >> queue. Polling that extra queue may introduce increased latency and >> a slight performance penalty at the benefit of preventing link flapping. >> >> This feature must be enabled per port on specific protocols via the >> cp-protection option. This option takes a coma-separated list of >> protocol names. It is only supported on ethernet ports. >> >> If the user has already configured multiple Rx queues on the port, an >> additional one will be allocated for control plane packets. If the >> hardware cannot satisfy the requested number of requested Rx queues, the >> last Rx queue will be assigned for control plane. If only one Rx queue >> is available, the cp-protection feature will be disabled. If the >> hardware does not support the RTE flow matchers/actions, the feature >> will be disabled. >> >> It cannot be enabled when other_config:hw-offload=true as it may >> conflict with the offloaded RTE flows. Similarly, if hw-offload is >> enabled while some ports already have cp-protection enabled, the RTE >> flow offloading will be disabled on these ports. >> >> Example use: >> >> ovs-vsctl add-bond br-phy bond0 phy0 phy1 -- \ >> set interface phy0 type=dpdk options:dpdk-devargs=0000:ca:00.0 -- \ >> set interface phy0 options:cp-protection=lacp -- \ >> set interface phy1 type=dpdk options:dpdk-devargs=0000:ca:00.1 -- \ >> set interface phy1 options:cp-protection=lacp >> >> As a starting point, only one protocol is supported: LACP. Other >> protocols can be added in the future. NIC compatibility should be >> checked. >> >> To validate that this works as intended, I used a traffic generator to >> generate random traffic slightly above the machine capacity at line rate >> on a two ports bond interface. OVS is configured to receive traffic on >> two VLANs and pop/push them in a br-int bridge based on tags set on >> patch ports. >> >> +----------------------+ >> | DUT | >> |+--------------------+| >> || br-int || default flow, action=NORMAL >> || || >> || patch10 patch11 || >> |+---|-----------|----+| >> | | | | >> |+---|-----------|----+| >> || patch00 patch01 || >> || tag:10 tag:20 || >> || || >> || br-phy || default flow, action=NORMAL >> || || >> || bond0 || balance-slb, lacp=passive, lacp-time=fast >> || phy0 phy1 || >> |+------|-----|-------+| >> +-------|-----|--------+ >> | | >> +-------|-----|--------+ >> | port0 port1 | balance L3/L4, lacp=active, lacp-time=fast >> | lag | mode trunk VLANs 10, 20 >> | | >> | switch | >> | | >> | vlan 10 vlan 20 | mode access >> | port2 port3 | >> +-----|----------|-----+ >> | | >> +-----|----------|-----+ >> | port0 port1 | Random traffic that is properly balanced >> | | across the bond ports in both directions. >> | traffic generator | >> +----------------------+ >> >> Without cp-protection, the bond0 links are randomly switching to >> "defaulted" when one of the LACP packets sent by the switch is dropped >> because the RX queues are full and the PMD threads did not process them >> fast enough. When that happens, all traffic must go through a single >> link which causes above line rate traffic to be dropped. >> >> When cp-protection is enabled, no LACP packet is dropped and the bond >> links remain enabled at all times, maximizing the throughput. >> >> This feature may be considered as "QoS". However, it does not work by >> limiting the rate of traffic explicitly. It only guarantees that some >> protocols have a lower chance of being dropped because the PMD cores >> cannot keep up with regular traffic. >> >> The choice of protocols is limited on purpose. This is not meant to be >> configurable by users. Some limited configurability could be considered >> in the future but it would expose to more potential issues if users are >> accidentally redirecting all traffic in the control plane queue. >> > > Not a full review, but rather send now with issue I saw on CX-5 that we > discussed as it'll impact testing. > >> Cc: Christophe Fontaine >> Cc: Kevin Traynor >> Signed-off-by: Robin Jarry >> --- >> v2 -> v3: >> >> * Added dry_run validation that rte_flows are all supported by the NIC >> before configuring anything. >> * Added check to make cp-protection and hw-offload mutually exclusive. >> * Removed the "match-all" RSS flow that dealt with redirecting all >> non-control-plane traffic to all but the control-plane Rx queue. Very >> few NICs actually support "match-all" flows without any mask. This was >> replaced by reconfiguring the RSS redirection table. The >> * Made sure to unconfigure everything and remove the extra Rx queue in >> the case the hardware does not support one of the RTE flows. >> * Updated vswitchd/vswitch.xml >> * Added diagnostics info in netdev_dpdk_get_status >> * Tested under load on the following NICs: >> - Intel E810 (2x 25G) >> - Mellanox ConnectX-5 (2x 25G) >> * Basic functionality tested on the following NICs: >> - Intel 82599ES (2x 10G) >> - Intel X710 (4x 10G) >> - Mellanox ConnectX-4 (2x 25G) >> >> Documentation/topics/dpdk/phy.rst | 55 ++++++ >> lib/netdev-dpdk.c | 293 +++++++++++++++++++++++++++++- >> vswitchd/vswitch.xml | 26 +++ >> 3 files changed, 373 insertions(+), 1 deletion(-) >> >> diff --git a/Documentation/topics/dpdk/phy.rst b/Documentation/topics/dpdk/phy.rst >> index 937f4c40e5a8..86e69d79b104 100644 >> --- a/Documentation/topics/dpdk/phy.rst >> +++ b/Documentation/topics/dpdk/phy.rst >> @@ -131,6 +131,61 @@ possible with DPDK acceleration. It is possible to configure multiple Rx queues >> for ``dpdk`` ports, thus ensuring this is not a bottleneck for performance. For >> information on configuring PMD threads, refer to :doc:`pmd`. >> >> +Control Plane Protection >> +------------------------ >> + >> +Some control protocols are used to maintain link status between forwarding >> +engines. In SDN environments, these packets share the same physical network >> +than the user data traffic. >> + >> +When the system is not sized properly, the PMD threads may not be able to >> +process all incoming traffic from the configured Rx queues. When a signaling >> +packet of such protocols is dropped, it can cause link flapping, worsening the >> +situation. >> + >> +Some physical NICs can be programmed to put these protocols in a dedicated >> +hardware Rx queue using the rte_flow__ API. >> + >> +__ https://doc.dpdk.org/guides-21.11/prog_guide/rte_flow.html#device-compatibility >> + >> +The currently supported control plane protocols are: >> + >> +``lacp`` >> + `Link Aggregation Control Protocol`__. Ether type ``0x8809``. >> + >> + __ https://www.ieee802.org/3/ad/public/mar99/seaman_1_0399.pdf >> + >> +.. warning:: >> + >> + This feature is not compatible with all NICs. Refer to vendor documentation >> + for more information. >> + >> +Control plane protection must be enabled on specific protocols per port. The >> +``cp-protection`` option requires a coma separated list of protocol names:: >> + >> + $ ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0 type=dpdk \ >> + options:dpdk-devargs=0000:01:00.0 options:cp-protection=lacp >> + >> +.. note:: >> + >> + If multiple Rx queues are already configured, regular RSS (Receive Side >> + Scaling) queue balancing is done on all but the extra control plane >> + protection queue. >> + >> +.. tip:: >> + >> + You can check if control plane protection is supported on a port with the >> + following command:: >> + >> + $ ovs-vsctl get interface dpdk-p0 status >> + {cp_protection_queue="2", driver_name=..., rss_queues="0-1"} >> + >> + If the hardware does not support redirecting control plane traffic to >> + a dedicated queue, it will be explicit:: >> + >> + $ ovs-vsctl get interface dpdk-p0 status >> + {cp_protection_queue=unsupported, driver_name=..., rss_queues="0-1"} >> + >> .. _dpdk-phy-flow-control: >> >> Flow Control >> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c >> index 0dd655507b50..94f04437a641 100644 >> --- a/lib/netdev-dpdk.c >> +++ b/lib/netdev-dpdk.c >> @@ -410,6 +410,11 @@ enum dpdk_hw_ol_features { >> NETDEV_TX_SCTP_CHECKSUM_OFFLOAD = 1 << 4, >> }; >> >> +enum dpdk_cp_prot_flags { >> + DPDK_CP_PROT_UNSUPPORTED = 1 << 0, >> + DPDK_CP_PROT_LACP = 1 << 1, >> +}; >> + >> /* >> * In order to avoid confusion in variables names, following naming convention >> * should be used, if possible: >> @@ -453,6 +458,7 @@ struct netdev_dpdk { >> }; >> struct dpdk_tx_queue *tx_q; >> struct rte_eth_link link; >> + uint16_t reta_size; >> ); >> >> PADDED_MEMBERS_CACHELINE_MARKER(CACHE_LINE_SIZE, cacheline1, >> @@ -529,6 +535,13 @@ struct netdev_dpdk { >> >> /* VF configuration. */ >> struct eth_addr requested_hwaddr; >> + >> + /* Requested control plane protection flags, >> + * from the enum set 'dpdk_cp_prot_flags' */ >> + uint64_t requested_cp_prot_flags; >> + uint64_t cp_prot_flags; >> + size_t cp_prot_flows_num; >> + struct rte_flow **cp_prot_flows; >> ); >> >> PADDED_MEMBERS(CACHE_LINE_SIZE, >> @@ -1192,6 +1205,7 @@ dpdk_eth_dev_init(struct netdev_dpdk *dev) >> netdev_get_name(&dev->up)); >> } >> } >> + dev->reta_size = info.reta_size; >> >> n_rxq = MIN(info.max_rx_queues, dev->up.n_rxq); >> n_txq = MIN(info.max_tx_queues, dev->up.n_txq); >> @@ -1309,6 +1323,10 @@ common_construct(struct netdev *netdev, dpdk_port_t port_no, >> dev->requested_n_txq = NR_QUEUE; >> dev->requested_rxq_size = NIC_PORT_DEFAULT_RXQ_SIZE; >> dev->requested_txq_size = NIC_PORT_DEFAULT_TXQ_SIZE; >> + dev->requested_cp_prot_flags = 0; >> + dev->cp_prot_flags = 0; >> + dev->cp_prot_flows_num = 0; >> + dev->cp_prot_flows = NULL; >> >> /* Initialize the flow control to NULL */ >> memset(&dev->fc_conf, 0, sizeof dev->fc_conf); >> @@ -1904,6 +1922,9 @@ dpdk_set_rxq_config(struct netdev_dpdk *dev, const struct smap *args) >> int new_n_rxq; >> >> new_n_rxq = MAX(smap_get_int(args, "n_rxq", NR_QUEUE), 1); >> + if (dev->requested_cp_prot_flags) { >> + new_n_rxq += 1; >> + } >> if (new_n_rxq != dev->requested_n_rxq) { >> dev->requested_n_rxq = new_n_rxq; >> netdev_request_reconfigure(&dev->up); >> @@ -1927,6 +1948,53 @@ dpdk_process_queue_size(struct netdev *netdev, const struct smap *args, >> } >> } >> >> +static int >> +dpdk_cp_prot_set_config(struct netdev *netdev, struct netdev_dpdk *dev, >> + const struct smap *args, char **errp) >> +{ >> + const char *arg = smap_get_def(args, "cp-protection", ""); >> + uint64_t flags = 0; >> + char buf[256]; >> + char *token, *saveptr; >> + >> + ovs_strzcpy(buf, arg, sizeof(buf)); >> + buf[sizeof(buf) - 1] = '\0'; >> + >> + token = strtok_r(buf, ",", &saveptr); >> + while (token) { >> + if (strcmp(token, "lacp") == 0) { >> + flags |= DPDK_CP_PROT_LACP; >> + } else { >> + VLOG_WARN_BUF( >> + errp, "%s options:cp-protection unknown protocol '%s'", >> + netdev_get_name(netdev), token); >> + return -1; >> + } >> + token = strtok_r(NULL, ",", &saveptr); >> + } >> + >> + if (flags && dev->type != DPDK_DEV_ETH) { >> + VLOG_WARN_BUF( errp, >> + "%s options:cp-protection is only supported on ethernet ports", >> + netdev_get_name(netdev)); >> + return -1; >> + } >> + >> + if (flags && netdev_is_flow_api_enabled()) { >> + VLOG_WARN_BUF(errp, >> + "%s options:cp-protection is incompatible with hw-offload", >> + netdev_get_name(netdev)); >> + return -1; >> + } >> + >> + if (flags != dev->requested_cp_prot_flags) { >> + dev->requested_cp_prot_flags = flags; >> + netdev_request_reconfigure(netdev); >> + } >> + >> + return 0; >> +} >> + >> static int >> netdev_dpdk_set_config(struct netdev *netdev, const struct smap *args, >> char **errp) >> @@ -1946,6 +2014,11 @@ netdev_dpdk_set_config(struct netdev *netdev, const struct smap *args, >> ovs_mutex_lock(&dpdk_mutex); >> ovs_mutex_lock(&dev->mutex); >> >> + if (dpdk_cp_prot_set_config(netdev, dev, args, errp) < 0) { >> + err = EINVAL; >> + goto out; >> + } >> + >> dpdk_set_rxq_config(dev, args); >> >> dpdk_process_queue_size(netdev, args, "n_rxq_desc", >> @@ -3639,8 +3712,10 @@ netdev_dpdk_get_status(const struct netdev *netdev, struct smap *args) >> { >> struct netdev_dpdk *dev = netdev_dpdk_cast(netdev); >> struct rte_eth_dev_info dev_info; >> + uint64_t cp_prot_flags; >> uint32_t link_speed; >> uint32_t dev_flags; >> + int n_rxq; >> >> if (!rte_eth_dev_is_valid_port(dev->port_id)) { >> return ENODEV; >> @@ -3651,6 +3726,8 @@ netdev_dpdk_get_status(const struct netdev *netdev, struct smap *args) >> rte_eth_dev_info_get(dev->port_id, &dev_info); >> link_speed = dev->link.link_speed; >> dev_flags = *dev_info.dev_flags; >> + cp_prot_flags = dev->cp_prot_flags; >> + n_rxq = netdev->n_rxq; >> ovs_mutex_unlock(&dev->mutex); >> const struct rte_bus *bus; >> const struct rte_pci_device *pci_dev; >> @@ -3703,6 +3780,24 @@ netdev_dpdk_get_status(const struct netdev *netdev, struct smap *args) >> ETH_ADDR_ARGS(dev->hwaddr)); >> } >> >> + if (cp_prot_flags) { >> + if (cp_prot_flags & DPDK_CP_PROT_UNSUPPORTED) { >> + smap_add(args, "cp_protection_queue", "unsupported"); >> + if (n_rxq > 1) { >> + smap_add_format(args, "rss_queues", "0-%d", n_rxq - 1); >> + } else { >> + smap_add(args, "rss_queues", "0"); >> + } >> + } else { >> + smap_add_format(args, "cp_protection_queue", "%d", n_rxq - 1); >> + if (n_rxq > 2) { >> + smap_add_format(args, "rss_queues", "0-%d", n_rxq - 2); >> + } else { >> + smap_add(args, "rss_queues", "0"); >> + } >> + } >> + } >> + >> return 0; >> } >> >> @@ -4933,6 +5028,179 @@ static const struct dpdk_qos_ops trtcm_policer_ops = { >> .qos_queue_dump_state_init = trtcm_policer_qos_queue_dump_state_init >> }; >> >> +static int >> +dpdk_cp_prot_add_flow(struct netdev_dpdk *dev, >> + const struct rte_flow_attr *attr, >> + const struct rte_flow_item items[], >> + const struct rte_flow_action actions[], >> + const char *desc, bool dry_run) >> +{ >> + struct rte_flow_error error; >> + struct rte_flow *flow; >> + size_t num; >> + >> + if (dry_run) { >> + int ret; >> + ret = rte_flow_validate(dev->port_id, attr, items, actions, &error); >> + if (rte_flow_validate(dev->port_id, attr, items, actions, &error)) { > > 'if (ret)' > >> + VLOG_WARN("%s: cp-protection: device does not support %s flow: %s", >> + netdev_get_name(&dev->up), desc, error.message); >> + } >> + return ret; >> + } >> + >> + flow = rte_flow_create(dev->port_id, attr, items, actions, &error); >> + if (flow == NULL) { >> + VLOG_WARN("%s: cp-protection: failed to add %s flow: %s", >> + netdev_get_name(&dev->up), desc, error.message); >> + return rte_errno; >> + } >> + >> + num = dev->cp_prot_flows_num + 1; >> + dev->cp_prot_flows = xrealloc(dev->cp_prot_flows, sizeof(flow) * num); >> + dev->cp_prot_flows[dev->cp_prot_flows_num] = flow; >> + dev->cp_prot_flows_num = num; >> + >> + return 0; >> +} >> + >> +static int >> +dpdk_cp_prot_add_traffic_flow(struct netdev_dpdk *dev, >> + const struct rte_flow_item items[], >> + const char *desc, bool dry_run) >> +{ >> + const struct rte_flow_attr attr = { .ingress = 1 }; >> + const struct rte_flow_action actions[] = { >> + { >> + .type = RTE_FLOW_ACTION_TYPE_QUEUE, >> + .conf = &(const struct rte_flow_action_queue) { >> + .index = dev->up.n_rxq - 1, >> + }, >> + }, >> + { .type = RTE_FLOW_ACTION_TYPE_END }, >> + }; >> + >> + if (!dry_run) { >> + VLOG_INFO("%s: cp-protection: redirecting %s traffic to queue %d", >> + netdev_get_name(&dev->up), desc, dev->up.n_rxq - 1); >> + } >> + return dpdk_cp_prot_add_flow(dev, &attr, items, actions, desc, dry_run); >> +} >> + >> +static int >> +dpdk_cp_prot_rss_configure(struct netdev_dpdk *dev, int rss_n_rxq) >> +{ >> + struct rte_eth_rss_reta_entry64 *reta_conf; >> + size_t reta_conf_size; >> + int err; >> + >> + if (rss_n_rxq == 1) { >> + VLOG_INFO("%s: cp-protection: redirecting other traffic to queue 0", >> + netdev_get_name(&dev->up)); >> + } else { >> + VLOG_INFO("%s: cp-protection: applying rss on queues 0-%d", >> + netdev_get_name(&dev->up), rss_n_rxq - 1); >> + } >> + >> + reta_conf_size = (dev->reta_size / RTE_ETH_RETA_GROUP_SIZE) >> + * sizeof(struct rte_eth_rss_reta_entry64); > > In dpdk_eth_dev_init, we get reta_size from driver, > > mlx5_ethdev.c > > 333├> info->reta_size = priv->reta_idx_n ? > 334│ priv->reta_idx_n : config->ind_table_max_size; > > (gdb) p priv->reta_idx_n > $5 = 1 > (gdb) p config->ind_table_max_size > $6 = 512 > > and store: > dev->reta_size = info.reta_size; > > Now we use it, > dev->reta_size = 1 / RTE_ETH_RETA_GROUP_SIZE (64) > but it results in reta_conf_size = 0 > >> + reta_conf = xmalloc(reta_conf_size); > > xmalloc only allocates 1 byte (void *p = malloc(size ? size : 1);) > >> + memset(reta_conf, 0, reta_conf_size); >> + >> + for (uint16_t i = 0; i < dev->reta_size; i++) { >> + uint16_t idx = i / RTE_ETH_RETA_GROUP_SIZE; >> + uint16_t shift = i % RTE_ETH_RETA_GROUP_SIZE; >> + reta_conf[idx].mask |= 1ULL << shift; >> + reta_conf[idx].reta[shift] = i % rss_n_rxq; >> + } >> + err = rte_eth_dev_rss_reta_update(dev->port_id, reta_conf, dev->reta_size); >> + if (err < 0) { >> + VLOG_DBG("%s: failed to configure RSS redirection table: err=%d", >> + netdev_get_name(&dev->up), err); >> + } >> + >> + free(reta_conf); >> + >> + return err; >> +} >> + >> +static int >> +dpdk_cp_prot_configure(struct netdev_dpdk *dev, bool dry_run) >> +{ >> + int err = 0; >> + >> + if (dev->requested_cp_prot_flags & DPDK_CP_PROT_UNSUPPORTED) { >> + goto out; >> + } >> + if (dev->up.n_rxq < 2) { >> + err = ENOTSUP; >> + VLOG_DBG("%s: cp-protection: not enough available rx queues", >> + netdev_get_name(&dev->up)); >> + goto out; >> + } >> + >> + if (dev->requested_cp_prot_flags & DPDK_CP_PROT_LACP) { >> + err = dpdk_cp_prot_add_traffic_flow( >> + dev, >> + (const struct rte_flow_item []) { >> + { >> + .type = RTE_FLOW_ITEM_TYPE_ETH, >> + .spec = &(const struct rte_flow_item_eth){ >> + .type = htons(ETH_TYPE_LACP), >> + }, >> + .mask = &(const struct rte_flow_item_eth){ >> + .type = htons(0xffff), >> + }, >> + }, >> + { .type = RTE_FLOW_ITEM_TYPE_END }, >> + }, >> + "lacp", >> + dry_run >> + ); >> + if (err) { >> + goto out; >> + } >> + } >> + >> + if (!dry_run && dev->cp_prot_flows_num) { >> + /* reconfigure RSS reta in all but the cp protection queue */ >> + err = dpdk_cp_prot_rss_configure(dev, dev->up.n_rxq - 1); >> + } >> + >> +out: >> + if (!dry_run) { >> + dev->cp_prot_flags = dev->requested_cp_prot_flags; >> + } >> + if (err) { >> + dev->requested_cp_prot_flags |= DPDK_CP_PROT_UNSUPPORTED; >> + } >> + return err; >> +} >> + >> +static void >> +dpdk_cp_prot_unconfigure(struct netdev_dpdk *dev) >> +{ >> + struct rte_flow_error error; >> + >> + if (dev->cp_prot_flows_num == 0) { >> + return; >> + } >> + >> + VLOG_DBG("%s: cp-protection: reset flows", netdev_get_name(&dev->up)); >> + >> + for (int i = 0; i < dev->cp_prot_flows_num; i++) { >> + if (rte_flow_destroy(dev->port_id, dev->cp_prot_flows[i], &error)) { >> + VLOG_DBG("%s: cp-protection: failed to destroy flow: %s", >> + netdev_get_name(&dev->up), error.message); >> + } >> + } >> + free(dev->cp_prot_flows); >> + dev->cp_prot_flows_num = 0; >> + dev->cp_prot_flows = NULL; >> + >> + (void) dpdk_cp_prot_rss_configure(dev, dev->up.n_rxq); >> +} >> + >> static int >> netdev_dpdk_reconfigure(struct netdev *netdev) >> { >> @@ -4943,6 +5211,7 @@ netdev_dpdk_reconfigure(struct netdev *netdev) >> >> if (netdev->n_txq == dev->requested_n_txq >> && netdev->n_rxq == dev->requested_n_rxq >> + && dev->cp_prot_flags == dev->requested_cp_prot_flags >> && dev->mtu == dev->requested_mtu >> && dev->lsc_interrupt_mode == dev->requested_lsc_interrupt_mode >> && dev->rxq_size == dev->requested_rxq_size >> @@ -4987,6 +5256,8 @@ netdev_dpdk_reconfigure(struct netdev *netdev) >> } >> } >> >> + dpdk_cp_prot_unconfigure(dev); >> + >> err = dpdk_eth_dev_init(dev); >> if (dev->hw_ol_features & NETDEV_TX_TSO_OFFLOAD) { >> netdev->ol_flags |= NETDEV_TX_OFFLOAD_TCP_TSO; >> @@ -5014,6 +5285,20 @@ netdev_dpdk_reconfigure(struct netdev *netdev) >> if (!dev->tx_q) { >> err = ENOMEM; >> } >> + if (!err && dev->requested_cp_prot_flags) { >> + /* dry run first */ >> + err = dpdk_cp_prot_configure(dev, true); >> + if (!err) { >> + /* if no error, apply configuration */ >> + err = dpdk_cp_prot_configure(dev, false); >> + } >> + if (err) { >> + /* no hw support, remove the extra queue & recover gracefully */ >> + err = 0; >> + dev->requested_n_rxq -= 1; >> + netdev_request_reconfigure(netdev); >> + } >> + } >> >> netdev_change_seq_changed(netdev); >> >> @@ -5215,7 +5500,13 @@ netdev_dpdk_flow_api_supported(struct netdev *netdev) >> ovs_mutex_lock(&dev->mutex); >> if (dev->type == DPDK_DEV_ETH) { >> /* TODO: Check if we able to offload some minimal flow. */ >> - ret = true; >> + if (dev->requested_cp_prot_flags || dev->cp_prot_flags) { >> + VLOG_WARN( >> + "%s: hw-offload is mutually exclusive with cp-protection", >> + netdev_get_name(netdev)); >> + } else { >> + ret = true; >> + } >> } >> ovs_mutex_unlock(&dev->mutex); >> out: >> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml >> index 36388e3c42d7..7e6ae3df7583 100644 >> --- a/vswitchd/vswitch.xml >> +++ b/vswitchd/vswitch.xml >> @@ -3430,6 +3430,32 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \ >>

This option may only be used with dpdk VF representors.

>> >> >> + > + type='{"type": "string", "enum": ["set", ["lacp"]]}'> >> +

>> + Allocate an extra Rx queue for control plane packets of the specified >> + protocol(s). >> +

>> +

>> + If the user has already configured multiple >> + options:n_rxq on the port, an additional one will be >> + allocated for control plane packets. If the hardware cannot satisfy >> + the requested number of requested Rx queues, the last Rx queue will >> + be assigned for control plane. If only one Rx queue is available or >> + if the hardware does not support the RTE flow matchers/actions >> + required to redirect the selected protocols, >> + cp-protection will be disabled. >> +

>> +

>> + This feature is multually exclusive with >> + other_options:hw-offload as it may conflict with the >> + offloaded RTE flows. >> +

>> +

>> + Disabled by default. >> +

>> +
>> + >> > type='{"type": "string", >> "enum": ["set", ["thread", "hash"]]}'> > >