From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 00EF7A04C5; Fri, 4 Sep 2020 06:17:23 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 087081BC25; Fri, 4 Sep 2020 06:17:23 +0200 (CEST) Received: from mail-oi1-f196.google.com (mail-oi1-f196.google.com [209.85.167.196]) by dpdk.org (Postfix) with ESMTP id B9ECA255 for ; Fri, 4 Sep 2020 06:17:21 +0200 (CEST) Received: by mail-oi1-f196.google.com with SMTP id e6so5371651oii.4 for ; Thu, 03 Sep 2020 21:17:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SSzaj0+F3sDvb6CHye5M7p4e4zcjHMiMFS8uNuv8/k4=; b=JvYp5EWeG9dQ8yry6ZWUn+atNMhyKle7NZec0DThR4vXNZuX6dW11HdkeLI3Qpyr2q KJ3vB1NRC3pU1MPvUYOwlKQp77yeA7yoreFHWsTuqc9auibjTCTaqvBgzmwlSwUhGCZB 3lLWfICs0mSMHiNgEL9wA+mf/+EV56T/rFFn8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SSzaj0+F3sDvb6CHye5M7p4e4zcjHMiMFS8uNuv8/k4=; b=YaEWBn4zw8B04eRn0H1ow7YfYIDJOhVm/9GFmwG7kKBFi5wTIkogOxhcD2aVAPSJcD Y8vUTo+aRyLkEYfTKx/BlIB04WKdlsOWvHc1qrSfAtbB53r3wO5SUpJOWJc0KoneYdZN G9Byu0ALRsq1/TQEU6t30bUKc9wzzLXXhRDt/x5FHSf7DTsYBvUTyGr9PzgiUbrhdlCM +cB2PyHQa73TSC1yygFKV8qGTpb0MNn6tgzmS9mSyP5+7yNiYzakBJp/o6gvLHo/DFN9 DAfxtetO0Bg8UMYZotZSFuulVUy9iZ0SHGioJ2aAAX7JLFLbAri2H8fQw1fZFoXbjI4R kBUA== X-Gm-Message-State: AOAM5339zF/P7riX0ek7CxOOt0dJoetXTWNyjX0Csg51HbSNCAu5IEUD FmHx1xLiQTK6ZRDtGTwt7vtFEUw/KFfcg5OROjmTSQ== X-Google-Smtp-Source: ABdhPJxbKhrEfAjnWFVaSmZN/zu1o7pXphUOSkvUSSRxXRe18VH+ccQbEaqB6J34zXxxT5/dgFoW6Go/hzl45M0I1V0= X-Received: by 2002:aca:4904:: with SMTP id w4mr4220155oia.179.1599193040783; Thu, 03 Sep 2020 21:17:20 -0700 (PDT) MIME-Version: 1.0 References: <1598457725-396788-1-git-send-email-jiaweiw@nvidia.com> <1598540492-406340-1-git-send-email-jiaweiw@nvidia.com> <1598540492-406340-2-git-send-email-jiaweiw@nvidia.com> In-Reply-To: <1598540492-406340-2-git-send-email-jiaweiw@nvidia.com> From: Ajit Khaparde Date: Thu, 3 Sep 2020 21:17:04 -0700 Message-ID: To: Jiawei Wang Cc: orika@nvidia.com, viacheslavo@nvidia.com, matan@nvidia.com, dpdk-dev , Thomas Monjalon , rasland@nvidia.com, ian.stokes@intel.com, fbl@redhat.com, asafp@nvidia.com, JP Lee , Michael Baucom , Samik Gupta Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [PATCH v5 1/7] ethdev: introduce sample action for rte flow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Thu, Aug 27, 2020 at 8:23 AM Jiawei Wang wrote: > When using full offload, all traffic will be handled by the HW, and > directed to the requested VF or wire, the control application loses > visibility on the traffic. > So there's a need for an action that will enable the control application > some visibility. > > The solution is introduced a new action that will sample the incoming > traffic and send a duplicated traffic with the specified ratio to the > application, while the original packet will continue to the target > destination. > > The packets sampled equals is '1/ratio', if the ratio value be set to 1, > means that the packets would be completely mirrored. The sample packet > can be assigned with different set of actions from the original packet. > > In order to support the sample packet in rte_flow, new rte_flow action > definition RTE_FLOW_ACTION_TYPE_SAMPLE and structure rte_flow_action_sample > will be introduced. > In use cases where sampling/mirroring is enabled for monitoring security/policy breaches and network connectivity/performance, mirroring copies traffic from mirrored sources and sends it to a collector destination where monitoring applications run. At any given time, the number of flows to be mirrored could be high, however, the number of collector destinations is limited because DC operators would monitor the copied traffic using a handful number of monitoring applications. Therefore it would increase the scalability if we can configure the sampling/mirroring in 2 steps (something similar to meter configuration). In other words, sampling action is configured via one API and the sampling is enabled on a flow via rte_flow_create API. We could send the proposal in the next couple of days for review. Thanks Ajit > Signed-off-by: Jiawei Wang > Acked-by: Ori Kam > Acked-by: Jerin Jacob > Acked-by: Andrew Rybchenko > --- > doc/guides/prog_guide/rte_flow.rst | 25 +++++++++++++++++++++++++ > doc/guides/rel_notes/release_20_11.rst | 6 ++++++ > lib/librte_ethdev/rte_flow.c | 1 + > lib/librte_ethdev/rte_flow.h | 30 ++++++++++++++++++++++++++++++ > 4 files changed, 62 insertions(+) > > diff --git a/doc/guides/prog_guide/rte_flow.rst > b/doc/guides/prog_guide/rte_flow.rst > index 3e5cd1e..f8f3f51 100644 > --- a/doc/guides/prog_guide/rte_flow.rst > +++ b/doc/guides/prog_guide/rte_flow.rst > @@ -2653,6 +2653,31 @@ timeout passed without any matching on the flow. > | ``context`` | user input flow context | > +--------------+---------------------------------+ > > +Action: ``SAMPLE`` > +^^^^^^^^^^^^^^^^^^ > + > +Adds a sample action to a matched flow. > + > +The matching packets will be duplicated with the specified ``ratio`` and > +applied with own set of actions with a fate action, the packets sampled > +equals is '1/ratio'. All the packets continue to the target destination. > + > +When the ``ratio`` is set to 1 then the packets will be 100% mirrored. > +``actions`` represent the different set of actions for the sampled or > mirrored > +packets, and must have a fate action. > + > +.. _table_rte_flow_action_sample: > + > +.. table:: SAMPLE > + > + +--------------+---------------------------------+ > + | Field | Value | > + +==============+=================================+ > + | ``ratio`` | 32 bits sample ratio value | > + +--------------+---------------------------------+ > + | ``actions`` | sub-action list for sampling | > + +--------------+---------------------------------+ > + > Negative types > ~~~~~~~~~~~~~~ > > diff --git a/doc/guides/rel_notes/release_20_11.rst > b/doc/guides/rel_notes/release_20_11.rst > index df227a1..7f99563 100644 > --- a/doc/guides/rel_notes/release_20_11.rst > +++ b/doc/guides/rel_notes/release_20_11.rst > @@ -55,6 +55,12 @@ New Features > Also, make sure to start the actual text at the margin. > ======================================================= > > +* **Added flow-based traffic sampling support.** > + > + Added new action: ``RTE_FLOW_ACTION_TYPE_SAMPLE`` to duplicate the > matching > + packets with specified ratio, and apply with own set of actions with a > fate > + action. When the ratio is set to 1 then the packets will be 100% > mirrored. > + > > Removed Items > ------------- > diff --git a/lib/librte_ethdev/rte_flow.c b/lib/librte_ethdev/rte_flow.c > index f8fdd68..035671d 100644 > --- a/lib/librte_ethdev/rte_flow.c > +++ b/lib/librte_ethdev/rte_flow.c > @@ -174,6 +174,7 @@ struct rte_flow_desc_data { > MK_FLOW_ACTION(SET_IPV4_DSCP, sizeof(struct > rte_flow_action_set_dscp)), > MK_FLOW_ACTION(SET_IPV6_DSCP, sizeof(struct > rte_flow_action_set_dscp)), > MK_FLOW_ACTION(AGE, sizeof(struct rte_flow_action_age)), > + MK_FLOW_ACTION(SAMPLE, sizeof(struct rte_flow_action_sample)), > }; > > int > diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h > index da8bfa5..fa70d40 100644 > --- a/lib/librte_ethdev/rte_flow.h > +++ b/lib/librte_ethdev/rte_flow.h > @@ -2132,6 +2132,14 @@ enum rte_flow_action_type { > * see enum RTE_ETH_EVENT_FLOW_AGED > */ > RTE_FLOW_ACTION_TYPE_AGE, > + > + /** > + * The matching packets will be duplicated with specified ratio and > + * applied with own set of actions with a fate action. > + * > + * See struct rte_flow_action_sample. > + */ > + RTE_FLOW_ACTION_TYPE_SAMPLE, > }; > > /** > @@ -2742,6 +2750,28 @@ struct rte_flow_action { > struct rte_flow; > > /** > + * @warning > + * @b EXPERIMENTAL: this structure may change without prior notice > + * > + * RTE_FLOW_ACTION_TYPE_SAMPLE > + * > + * Adds a sample action to a matched flow. > + * > + * The matching packets will be duplicated with specified ratio and > applied > + * with own set of actions with a fate action, the sampled packet could be > + * redirected to queue or port. All the packets continue processing on the > + * default flow path. > + * > + * When the sample ratio is set to 1 then the packets will be 100% > mirrored. > + * Additional action list be supported to add for sampled or mirrored > packets. > + */ > +struct rte_flow_action_sample { > + uint32_t ratio; /**< packets sampled equals to '1/ratio'. */ > + const struct rte_flow_action *actions; > + /**< sub-action list specific for the sampling hit cases. > */ > +}; > + > +/** > * Verbose error types. > * > * Most of them provide the type of the object referenced by struct > -- > 1.8.3.1 > >