openvswitch: add psample action. (!4658) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Adrian Moreno requested to merge amorenoz/centos-stream-9:ovs_psample into main Jul 08, 2024

JIRA: https://issues.redhat.com/browse/RHEL-31876 Upstream-Status: net-next.git Tested: manual testing + OVS testsuite including psample-specific tests from [1] + upstream kernel selftests tests including psample-specific tests.

OpenvSwitch currently supports a feature called "per-flow sampling" by which a controller such as OVN can configure certain flows that make the matched packet get "sampled". The sample is sent via IPFIX alongside OVN-generated metadata. This is very useful to enhance visibility on the datapath. E.g: it can be used to know what NetworkPolicy impacted a certain packet (and the packet header contents).

However, a big limitation makes this solution non-production ready: samples have to go through ovs-vswitchd via upcall (userspace action) sharing both netlink socket buffer and ovs-vswitchd thread time with actual packet processing.

This series adds support for a new action called "psample" that, when used by OVS, allows samples to go directly to some external observer through the psample netlink multicast group fixing the current limitation and enabling observability solutions to be built on top of OVS/OVN.

[1] https://patchwork.ozlabs.org/project/openvswitch/cover/20240707200905.2719071-1-amorenoz@redhat.com/

Signed-off-by: Adrian Moreno amorenoz@redhat.com

Edited Jul 08, 2024 by Adrian Moreno

openvswitch: add psample action.

Merge request reports