[dpdk-dev] [PATCH v5 1/7] ethdev: introduce sample action for rte flow

Ori Kam orika at nvidia.com
Tue Sep 8 16:38:34 CEST 2020


Hi Ajit,

Sorry for not inline, but for some reason this tread is in html format.
I think that the issue you are rising is a good one, but can be solved using the new
context API that we are going to push into 20.11
https://patches.dpdk.org/cover/73555/

this will enable creating the sample action once and reuse it later.

Best,
Ori

From: Ajit Khaparde <ajit.khaparde at broadcom.com>
Sent: Friday, September 4, 2020 7:17 AM




On Thu, Aug 27, 2020 at 8:23 AM Jiawei Wang <jiaweiw at nvidia.com<mailto:jiaweiw at nvidia.com>> wrote:
When using full offload, all traffic will be handled by the HW, and
directed to the requested VF or wire, the control application loses
visibility on the traffic.
So there's a need for an action that will enable the control application
some visibility.

The solution is introduced a new action that will sample the incoming
traffic and send a duplicated traffic with the specified ratio to the
application, while the original packet will continue to the target
destination.

The packets sampled equals is '1/ratio', if the ratio value be set to 1,
means that the packets would be completely mirrored. The sample packet
can be assigned with different set of actions from the original packet.

In order to support the sample packet in rte_flow, new rte_flow action
definition RTE_FLOW_ACTION_TYPE_SAMPLE and structure rte_flow_action_sample
will be introduced.

In use cases where sampling/mirroring is enabled for monitoring security/policy breaches
and network connectivity/performance, mirroring copies traffic from mirrored sources
and sends it to a collector destination where monitoring applications run.

At any given time, the number of flows to be mirrored could be high, however,
the number of collector destinations is limited because DC operators would monitor
the copied traffic using a handful number of monitoring applications.

Therefore it would increase the scalability if we can configure the sampling/mirroring in 2 steps
(something similar to meter configuration). In other words, sampling action is configured via
one API and the sampling is enabled on a flow via rte_flow_create API.

We could send the proposal in the next couple of days for review.

Thanks
Ajit



Signed-off-by: Jiawei Wang <jiaweiw at nvidia.com<mailto:jiaweiw at nvidia.com>>
Acked-by: Ori Kam <orika at nvidia.com<mailto:orika at nvidia.com>>
Acked-by: Jerin Jacob <jerinj at marvell.com<mailto:jerinj at marvell.com>>
Acked-by: Andrew Rybchenko <arybchenko at solarflare.com<mailto:arybchenko at solarflare.com>>
---
 doc/guides/prog_guide/rte_flow.rst     | 25 +++++++++++++++++++++++++
 doc/guides/rel_notes/release_20_11.rst |  6 ++++++
 lib/librte_ethdev/rte_flow.c           |  1 +
 lib/librte_ethdev/rte_flow.h           | 30 ++++++++++++++++++++++++++++++
 4 files changed, 62 insertions(+)

diff --git a/doc/guides/prog_guide/rte_flow.rst b/doc/guides/prog_guide/rte_flow.rst
index 3e5cd1e..f8f3f51 100644
--- a/doc/guides/prog_guide/rte_flow.rst
+++ b/doc/guides/prog_guide/rte_flow.rst
@@ -2653,6 +2653,31 @@ timeout passed without any matching on the flow.
    | ``context``  | user input flow context         |
    +--------------+---------------------------------+

+Action: ``SAMPLE``
+^^^^^^^^^^^^^^^^^^
+
+Adds a sample action to a matched flow.
+
+The matching packets will be duplicated with the specified ``ratio`` and
+applied with own set of actions with a fate action, the packets sampled
+equals is '1/ratio'. All the packets continue to the target destination.
+
+When the ``ratio`` is set to 1 then the packets will be 100% mirrored.
+``actions`` represent the different set of actions for the sampled or mirrored
+packets, and must have a fate action.
+
+.. _table_rte_flow_action_sample:
+
+.. table:: SAMPLE
+
+   +--------------+---------------------------------+
+   | Field        | Value                           |
+   +==============+=================================+
+   | ``ratio``    | 32 bits sample ratio value      |
+   +--------------+---------------------------------+
+   | ``actions``  | sub-action list for sampling    |
+   +--------------+---------------------------------+
+
 Negative types
 ~~~~~~~~~~~~~~

diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst
index df227a1..7f99563 100644
--- a/doc/guides/rel_notes/release_20_11.rst
+++ b/doc/guides/rel_notes/release_20_11.rst
@@ -55,6 +55,12 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================

+* **Added flow-based traffic sampling support.**
+
+  Added new action: ``RTE_FLOW_ACTION_TYPE_SAMPLE`` to duplicate the matching
+  packets with specified ratio, and apply with own set of actions with a fate
+  action. When the ratio is set to 1 then the packets will be 100% mirrored.
+

 Removed Items
 -------------
diff --git a/lib/librte_ethdev/rte_flow.c b/lib/librte_ethdev/rte_flow.c
index f8fdd68..035671d 100644
--- a/lib/librte_ethdev/rte_flow.c
+++ b/lib/librte_ethdev/rte_flow.c
@@ -174,6 +174,7 @@ struct rte_flow_desc_data {
        MK_FLOW_ACTION(SET_IPV4_DSCP, sizeof(struct rte_flow_action_set_dscp)),
        MK_FLOW_ACTION(SET_IPV6_DSCP, sizeof(struct rte_flow_action_set_dscp)),
        MK_FLOW_ACTION(AGE, sizeof(struct rte_flow_action_age)),
+       MK_FLOW_ACTION(SAMPLE, sizeof(struct rte_flow_action_sample)),
 };

 int
diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h
index da8bfa5..fa70d40 100644
--- a/lib/librte_ethdev/rte_flow.h
+++ b/lib/librte_ethdev/rte_flow.h
@@ -2132,6 +2132,14 @@ enum rte_flow_action_type {
         * see enum RTE_ETH_EVENT_FLOW_AGED
         */
        RTE_FLOW_ACTION_TYPE_AGE,
+
+       /**
+        * The matching packets will be duplicated with specified ratio and
+        * applied with own set of actions with a fate action.
+        *
+        * See struct rte_flow_action_sample.
+        */
+       RTE_FLOW_ACTION_TYPE_SAMPLE,
 };

 /**
@@ -2742,6 +2750,28 @@ struct rte_flow_action {
 struct rte_flow;

 /**
+ * @warning
+ * @b EXPERIMENTAL: this structure may change without prior notice
+ *
+ * RTE_FLOW_ACTION_TYPE_SAMPLE
+ *
+ * Adds a sample action to a matched flow.
+ *
+ * The matching packets will be duplicated with specified ratio and applied
+ * with own set of actions with a fate action, the sampled packet could be
+ * redirected to queue or port. All the packets continue processing on the
+ * default flow path.
+ *
+ * When the sample ratio is set to 1 then the packets will be 100% mirrored.
+ * Additional action list be supported to add for sampled or mirrored packets.
+ */
+struct rte_flow_action_sample {
+       uint32_t ratio; /**< packets sampled equals to '1/ratio'. */
+       const struct rte_flow_action *actions;
+               /**< sub-action list specific for the sampling hit cases. */
+};
+
+/**
  * Verbose error types.
  *
  * Most of them provide the type of the object referenced by struct
--
1.8.3.1


More information about the dev mailing list