-
Notifications
You must be signed in to change notification settings - Fork 364
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update ovs-pipeline.md #2725
Update ovs-pipeline.md #2725
Conversation
083d6ae
to
3c38a98
Compare
docs/design/ovs-pipeline.md
Outdated
for more information. | ||
* *IN_PORT action*: an action to output the packet on the port on which it was | ||
received. This is the only standard way to output the packet to the input port. | ||
* *session affinity*: when accessing a Service, to make sure that connections from |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about: "a load balancer feature that always selects the same backend server for connections from a particular clients. For a K8s Service, session affinity can be enabled by setting..."?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed a little.
* *session affinity*: a load balancer feature that always selects the same backend
Endpoint for connections from a particular client. For a K8s Service, session
affinity can be enabled by setting `service.spec.sessionAffinity` to "ClientIP"
(default is "None"). See [K8s Service](https://kubernetes.io/docs/concepts/services-networking/service/)
for more information about session affinity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. Maybe change Endpoint to endpoint (I feel no reason to capitalize endpoint).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed Endpoint
to Pod
. I thought that Pod is more accurate.
Codecov Report
@@ Coverage Diff @@
## main #2725 +/- ##
===========================================
- Coverage 61.26% 40.92% -20.35%
===========================================
Files 284 158 -126
Lines 23562 19539 -4023
===========================================
- Hits 14436 7996 -6440
- Misses 7564 10796 +3232
+ Partials 1562 747 -815
Flags with carried forward coverage won't be shown. Click here to find out more.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few more comments.
docs/design/ovs-pipeline.md
Outdated
Flow 1 is used to match packet whose destination IP is virtual hairpin IP and | ||
change the destination IP of the matched packet by loading register `NXM_OF_IP_SRC` | ||
to `NXM_OF_IP_DST`. Bit 18 in NXM_NX_REG0 is set to 0x1, which indicates that packet | ||
should be output to the port on which it was received, which is done by table [L2ForwardingOutTable]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done by -> done in
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks,updated.
docs/design/ovs-pipeline.md
Outdated
|
||
* `load:0x2->NXM_NX_REG4[16..18]` is used to set the value of bits [16..18] in NXM_NX_REG4 | ||
to 0b002, which indicates that Endpoint selection has been done. Note that, the Endpoint | ||
selection has not really been done yet - it will be done in the target OVS group, so |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Read it again, and feel "done in the target OVS group" is hard to understand. Should we say "done by the group action"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done by the group action
is better.
docs/design/ovs-pipeline.md
Outdated
The actions of the above flow: | ||
|
||
* `load:0x2->NXM_NX_REG4[16..18]` is used to set the value of bits [16..18] in NXM_NX_REG4 | ||
to 0b002, which indicates that Endpoint selection has been done. Note that, the Endpoint |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about: "selection "is performed""
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO, it is a little wierde to use perform
only for this sentence as other related sentences use done
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want to use "performed" is just because it is not really "done", and for the same reason I would use "is" rather than "has been", and also quote "is performed".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got what you meant, thanks for explaining.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
docs/design/ovs-pipeline.md
Outdated
* `load:0x2->NXM_NX_REG4[16..18]` is used to set the value of bits [16..18] in NXM_NX_REG4 | ||
to 0b002, which indicates that Endpoint selection has been done. Note that, the Endpoint | ||
selection has not really been done yet - it will be done in the target OVS group, so | ||
the current action should be done in the OVS group entry after Endpoint selection. However, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest to remove the "so..." sentence. It is even confusing with it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed.
docs/design/ovs-pipeline.md
Outdated
selection has not really been done yet - it will be done in the target OVS group, so | ||
the current action should be done in the OVS group entry after Endpoint selection. However, | ||
according to PR [#2101](https://github.com/antrea-io/antrea/pull/2101), to hold more | ||
Endpoints in an OVS group entry, it is a workaround way to do the current action here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
workaround way -> workaround
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still I cannot understand what you want to express here. Probably you should add more information to explain why the workaround can help hold more endpoints, or say: "However, we set the bits here, for the purpose of supporting more Endpoints in an OVS group. Check PR #2101 to learn more information."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer to say "However, we set the bits here, for the purpose of supporting more Endpoints in an OVS group. Check PR #2101 to learn more information". It's a little complicated to explain the reason, and I think it is unnecessary to explain in the doc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok
docs/design/ovs-pipeline.md
Outdated
according to PR [#2101](https://github.com/antrea-io/antrea/pull/2101), to hold more | ||
Endpoints in an OVS group entry, it is a workaround way to do the current action here. | ||
* `load:0x1->NXM_NX_REG0[19]` is used to set the value of bit 19 in NXM_NX_REG0 to 0x1, | ||
which means that the source and destination MACs should be rewritten. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be -> need to be
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, updated.
docs/design/ovs-pipeline.md
Outdated
according to PR [#2101](https://github.com/antrea-io/antrea/pull/2101), to hold more | ||
Endpoints in an OVS group entry, it is a workaround way to do the current action here. | ||
* `load:0x1->NXM_NX_REG0[19]` is used to set the value of bit 19 in NXM_NX_REG0 to 0x1, | ||
which means that the source and destination MACs should be rewritten. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be -> need to be
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, updated.
d86efd8
to
e59e93b
Compare
e59e93b
to
abc563b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comments on the SVG diagram:
- Service ClusterIP/LoadBalancer traffic -> ClusterIP/LoadBalancer Service traffic. The same for NodePort.
- Could we keep the version when AntreaProxy is disabled? Do not have a good idea how to do that. Could we put the fragment of "ContrackStateTable, DNATTable, AntreaPolicyEgressRuleTable, output:gw, kube-proxy", after the main diagram?
We probably need @antoninbas to check the SVG format.
abc563b
to
4ed10db
Compare
Updated
If keeping the version when AntreaProxy is disabled, I think we need another document. I have made some assumptions for this document as we can see the following:
I think we may maintain a document for each of the following cases if possible:
But I don't have a good idea how to deal with the common parts(e.g, table 0, table 110, register introduction) of above three cases. |
4ed10db
to
db5611e
Compare
Probably not worthwhile to maintain two docs. How about just keep the pipeline SVG or a corner of it for the kube-proxy case? |
If we keep the pipeline SVG with AntreaProxy disabled, I think we need also to explain table
Do you mean that we add a extra chapter to explain the case with AntreaProxy disabled? |
db5611e
to
c66f85e
Compare
|
It is ok to me too, if you like to merge the current PR. I can create another PR to add the contents with kube-proxy back. |
Updated, I have add contents with kube-proxy back. |
4583dee
to
120202c
Compare
docs/design/ovs-pipeline.md
Outdated
![OVS pipeline](../assets/ovs-pipeline-antrea-proxy.svg) | ||
|
||
If feature AntreaProxy is disabled, the pipeline is as the following: | ||
|
||
![OVS pipeline](../assets/ovs-pipeline.svg) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about adding a separate section under Tables that talks about the case when kube-proxy is used, and put the diagram and DNATTable there?
@antoninbas : thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, that sounds good to me. We should just emphasize the default case, which is AntreaProxy enabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
took a quick look at the SVG file and the formatting looks good to me; I didn't review the rest of this PR
docs/design/ovs-pipeline.md
Outdated
![OVS pipeline](../assets/ovs-pipeline-antrea-proxy.svg) | ||
|
||
If feature AntreaProxy is disabled, the pipeline is as the following: | ||
|
||
![OVS pipeline](../assets/ovs-pipeline.svg) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, that sounds good to me. We should just emphasize the default case, which is AntreaProxy enabled.
docs/design/ovs-pipeline.md
Outdated
If feature AntreaProxy is enabled, the pipeline is as the following: | ||
|
||
![OVS pipeline](../assets/ovs-pipeline-antrea-proxy.svg) | ||
|
||
If feature AntreaProxy is disabled, the pipeline is as the following: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/as the following/as follows
120202c
to
30655ab
Compare
Thanks. |
7366e62
to
b613906
Compare
docs/design/ovs-pipeline.md
Outdated
|
||
### DNATTable (40) | ||
|
||
This table is create when feature AntreaProxy is disabled. Its only job is to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is created only when AntreaProxy is disabled
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
docs/design/ovs-pipeline.md
Outdated
### DNATTable (40) | ||
|
||
This table is create when feature AntreaProxy is disabled. Its only job is to | ||
send traffic destined to Services through the local gateway, without any |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gateway -> gateway interface, to be clearer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, updated.
docs/design/ovs-pipeline.md
Outdated
Policies. | ||
|
||
The table-miss flow entry (flow 2) for this table forwards all non-Service | ||
traffic to the next table, [EgressRuleTable]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EgressRuleTable -> AntreaPolicyEgressRuleTable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, updated.
@@ -929,12 +1135,53 @@ The first flow outputs all unicast packets to the correct port (the port was | |||
resolved by the "dmac" table, [L2ForwardingCalcTable]). IP packets for which | |||
[L2ForwardingCalcTable] did not set bit 16 of NXM_NX_REG0 will be dropped. | |||
|
|||
## Tables (AntreaProxy is disabled) | |||
|
|||
![OVS pipeline](../assets/ovs-pipeline.svg) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you rename DnatTable to DNATTable in the SVG?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, updated, @antoninbas could you please review the updated SVG file? Thanks!
Signed-off-by: Hongliang Liu <[email protected]>
b613906
to
5c6668a
Compare
/skip-all |
/skip-test-ipv6-conformance |
@hongliangl : I am going to merge this PR. Do you have any further revision to make? |
/skip-all |
@jianjuns , thanks for merging this. No more further revision. |
Signed-off-by: Hongliang Liu [email protected]