Configuring match-mode

Owned by Tracy Yang (Unlicensed)
Apr 26, 2023
4 min read

By default, 2 TCAM entries are used to support all matching tuples for all flows even if the flow does not use all matching tuples. All the groups below can be used in combination.

PicOS allows users to configure the switch in short flow TCAM match mode to optimize the TCAM usage, in this mode, each flow will only consume 1 TCAM entry (doubling the flows capacity in the TCAM).

When this mode is enabled (with the set-match-mode command), only specific fields can be used in the priority range defined by the command.Use " ovs-appctl pica /show tables" to check the max flows numbers can be installed to switch .

From version 2.11,pica8 switch support thirteen match mode groups.

The flows must use the exact fields described below:

mac(in_port: INGRESS_PORTS+INGRESS_LAG): "in_port,dl_src,dl_dst,dl_vlan,dl_type" 

mac_x(in_port: INGRESS_PORTS): "in_port,dl_src,dl_dst,dl_vlan,dl_type" 

ip(in_port: INGRESS_PORTS+INGRESS_LAG): "in_port,nw_proto,nw_src,nw_dst,tp_src,tp_dst,dl_type=0x0800" 

ip_x(in_port: INGRESS_PORTS): "in_port,nw_proto,nw_src,nw_dst,tp_src,tp_dst,dl_type=0x0800" 

ipv4_quintuple(in_port: INGRESS_PORTS, dl_type: NONE): "in_port,dl_vlan,nw_src,nw_dst,tp_src,tp_dst,nw_proto,dl_type=0x0800" 

arp_tpa: "in_port,arp_tpa,dl_type=0x0806" 

arp_full: "in_port,dl_src,dl_dst,dl_vlan,arp_spa,arp_tpa,arp_op,dl_type=0x0806" 

arp_min: "in_port,arp_spa,arp_tpa,arp_op,dl_type=0x0806" 

l2l4: "in_port,dl_src,dl_dst,dl_vlan,dl_vlan_pcp,dl_type,nw_proto,nw_src,nw_dst,nw_tos,tp_src,tp_dst" 

ipv6_full:"in_port,dl_vlan,ipv6_src,ipv6_dst,ipv6_label,tp_src,tp_dst,nw_proto,dl_type=0x86dd"  (from PicOS3.2.0, support ipv6_label in this group)

ipv6_src:"in_port,dl_src,dl_dst,dl_vlan,ipv6_src,ipv6_label,nw_proto,dl_type=0x86dd"  (from PicOS3.2.0, support ipv6_label in this group)

ipv6_dst:"in_port,dl_src,dl_dst,dl_vlan,ipv6_dst,ipv6_label,nw_proto,dl_type=0x86dd"  (from PicOS3.2.0, support ipv6_label in this group)

udf  "in_port,udf0,udf1,udf2,udf3"

You can use one or more fields in a match mode group.For example, if mac mode is enabled, all the flows must only use one or more fields defined in the mac mode. If mac and ip modes are enabled, then user can configure either mac flows or ip flows based on the fields described above. However, user cannot mixed the fields from mac and ip (that is, dl_src and nw_src).

Each match mode group is configured with a priority range. All the priorities can not be overlapped among all the match mode groups you configured.The max match mode groups you can configure in command "ovs-vsctl set-match-mode" must be not more than 10.

in the example below, all the flows between priority "10 and 1000" have to be Mac flows. All flows between 2000 and 20000 have to be IP flows and all flows between 30000 and 60000 have to be ARP flows, all flows between 50000 and 50001 have to be ipv6_full, all flows between 50002 and 50003 have to be ipv6_dst, all flows between 50004 and 60000 have to be ipv6_src. 

  1. all platforms support all the match mode groups from 2.11.
  2. all the vcap flows include l2gre encapsulation,vxlan encapsulation,push_pbb can not be supported.
  3.  mac_x,ip_x,ipv4_quintuple match modes can not match lag in port.

  4. udf mode is conflict with the arp match group.After enable udf mode,arp flow in arp match group can not be installed to flow table.

  5. .ipv6 match mode group do not support vcap actions (eg:push_vlan,push_pbb)

  6. The max flows of each match mode group has nothing to do with the numbers of match fields in a flow,but the width of the group ifself.
  7. in tomahawk switch, nw_src or nw_dst is must added in ipv4_quintuple group.


From version 3.5,on trident3 chip' switches such as as7326_54x,add one command to enlarge max flow entries under match mode.The command and usage are as below:

command 

ovs-vsctl disable-match-mode-inports TRUE|FALSE

true:do not enlarge the flow entries.

false:enlarge the flow entries

ovs-vsctl show-match-mode-inports

check the match-mode inports' status.

Test steps

step1:configure match mode

ovs-vsctl set-match-mode mac=1-100,mac_x=101-200 ...

step2:configure match-mode-inports

ovs-vsctl disable-match-mode-inports false

step3:add max flows in each match mode:

ovs-appctl pica/show tables


when "ovs-vsctl disable-match-mode-inports false",the max flow entries are as following:

match-mode          enable-inports(default)                      disable-inports

--------------------------------------------------------------------------------

mac                       Double(3072)                                 IntraSliceDouble(9216)

mac_x                    Double(3072)                                 IntraSliceDouble(9216)

ip                          Double(3072)                                  IntraSliceDouble(9216)

ip_x                       Double(3072)                                  IntraSliceDouble(9216)

ipv4_quintuple      Double(3072)                                   IntraSliceDouble(9216)

l2l4                       Triple(3072)                                      Double(3072)

ipv6_full                Triple(3072)                                      Triple(3072)

ipv6_src                Triple(3072)                                      Double(3072)

ipv6_dst                Triple(3072)                                      Double(3072)

arp_tpa                IntraSliceDouble(9216)                       IntraSliceDouble(9216)

arp_min               Double(3072)                                     IntraSliceDouble(9216)

arp_full                Double(3072)                                      Double(3072)

udf                    IntraSliceDouble(9216)/Double(3072)    IntraSliceDouble(3072)

udf_ext_ipv4        Triple(3072)                                         Double(3072)/Triple(3072)

Examples

example1:arp_min group

 Step1,set match mode to arp_min

ovs-vsctl set-match-mode arp_min=1-2000

Step2,add a flow

ovs-ofctl del-flows br0
ovs-ofctl add-flow br0 priority=1000,in_port=1,arp_spa=192.168.1.100,arp_tpa=192.168.2.100,arp_op=2,dl_type=0x0806,actions=2
ovs-appctl pica/dump-flows

Step3,send packets to te-1/1/1

a.Send arp packets with arp_spa is 192.168.1.100,arp tpa is 192.168.2.100,arp op is 2 to te-1/1/1

result:te-1/1/2 will transmit the arp packets.

b.Send arp packets with arp_spa is 192.168.1.100,arp tpa is 192.168.2.100,arp op is 1 to te-1/1/1

result:te-1/1/2 will not transmit the arp packets.

example2:l2l4 group

Step1,set match mode to l2l4 group

ovs-vsctl set-match-mode l2l4=1000-20000


Step2,add a flow with all match fields

ovs-ofctl del-flows br0
ovs-ofctl add-flow br0 priority=10000,in_port=1,vn_tag=0x01110222,dl_src=22:11:11:11:11:11,dl_dst=22:22:22:22:22:22,dl_vlan=10,dl_vlan_pcp=3,dl_type=0x0800,nw_proto=6,nw_src=192.168.1.100,nw_dst=192.168.2.100,nw_tos=24,tp_src=0x1000,tp_dst=0x2000,actions=2
ovs-appctl pica/dump-flows

Step3,send packets to te-1/1/1

a.Send ip packets with vntag ethertype is 0x893f,vn_tag is 0x01110222,src mac is 22:11:11:11:11:11,dst mac is 22:22:22:22:22:22,dl_vlan=10,src ip is 192.168.1.100,dst ip is  192.168.2.100,vlan pcp is 3,nw_proto is 6,tos is 24,tp_src is 0x1000,tp_dst is 0x2000 to te-1/1/1.

result:te-1/1/2 will transmit the packets.

example3:udf match group

step1,set udf match mode

ovs-vsctl set-match-mode udf=2000-3000

step2,set udf mode

ovs-vsctl set-udf-mode "udf0(l2,offset=12,length=2)"

step3,add ipv4 flow with other priority except 2000-3000

ovs-ofctl add-flow br0 priority=500,table=250,in_port=1,udf0=0x0800,actions=14

Copyright © 2024 Pica8 Inc. All Rights Reserved.