TTP Unicast
- Tracy Yang
Introduction
This document describes the Table Type Pattern (TTP) and its usage.
TTP defines a template of tables that can be configured using open flow. It uses JSON notation to define the data structure for the pipeline defined in the TTP. Open flow instructions can use the parameters defined in the TTP file to program the flows. If a flow cannot be configured, the switch will report an error message.
Enabling TTP Mode
From PicOS version 2.7.1, supporting for TTP mode has been added in our switches. To use the TTP mode, user must first enable this mode. To enable the TTP mode, use the command "ovs-vsctl set-ttp-enable true' . To add the TTP file, use the command "ovs-vsctl set-ttp-file <TTP file>.json". After adding the file, restart the switch and the TTP mode should be enabled on the switch.From version 3.7.4,add some flow tables(bridging flow table,Egress_Port_Flow_Table,Egress_Port_Group_Flow_Table,Egress_VLAN_Xlate_Flow_Table,Egress_ACL_Flow_Table)
json file
About .JSON FILE:
- Only "table_map" and "flow_tables" can be modified.
- "table_map": User can modify the table number of "VLAN," "Termination MAC," "Unicast Routing" and "Policy ACL". All of the four table id's must be increasing and different. For example, if user wants table 20 to be the VLAN table, write like this "VLAN:" 20 and so on.
- Flow_tables: Only the priority of all the flows tables can be changed. If user modifies vlan filter tables' priority to 1999, when user adds a flow, user must specify that the priority is 1999.
- path: /ovs/share/openvswitch
At present, users cannot modify the json file. If necessary, users may notify our team, and we may be able to change it.
Table map is:
- "Ingress_Port_Flow_Table": 0,
- "Ingress_Port_Group_Flow_Table": 5,
- "Ingress_VFilter_Flow_Table": 10,
- "Ingress_VLAN_Xlate_Flow_Table": 11,
- "Termination_MAC_Flow_Table": 20,
- "Unicast_Routing_Flow_Table": 30,
- "Multicast_Routing_Flow_Table": 40,
- "Bridging_Flow_Table": 50,
- "ACL_Policy_Flow_Table": 60,
- "Egress_Port_Flow_Table": 70,
- "Egress_Port_Group_Flow_Table": 80,
- "Egress_VLAN_Xlate_Flow_Table": 90,
- "Egress_ACL_Flow_Table": 200
Notification
- In the acl table, if any layer 2 header content of packets is modified, previous actions in route table will be invalid.
- At present, the packets can ecmp in src ip by default.
Table match and instructions
Ingress_Port_Group_Flow_Table:
Match:in_port
Actions: write_metadata(bit16-22: Port Group [0-127]),goto_table: Ingress_VFilter_Flow_Table
Built-in:
Match:[]
Actions: write_metadata:0,goto_table: Ingress_VFilter_Flow_Table
ovs-ofctl add-flow br0 table=5,priority=32768,in_port=1,actions=write_metadata:0x20000/0x7f0000,goto_table:10
Ingress_VFilter_Flow_Table:
Match:none or metadata or in_port,Of course you can match “priority,in_port,vlan_vid,dl_vlan_pcp,dl_type” at the same time.
Actions:push_vlan,goto_table:Termination_MAC_Flow_Table
built-in:
Match:[]
Actions:goto_table:Termination_MAC_Flow_Table
ovs-ofctl add-flow br0 table=10,actions=push_vlan:0x8100,set_field:200-\>vlan_vid,push_vlan:0x8100,set_field:300-\>vlan_vid,goto_table:20 ovs-ofctl add-flow br0 table=10,priority=32768,metadata=0x000002/0x7f0000,vlan_vid=0x064/0x0ff,dl_vlan_pcp=4,dl_type=0x0800,actions=push_vlan:0x8100,set_field:200-\>vlan_vid,push_vlan:0x8100,set_field:300-\>vlan_vid,goto_table:20 ovs-ofctl add-flow br0 table=10,priority=32768,in_port=1,vlan_vid=0x064/0x0ff,dl_vlan_pcp=4,dl_type=0x0800,actions=push_vlan:0x8100,set_field:200-\>vlan_vid,push_vlan:0x8100,set_field:300-\>vlan_vid,goto_table:20
Ingress_VLAN_Xlate_Flow_Table
QinQ ingress vlan xlate table for packets, table size is 4K
Match: metadata,vlan_vid
Actions: push_vlan(optional), set_field vlan,goto “Termination_MAC_Flow_Table”
Built-in: goto “Termination_MAC_Flow_Table”
ovs-ofctl add-flow br0 table=11,priority=32768,metadata=0x000002/0x7f0000,dl_vlan=100,actions=push_vlan:0x8100,set_field:200-\>vlan_vid,goto_table:20
Termination_MAC_Flow_Table
In this table, the user can configure a flow to decide if the packets go to the route table or not,do not support a output port in this table. By default, packets will go to the bridging flow table directly, instead of going to route table first. The match fields of the flow supported by this table are dl_dst, dl_vlan, action is goto_table:30. Multicast and broadcast MAC are not supported here.
Match:eth_dst,vlan_vid
Actions:goto “Unicast_Routing_Flow_Table”
Built-in: goto “Bridging_Flow_Table”
ovs-ofctl add-flow br-s table=20,priority=32768,dl_dst=00:11:22:33:44:56,dl_vlan=2015,actions=goto_table:30
Unicast_Routing_Flow_Table
In this table, users can direct the packets' route through several different kind of groups by means of writing actions. The matching fields are dl_type, nw_dst, actions are several kinds of groups and dec_nw_ttl, then go to ACL table. According our .json file we can add this kind of flow. Broadcast and multicast are not supported in this table. By default,all packets pass through this table and goto acl table.
Match:dl_type,nw_dst/ipv6_dst(optional)
Actions:clear_actions or controller or L3 Unicast/L3 ecmp group,goto_table:60(necessary)
Built-in:goto_table: ACL_Policy_Flow_Table
ovs-ofctl add-flow br0 table=30,priority=32768,dl_type=0x0800,nw_dst=192.168.1.100,actions=output:controller,goto_table:60
example1:
step1,add group #########add l2 interface group: ovs-ofctl add-group br0 group_id=1,type=indirect,bucket=output:2 #########add l3 unicast group: ovs-ofctl add-group br0 group_id=2,type=indirect,bucket=set_field:66:66:66:11:11:11-\>dl_src,set_field:88:88:88:11:11:11-\>dl_dst,set_field:3000-\>vlan_vid,group:1 Step2,delete route flow and add another flow ovs-ofctl add-flow br0 table=20,priority=32768,dl_vlan=100,dl_dst=22:22:22:22:22:22,actions=goto_table:30 ovs-ofctl add-flow br0 table=30,priority=32768,dl_type=0x0800,nw_dst=192.168.1.100,actions=write_actions\(group:2,dec_nw_ttl\),goto_table:60 step3,check the flows ovs-ofctl dump-flows br0 ovs-appctl pica/dump-flows step4,send packets send 10000 packets with vlan 100,dst mac is 22:22:22:22:22:22,dst ip is 192.168.1.100 to te-1/1/1. Result:te-1/1/2 should transmit packets with vlan 3000,dst mac is 88:88:88:11:11:11,src mac is 66:66:66:11:11:11,ttl is 63.
Example2
User can also complete the ecmp through a select group.
L2 interface group:
ovs-ofctl add-group br-s group_id=1,type=indirect,bucket=output:77 ovs-ofctl add-group br-s group_id=5,type=indirect,bucket=output:79
L3 UNICAST group:
ovs-ofctl add-group br-s group_id=2,type=indirect,bucket=set_field:66:66:66:00:00:00-\>dl_src,set_field:66:66:66:11:11:11-\>dl_dst,set_field:200-\>vlan_vid,group:1 ovs-ofctl add-group br-s group_id=6,type=indirect,bucket=set_field:22:11:11:11:11:11-\>dl_src,set_field:44:44:44:11:11:11-\>dl_dst,set_field:200-\>vlan_vid,group:5
L3 ff group:
ovs-ofctl add-group br-s group_id=3,type=fast_failover,bucket=group:2,watch_port:77 ovs-ofctl add-group br-s group_id=7,type=fast_failover,bucket=group:6,watch_port:79
L3 ecmp:
ovs-ofctl add-group br-s group_id=4,type=select,bucket=group:2,bucket=group:7
Add flow and check:
ovs-ofctl add-flow br-s table=30,priority=32768,dl_type=0x0800,nw_dst=192.168.1.100,actions=write_actions\(group:4,dec_nw_ttl\),goto_table:60 admin@PicOS-OVS$ovs-ofctl dump-flows br-s OFPST_FLOW reply (OF1.4) (xid=0x2): cookie=0x0, duration=76.544s, table=30, n_packets=n/a, n_bytes=n/a, ip,nw_dst=192.168.1.100 actions=write_actions(group:9,dec_ttl),goto_table:60 admin@PicOS-OVS$ovs-appctl pica/dump-flows Ingress Port Table: (Total 0 flows) VLAN Table: (Total 0 flows) Termination MAC Table: (Total 0 flows) Unicast Routing Table: (Total 1 flows) ID=1 ip,nw_dst=192.168.1.100, actions:group(id=9,select,n=2,b0(live,group(id=3,ff,n=1,b0(live,group(id=2,indirect,n=1,b0(live,set(dl_src=66:66:66:00:00:00,dl_dst=66:66:66:11:11:11),set(vlan_vid=200),group(id=1,indirect,n=1,b0(live,output:77))))))),b1(live,group(id=7,ff,n=1,b0(live,group(id=6,indirect,n=1,b0(live,set(dl_src=22:11:11:11:11:11,dl_dst=44:44:44:11:11:11),set(vlan_vid=200),group(id=5,indirect,n=1,b0(live,output:79)))))))),goto(Policy ACL Table) Policy ACL Table: (Total 0 flows)
Bridging_Flow_Table
When Mac-Learning is enabled on the chip, the entries for unicast forwarding are automatically learned, updated(station-move) and deleted(idle-timeout)." To be installed/updated/deleted via FlowMod(ADD/MODIFY/MODIFY_STRICT/DELETE).
Match:eth_dst,vlan_vid
Actions:output_port,goto_table: ACL_Policy_Flow_Table
Built-in: goto_table: ACL_Policy_Flow_Table
ovs-ofctl add-flow br0 table=50,priority=32768,dl_dst=44:44:44:44:44:44,dl_vlan=2000,actions=write_actions\(output:2\),goto_table:60
send packets matching above flow with dst mac 44:44:44:44:44:44,vlan 2000 to te-1/1/1.
Result: te-1/1/2 should transmit the packets.
ACL_Policy_Flow_Table
In this table, users can add a flow with any match field supported by our switch. The actions could be meter, group, controller, drop, set_queue.
Match:in_port,mpls,vlan,mac,ip,inner_vlan_vid,inner_vlan_pcp,sctp,mpls_label2etc.All the match fields are optional.
Actions:meter(optional),pop_l2mpls(optional),pop_mpls(optional),push_l2mpls,set_field:mpls_label(optional),group,output_port,and so on.
Built-in: goto_table:Egress_VLAN_Xlate_Flow_Table
ovs-ofctl add-flow br0 table=60,in_port=1,dl_vlan=2000,dl_dst=44:33:22:11:00:00,mpls,mpls_label=16,mpls_tc=3,mpls_bos=0,mpls_label2=30,actions=push_mpls:0x8847,set_field:88-\>mpls_label,push_mpls:0x8847,set_field:188-\>mpls_label,output:2
ovs-ofctl add-flow br-s table=60,priority=65535,in_port=78,dl_type=0x86dd,dl_src=22:22:22:22:22:22,dl_dst=44:44:44:11:11:11,ipv6_src=2015::1,dl_vlan=100,dl_vlan_pcp=3,ip_proto=6,ip_dscp=128,ip_ecn=0,tp_src=1111,tp_dst=1444,actions=meter:1
ovs-ofctl add-flow br-s table=60,actions=write_actions\(group:4\)
Egress_VLAN_Xlate_Flow_Table
This entry is for converting outgoing Tagged packets from QinQ to Single Tagged or untagged.
Match:metadata,vlan_vid,inner_vlan_vid
actions:pop_vlan,set_field:vlan,goto_table:Egress_ACL_Flow_Table
built-in: goto_table:Egress_ACL_Flow_Table
ovs-ofctl add-flow br0 table=90,priority=32768,metadata=0x20000/0x7f0000,dl_vlan=2000,inner_vlan_vid=1000,actions=pop_vlan,pop_vlan,goto_table:200
Egress_ACL_Flow_Table
match: IN_PORT,OUTPUT_PORT, ETH_DST/ ETH_SRC, ETH_TYPE, VLAN_VID/ VLAN_PCP,TCP/UDP,SCTP,etc.
actions:set_field:ip_dscp, clear_actions, output:normal
####add flow in ingress acl ####
ovs-ofctl add-flow br0 table=60,in_port=1,actions=write_actions\(output:2\)
####add flow in egress acl
ovs-ofctl add-flow br0 table=200,in_port=1,dl_dst=22:22:22:22:22:22,dl_src=22:11:11:11:11:11,dl_vlan=2000,dl_vlan_pcp=3,actions=clear_actions
send packets
a,send packets with dst mac 22:22:22:22:22:22,src mac 22:11:11:11:11:11,pcp is 3 to te-1/1/1.
b,send packets with dst mac 22:22:22:22:22:22,src mac 22:11:11:11:11:11,pcp is 0 to te-1/1/1.
Result:
a,te-1/1/2 should drop packets.
b,te-1/1/2 should transmit the packets.
List TTP System Resources Usage
From version 2.8.0, when ttp is enabled,we can use command ovs-appctl pica/show tables to check max limitation or current used of different tables.
admin@PICOS-OVS:~$ ovs-appctl pica/show tables
TTP Tables Statistics:
TTP Tables Max Limitation Current Used
-----------------------------------------------------------------------
Ingress Port Group Table 1024 0
Ingress VFilter Table 510 0
Ingress VLAN Xlate Table 4096 0
Termination MAC Table 510 0
Unicast Routing Table (Host) 12000 IPv4(0),IPv6(0*2)
Unicast Routing Table (Route) 12000 IPv4(0),IPv6(0*2)
Multicast Routing Table 6400 IPv4(0),IPv6(0)
Bridging Table 32256 0
Policy ACL Table 2046 0
Egress Port Group Table 1024 0
Egress VLAN Xlate Table 4096 0
Egress ACL Table 510 0
admin@PICOS-OVS:~$
Copyright © 2024 Pica8 Inc. All Rights Reserved.