[v3,00/13] net/mlx5: e-switch VXLAN encap/decap hardware offload
Message ID | 1541074741-41368-1-git-send-email-viacheslavo@mellanox.com (mailing list archive) |
---|---|
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 2DF541B127; Thu, 1 Nov 2018 13:19:25 +0100 (CET) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60085.outbound.protection.outlook.com [40.107.6.85]) by dpdk.org (Postfix) with ESMTP id A3F3C1B10E for <dev@dpdk.org>; Thu, 1 Nov 2018 13:19:23 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gs6aoQKA8qsCbbtze1z/LmGuFq96zadfbk7IVaAT/8M=; b=EcBj7O9Zpb3YKe8fDadt2exkAUofisweaWzwG48b5CvxKYiq49+/t7E0ZpDRRkD2VhPTOznkfy63H8H/t5Q2//xawfhDuxNrvPD8SifgWGTbPkFKj+1H0Erkne+cT7QKKZJwk0hXMGMdVi6p2kiGWgys0a9X8w020ujRtYB43Zo= Received: from AM4PR05MB3265.eurprd05.prod.outlook.com (10.171.186.150) by AM4PR05MB1681.eurprd05.prod.outlook.com (10.165.245.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.25; Thu, 1 Nov 2018 12:19:21 +0000 Received: from AM4PR05MB3265.eurprd05.prod.outlook.com ([fe80::544b:a68d:e6a5:ba6e]) by AM4PR05MB3265.eurprd05.prod.outlook.com ([fe80::544b:a68d:e6a5:ba6e%2]) with mapi id 15.20.1273.030; Thu, 1 Nov 2018 12:19:21 +0000 From: Slava Ovsiienko <viacheslavo@mellanox.com> To: Shahaf Shuler <shahafs@mellanox.com> CC: "dev@dpdk.org" <dev@dpdk.org>, Yongseok Koh <yskoh@mellanox.com>, Slava Ovsiienko <viacheslavo@mellanox.com> Thread-Topic: [PATCH v3 00/13] net/mlx5: e-switch VXLAN encap/decap hardware offload Thread-Index: AQHUcd0eafwZ1MomRkGFeHttp19GCw== Date: Thu, 1 Nov 2018 12:19:21 +0000 Message-ID: <1541074741-41368-1-git-send-email-viacheslavo@mellanox.com> References: <1539612815-47199-1-git-send-email-viacheslavo@mellanox.com> In-Reply-To: <1539612815-47199-1-git-send-email-viacheslavo@mellanox.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: LO2P265CA0079.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:8::19) To AM4PR05MB3265.eurprd05.prod.outlook.com (2603:10a6:205:4::22) authentication-results: spf=none (sender IP is ) smtp.mailfrom=viacheslavo@mellanox.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [37.142.13.130] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR05MB1681; 6:c+nL5fmHpOyH3ZJMOS4226Pc83CLaabWneJYEwyjPOYsXg6G0wzyArM5GUZIthL7gKuoa/8PlYgB+4XdNt4mhyHN1UEZati9so8PFj1FJqK1Aa5PIdlcMq2uFPPLMraqs1JuJA9f8ABUL3cGZwFq/c5j6aRXKyC+GRY2FpQahepCT9xPmMWUHJhThS1lRrC3bcUU24NrWwjZHq24+J3CCNqPk5kk7WWQMFUbidi24S6uw6Hegq8cQxpICc82v3fVlCl/1I7R0ndxQAqsn6VysdjnyrszyoMqmpXPMgSvF9TIjfqOxlgCGTPeRwtB/XtgjxK13pFya2Giwfqs2+pWNE/6scOyaah48bCBCFZfUqxvG9uVbbP2c0yAp4m0k8u+uvj/Q0H1Y4Ah8WTMOdcctzLMPXm6iargL/7b4eBasVGbkHaq9s0+Yq9RayPETPgEhXe304tqf2utP04jCUQj+A==; 5:n8OmWh43tziyCOvu4H0izxl9711h5aDe+KUzcTYzQ4ChzVDOfCungomWqSjqG9LwK5+JJeGw0ftBDbR7w8w4kfN8t94ig7bZ7DOrEuc1S6C2xtfpsZlDxut+1iK9EK1jR/v6oD4dzS1eNlVdq6B41yLtnWEPRGVHYdN/bAidp94=; 7:aC4lguY36rzIPbMjVzboUfj95u6EgQEasijokZDqULDkBg3/LgbPGL+dsjv2L7ytUecAeMV7GukOw3uGQDS8N3jxLwN83WsqxfDnCiLtw776hUGe8jTwOvulFj1kkkzvR9z8nxGg9UwfZDsbfK+h3Q== x-ms-office365-filtering-correlation-id: b975f7cf-f396-445b-77f4-08d63ff440c8 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:AM4PR05MB1681; x-ms-traffictypediagnostic: AM4PR05MB1681: x-microsoft-antispam-prvs: <AM4PR05MB1681212E17C68BA992634674D2CE0@AM4PR05MB1681.eurprd05.prod.outlook.com> x-exchange-antispam-report-test: UriScan:; x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231382)(944501410)(4982022)(52105095)(6055026)(148016)(149066)(150057)(6041310)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:AM4PR05MB1681; BCL:0; PCL:0; RULEID:; SRVR:AM4PR05MB1681; x-forefront-prvs: 0843C17679 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(366004)(396003)(346002)(376002)(199004)(189003)(97736004)(3846002)(6116002)(561944003)(6862004)(478600001)(5250100002)(25786009)(4326008)(71190400001)(71200400001)(86362001)(316002)(966005)(8676002)(68736007)(81156014)(8936002)(81166006)(106356001)(105586002)(2906002)(14454004)(36756003)(7736002)(305945005)(107886003)(54906003)(37006003)(6436002)(6486002)(102836004)(99286004)(66066001)(6512007)(53936002)(2900100001)(6306002)(476003)(6636002)(52116002)(76176011)(386003)(186003)(256004)(5024004)(446003)(26005)(5660300001)(14444005)(6506007)(11346002)(486006)(2616005)(21314003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR05MB1681; H:AM4PR05MB3265.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: /9HFwCQ7Y4VSV6Ropjus5cA1b0nGqOeWU0U5k6KT+ydEix+JR/lH1V0k5UV10daeSUxNyHLSeNS4QwvDLTa4AGDNBqM/+Fw5oaJl5aV0Jz5SaaBLwiOye+PKSQUbGg3MRe97AlVpjYDiCkY+jETbED52haM8kry+VARbeyPBzWv+3+FOLDe/8NQX7Y33w9U0/0JZNvQUgKaxq18JavfjgriMFQHjyR/IbCrznXq5m7HIxwxdHMq7G1j10bVthI0uTM8RKuTEQhwAji5PrwBRgbvef+ZEDOrSeJPahebMNAf7HEZEUWSzkHnyA8m5lV0h773s1GaMBw9eufEKgoGP/aW7Iz3XJWIXSGQu3WJgZo0= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-Network-Message-Id: b975f7cf-f396-445b-77f4-08d63ff440c8 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2018 12:19:21.4703 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR05MB1681 Subject: [dpdk-dev] [PATCH v3 00/13] net/mlx5: e-switch VXLAN encap/decap hardware offload X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Message
Slava Ovsiienko
Nov. 1, 2018, 12:19 p.m. UTC
This patchset adds the VXLAN encapsulation/decapsulation hardware
offload feature for E-Switch.
A typical use case of tunneling infrastructure is port representors
in switchdev mode, with VXLAN traffic encapsulation performed on
traffic coming *from* a representor and decapsulation on traffic
going *to* that representor, in order to transparently assign
a given VXLAN to VF traffic.
Since these actions are supported at the E-Switch level, the "transfer"
attribute must be set on such flow rules. They must also be combined
with a port redirection action to make sense.
Since only ingress is supported, encapsulation flow rules are normally
applied on a physical port and emit traffic to a port representor.
The opposite order is used for decapsulation.
Like other mlx5 E-Switch flow rule actions, these ones are implemented
through Linux's TC flower API. Since the Linux interface for VXLAN
encap/decap involves virtual network devices (i.e. ip link add type
vxlan [...]), the PMD dynamically spawns them on a needed basis
through Netlink calls. These VXLAN implicitly created devices are
called VTEPs (Virtual Tunnel End Points).
VXLAN interfaces are dynamically created for each local port of
outer networks and then used as targets for TC "flower" filters
in order to perform encapsulation. For decapsulation the VXLAN
devices are created for each unique UDP-port. These VXLAN interfaces
are system-wide, the only one device with given UDP port can exist
in the system (the attempt of creating another device with the
same UDP local port returns EEXIST), so PMD should support the
shared (between PMD instances) device database.
Rules samples consideraions:
$PF - physical device, outer network
$VF - representor for VF, outer/inner network
$VXLAN - VTEP netdev name
$PF_OUTER_IP - $PF IP (v4 or v6) within outer network
$REMOTE_IP - remote peer IP (v4 or v6) within outer network
$LOCAL_PORT - local UDP port
$REMOTE_PORT - remote UDP port
VXLAN VTEP creation with iproute2 (PMD does the same via Netlink):
- for encapsulation:
ip link add $VXLAN type vxlan dstport $LOCAL_PORT external dev $PF
ip link set dev $VXLAN up
tc qdisc del dev $VXLAN ingress
tc qdisc add dev $VXLAN ingress
$LOCAL_PORT for egress encapsulated traffic (note, this is not
source UDP port in the VXLAN header, it is just UDP port assigned
to VTEP, no practical usage) is selected from available UDP ports
automatically in range 30000-60000.
- for decapsulation:
ip link add $VXLAN type vxlan dstport $LOCAL_PORT external
ip link set dev $VXLAN up
tc qdisc del dev $VXLAN ingress
tc qdisc add dev $VXLAN ingress
$LOCAL_PORT is UDP port receiving the VXLAN traffic from outer networks.
All ingress UDP traffic with given UDP destination port from ALL existing
netdevs is routed by kernel to the $VXLAN net device. While applying the
rule the kernel checks the IP parameter withing rule, determines the
appropriate underlaying PF and tryes to setup the rule hardware offload.
VXLAN encapsulation
VXLAN encap rules are applied to the VF ingress traffic and have the
VTEP as actual redirection destinations instead of outer PF.
The encapsulation rule should provide:
- redirection action VF->PF
- VF port ID
- some inner network parameters (MACs)
- the tunnel outer source IP (v4/v6), (IS A MUST)
- the tunnel outer destination IP (v4/v6), (IS A MUST).
- VNI - Virtual Network Identifier (IS A MUST)
VXLAN encapsulation rule sample for tc utility:
tc filter add dev $VF protocol all parent ffff: flower skip_sw \
action tunnel_key set dst_port $REMOTE_PORT \
src_ip $PF_OUTER_IP dst_ip $REMOTE_IP id $VNI \
action mirred egress redirect dev $VXLAN
VXLAN encapsulation rule sample for testpmd:
- Setting up outer properties of VXLAN tunnel:
set vxlan ip-version ipv4 vni $VNI \
udp-src $IGNORED udp-dst $REMOTE_PORT \
ip-src $PF_OUTER_IP ip-dst $REMOTE_IP \
eth-src $IGNORED eth-dst $REMOTE_MAC
- Creating a flow rule on port ID 4 performing VXLAN encapsulation
with the abovementioned properties and directing the resulting
traffic to port ID 0:
flow create 4 ingress transfer pattern eth src is $INNER_MAC / end
actions vxlan_encap / port_id id 0 / end
There is no direct way found to provide kernel with all required
encapsulatioh header parameters. The encapsulation VTEP is created
attached to the outer interface and assumed as default path for
egress encapsulated traffic. The outer tunnel IP address are
assigned to interface using Netlink, the implicit route is
created like this:
ip addr add <src_ip> peer <dst_ip> dev <outer> scope link
The peer address option provides implicit route, and scope link
attribute reduces the risk of conflicts. At initialization time all
local scope link addresses are flushed from the outer network device.
The destination MAC address is provided via permenent neigh rule:
ip neigh add dev <outer> lladdr <dst_mac> to <dst_ip> nud permanent
At initialization time all neigh rules of permanent type are flushed
from the outer network device.
VXLAN decapsulation
VXLAN decap rules are applied to the ingress traffic of VTEP ($VXLAN)
device instead of PF. The decapsulation rule should provide:
- redirection action PF->VF
- VF port ID as redirection destination
- $VXLAN device as ingress traffic source
- the tunnel outer source IP (v4/v6), (optional)
- the tunnel outer destination IP (v4/v6), (IS A MUST)
- the tunnel local UDP port (IS A MUST, PMD looks for appropriate VTEP
with given local UDP port)
- VNI - Virtual Network Identifier (IS A MUST)
VXLAN decap rule sample for tc utility:
tc filter add dev $VXLAN protocol all parent ffff: flower skip_sw \
enc_src_ip $REMOTE_IP enc_dst_ip $PF_OUTER_IP enc_key_id $VNI \
nc_dst_port $LOCAL_PORT \
action tunnel_key unset action mirred egress redirect dev $VF
VXLAN decap rule sample for testpmd:
- Creating a flow on port ID 0 performing VXLAN decapsulation and directing
the result to port ID 4 with checking inner properties:
flow create 0 ingress transfer pattern /
ipv4 src is $REMOTE_IP dst $PF_LOCAL_IP /
udp src is 9999 dst is $LOCAL_PORT / vxlan vni is $VNI /
eth src is 00:11:22:33:44:55 dst is $INNER_MAC / end
actions vxlan_decap / port_id id 4 / end
The VXLAN encap/decap rules constrains (implied by current kernel support)
- VXLAN decapsulation provided for PF->VF direction only
- VXLAN encapsulation provided for VF->PF direction only
- current implementation will support non-shared database of VTEPs
(impossible simultaneous usage of the same UDP port by several
instances of DPDK apps)
Suggested-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
---
v3:
* patchset is resplitted into more dedicated parts
* decapsulation rule takes MAC from inner eth item
* appropriate RTE_BEx are replaced with runtime rte_cpu_xxx
* E-Switch Flow counter deletion is fixed
* VTEP management routines are refactored
* found typos are corrected
v2:
* removed non-VXLAN related parts
* multipart Netlink messages support
* local IP and peer IP rules management
* neigh IP address to MAC address rules
* management rules cleanup at outer device initialization
* attached devices cleanup at outer device initialization
v1:
* http://patches.dpdk.org/patch/45800/
* Refactored code of initial experimental proposal
v0:
* http://patches.dpdk.org/cover/44080/
* Initial proposal by Adrien Mazarguil <adrien.mazarguil@6wind.com>
Viacheslav Ovsiienko (13):
net/mlx5: prepare makefile for adding e-switch VXLAN
net/mlx5: prepare meson.build for adding e-switch VXLAN
net/mlx5: add necessary definitions for e-switch VXLAN
net/mlx5: add necessary structures for e-switch VXLAN
net/mlx5: swap items/actions validations for e-switch rules
net/mlx5: add e-switch VXLAN support to validation routine
net/mlx5: add VXLAN support to flow prepare routine
net/mlx5: add VXLAN support to flow translate routine
net/mlx5: e-switch VXLAN netlink routines update
net/mlx5: fix e-switch Flow counter deletion
net/mlx5: add e-switch VXLAN tunnel devices management
net/mlx5: add e-switch VXLAN encapsulation rules
net/mlx5: add e-switch VXLAN rule cleanup routines
drivers/net/mlx5/Makefile | 85 +
drivers/net/mlx5/meson.build | 34 +
drivers/net/mlx5/mlx5_flow.h | 11 +
drivers/net/mlx5/mlx5_flow_tcf.c | 5118 +++++++++++++++++++++++++++++---------
4 files changed, 4107 insertions(+), 1141 deletions(-)