Implement IPFIX export

Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet <[email protected]> Signed-off-by: Ben Pfaff <[email protected]>
liuyong240 · Apr 22, 2013 · 29089a5 · 29089a5
1 parent d8558b4
commit 29089a5
Show file tree

Hide file tree

Showing 32 changed files with 10,762 additions and 232 deletions.
diff --git a/FAQ b/FAQ
@@ -9,12 +9,13 @@ General
 Q: What is Open vSwitch?
 
 A: Open vSwitch is a production quality open source software switch
-   designed to be used as a vswitch in virtualized server environments.  A
-   vswitch forwards traffic between different VMs on the same physical host
-   and also forwards traffic between VMs and the physical network.  Open
-   vSwitch supports standard management interfaces (e.g. sFlow, NetFlow,
-   RSPAN, CLI), and is open to programmatic extension and control using
-   OpenFlow and the OVSDB management protocol.
+   designed to be used as a vswitch in virtualized server
+   environments.  A vswitch forwards traffic between different VMs on
+   the same physical host and also forwards traffic between VMs and
+   the physical network.  Open vSwitch supports standard management
+   interfaces (e.g. sFlow, NetFlow, IPFIX, RSPAN, CLI), and is open to
+   programmatic extension and control using OpenFlow and the OVSDB
+   management protocol.
 
    Open vSwitch as designed to be compatible with modern switching
    chipsets.  This means that it can be ported to existing high-fanout
@@ -153,6 +154,11 @@ A: The following table lists the Linux kernel versions against which the
    It should build against almost any kernel, certainly against 2.6.18
    and later.
 
+Q: What Linux kernel versions does IPFIX flow monitoring work with?
+
+A: IPFIX flow monitoring requires the Linux kernel module from Open
+   vSwitch version 1.10.90 or later.
+
 Q: Should userspace or kernel be upgraded first to minimize downtime?
 
    In general, the Open vSwitch userspace should be used with the

diff --git a/NEWS b/NEWS
@@ -82,6 +82,7 @@ v1.10.0 - xx xxx xxxx
         retire that meaning of ANY in favor of the OpenFlow 1.1 meaning.
     - Patch ports no longer require kernel support, so they now work
       with FreeBSD and the kernel module built into Linux 3.3 and later.
+    - New "sample" action.
 
 
 v1.9.0 - 26 Feb 2013

diff --git a/WHY-OVS b/WHY-OVS
@@ -21,7 +21,7 @@ vSwitch cope with the above requirements.
   migratable between different hosts.  This may include traditional
   "soft state" (such as an entry in an L2 learning table), L3 forwarding
   state, policy routing state, ACLs, QoS policy, monitoring
-  configuration (e.g. NetFlow, sFlow), etc.
+  configuration (e.g. NetFlow, IPFIX, sFlow), etc.
 
   Open vSwitch has support for both configuring and migrating both slow
   (configuration) and fast network state between instances.  For
@@ -38,13 +38,14 @@ vSwitch cope with the above requirements.
   environments, and so forth.
 
   Open vSwitch supports a number of features that allow a network
-  control system to respond and adapt as the environment changes.  This
-  includes simple accounting and visibility support such as NetFlow and
-  sFlow.  But perhaps more useful, Open vSwitch supports a network state
-  database (OVSDB) that supports remote triggers.  Therefore, a piece of
-  orchestration software can "watch" various aspects of the network and
-  respond if/when they change.  This is used heavily today, for example,
-  to respond to and track VM migrations.
+  control system to respond and adapt as the environment changes.
+  This includes simple accounting and visibility support such as
+  NetFlow, IPFIX, and sFlow.  But perhaps more useful, Open vSwitch
+  supports a network state database (OVSDB) that supports remote
+  triggers.  Therefore, a piece of orchestration software can "watch"
+  various aspects of the network and respond if/when they change.
+  This is used heavily today, for example, to respond to and track VM
+  migrations.
 
   Open vSwitch also supports OpenFlow as a method of exporting remote
   access to control traffic.  There are a number of uses for this

diff --git a/debian/control b/debian/control
@@ -16,13 +16,13 @@ Architecture: all
 Depends: module-assistant, bzip2, debhelper (>= 5.0.37), ${misc:Depends}
 Suggests: openvswitch-switch
 Description: Open vSwitch datapath module source - module-assistant version
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package provides the Open vSwitch datapath module source code
  that is needed by openvswitch-switch.  The kernel module can be built
@@ -33,13 +33,13 @@ Package: openvswitch-datapath-dkms
 Architecture: all
 Depends: dkms (>= 1.95), make, libc6-dev, ${misc:Depends}, ${python:Depends}
 Description: Open vSwitch datapath module source - DKMS version
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package provides the Open vSwitch datapath module source code
  that is needed by openvswitch-switch.  DKMS can built the kernel
@@ -52,13 +52,13 @@ Depends:
  python (>= 2.7) | python-argparse
 Suggests: ethtool
 Description: Open vSwitch common components
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  openvswitch-common provides components required by both openvswitch-switch
  and openvswitch-controller.
@@ -68,34 +68,34 @@ Architecture: linux-any
 Suggests: openvswitch-datapath-module
 Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, openvswitch-common (= ${binary:Version}), module-init-tools, procps, uuid-runtime, netbase
 Description: Open vSwitch switch implementations
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  openvswitch-switch provides the userspace components and utilities for
- the Open vSwitch kernel-based switch.  
+ the Open vSwitch kernel-based switch.
 
 Package: openvswitch-ipsec
 Architecture: linux-any
 Depends:
  ${shlibs:Depends}, ${misc:Depends}, python,
- ipsec-tools (>=0.8~alpha20101208), 
+ ipsec-tools (>=0.8~alpha20101208),
  racoon (>=0.8~alpha20101208),
  openvswitch-common (= ${binary:Version}),
  openvswitch-switch (= ${binary:Version}),
  python-openvswitch (= ${source:Version})
 Description: Open vSwitch GRE-over-IPsec support
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  The ovs-monitor-ipsec script provides support for encrypting GRE
  tunnels with IPsec.
@@ -106,13 +106,13 @@ Depends:
  ${misc:Depends}, openvswitch-common (>= ${source:Version}),
  openvswitch-common (<< ${source:Version}.1~)
 Description: Open vSwitch public key infrastructure dependency package
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  openvswitch-pki provides PKI (public key infrastructure) support for
  Open vSwitch switches and controllers, reducing the risk of
@@ -124,13 +124,13 @@ Depends:
  ${shlibs:Depends}, openvswitch-common (= ${binary:Version}),
  openvswitch-pki (= ${source:Version}), ${misc:Depends}
 Description: Open vSwitch controller implementation
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  The Open vSwitch controller enables OpenFlow switches that connect to it
  to act as MAC-learning Ethernet switches.
@@ -144,13 +144,13 @@ Depends:
  openvswitch-controller (= ${binary:Version}),
  openvswitch-switch (= ${binary:Version})
 Description: Debug symbols for Open vSwitch packages
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package contains the debug symbols for all the other openvswitch-*
  packages.  Install it to debug one of them or to examine a core dump
@@ -161,13 +161,13 @@ Architecture: all
 Section: python
 Depends: ${misc:Depends}, ${python:Depends}
 Description: Python bindings for Open vSwitch
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package contains the full Python bindings for Open vSwitch database.
 
@@ -176,13 +176,13 @@ Architecture: all
 Section: utils
 Depends: ${python:Depends}, python-openvswitch, ${misc:Depends}
 Description: Open vSwitch graphical monitoring tool
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package is a GUI tool for monitoring and troubleshooting local
  or remote Open vSwitch installations.  It presents GUI tables that
@@ -194,13 +194,13 @@ Package: openvswitch-test
 Architecture: all
 Depends: ${misc:Depends}, ${python:Depends}, python-twisted-web, python (>= 2.7) | python-argparse
 Description: Open vSwitch test package
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package contains utilities that are useful to diagnose
  performance and connectivity issues in Open vSwitch setup.
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
@@ -312,6 +312,7 @@ enum nx_action_subtype {
     NXAST_DEC_MPLS_TTL,         /* struct nx_action_header */
     NXAST_STACK_PUSH,           /* struct nx_action_stack */
     NXAST_STACK_POP,            /* struct nx_action_stack */
+    NXAST_SAMPLE,               /* struct nx_action_sample */
 };
 
 /* Header for Nicira-defined actions. */
@@ -2233,4 +2234,29 @@ struct nx_action_mpls_ttl {
 };
 OFP_ASSERT(sizeof(struct nx_action_mpls_ttl) == 16);
 
+/* Action structure for NXAST_SAMPLE.
+ *
+ * Samples matching packets with the given probability and sends them
+ * each to the set of collectors identified with the given ID.  The
+ * probability is expressed as a number of packets to be sampled out
+ * of USHRT_MAX packets, and must be >0.
+ *
+ * When sending packet samples to IPFIX collectors, the IPFIX flow
+ * record sent for each sampled packet is associated with the given
+ * observation domain ID and observation point ID.  Each IPFIX flow
+ * record contain the sampled packet's headers when executing this
+ * rule.  If a sampled packet's headers are modified by previous
+ * actions in the flow, those modified headers are sent. */
+struct nx_action_sample {
+    ovs_be16 type;                  /* OFPAT_VENDOR. */
+    ovs_be16 len;                   /* Length is 24. */
+    ovs_be32 vendor;                /* NX_VENDOR_ID. */
+    ovs_be16 subtype;               /* NXAST_SAMPLE. */
+    ovs_be16 probability;           /* Fraction of packets to sample. */
+    ovs_be32 collector_set_id;      /* ID of collector set in OVSDB. */
+    ovs_be32 obs_domain_id;         /* ID of sampling observation domain. */
+    ovs_be32 obs_point_id;          /* ID of sampling observation point. */
+};
+OFP_ASSERT(sizeof(struct nx_action_sample) == 24);
+
 #endif /* openflow/nicira-ext.h */