lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 15 Oct 2010 14:35:53 -0700
From:	Jesse Gross <jesse@...ira.com>
To:	hadi@...erus.ca
Cc:	Ben Pfaff <blp@...ira.com>, netdev@...r.kernel.org
Subject: Re: openvswitch/flow WAS ( Re: [rfc] Merging the Open vSwitch datapath

On Fri, Oct 15, 2010 at 4:31 AM, jamal <hadi@...erus.ca> wrote:
> It seems to me that you reinvented things that exist in
> Linux already such as bridging, tunnels and what really
> caught my attention: ability to do flows (tc actions).
> It is possible Linux is missing something you wanted or was
> not efficient enough?
> [For example: I couldnt see anything you needed
> on flow-action management that Linux couldnt do already
> (with already very nice well structured netlink APIs)]

You're right, at a high level, it appears that there is a bit of an
overlap between bridging, tc, and Open vSwitch.  However, in reality
each is targeting a pretty different use case.  Given that the design
goals are not aligned, keeping separate things separate actually helps
with overall simplicity.  Where there is overlap, I am certainly happy
to see common functionality reused: for example, Open vSwitch uses tc
for its QoS capabilities.

In the future, I expect there to be an even clearer delineation
between the various components.  One of the primary use cases of Open
vSwitch at the moment is for virtualized data center networking but a
few of the other potential uses that have been brought up include
security processing (involving sending traffic of interest to
userspace) and configuring SR-IOV NICs (to appropriately program rules
in hardware).  You can see how each of these makes sense in the
context of a virtual switch datapath but less so as a set of tc
actions.

So, in short, I don't see this as something lacking in Linux, just
complementary functionality.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ