[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEP_g=_2L1xFWtDXh_6YyXz1Mt9TR3zvjLzix+SpO6yzeOLsSQ@mail.gmail.com>
Date: Thu, 24 Nov 2011 12:10:42 -0800
From: Jesse Gross <jesse@...ira.com>
To: netdev <netdev@...r.kernel.org>, dev@...nvswitch.org
Cc: David Miller <davem@...emloft.net>,
Stephen Hemminger <shemminger@...tta.com>,
Chris Wright <chrisw@...hat.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Eric Dumazet <eric.dumazet@...il.com>,
John Fastabend <john.r.fastabend@...el.com>,
Justin Pettit <jpettit@...ira.com>, jhs@...atatu.com
Subject: Open vSwitch Design
I realized that since Open vSwitch is so userspace-centric some of the
design considerations might not be apparent from the kernel code
alone. I did a poor job of explaining the larger picture which has
lead to some misconceptions, so I thought it would be helpful if I
gave a short overview.
One of the driving goals was to push as much logic as possible to
userspace, so the kernel portion is less than 6000 lines and has four
components:
* Switching infrastructure: As the name implies, Open vSwitch is
intended to be a network switch, focused on
virtualization/OpenFlow/software defined networking. This means that
what we are modeling is not actually a collection of flows but a
switch which contains a group of related ports, a software virtual
device, etc. The switch model is used in a variety of places, such as
to measure traffic that actually flows through it in order to
implement monitoring and sampling protocols.
* Flow lookup: Although used to implement OpenFlow, the kernel flow
table does not actually directly contain OpenFlow flows. This is
because OpenFlow tables can contain wildcards, multiple pipeline
stages, etc. and we did not want to push that complexity into the
kernel fast path (nor tie it to a specific version of OpenFlow).
Instead an exact match flow table is populated on-demand from
userspace based on the more complex rules stored there. Although it
might seem limiting, this design has allowed significant new
functionality to be added without modifications to the kernel or
performance impact.
* Packet execution: Once a flow is matched it can be output,
enqueued to a particular qdisc, etc. Some of these operations are
specific to Open vSwitch, such as sampling, whereas others we leverage
existing infrastructure (including tc for QoS) by simply marking the
packet for further processing.
* Userspace interfaces: One of the difficulties of having a
specialized, exact match flow lookup engine is maintaining
compatibility across differing kernel/userspace versions. This
compatibility shows up heavily in the userspace interfaces and is
achieved by passing the kernel's version of the flow along with packet
information. This allows userspace to install appropriate flows even
if its interpretation of a packet differs from the kernel's without
version checks or maintaining multiple implementations of the flow
extraction code in the kernel.
It's obviously possible to put this code anywhere, whether it is an
independent module, in the bridge, or tc. Regardless, however, it's
largely new code that is geared towards this particular model so it
seems better not to add to the complexity of existing components if at
all possible.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists