[ovs-dev] OVN architecture

Thomas Graf tgraf at noironetworks.com
Mon Jan 19 23:07:52 UTC 2015


On 01/19/15 at 09:58am, Ben Pfaff wrote:
> To keep the discussion going, let's talk about each of those features.
> 
> These days, OVS allows an ARP responder can be implemented in the
> OpenFlow flow table (since all ARP fields are modifiable), but that has
> only been true for a few versions.  Before that, an ARP responder could
> only be implemented in an OpenFlow controller.  So to support those
> older versions, OVN would have to detect support for ARP field
> modification and divert packets to ovn-controller.  I think
> ovn-controller will probably need a general framework for that kind of
> thing, so it's probably feasible.

Do you have something specific in mind already on how to test
availability, in particular for existing OVS releases? Configuring a
dummy flow table with certain matches and actions on startup and
constructing a list of capabilities based on it?

For new releases, a new OVSDB could provide capabilities.

> But maybe by "ARP responder" you don't mean the ability to respond to
> ARP requests but the ability to synthesize ARP requests from IP packets,
> like a router needs to do.  OVN will have to do this to implement L3
> features.  No current version of OVS can do this from the flow table, so
> it will have to be implemented by ovn-controller diversion everywhere.
> This may be acceptable, because ARP isn't that performance sensitive,
> but perhaps we'll find out that there's good reason to build it into
> OVS.  Then we'd, again, make OVN probe for support and use one strategy
> or the other.

Another minor difference to be taken care of is the capability of
implementing certain set-fields in the datapath. An example right now
would be ARP fields which require a user space fall back.

> Conntrack, on the other hand, is a feature that doesn't have a
> reasonable implementation without datapath support.  Without it, OVN
> would have to fall back to simple TCP flags matching on OVS that
> supports that, or skip the firewall entirely on OVS that doesn't have
> it.



More information about the dev mailing list