[ovs-dev] [PATCH] FAQ: Describe why OVS can't prepopulate the kernel flow table.

Ben Pfaff blp at nicira.com
Tue Oct 13 16:10:35 UTC 2015

Signed-off-by: Ben Pfaff <blp at nicira.com>
 FAQ.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/FAQ.md b/FAQ.md
index 512bd2c..4c259bf 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -564,6 +564,32 @@ A: Open vSwitch has two kinds of flows (see the previous question), so
 A: Open vSwitch maintains snooping tables for each VLAN.
+### Q: Can OVS populate the kernel flow table in advance instead of in reaction to packets?
+A: No.  There are several reasons:
+  - Kernel flows are not as sophisticated as OpenFlow flows, which
+    means that some OpenFlow policies could require a large number of
+    kernel flows.  The "conjunctive match" feature is an extreme
+    example: the number of kernel flows it requires is the product of
+    the number of flows in each dimension.
+  - With multiple OpenFlow flow tables and simple sets of actions, the
+    number of kernel flows required can be as large as the product of
+    the number of flows in each dimension.  With more sophisticated
+    actions, the number of kernel flows could be even larger.
+  - Open vSwitch is designed so that any version of OVS userspace
+    interoperates with any version of the OVS kernel module.  This
+    forward and backward compatibility requires that userspace observe
+    how the kernel module parses received packets.  This is only
+    possible in a straightforward way when userspace adds kernel flows
+    in reaction to received packets.
+  For more relevant information on the architecture of Open vSwitch,
+  please read "The Design and Implementation of Open vSwitch",
+  published in USENIX NSDI 2015.

More information about the dev mailing list