[ovs-dev] OVS 2.9 Intel Roadmap

[Stokes, Ian]

Below are the features that Intel are planning to submit for the OVS 2.9 release.

I've also created a google spreadsheet so that people can contribute their own planned features. This can be found at:

https://docs.google.com/spreadsheets/d/1FilGq46vQePFKoehADWWsDvDCZSNsMU7PrpPr3EM3lU/edit#gid=0

If people can complete this doc and send an email to the dev mailing list then we can formalize the features and commit them to a doc in the OVS repo.

It would be good if others are also willing to share their plans so that we can build up a complete picture of what's planned for the OVS 2.9 release and make sure there's no duplication.

Keepalive: Keepalive feature is aimed at achieving Fastpath Service Assurance  in OVS-DPDK deployments. It adds support for monitoring the packet processing threads by dispatching heartbeats at regular intervals and the status is updated periodically in OVSDB. In case of heartbeat misses the failure is detected and reported to higher level fault management systems/frameworks. The status can be monitored from OpenStack Ceilometer service.

vHost PMD: The vHost PMD brings vHost User ports under control of DPDK's librte_ether library and in doing so DPDK's librte_vhost library will no longer be directly referenced in OVS. Potential benefits include shared code among port types in netdev-dpdk and smoother upgrades between DPDK versions in OVS.

Multi-segment Mbuf: Support for jumbo frames was added to netdev-dpdk in v2.6.0. In that implementation, a jumbo frame is stored within a single-segment mbuf. That mode will remain the default, but an option will now be added to allow a jumbo frame to be stored within a multi-segment mbuf. This reduces the requirement for large, contiguous blocks of memory, and may be useful in deployments with limited memory.

Conn Track: Analyze and improve Connection Tracker performance:
The Connection Tracker is a feature to manage stateful connections and implement security Firewalls.
This allows a better protection against attacks and helps in load balancing. The counterpart is a significant impact on the overall performance. This work is aimed at analyzing possible bottlenecks - also considering the latest protocol implementations - to improve the Connection Tracker performance.

IPSEC: This feature looks to introduce IPsec into OVS with DPDK. IPsec would function in transport mode and would be used in conjunction with existing encapsulation methods (initially VxLAN) to create a new interface type 'vxlanipsec'. The DPDK cryptodev framework will be used to  handle cipher/digest operations as part of the encap/decap actions in accordance with a security association. The cryptodev devices supported would be limited to virtual crypto devices such as the  AESN-MB vdev. As such cipher and digest algorithms supported would be limited to the capabilities of the vdev. In terms of Security Association generation for IPsec policies, the feature will allow a user to specify security associations via command line options for the interface.

Zero copy: Support for enabling DPDK's 'dequeue zero copy' feature on vHost User ports which removes the costly memcpy operation from guest to host when enabled. Detailed information in the DPDK documentation: http://dpdk.org/doc/guides/prog_guide/vhost_lib.html#vhost-api-overview.

DPDK 17.05.2 and 17.11 support: DPDK 17.05.2 is the latest stable release of DPDK, and includes numerous bug-fixes and stability updates.
DPDK 17.11 will be the next DPDK Long Term Support (LTS) release (TBD). It will also include numerous new features, such as Generic Segmentation Offload (GSO) and vHost PMD.

Upcall performance: The first packet in every flow that is handled by OVS is an upcall to the exception path. This is a performance bottleneck for some use cases. Analysis and improvements to the performance of this code path will be investigated.

Service Assurance : Virtual switching reporting of flow telemetry via IPFix.

Extended NIC Stats: Expose low level driver statistics registers to the user through the Extended NIC statistics API in DPDK for physical interfaces.

NAT extended counters (sflow): Monitoring NAT flow telemetry via sFlow.