[ovs-discuss] Some questions on ovs

[Jesse Gross]

On Sun, Dec 19, 2010 at 10:35 AM, Daniel Tiron <dtiron at debian.armed.us> wrote:
> Hi.
>
> Currently I am conducting research for my master thesis on fast
> monitoring of inter-vm communication. Among some other solutions I
> looked into, Open vSwitch in combination with KVM was my choice.
>
> My setup consists of two virtual machines, each using a tap interface
> with virtio. Both interfaces (tap105, tap106) are assigned to an ovs
> bridge. They don't have any connectivity to other networks:
>      ________          ________
>     |        |        |        |
>     | tap105 |        | tap106 |
>     |________|-.    .-|________|
>                |    |
>             ___|____|___    ________
>            |            |--|        |
>            |   ovs br0  |  | tap999 |
>            |____________|  |________|
>
>
> My current approach is a configuration of a mirror port (tap999) on my
> bridge and capturing via PF_RING [1]

I believe that PF_RING hooks into the receive routines for network
devices.  When Open vSwitch outputs a packet it is transmitting on
that device.  It might work if you used an internal device (such as
br0) since those are virtual devices that act like they received
packets.  However, PF_RING also says that it is hooked in with NAPI
somehow, which doesn't make sense in the context of a virtual device,
so we don't use it.

> I also tried to grab packets
> directly of the br0 interface but tcpdump didn't see any.

The br0 interface is just another port to the switch.  Since traffic
is flowing between two VMs, no traffic will be directed to other
interfaces.  It would make more sense to run tcpdump on either the
interfaces connected to VMs or the mirror target.

> Can this be done with the brcompat module? As far as I understood the
> purpose of brcompat is only to provide compatibility with the standard
> command line tools like brctl.
> Did I get this right or might brcompat help me with capturing traffic?

Yes, brcompat is only a compatibility layer for setting up bridges
with the Linux bridge tools.  It won't help you here.

> Is there any other way how capturing can be done directly on br0?
>
> What would you say is the most efficient way of packet capturing in the
> host system?

It really depends on what you are trying to do.  The most efficient
way would be to find whatever you are looking for in the kernel
instead of sending everything to userspace.

>
> The second question I am currently working on is how many copies of each
> packet are created. Or in other words: How often does ovs copy the data
> while forwarding a packet from one vm to another?
> Is the data copied into the mirror port or handed over somehow else?
> (pointer? mmap?)

Data isn't copied during packet forwarding.  If you mirror a port it
copies the packet metadata and adds a reference.  Of course, if you do
further things, like make modifications, send the packet to userspace,
etc. copies might be required.