[ovs-discuss] Can open vswitch replace libipq?

Ben Pfaff blp at nicira.com
Tue Jul 27 23:30:09 UTC 2010


There are two packet processing APIs.  There is, first, the public API,
which is an implementation of the OpenFlow 1.0 protocol documented at
http://openflowswitch.org/.  This is mainly meant to be used remotely
from a separate machine, but it can also be used locally over a Unix
domain socket or localhost TCP connection.

The second API is the one that Open vSwitch uses internally to talk to
its kernel module.  This API is not entirely final or stable (or we
would have upstreamed it to the Linux kernel), but it is more or less
documented in the header file include/openvswitch/datapath-protocol.h
and in the userspace interface library comments in lib/dpif.c.

If you're looking for performance, you want the kernel module.  The
all-userspace implementation uses the same kernel interfaces as
e.g. tcpdump or wireshark, which aren't designed for packet forwarding.
I'd guess that the performance hit is 2X or more.

Open vSwitch flows can modify headers but do not currently support
application-level gatewaying.

On Tue, Jul 27, 2010 at 04:20:30PM -0700, Hardeep Uppal wrote:
> Thanks for the reply. I can't seem to find the documentation to the Open
> vSwitch API. Could you direct me to it?
> Also can Open vSwitch be used to insert flows into the kernel that modify
> the packet header to get functionality similar to a NAT?
> 
> The documentation for Open vSwitch mentions performance hit when using Open
> vSwitch in userspace. Do you have an estimate as to how much the performace
> decreases in userspace? I am currently using Xen hypervisor with
> 2.6.26-2-xen-686 as my dom0 kernel. I can't seem to find the header files
> for 2.6.26-2-xen-686  and might have to install Open vSwitch in userspace.
> 
> On Tue, Jul 27, 2010 at 4:03 PM, Ben Pfaff <blp at nicira.com> wrote:
> 
> > On Tue, Jul 27, 2010 at 03:49:03PM -0700, Hardeep Uppal wrote:
> > > I am trying to find if Open vSwitch can be used to replace libipq? I am
> > > currently using libipq for iptables userspace packet queuing. The
> > > performance of libipq is not that great and I was wondering if Open
> > vSwitch
> > > can be used for iptables packet queuing? Is there an Open vSwitch api
> > that a
> > > user code can make calls to receive packets from a queue, modify the
> > packet
> > > and reinject it back into the kernel.
> >
> > Yes, you could probably do this or something similar with Open vSwitch.
> > It has all of the right interfaces for receiving a packet from the
> > kernel and then reinjecting it.  However, it is not a design goal of
> > Open vSwitch to do this kind of this at a high rate.  Instead, Open
> > vSwitch tries to install flows directly into the kernel so that packets
> > don't have to go to userspace at all.  So I'd have no reason to guess
> > that OVS would be better at this than another interface that is designed
> > for the purpose.
> >




More information about the discuss mailing list