[ovs-discuss] High CPU Usage by ovs-vswitchd and resulting packet loss

[Justin Pettit]

On Jun 6, 2012, at 2:52 AM, Oliver Francke wrote:

> @Justin: Any other recommendations?

Are you also having many short-lived flows?  If you're in the range I mentioned in my response to Kaushal (roughly 120,000 flow setups per second), then the forthcoming 1.7.0 release may be enough for you.

> If it's worth, I could try to start a new thread, but talking about high CPU-load, how do you all handle something like SYN-FLOOD attacks and stuff like that?

Each datapath has 16 queues that connect the kernel to userspace.  We assign each port to one of those queues, which will help prevent a port from starving the other ports.  Our use-case is to prevent one VM from starving out the others.  In Kaushal's case, he using OVS more like a bump-in-the-wire than a vswitch, meaning that he's not concerned with a bad actor at the port level.

We've got a couple of people traveling this week, but when they get back, I plan to discuss how we may be able to provide finer-grained control over flow setups for vswitch deployments, since our current approach is rather coarse and can lead to queue collisions.  I've also written Kaushal off-line to see if I can get more information about his situation.

--Justin