[ovs-discuss] Packet inspection with Open vSwitch

Moises Rodrigues moisesber at gmail.com
Mon May 11 20:57:29 UTC 2015


Hello Flavio,

Thanks for such a quick response :)
I forgot to mention that the idea is to make the inspection as close
to the switch as possible. Trying to avoid the need to contact another
entity, and all the overhead that may come with it.
Yes, using the controller is for sure a way to solve this but this is
like the plan B. Maybe, inspecting directly from the switch could
result in less overhead.
Thanks for the response anyway. If you or anyone has any other
suggestion please share.

Best regards,

Moisés Rodrigues

On Mon, May 11, 2015 at 7:29 PM, Flavio Leitner <fbl at sysclose.org> wrote:
> On Mon, May 11, 2015 at 06:50:46PM +0200, Moises Rodrigues wrote:
>> Hello,
>>
>> I am trying to reproduce what was done in
>> http://dl.acm.org/citation.cfm?id=2620735
>> For those who cannot access the paper, what authors proposed that
>> "switches in our system are augmented to have a stateful app
>> processing capability that uses higher layer information in packets",
>> this way an application running on top of Open vSwitch can access
>> information beyond L2-L4.
>> Is there some sort of API for such extension? I mean, if I want to do
>> extra analyses with incoming packets, how could I do that? Do I have
>> to make direct modification in Open vSwitch's code or is there an
>> easier way?
>> I googled for a while but I could not find anything that helps. Maybe
>> I used the wrong words but, if any of you guys could help I would
>> really appreciate it.
>
> You can use the standard L2~L4 flow matching and if the packet is
> interesting, it can send to the controller. In this case the controller
> would pick the packet and do whatever additional processing needed.
>
> fbl
>



More information about the discuss mailing list