[ovs-discuss] open vSwitch port input buffer capacity

Ben Pfaff blp at ovn.org
Fri Apr 15 05:47:22 UTC 2016


OK, so you're asking how many packets does OVS buffer on an OpenFlow
connection?  That was not clear from the question.  It is documented in
ovs-vswitchd(8):

   Packet buffering.
       The OpenFlow specification, version 1.2, says:

              Switches  that  implement  buffering  are  expected  to  expose,
              through  documentation,  both the amount of available buffering,
              and the length of time before buffers may be reused.

       Open vSwitch maintains a separate set of 256 packet  buffers  for  each
       OpenFlow  connection.  Any given packet buffer is preserved until it is
       referenced by an OFPT_FLOW_MOD or OFPT_PACKET_OUT request or for 5 sec‐
       onds, whichever comes first.

Also, PKTBUF_CNT isn't 512, it's 256.

On Fri, Apr 15, 2016 at 05:42:02AM +0000, Ali Volkan Atli wrote:
> Hi Ben
> 
> No doubt you are a legend but you are wrong in this question or I'm
> totally screwed :)
> 
> I think you did not understand the question correctly. OvS has a
> buffer mechanism for each controller. While trying to add a flow_mod
> with max_length is not OFPCML_NO_BUFFER, the packets are stored in the
> buffer. If the maximum capacity is exceeded, OvS start sending the
> whole packets instead of related parts in the packet-in
> messages. Finally, its size (PKTBUF_CNT) is 512.
> 
> @Majid, just set max-lenght (different than 0xFFFF) and then drop the packet-in messages in the controller and then you'll see the whole packets after 512th packet-in.
> 
> - Volkan
> 
> ________________________________________
> From: discuss [discuss-bounces at openvswitch.org] on behalf of Ben Pfaff [blp at ovn.org]
> Sent: Thursday, April 14, 2016 6:56 PM
> To: ‪Majid Taleqani‬ ‪‬
> Cc: discuss at openvswitch.org
> Subject: Re: [ovs-discuss] open vSwitch port input buffer capacity
> 
> On Thu, Apr 14, 2016 at 01:52:31PM +0000, ‪Majid Taleqani‬ ‪ wrote:
> > i am writing a DDOS mitigation for openflow networks using pox
> > controller and open vSwitch version 1.9. as DDOS attacks aim at
> > Flooding flow tables and input buffers, i wonder what is the maximum
> > capacity of each switch port input buffer.
> 
> OVS ports themselves don't have buffers, so this is a question of your
> NIC driver's buffering strategy.
> 
> > i know after the switch input buffer overflows then the switch sends
> > the whole packet to the controller
> 
> No, that's wrong.  Buffer overflow has nothing to do with sending
> packets to the controller.
> 
> > and then the controller responses by sending packet out message which
> > contains the whole packet and also the action.  i want to know how
> > much data and at what rate should a host send data to overflow a
> > switch port input buffer and if is it possible to change the switch
> > port input buffers? is it possible to change the amount of time that a
> > packet stays in buffer before timeouts?  thanks
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss



More information about the discuss mailing list