[ovs-discuss] open vSwitch port input buffer capacity

Ali Volkan Atli Volkan.Atli at argela.com.tr
Fri Apr 15 08:08:02 UTC 2016 

Hi

I would like to take this opportunity to ask a question about buffering. I've been trying to figure the buffering issue out for a couple of days. I tested it using ryu-controller and OvS produced ~1700 packet-in messages (and also ~1700 packet-out and ~1700 flow-mod) for one udp-flow on 1G (packet size is 1024). I think I should change pktbuf_save functions with a hash (like microflow but not in cache) for 5-tuple key (src_ip, dst_ip, src_port, dst_port and protocol) and also add a linked-list for each flow. It will be suitable for your proposal below which discussed before in a different thread. Also I should add a parameter into vswitch.xml to enable/disable buffering. Does my pre-design make sense? 

******STARTS *****

Here's a new copy of the change that I proposed to Open vSwitch:

- When a packet misses in the flow table, check for a buffered packet whose flow is identical.

* If there is one, just append the new packet to a linked list attached to that buffered packet. Don't send a packet-in.

* If there is none, make a new packet buffer and send a packet-in to the controller.

- If the controller sends a flow-add for a buffered packet, apply it to the buffered packet itself and to every packet on the linked list.

- If the controller sends a packet-out for a buffered packet, send it. Then if there's a list attached to the buffered packet, send the first packet in the list to the controller as a packet-in.

- If a buffered packet times out, send the first packet in the list to the controller as a packet-in.

- Volkan
________________________________________
From: Ben Pfaff [blp at ovn.org]
Sent: Friday, April 15, 2016 8:47 AM
To: Ali Volkan Atli
Cc: ‪Majid Taleqani‬ ‪‬; discuss at openvswitch.org
Subject: Re: [ovs-discuss] open vSwitch port input buffer capacity

OK, so you're asking how many packets does OVS buffer on an OpenFlow
connection?  That was not clear from the question.  It is documented in
ovs-vswitchd(8):

   Packet buffering.
       The OpenFlow specification, version 1.2, says:

              Switches  that  implement  buffering  are  expected  to  expose,
              through  documentation,  both the amount of available buffering,
              and the length of time before buffers may be reused.

       Open vSwitch maintains a separate set of 256 packet  buffers  for  each
       OpenFlow  connection.  Any given packet buffer is preserved until it is
       referenced by an OFPT_FLOW_MOD or OFPT_PACKET_OUT request or for 5 sec‐
       onds, whichever comes first.

Also, PKTBUF_CNT isn't 512, it's 256.

On Fri, Apr 15, 2016 at 05:42:02AM +0000, Ali Volkan Atli wrote:
> Hi Ben
>
> No doubt you are a legend but you are wrong in this question or I'm
> totally screwed :)
>
> I think you did not understand the question correctly. OvS has a
> buffer mechanism for each controller. While trying to add a flow_mod
> with max_length is not OFPCML_NO_BUFFER, the packets are stored in the
> buffer. If the maximum capacity is exceeded, OvS start sending the
> whole packets instead of related parts in the packet-in
> messages. Finally, its size (PKTBUF_CNT) is 512.
>
> @Majid, just set max-lenght (different than 0xFFFF) and then drop the packet-in messages in the controller and then you'll see the whole packets after 512th packet-in.
>
> - Volkan
>
> ________________________________________
> From: discuss [discuss-bounces at openvswitch.org] on behalf of Ben Pfaff [blp at ovn.org]
> Sent: Thursday, April 14, 2016 6:56 PM
> To: ‪Majid Taleqani‬ ‪‬
> Cc: discuss at openvswitch.org
> Subject: Re: [ovs-discuss] open vSwitch port input buffer capacity
>
> On Thu, Apr 14, 2016 at 01:52:31PM +0000, ‪Majid Taleqani‬ ‪ wrote:
> > i am writing a DDOS mitigation for openflow networks using pox
> > controller and open vSwitch version 1.9. as DDOS attacks aim at
> > Flooding flow tables and input buffers, i wonder what is the maximum
> > capacity of each switch port input buffer.
>
> OVS ports themselves don't have buffers, so this is a question of your
> NIC driver's buffering strategy.
>
> > i know after the switch input buffer overflows then the switch sends
> > the whole packet to the controller
>
> No, that's wrong.  Buffer overflow has nothing to do with sending
> packets to the controller.
>
> > and then the controller responses by sending packet out message which
> > contains the whole packet and also the action.  i want to know how
> > much data and at what rate should a host send data to overflow a
> > switch port input buffer and if is it possible to change the switch
> > port input buffers? is it possible to change the amount of time that a
> > packet stays in buffer before timeouts?  thanks
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss

More information about the discuss mailing list