[ovs-discuss] Why is OVS patch used instead of veth pairs to connect OVS bridges?

[Ben Pfaff]

On Sun, Feb 07, 2016 at 11:12:35AM +0100, Dragos Ilie wrote:
> The explanation I've seen is that the OVS /patch/ interface is optimized
> for OpenvSwitch. I would like to understand what is being optimized.
> 
> I've seen a reply on the OVS mailing list that says OVS /patch/ ports
> are implemented entirely inside OVS userspace. I don't understand how
> this is done without a performance penalty. I've thought that as soon a
> VM sends a packet to its vNIC, the packet will cross from user space to
> kernel space over the TAP interface. Eventually the packet reaches the
> OVS bridge (br-int, for example). If at that point the packet must be
> sent to next OVS bridge over a /patch/ port, does it mean it crosses
> back to user space? That would incur a performance hit.
> 
> I am hypothesizing that perhaps the /patch/ port is just a configuration
> construct to tell the OVS kernel module that the ports on two OVS
> bridges are connected. Then, somehow the kernel module is able to
> forward the packets between the two bridges more efficiently than over a
> /veth/ pair. It would be nice if somebody can confirm if this is the
> correct explanation or if there is a better one.

In the kernel module, all of the bridges in a given Open vSwitch
instance are represented by a single construct called a "datapath".  A
datapath isn't divided into bridges in any way.  Userspace can implement
patch ports without needing any special support from the kernel.  If a
flow sends a packet across a patch port, userspace can implement
whatever happens on the bridge at the other end of the patch port in
terms of the datapath.  From the kernel's point of view, the patch port
doesn't exist at all, and no additional trips to userspace are incurred
by a flow that traverses patch ports.