Open vSwitch and OVN 2023 Fall Conference
The Open vSwitch project, a Linux Foundation Collaborative Project, held its ninth annual conference focused on Open vSwitch and OVN on December 6&7, 2023. The conference was held online.
Day 1:
Day 2:
Abstracts
Can we blame the Kernel instead of Open vSwitch
Speaker: Eelco Chaudron, Red Hat
Often, when troubleshooting Open vSwitch (OVS) in the field, you might be left wondering if the issue is really OVS-related, or if it's a problem with the kernel being overloaded. This talk will discuss a new tool that would help you to quickly determine this.
Using OVN to build a NAT gateway, advantages and challenges
Speaker: Yi Yang, Baidu
OVN provides a friendly northbound API by OVSDB and high level layer 3 network abstration, this allows us to define virtual network by high level interfaces and be not care of openflow details, this presentation will show you how we use OVN to build a NAT gateway, what its advantages are and what challenges we 're facing and what our solutions to these challenges are. We also will live demonstrate our NAT gateway prototype.
SRv6 tunnel implementation in userspace datapath
Speaker: Nobuhiro Miki, Yahoo Japan Corporation
Open vSwitch v3.2.0 has introduced SRv6 (Segment Routing IPv6) tunnel in the userspace datapath. This talk will demonstrate the functionality and usage of this implementation, along with sharing the performance test results. Particularly, we would like to introduce this feature as a possible approach to realize VPC (Virtual Private Cloud) in our cloud infrastructure. Furthermore, new related options, such as the srv6_flowlabel, will be showcased.
Existing issues, especially those related to inner-header-based RSS, will be addressed, and the plans for future work, including the kernel datapath will be discussed.
DHCP Relay Agent support for overlay subnets
Speakers: Naveen Yerramneni, Huzaifa Calcuttawala, Mary Manohar, Nutanix
This feature enables IP address management for overlay subnets through an external DHCP servers, which are hosted on a VLAN network. It requires the overlay subnets to be directly reachable (without NAT) by the external DHCP servers. The DHCP server can be a physical appliance or an endpoint, not necessarily managed by OVN.
The solution introduces the following changes:
- NB Schema changes to configure the DHCP Relay for a Logical_Switch
- A new pipeline stage in the Logical_Router
- New actions in the ovn-controller to relay the DHCP requests and responses
Currently status of the feature: RFC is sent for review - https://www.mail-archive.com/ovs-dev@openvswitch.org/msg80899.html
OVN expression parsing: Fighting inequality
Speaker: Ilya Maximets, Red Hat
Having inequality matches in OVN ACLs was a big pain point for OVN users for a long time as they could result in a huge number of OpenFlow rules and very long processing times in ovn-controller. This talk is an overview of expression parsing in OVN's Logical Flows (including ACLs) as well as some computer science, some math and a little bit of algorithms to bring the number of OpenFlow rules down to reasonable.
OVS support userspace vxlan and geneve tunnel tso
Speaker: Dexia Li, Jaguar Microsystems Co.
In DPU scenario, kernel performance tested by iperf is an important metrics for dpu. Tcp and udp checksum costs a lot in kernel, so offloading the checksum to back-end Nic is a good solution. Vxlan and geneve tunnel is common between two nodes, and ovs do not support vxlan and geneve tunnel inner csum and tso now, so we propose userspace vxlan and geneve tunnel tso. After this, performance increase about 50% in bandwidth. Pps also has a obvious increase.
Save power with PMD thread load-based sleeping.
Speaker: Kevin Traynor, Red Hat
Save power with PMD thread load-based sleeping.
OVS with DPDK operates like most DPDK applications in that it continually polls interfaces for packets to achieve high throughput and low-latency. The trade-off for this is high CPU usage which usually leads to increased power usage.
However, when there is a low packet rate (or even no packets), the same cost of high CPU usage is still incurred. The new PMD thread load-based sleep feature will slow down polling interfaces when there is low packet rates which can reduce CPU usage and potentially save power.
The talk will explore the feature, the trade-offs and how it can be tuned by users to best suit their requirements.
Packet Collection: Performance and Techniques
Speaker: Mike Pattrick, Red Hat
Collecting packets that transit through OVS is an important feature in debugging networking issues, but can also significantly impact the performance of OVS.
This presentation will cover some of the efforts to improve the performance packet capture performance, benchmarks, and future work.
OVN testing and CI - an update - What kind of tests run and where?
Speaker: Dumitru Ceara, Red Hat
There are different ways OVN is tested today: in-tree unit tests, in-tree system tests, CMS (cloud management system) tests running upstream/downstream, scale tests with simulated CMS (ovn-heater) or even end-to-end scale tests deploying actual OVN clouds. This talk will give an overview of what is new in the OVN testing world (from an OVN contributor point of view) and will also present how, where and when these different types of tests run. We'll try to conclude with a list of potential action items that might improve the OVN testing process and its effectiveness in the near future.
Using MicroOVN to deploy and maintain an OVN cluster
Speaker: Martin Kalcok, Canonical
We recently released the first stable version of MicroOVN [1]. This tool aims to provide a simple way to deploy and maintain an OVN cluster, while also retaining all the lower level tools a user would have in manual installation.
Main benefit of MicroOVN over manual installation is its ability to automatically orchestrate an OVN cluster and configure ovn/ovs processes when a cluster member is added or removed.
Current stable release of MicroOVN uses OVN 22.03, but we plan to release the next version with OVN 23.09 in the near future.
Protocol correctness validation in OVS/OVN test suites
Speaker: Ihar Hrachyshka, Red Hat
In this brief talk, I will stress the importance of end-to-end protocol validation in upstream test suites, and I will share a number of new and / or little known tools and tricks that you'll be able to use in your upstream work to write better, readable tests.
OVN-Northd Incremental Processing in C: Methodology, Achievements, and Challenges
Speaker: Han Zhou, NVIDIA
In this presentation, we delve into recent advancements in OVN-Northd's incremental processing using the C implementation. Historically, OVN-Northd posed a significant scaling challenge for the OVN control plane due to its reliance on full recomputation. Incremental processing is widely recognized as the definitive solution to this bottleneck. The earlier DDlog-based approach showed encouraging outcomes, but it encountered substantial hurdles that hindered its evolution to a production-ready status. In this talk we will outline the strategies adopted in the C implementation, chart the progress achieved, and explore the persistent challenges alongside potential resolutions.
Linux Networking & OVS as a Pipeline
Speaker: Dan Daly, Namrata Limaye, Intel
Linux networking is highly modular with multiple independent control planes (including OVS) able to control and manipulate network traffic in different ways. In this talk we will discuss a patchset that integrates the virtual L2 bridging functionality of OVS into a broader Linux Networking P4 Pipeline. This pipeline is implemented in an Intel IPU E2100, running the linux networking & OVS dataplane in hardware providing higher performance and hardware isolation between VMs and containers. This patchset in OVS enables OVN to provide hardware offloaded Infrastructure-as-a-Service alongside additional control planes, for example using strongSwan to enable tenant crypto in hardware. In this way the P4 pipeline explicitly defines how the virtual bridging of OVS, the IPsec capabilities of strongSwan, Linux routing and connection tracking for security groups are sequenced and controlled by each of the separate control planes.
CXL and SmartNICs: a paradigm change?
Speaker: Alejandro Lucero
Efficiently sharing memory between CPUs and high performance devices like GPUs is what CXL tries to achieve. This new approach will bring changes to how operating systems do things, and networking will also be affected sooner or later. Although similar functionality can be achieved with adhoc vendor pathways, CXL will allow simpler hardware designs, a protocol more suitable than PCIe for memory load/store operations by the CPUs, coherency managed by the protocol, and, what this paper states, the opportunity for standardizing how the control path is programmed by the Host into SmartNICs with Match and Action Tables. If the Linux way of supporting such control path, that is a slow path through the kernel and a fast path through the SmartNIC, is assumed to be the right solution, an CXL-based design could overcome the limitations of current kernel approach with TC and netfilter/conntrack when used in massive virtualization scenarios. Moreover, the offloading of rules and flows could not only be standardized but simpler and more efficiently done through CPUs memory operations instead of per-vendor driver code requiring helpers like kworkers or suffering hard-to-parallelize TC functionality. A paradigm change like this could open new possibilities bringing closer the dream of full, private and compartmentalized programmability in the network control path required in multi-tenant cloud networks.
Tracing packets in the kernel OVS datapath with Retis
Speakers: Adrian Moreno, Paolo Valerio, Red Hat
When the OVS kernel datapath is used, the overall network pipeline can get even more complex and difficult to troubleshoot. Typically, at a given time many different packets are traversing the OVS kernel datapath, the userspace daemon (ovs-vswitchd), the core networking stack (socket or netdev layers, tcp/udp stacks, veths) or many optional yet super-common kernel modules (nf_conntrack, nf_tables, ipsec, etc).
Debugging networking issues by trying to trace specific packets throughout this complex maze can be challenging and time consuming.
The new network tracing tool, “retis”, aims to provide a comprehensive yet easy-to-use network tracing and analysis tool that can be used on complex networks. Designed to be portable and easy to extend to new environments, it considers OpenvSwitch as a first-class citizen. Written in rust and based on ebpf, it takes inspiration from other existing tools to balance flexibility and user-friendliness.
In this talk we will present retis, discuss its main features, show its potential in a demo and gather feedback from the OVS community that can help make retis even more useful for OVS debugging.
Keynote: Rashid Khan
Rashid Khan is Senior Director of Networking. His team's responsibility include kernel networking, NM, OVS, OVN, DPDK, HW enablement (NIC RDMA). He has 25+ years of experience working on linux networking stack, embedded solutions, and Telco.
Rashid is currently in charge of the telco solutions from RHEL and the Fast Data Path group.
More information
To reach the organizers, email ovscon@openvswitch.org. For general discussion of the conference, please use the ovs-discuss mailing list.