Abstract
The virtual switch is the cornerstone of the today's virtualized data center. As all traffic to and from virtual machines or containers must pass through a vSwitch, it is the ideal location for network configuration and policy enforcement.
The bulk of Open vSwitch functionality is platform-agnostic and portable. However the datapath, which touches every packet, is unique to each supported platform. Maintaining each datapath requires duplicated effort and the result has been inconsistent support of features across platforms. Even on a single platform, the features supported by a particular kernel version can vary. Further, datapath functionality must be broadly useful which prevents having application-specific features in the fast path.
eBPF, extended Berkeley Packet Filter, enables userspace applications to customize and extend the Linux kernel's functionality. It provides flexible platform abstractions for network functions, and is being ported to a variety of platforms. This paper describes the design, implementation, and evaluation of an eBPF-based extensible OVS datapath. The eBPF OVS datapath delivers the equivalent functionality of the existing OVS kernel datapath, while significantly reducing development pain points around maintainability and extensibility. We demonstrate that these benefits don't necessarily have a trade off in regards to performance, with the eBPFbased datapath showing negligible overhead compared to the existing kernel datapath.
- IO Visor Project. https://www.iovisor.org/, 2016.Google Scholar
- Zaafar Ahmed, Muhammad Hamad Alizai, and Affan A Syed. Inkev: In-kernel distributed network virtualization for dcn. ACM SIGCOMM CCR, 2016.Google Scholar
- BCC Authors. BCC - tools for bpf-based linux io analysis, networking, monitoring, and more. https://github.com/iovisor/bcc, 2016.Google Scholar
- Cilium Authors. BPF and XDP for containers. https://github.com/cilium/cilium, 2016.Google Scholar
- Andrew Begel, Steven McCanne, and Susan L Graham. Bpf+: Exploiting global data-flow optimization in a generalized packet filter architecture. In ACM SIGCOMM Computer Communication Review, volume 29, pages 123--134. ACM, 1999. Google ScholarDigital Library
- A.; Borkmann, D.; Starovoitov and H. F. Sowa. bpf: add support for persistent maps/progs. In Linux kernel, commit b2197755b263., 2015.Google Scholar
- D. Borkmann. bpf: avoid stack copy and use skb ctx for event output. In Linux kernel, commit 555c8a8623a3., 2016.Google Scholar
- D. Borkmann. bpf: direct packet write and access for helpers for clsact progs. In Linux kernel, commit 36bbef52c7eb., 2016.Google Scholar
- D. Borkmann and A. Starovoitov. bpf: add event output helper for notifications/ sampling/logging. In Linux kernel, commit bd570ff970a5., 2016.Google Scholar
- Daniel Borkmann. Advanced programmability and recent updates with tc's cls bpf. NetDev 1.2, 2016.Google Scholar
- Daniel Borkmann. On getting tc classifier fully programmable with cls bpf. NetDev 1.1, 2016.Google Scholar
- Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, et al. P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review, 44(3):87--95, 2014. Google ScholarDigital Library
- Jonathan Corbet. Extending extended bpf. https://lwn.net/Articles/603983/, 2014.Google Scholar
- Changhoon Kim, Anirudh Sivaraman, Naga Katta, Antonin Bas, Advait Dixit, and Lawrence J Wobker. In-band network telemetry via programmable dataplanes. In ACM SIGCOMM, 2015.Google Scholar
- Steven McCanne and Van Jacobson. The bsd packet filter: A new architecture for user-level packet capture. In USENIX winter, volume 46, 1993. Google ScholarDigital Library
- Paul E. McKenney, Jonathan Appavoo, Andi Kleen, Orran Krieger, Rusty Russell, Dipankar Sarma, and Maneesh Soni. Read-copy update. In Ottawa Linux Symposium Conference Proceedings, page 175. Ottawa Linux Symposium, 2001.Google Scholar
- Justin Pettit, Ben Pfaff, Joe Stringer, Cheng-Chun Tu, Brenden Blanco, and Alex Tessmer. Bringing platform harmony to VMware NSX. In ACM SIGOPS Operating Systems Review, 2017.Google Scholar
- Jiří Pírko and Red Hat. Implementing open vswitch datapath using tc. Proceedings of Netdev 0.1, 2015.Google Scholar
- Fulvio Risso and Politecnico di Torino Matteo Bertrone. Coupling the flexibility of ovn with the efficiency of iovisor: Architecture and demo. OVS Fall Conference, 2016.Google Scholar
- Jamal Hadi Salim. Linux traffic control classifier-action subsystem architecture.Google Scholar
- Muhammad Shahbaz, Sean Choi, Ben Pfaff, Changhoon Kim, Nick Feamster, Nick McKeown, and Jennifer Rexford. Pisces: A programmable, protocol-independent software switch. In Proceedings of the 2016 conference on ACM SIGCOMM 2016 Conference, pages 525--538. ACM, 2016. Google ScholarDigital Library
- A. Starovoitov. net: filter: x86: internal bpf jit. In Linux kernel, commit 622582786c9e., 2014d.Google Scholar
- A. Starovoitov. bpf: allow bpf programs to tail-call other bpf programs. In Linux kernel, commit 04fd61ab36ec., 2015a.Google Scholar
- A. Starovoitov. bpf: direct packet access. In Linux kernel, commit 969bf05eb3ce., 2016.Google Scholar
- Xi Wang, David Lazar, Nickolai Zeldovich, Adam Chlipala, and Zachary Tatlock. Jitk: A trustworthy in-kernel interpreter infrastructure. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14), pages 33--47, 2014. Google ScholarDigital Library
Index Terms
- Building an Extensible Open vSwitch Datapath
Recommendations
revisiting the open vSwitch dataplane ten years later
SIGCOMM '21: Proceedings of the 2021 ACM SIGCOMM 2021 ConferenceThis paper shares our experience in supporting and running the Open vSwitch (OVS) software switch, as part of the NSX product for enterprise data center virtualization used by thousands of VMware customers. Starting in 2009, the OVS design split its ...
Effects of Virtualization on Network and Processor Performance Using Open vSwitch and Xen Server
UCC '14: Proceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud ComputingCloud computing is based on virtualization, where a single physical resource is virtualized into multiple virtual resources. Processor and network virtualization offer many advantages like saving in hardware cost, energy consumption, human effort and ...
Comments