Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

OVS Flow Table Normalization

The Open vSwitch ( OVS ) flow table normalization solution applies to public and private clouds. OVS is an excellent open-source software switch that supports mainstream switch functions, such as Layer 2 switching, network isolation, QoS, and traffic monitoring. It supports OpenFlow, which defines flexible data packet processing specifications and provides L1 to L4 packet processing capabilities. OVS supports multiple Linux virtualization technologies, including Xen, KVM, and VirtualBox. Based on open source software, the Huawei-developed Extensible Packet Framework (XPF) combines multiple types of flow table action sets. This can reduce the number of query times and greatly improves packet forwarding performance in the connection tracking (CT) scenario.

Figure 1 shows the architecture of the OVS flow table normalization solution. Table 1 describes the components of the solution.

Figure 1 Architecture of OVS flow table normalization
Table 1 Components of OVS flow table normalization

Name

Description

NIC

The NICs send and receive packets.

QEMU

QEMU runs in user mode on the host as a process. Based on the KVM and kernel features, QEMU simulates hardware such as the CPUs, memory, and I/O devices to support running of the guest OS in a process.

DPDK

The Data Plane Development Kit (DPDK) provides a set of data plane libraries and network interface controller polling-mode drivers for offloading TCP packet processing from the OS kernel to processes running in user space. In other words, it is a software library used to accelerate packet data processing.

ovs-vswitchd

It is an OVS daemon and a core component of OVS. It works with the Linux kernel compatibility module to implement flow-based switching. It communicates with the upper-layer controller through the OpenFlow protocol, with the ovsdb-server through the OVSDB protocol, and with the kernel module through Netlink.

OpenFlow

OpenFlow separates the data layer from the control layer. The OpenFlow switches forward data at the data layer, and the controller implements the functions of the control layer. The OpenFlow component in the figure mainly implements the control layer.

XPF library

The XPF library is a Huawei-developed function module, which implements an intelligent offload engine module in the OVS software. This module is used to trace all flow tables and CT tables of data packets in the OVS software. It comprehensively orchestrates the executed CT behaviors and all flow table behavior entries into a comprehensive behavior entry, and generates an integrated flow table entry with reference to the unified match entry. After subsequent data packets enter OVS, if the packets match the integrated flow table, the comprehensive behavior is directly executed. Compared with the open source processing flow, the number of queries is reduced, and the performance is improved.

The OVS flow table normalization software package depends on the open source OVS, and the re-engineered OVS depends on the XPF library. Therefore, you need to compile OVS twice. The first round is to compile the open source OVS and copy necessary header files. The second round is to compile the re-engineered OVS.

OVS DB

It is a lightweight database developed for OVS. It stores various configuration information (such as bridge and port information) about OVS.

DPDK

DPDK is a data plane development kit provided by Intel. It provides library functions and drivers for efficient data packet processing in the user space. In other words, it is a software library used to accelerate packet data processing.

The DPDK focuses on high-performance processing of data packets in network applications. The DPDK runs in the user space and uses the data plane library provided by the DPDK to send and receive data packets, bypassing the Linux kernel protocol stack. It is not a complete product with which users can build applications directly, and does not contain tools that need to interact with the control layer (including the kernel and protocol stack).

Compared with Linux, the Intel DPDK technology greatly improves the IPv4 forwarding performance and enables users to obtain better cost-effectiveness and performance advantages when migrating package processing applications. In addition, different services, such as application processing, control processing, and packet processing services, can be deployed on a unified platform. Figure 2 shows the DPDK architecture.

  • Pool Mode Driver (PMD): improves the efficiency of sending and receiving data frames by using the non-interrupt mechanism and the zero-copy mechanism for data frames entering and leaving the application buffer.
  • Flow classification: provides an optimized search algorithm for N-tuple matching and longest prefix matching (LPM).
  • Ring queue: provides a lock-free mechanism for the ingress and egress queues of a single or multiple data packet producers and a single data packet consumer, effectively reducing system overheads.
  • MBUF buffer management: allocates memory to create buffers, creates MBUF objects, and encapsulates actual data frames for applications to use.
  • Environment Abstract Layer (EAL): initializes the PMD, configures and binds the CPU cores and DPDK threads, and sets the hugepage memory.
Figure 2 DPDK architecture

OVS

OVS is a product-level virtual switch that is widely used in the production environment to support the running of the entire data center virtual network. Based on the software-defined networking ( SDN ) concept, OVS divides the entire core architecture into the control plane and data plane . The data plane is responsible for data switching, and the control plane implements switching policies to guide the data plane. OVS can be divided into three planes: management plane, data plane, and control plane. The data plane consists of the forwarding modules which mainly include ovs-vswitchd in user mode and datapath in kernel mode, and the associated ovsdb-server database module. The control plane is mainly implemented by the ovs-ofctl module, which interacts with the data plane based on the OpenFlow protocol. The management plane is implemented by various tools provided by OVS. These tools are also provided to facilitate control and management of each module at the underlying layer and improve user experience.

  • ovs-ofctl: ovs-ofctl is a module on the control plane. It is also a management tool that monitors and manages OpenFlow switches based on OpenFlow. It displays the status of an OpenFlow switch, including functions, configurations, and entries in the table.
  • ovs-dpctl: configures the kernel module datapath of a switch. It can be used to create, modify, and delete datapaths. Generally, there are 256 datapaths (numbered from 0 to 255) on a single machine. One datapath corresponds to one virtual network device. This tool can also collect statistics on the traffic passing through the device on each datapath and print flow information.
  • ovs-appctl: queries and controls the running OVS daemons, including ovs-switchd, datapath, and OpenFlow controller. It has the functions of ovs-ofctl and ovs-dpctl and is a powerful command. After ovs-vswitchd and similar processes are started, they run as daemons. This command enables users to control these processes better.
  • ovs-vsctl: queries and updates the ovs-vswitchd configuration. It is also a powerful command that implements commands related to bridges, ports, and protocols. In addition, it is responsible for database operations related to ovsdb-server.
  • ovsdb-client: It is a client program that accesses ovsdb-server and performs database operations through ovsdb-server.
  • ovsdb-tool: Different from ovsdb-client that requires ovsdb-server to perform database operations, ovsdb-tool can directly perform database operations.

Figure 3 shows the OVS architecture.

Figure 3 OVS architecture
Parent topic: Network Acceleration