There are two packet processing APIs. There is, first, the public API, which is an implementation of the OpenFlow 1.0 protocol documented at http://openflowswitch.org/. This is mainly meant to be used remotely from a separate machine, but it can also be used locally over a Unix domain socket or localhost TCP connection.
The second API is the one that Open vSwitch uses internally to talk to its kernel module. This API is not entirely final or stable (or we would have upstreamed it to the Linux kernel), but it is more or less documented in the header file include/openvswitch/datapath-protocol.h and in the userspace interface library comments in lib/dpif.c. If you're looking for performance, you want the kernel module. The all-userspace implementation uses the same kernel interfaces as e.g. tcpdump or wireshark, which aren't designed for packet forwarding. I'd guess that the performance hit is 2X or more. Open vSwitch flows can modify headers but do not currently support application-level gatewaying. On Tue, Jul 27, 2010 at 04:20:30PM -0700, Hardeep Uppal wrote: > Thanks for the reply. I can't seem to find the documentation to the Open > vSwitch API. Could you direct me to it? > Also can Open vSwitch be used to insert flows into the kernel that modify > the packet header to get functionality similar to a NAT? > > The documentation for Open vSwitch mentions performance hit when using Open > vSwitch in userspace. Do you have an estimate as to how much the performace > decreases in userspace? I am currently using Xen hypervisor with > 2.6.26-2-xen-686 as my dom0 kernel. I can't seem to find the header files > for 2.6.26-2-xen-686 and might have to install Open vSwitch in userspace. > > On Tue, Jul 27, 2010 at 4:03 PM, Ben Pfaff <[email protected]> wrote: > > > On Tue, Jul 27, 2010 at 03:49:03PM -0700, Hardeep Uppal wrote: > > > I am trying to find if Open vSwitch can be used to replace libipq? I am > > > currently using libipq for iptables userspace packet queuing. The > > > performance of libipq is not that great and I was wondering if Open > > vSwitch > > > can be used for iptables packet queuing? Is there an Open vSwitch api > > that a > > > user code can make calls to receive packets from a queue, modify the > > packet > > > and reinject it back into the kernel. > > > > Yes, you could probably do this or something similar with Open vSwitch. > > It has all of the right interfaces for receiving a packet from the > > kernel and then reinjecting it. However, it is not a design goal of > > Open vSwitch to do this kind of this at a high rate. Instead, Open > > vSwitch tries to install flows directly into the kernel so that packets > > don't have to go to userspace at all. So I'd have no reason to guess > > that OVS would be better at this than another interface that is designed > > for the purpose. > > _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
