ovs17 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, November 16

8:00am PST

Continental Breakfast & Registration
Thursday November 16, 2017 8:00am - 9:00am PST

9:00am PST

Thursday November 16, 2017 9:00am - 9:10am PST

9:10am PST

OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membership Library
In this talk we will present a data-plane optimization for OvS, we will highlight our prototype and experimental results when applying the "new" DPDK Membership Library to improve flow classification for Open vSwitch (OvS) and achieve a 2X-3X higher throughput.

OvS-DPDK uses tuple search in the Mega Flow Cache (MFC) where the tuples are sequentially searched for a flow match. With increasing number of flows and tuples this sequential search becomes a throughput bottleneck. In this talk we present how we used the DPDK Membership Library to create a two-level lookup mechanism for the MFC supporting millions of flows. Where the first-level is a summary that caches and direct a flow to the tuple it will most probably match on, and thus, avoids the overhead of the sequential search of tuples. For the case of 20 subtables and 10K flows, the throughput performance is improved by almost 2.7X using our technology vs. the native OvS-DPDK.

Thursday November 16, 2017 9:10am - 9:30am PST

9:35am PST

Ingress Scheduling
Network traffic often needs to be prioritized. For instance control plane traffic should be prioritized over other data and protected from loss in an overload situation in order to keep the network infrastructure itself working.

However as DPDK gets much of its efficiency by using a run-to-completion model this makes traditional prioritization which involves inspecting packets and storing lower priority packets temporarily while higher priority packets are processed, difficult.

This talk outlines use cases for Ingress Scheduling and an approach that involves offloading the inspection of packets for priority/non-priority decision to the NIC. By assigning priority packets to a separate Rx descriptor queue and introducing the idea of a priority queue to Open vSwitch certain traffic can be effectively protected without compromising the efficiency of DPDK-enabled OVS.

Thursday November 16, 2017 9:35am - 9:55am PST

10:00am PST

This session will focus on the current effort to re-introduce IPsec functionality in OVS userspace with OVS DPDK. The presentation will look at the following aspects:

1. Target use case: overview of the motivation to re-introduce IPsec to OVS in Userspace.
2. Proposed IPsec functionality: IPsec modes, crypto/authentication cipher support, Security Association support.
3. Implementation design and considerations including:
a. HW vs SW
b. Security Key Establishment
c. Example of packet encryption/decryption.
4. Performance metrics: metrics available from current IPsec work including HW QAT and SW VDEVs, various cipher combinations.
5. Future work and existing gaps including:
a. Expanding IPsec modes and ciphers.
b. 3rd party support for IKEv2.
c. OVS architecture changes for improved crypto performance.


Thursday November 16, 2017 10:00am - 10:20am PST

10:25am PST

Thursday November 16, 2017 10:25am - 10:40am PST

10:40am PST

Riley: Pushing networking to the edge
In networks today, forwarding decisions are made by switches in sitting the middle of the network and congestion control decisions are made by the information collected by end-hosts sitting at the edge. In this talk, we argue that this design should not be applied to a data center network. Instead, we argue that data center networks can be significantly simplified and improved if routing decisions are made by the end-hosts or by the software switches (where there is more intelligence) and congestion control decisions are made using explicit in-band information given by the switch (where the congestion occurs).
We present a new network architecture, named Riley, which inherently flips the network inside-out by switching roles of the entities that make for forwarding and congestion control decisions. By doing so, Riley eliminates the need for forwarding state and the switch local control plane on the hardware switches, which consequently allows the extraneous hardware resources to be removed or be dedicated for other tasks, such as collecting detailed statistics on traffic latency and congestion. This information is disseminated to end-hosts, which can make congestion control decisions or route selection.


Thursday November 16, 2017 10:40am - 11:00am PST

11:05am PST

Trouble-shooting the Data Plane in OVS
As OVS is getting adopted in wide variety of deployments, both the complexity of the OVS configuration and of the environment in which OVS operates are constantly increasing.

Especially in the event of data plane issues, such as packet drops, mis-routing of packets, or performance degradation (throughput or latency) it is often extremely difficult to find the root cause of the problem. Currently available OVS debug commands and tools do not provide much aid in troubleshooting such problems, especially on target systems.

In this talk we present new debugging tools and techniques tailored for an efficient root cause analysis of data plane problems in OVS. These tools are designed to be used in production deployments with only minimal disturbance on the real-time performance of OVS even under very high load.

We are addressing two complementary classes of problems that have emerged in our testing of OVS-DPDK in Telco Cloud (NFVI) environment: 1. Sporadic latency spikes and bursts of dropped packets due to non-deterministic real-time behavior of OVS PMDs. 2. Systematic packet drops or mis-routed packets due to unexpected packet format/content, OVS configuration errors or software faults in OVS.

The presented debugging tools and techniques are work in progress and will be upstream soon (targeting OVS 2.9).

Thursday November 16, 2017 11:05am - 11:30am PST

11:30am PST

OVS-DPDK for NFV: go live feedback!
OVS-DPDK is now live in various Telco clouds, and this is just the beginning of the roll-out! This presentation will not showcase the latest and greatest of what can be done in a lab. Instead, we will review actual performances on realistic configurations, and provide guidance on OVS-DPDK dimensioning: how many cores, memory, queues, revalidators and dispatcher/emulator thread, etc. We will also review impact of features like stateful firewalling (conntrack), live-migration, LACP bonding and hashing, multicast traffic, cross NUMA traffic on the OVS-DPDK datapath and what is their domain of utilization in NFV: we will measure the distance between expectations/hopes and reality.

Finally, we will review the new features that will improve OVS-DPDK usability in production and for SDN/upper-layers developers: automatic rx queue re-balancing, MTU negotiation, VSPerf characterization with realistic traffic profile and realistic workloads.

Thursday November 16, 2017 11:30am - 11:50am PST

11:55am PST

Thursday November 16, 2017 11:55am - 1:05pm PST

1:05pm PST

OVS-DPDK installation and Gotchas
DPDK is used to get better performance when installing OVS on
hardware. This talk presents just 2 scripts to help setup and configure OVS
2.8.1 with DPDK on Ubuntu 17.04.  Also discussed are items related to
selection and configuration of hardware,  gotchas in running and operating
such an installation.  Scripts are located @

avatar for Shivaram Mysore

Shivaram Mysore

Founder, Service Fractal Inc
Serial entrepreneur with significant contribution to 26~ revenue generating products. Founded and grew businesses with a total estimated value of $25+ Million. Managed budgets up to $7 Million. Proven results oriented business leader with strong interpersonal and communication skills... Read More →

Thursday November 16, 2017 1:05pm - 1:10pm PST

1:10pm PST

OVS Accelerator Demo Using Intel/Xilinx FPGA Card

Thursday November 16, 2017 1:10pm - 1:15pm PST

1:15pm PST

Community Practices for OVS with DPDK
This talk will give an overview of a number of initiatives started over the past year to help improve development work flow, communication and visibility within the OVS community with regards to DPDK focused development. The talk will review the following :

1. Batching patches on intermediate branch for pull requests for OVS DPDK features: Will review the current model and the impact this has in improving the workflow for the community.
2. Publishing Feature Roadmap to Community: Initially introduced for OVS 2.9, review of purpose, current implementation and impact on visibility for the OVS community.
3. OVS DPDK Community Sync meeting: Biweekly meeting established since in the past year with the aim of improving communication within the community, will review types of content discussed such as test plans, upcoming features in DPDK and how this has helped inform community decisions and collaboration.


Thursday November 16, 2017 1:15pm - 1:20pm PST

1:20pm PST

OVS-DPDK for IP-TV live at Swisscom
This session will provide an OVS-DPDK centric description of IP-TV streaming architecture at Swisscom: why OVS-DPDK, how many cores, how many flows, why multicast, ... This OpenStack NFV deployment is live since summer!


Thursday November 16, 2017 1:20pm - 1:25pm PST

1:25pm PST

OVS-DPDK: Embracing your NUMA nodes.
In order to maximize resources, multiple NUMA nodes need to be utilized. In this talk we will look at how best to tune OVS-DPDK parameters to enable usage of multiple NUMA nodes with the DPDK datapath.

It will be based on this blog:


Thursday November 16, 2017 1:25pm - 2:25pm PST

1:30pm PST

OVS-DPDK: Every cycle counts.
The OVS-DPDK datapath is typically CPU cycle bound. In this talk we will recap some of the existing ways to use cores for best performance and look at some of the newer additions.

- scaling with multiple cores
- scaling with multiple queues and RSS
- manual pinning of queues to cores
- distributing queues to cores based on round robin
- distributing queues to cores based on historical data


Thursday November 16, 2017 1:30pm - 1:40pm PST

1:40pm PST

State of the OVN

Thursday November 16, 2017 1:40pm - 2:00pm PST

2:05pm PST

OVN and Containers - An update.
The current status of OVN and Docker/Kubernetes/Mesos integrations.


Thursday November 16, 2017 2:05pm - 2:25pm PST

2:30pm PST

OVN at Nutanix
This talk reports the experience with OVN at Nutanix.


Thursday November 16, 2017 2:30pm - 2:50pm PST

2:55pm PST

Thursday November 16, 2017 2:55pm - 3:10pm PST

3:10pm PST

Conntrack + OvS
Conntrack is a perpetual source of confusion and mystery. In this talk, the myriad conntrack state machines will be discussed - kernel, userpsace, helpers, etc. Crafting some connection tracking rules, and debugging connections will be shown.


Thursday November 16, 2017 3:10pm - 3:30pm PST

3:35pm PST

Open vSwitch Offload: Conntrack and the Upstream Kernel
Offloading all or part of the Open vSwitch datapath to SmartNICs has
been shown to not only release CPU resources on the sever, but improve
traffic processing performance. Recently steps have been made to
support such offloading in the upstream Linux kernel. This has focused
on creating an OVS datapath using the TC flower filter and utilizing
the offload hooks already present here. This presentation focuses on
how Connection Tracking (Conntrack) may fit into this model. It
describes current work being undertaken with the Netfilter community
to allow offloading of Conntrack entries. It continues to link this
work with the offloading of Conntrack rules within OVS-TC.


Thursday November 16, 2017 3:35pm - 3:55pm PST

4:00pm PST

OVS/OVS-DPDK connection tracking for Mobile usecases
Present the usecase for high connection rate in the Mobile EPC and Telco market and the need for tracking of connections for QoS/Metering and Billing. Need to develop better open source tools to benchmark this usecase. Need for OVS Offload with Conntrack. Integration with ODL SDN controller to push Conntrack with Nitrogen.
How to scale to thousands of active conntrack sessions or connections and impact to throughput. There are thousands of short lived connections coming in every second and equal number being dropped. Measure how OVS and OVS-DPDK handle high incoming connection or flow rates. Impact of exact match cache (EMC) with conntrack rules expansion.

Thursday November 16, 2017 4:00pm - 4:20pm PST

4:25pm PST

DigitalOcean Cloud Firewalls: powered by OvS and conntrack
In this talk, Kei will share the story about how DigitalOcean Cloud Firewalls were designed and implemented through OvS and conntrack.


Thursday November 16, 2017 4:25pm - 4:45pm PST

4:50pm PST

Day 1 Closing Remarks
Thursday November 16, 2017 4:50pm - 5:00pm PST
Friday, November 17

8:00am PST

Continental Breakfast & Registration
Friday November 17, 2017 8:00am - 9:00am PST

9:00am PST

Day 2 Welcome
Friday November 17, 2017 9:00am - 9:15am PST

9:15am PST

CORD: An Open Source Platform To Reinvent The Network Edge

Friday November 17, 2017 9:15am - 10:00am PST

10:00am PST

Benchmarking & Comparing Open vSwitch using OPNFV VSPERF
VSPERF is an OPNFV project that provides an automated test-framework and comprehensive test suite based on industry standards for measurement of data-plane performance and verification of functionality of software switching technologies.

In the past year several positive developments to the project have been made. The talk will cover such items, for example:
1. RFC Approved
The Internet Draft describing VSPERF's Level Test Design Specification was approved for publication as an RFC by the Internet Engineering Steering Group, meaning the suite of tests are formally recognised as the de-facto benchmarking standard for virtual switches

2. OVS vs VPP comparison
The integration of a new switching technology namely FD.io VPP to the project means it is now possible to compare OVS, OVS DPDK, and FD.io VPP using a single test framework and at the click of a button. The usefulness as well as the pain-points associated with this feature will be discussed, in particular the difficulties involved in trying to compare apples-to-apples with different switching technologies.

3. Functional testing improvements
The introduction of so-called 'step-driven testing' to VSPERF makes it easier than ever to implement functional testing for supported virtual switches, a very useful feature for developers and users alike. User-experience of this will be discussed with the possibility of a demo.



Friday November 17, 2017 10:00am - 10:20am PST

10:25am PST

LXC Linux Containers over OpenvSwitch
Strategies for using OpenvSwitch with LXC are discussed. In September 2017 LXC 2.1.0 was released with, for the first time, explicit support for OpenvSwitch.  However, previous versions of LXC in the 2.0.x series had also supported OpenvSwitch albeit more indirectly. These old and new modes of OpenvSwtich support and use in LXC 2.0.x and 2.1.x versions are

Methods of providing DNS/DHCP, WAN/internet resolution, and LUNs to LXCcontainers over OpenvSwitch in a wide variety of different DNS paradigms (e.g. NetworkManager, systemd-resolved, dnsmasq, and even ancient glibc) and operating systems (Debian-based and Redhat-based) will also be presented with a focus on hands-on working strategies and pro and con comparison.

Finally, if time permits, a couple brief examples of Oracle Enterprise software products in LXC on OpenvSwitch will be given.  Audience insights, questions, examples and opinions are welcomed.

avatar for Gilbert Standen

Gilbert Standen

Principal Solution Architect, Orabuntu-LXC
I am the creator of Orabuntu-LXC which uses OpenvSwitch for networking. Orabuntu-LXC includes containerized DNS/DHCP and SCST Linux SAN solutions. I'm interested in latest developments and best practice for using OpenvSwitch for Linux container networks. I'm also looking for some... Read More →

Friday November 17, 2017 10:25am - 10:45am PST

10:50am PST

Friday November 17, 2017 10:50am - 11:00am PST

11:05am PST

Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
Cavium's LiquidIO Smart NICs offer a mechanism to offload Open vswitch control and data plane to a network adapter allowing complete separation of the vswitch in a bare-metal server from host OS and get packets directly into VMs serviced by the NIC adapter using SRIOV PCI passthrough.


Friday November 17, 2017 11:05am - 11:25am PST

11:30am PST

OVS Performance on Steroids - Hardware Acceleration Methodologies
Telcos and Cloud providers are looking for higher performance and scalability when building nextgen datacenters for NFV & SDN deployments. While running OVS over DPDK reduces the CPU overload of interrupt driven packet processing, CPU cores are still not completely freed up from polling of the packet queues. We will present two mechanisms for improving OVS performance further.

In the first approach, OVS-DPDK is further accelerated through HW offloads. We introduce a classification methodology that enables a split control plane between OVS-DPDK and the NIC hardware. A flow tag that represents the matched rule in the hardware is passed to OVS which substantially saves CPU cycles consumed during flow look ups.

In the second approach, OVS data plane is fully offloaded in the NIC hardware through SRIOV. We introduce a highly efficient eSwitch based packet processing engine that uses OVS as the control plane to program flow entries.

We also present the open source work done in the DPDK, OVS and Linux Kernel communities and significant performance gains achieved with both above approaches. We also present how this work is extended to VXLAN traffic.


Friday November 17, 2017 11:30am - 11:50am PST

11:55am PST

NSH-based Service Function Chaining with OVS using Packet-type Aware Pipeline
In the past OVS could not support NSH-based Service Chaining because its OpenFlow pipeline was limited to processing Ethernet frames. OpenFlow 1.5 standardized the Packet Type-aware Pipeline (PTAP) which allows OpenFlow switches to deal with other packet types than Ethernet. Based on that the speakers implemented support for PTAP, the NSH protocol, and Encap/Decap actions for Ethernet and NSH headers in OVS 2.8.

In this talk we will explain the new concepts, give a summary of the implementation status and remaining work items, and demonstrate how OpenDaylight uses these new OVS features to realize NSH-based Service Function Chaining.

Yi implemented both the NSH support in OVS and the SFC application in OpenDaylight, so the audience can expect first-hand insights into what it means to develop a new SDN application across controller and vSwitch.


Zoltan Balogh

Software Developer, Ericsson

Friday November 17, 2017 11:55am - 12:15pm PST

12:20pm PST

Friday November 17, 2017 12:20pm - 1:20pm PST

1:20pm PST

Red Hat's perspective on OVS HW Offload Status
In this session, we will try to show the current state of OVS HW offload from Red Hat's perspective. Red Hat works with all the HW vendors and there has been a lot of activity upstream around OVS offload recently. We will try to give a snapshot of upstream and downstream status of different offload solutions.

We will so compare and contrast offloaded vs non-offloaded measured results. We will also highlight what we know is work in progress upstream, and what are the areas that will need further design and development.

Overall we will try to give an overall picture of OVS HW offload in a multi-vendor environment.


Friday November 17, 2017 1:20pm - 1:40pm PST

1:45pm PST

Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
OpenVSwitch(OVS) is a key open-source project and the de-facto industry standard for providing connectivity in virtualization deployments. The OVS in userspace using DPDK libraries can offer significant forwarding performance when compared to the default kernel based OVS. DPDK software libraries are optimized to run efficiently on CPU cores to make OVS datapath performant. OVS performance can also be accelerated by offloading certain packet processing workload to programmable hardware (such as smart NICs) when available. The marriage of OVS-DPDK with hardware acceleration features provides a compelling solution to meet the needs of CSP dataplane workloads NFV goals. However leveraging programmable hardware features in OVS is not straightforward and it depends on various factors such as supported features, hardware capacity and the use case.
The major challenge to make use of these hardware acceleration technologies are its limited scalability, interoperability and support of hardware acceleration features in existing open source software suites. Most of the NIC vendors have their own hardware acceleration strategy with its own feature list and out of tree software implementation. This approach is very hardware centric and difficult to deploy in a multi hardware platform. It is also impossible to use a pure hardware based solution in any NFV deployments due to limited available hardware resources and supported network features. So it is important to identify and schedule the hardware resources wisely across various network workloads.
This presentation will discuss about enabling hardware acceleration features in OVS-DPDK using a generic framework model so called DPDK Framework. Following major points on hardware acceleration are discussed in the session.
1) Various hardware acceleration enablement options in OVS-DPDK with its pros and cons.
2) Relevance of hardware acceleration in OVS-DPDK. When & How hardware acceleration will be beneficial in OVS-DPDK deployments. Will look at few different real world workload examples where OVS-DPDK uses partial/full hardware acceleration to improve the overall forwarding performance.
3) What is DPDK Framework? What are the major components in it? Also how it will abstract the hardware specifics from application such as OVS-DPDK.
4) Discussion on generic hardware acceleration framework integration model in OVS-DPDK with a brief code-walkthrough.


Friday November 17, 2017 1:45pm - 2:05pm PST

2:10pm PST

The birth of SmartNICs -- offloading dataplane traffic to...software
The next generation of network controllers will allow users the ability to take control of a set of processor cores that can inspect, drop, and forward network traffic before the standard server processors need to touch the traffic. Thus, data center operators can move their OVS workload currently running on the server onto the controller. This is valuable as all data-plane traffic is offloaded to the controller and can provide network isolation and security enforcement for bare-metal servers. The talk will include current SmartNIC deployment examples and performance data for software OVS running on the controller.


Friday November 17, 2017 2:10pm - 2:30pm PST

2:35pm PST

OvS Hardware Offload with TC Flower
The Open vSwitch kernel datapath may have flows offloaded to hardware using the TC Flower classifier and related actions. This is a powerful mechanism to both increase throughput and reduce CPU utilisation. This presentation will give an overview of the evolution of this offload mechanism: features available in OvS v2.8, those targeted at v2.9 and possible future directions.


Friday November 17, 2017 2:35pm - 2:55pm PST

3:00pm PST

Friday November 17, 2017 3:00pm - 3:15pm PST

3:15pm PST

OvS manipulation with Go at DigitalOcean
DigitalOcean runs Open vSwitch on every hypervisor in our fleet. For several years, we generated and applied flows by concatenating strings and shelling out to OvS control commands from Perl. However, as we have grown and developed more features for our customers, we have found several limitations to this approach.

This talk will discuss the current and future state of OvS orchestration at DigitalOcean, by examining the technologies that power our hypervisor flow manipulation daemon: hvflowd. Attendees will learn about the challenges we have faced along the way, and the processes and tooling we have developed to confidently make changes to our OvS flow pipelines.


Friday November 17, 2017 3:15pm - 3:35pm PST

3:40pm PST

OVN and Kelda
This talk reports experiences using OVN in a container environment on top of Amazon AWS.


Friday November 17, 2017 3:40pm - 4:00pm PST

4:05pm PST

FAUCET and Enterprise SDN
Google has been developing solutions for enterprise networking using
SDN, including contributing to the open-source FAUCET project. This talk
discusses how the FAUCET approach enables security, development
velocity, and other innovation.


Friday November 17, 2017 4:05pm - 4:40pm PST

4:45pm PST

Closing Remarks
Friday November 17, 2017 4:45pm - 5:00pm PST