Open vSwitch 2016 Fall Conference

Nic Viljoen will present, "Using eBPF to Accelerate OVS Datapath.” The presentation will focus on the advent of eBPF in the form of cls_bpf or XDP which allows increased performance through the use of a super fast path at the base of the kernel stack (cls_bpf) or even below the kernel stack (XDP). eBPF is being investigated currently as a way to improve core OVS functionality. However, this talk will look to extend OVS through the use of a flow cache based on eBPF maps that will focus on exact matching of previously identified flows. The talk will outline the architecture of the proposed eBPF based system and how the architectures would differ if using cls_bpf or XDP. Finally, we will outline an offload model which should be simple and transparent for this type of flow cache, which could be tied in to also include the datapath itself.

John Hurley will present, "Evolving Stateful Firewalling: OVS+iptables, OVS+Conntrack, and Conntrack Acceleration.” John will discuss the evolution of virtual switches in that security groups can now be supported directly on the switch rather than across attached Linux bridges, and may be managed by higher level tools such as OVN. The latest Open vSwitch release (2.5) handles this by interfacing to the Linux kernel connection tracking (Conntrack) module, improving the performance and granularity of security group implementations. This presentation describes Conntrack within Open vSwitch and investigates techniques for further improving performance. It concludes by exploring the performance and CPU utilization benefits achievable by offloading connection tracking operations to SmartNICs.