1
Open vSwitch Project Ideas
2
==========================
4
This file lists a number of project ideas for Open vSwitch. The ideas
5
here overlap somewhat with those in the OPENFLOW-1.1+ file.
8
Programming Project Ideas
9
=========================
11
Each of these projects would ideally result in a patch or a short
12
series of them posted to ovs-dev.
14
Please read CONTRIBUTING and CodingStyle in the top of the source tree
15
before you begin work. The OPENFLOW-1.1+ file also has an
16
introduction to how OpenFlow is implemented in Open vSwitch. It is
17
also a good idea to look around the source tree for related code, and
18
back through the Git history for commits on related subjects, to allow
19
you to follow existing patterns and conventions.
24
Open vSwitch has OpenFlow protocol support for meters, but it does not
25
have an implementation in the kernel or userspace datapaths. An
26
implementation was proposed some time ago (I recommend looking for the
27
discussion in the ovs-dev mailing list archives), but for a few
28
different reasons it was not accepted. Some of those reasons apply
29
only to a kernel implementation of meters. At the time, a userspace
30
implementation wasn't as interesting, because the userspace switch
31
did not perform at a production speed, but with the advent of
32
multithreaded forwarding and, now, DPDK support, userspace-only meters
33
would be a great way to get started.
35
Improve SSL/TLS Security
36
------------------------
38
Open vSwitch allows some weak ciphers to be used for its secure
39
connections. Security audits often suggest that the project remove
40
those ciphers, but there's not a clean way to modify the acceptable
41
ciphers. At the very least, the cipher list should be audited, but it
42
would be nice to make it configurable.
44
Open vSwitch does not insist on perfect forward security via ephemeral
45
Diffie-Hellman key exchange when it establishes an SSL/TLS connection.
46
Given the wiretapping revelations over the last year, it seems wise to
47
turn this on. (This would probably amount to finding the right
48
OpenSSL function to call or just reducing the acceptable ciphers
51
These changes might have backward-compatibility implications; one
52
would have to test the behavior of the reduced cipher list OVS against
55
OpenFlow Group Bucket Stats
56
---------------------------
58
When OpenFlow group support was added, we forgot to support statistics
59
for individual buckets. xlate_group_bucket() in
60
ofproto/ofproto-dpif-xlate.c appears to be where we need to increment
61
the counters, in the case where ctx->xin->resubmit_stats is
62
nonnull. See the ovs-dev thread starting here:
63
http://openvswitch.org/pipermail/dev/2014-January/036107.html
65
Joe Stringer adds: If this involves resubmit_stats, then it would also
66
need a new xc_type. The xlate_group_bucket() code would add an entry
67
to ctx->xin->xcache if it is nonnull. This would also need to follow
68
the code in xlate_push_stats() and xlate_cache_clear() for the new
72
Bash Command Completion
73
-----------------------
75
ovs-vsctl and other programs would be easier to use if bash command
76
completion (with ``tab'', etc.) were supported. Alex Wang
77
<alexw@nicira.com> is leading a team for this project.
82
Auxiliary connections are a feature of OpenFlow 1.3 and later that
83
allow OpenFlow messages to be carried over datagram channels such as
84
UDP or DTLS. One place to start would be to implement a datagram
85
abstraction library for OVS analogous to the ``stream'' library
86
that already abstracts TCP, SSL, and other stream protocols.
88
Controller connection logging to pcap file
89
------------------------------------------
91
http://patchwork.openvswitch.org/patch/2249/ is an RFC patch that
92
allows the switch to record the traffic on OpenFlow controller
93
connections to a pcap file for later analysis. The patch lacks a good
94
way to enable and disable the feature. The task here would be to add
95
that and repost the patch.
97
Basic OpenFlow 1.4 support
98
--------------------------
100
Some basic support for OpenFlow 1.4 is missing and needs to be
101
implemented. These can be found by looking through lib/ofp-util.c for
102
mentions of OFP14_VERSION followed by a call to OVS_NOT_REACHED (which
105
OpenFlow 1.4: Flow monitoring
106
-----------------------------
108
OpenFlow 1.4 introduces OFPMP_FLOW_MONITOR for notifying a controller
109
of changes to selected flow tables. This feature is based on
110
NXST_FLOW_MONITOR that is already part of Open vSwitch, so to
111
implement this feature would be to extend that code to handle the
112
OpenFlow 1.4 wire protocol.
114
OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
115
ideally OVS would support that too.
117
OpenFlow 1.4 Role Status Message
118
--------------------------------
120
OpenFlow 1.4 section 7.4.4 ``Controller Role Status Message''
121
defines a new message sent by a switch to notify the controller that
122
its role (whether it is a master or a slave) has changed. OVS should
125
OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
126
ideally OVS would support that too.
128
OpenFlow 1.4 Vacancy Events
129
---------------------------
131
OpenFlow 1.4 section 7.4.5 ``Table Status Message'' defines a new
132
message sent by a switch to notify the controller that a flow table is
133
close to filling up (or that it is no longer close to filling up).
134
OVS should implement this.
136
OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
137
ideally OVS would support that too.
139
OpenFlow 1.4 Group and Meter Change Notification
140
------------------------------------------------
142
OpenFlow 1.4 adds a feature whereby a controller can ask the switch to
143
send it copies of messages that change groups and meters. (This is
144
only useful in the presence of multiple controllers.) OVS should
147
OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
148
ideally OVS would support that too.
151
Testing Project Ideas
152
=====================
154
Each of these projects would ideally result in confirmation that
155
features work or bug reports explaining how they do not. Please sent
156
bug reports to dev at openvswitch.org, with as many details as you have.
158
ONF Plugfest Results Analysis
159
-----------------------------
161
Ben Pfaff has a collection of files reporting Open vSwitch conformance
162
to OpenFlow 1.3 provided by one of the vendors at the ONF plugfest
163
last year. Some of the reported failures have been fixed, some of the
164
other failures probably result from differing interpretations of
165
OpenFlow 1.3, and others are probably genuine bugs in Open vSwitch.
166
Open vSwitch has also improved in the meantime. Ben can provide the
167
results, privately, to some person or team who wishes to check them
168
out and try to pick out the genuine bugs.
173
Build a ``fuzzer'' for the OpenFlow protocol (or use an existing
174
one, if there is one) and run it against the Open vSwitch
175
implementation. One could also build a fuzzer for the OSVDB protocol.
177
Ryu Certification Tests Analysis
178
--------------------------------
180
The Ryu controller comes with a suite of ``certification tests''
181
that check the correctness of a switch's implementation of various
182
OpenFlow 1.3 features. The INSTALL file in the OVS source tree has a
183
section that explains how to easily run these tests against an OVS
184
source tree. Run the tests and figure out whether any tests fail but
185
should pass. (Some tests fail and should fail because OVS does not
186
implement the particular feature; for example, OVS does not implement
187
PBB encapsulation, so related tests fail.)
189
OFTest Results Analysis
190
-----------------------
192
OFTest is a test suite for OpenFlow 1.0 compliance. The INSTALL file
193
in the OVS source tree has a section that explains how to easily run
194
these tests against an OVS source tree. Run the tests and figure out
195
whether any tests fail but should pass, and ideally why. OFTest is
196
not particularly well vetted--in the past, at least, some tests have
197
failed against OVS due to bugs in OFTest, not in OVS--so some care is
201
Documentation Project Ideas
202
===========================
204
Each of these projects would ideally result in creating some new
205
documentation for users. Some documentation might be suitable to
206
accompany Open vSwitch as part of its source tree most likely either
207
in plain text or ``nroff'' (manpage) format.
209
OpenFlow Basics Tutorial
210
------------------------
212
Open vSwitch has a tutorial that covers its advanced features, but it
213
does not have a basic tutorial. There are several tutorials on the
214
Internet already, so a new tutorial would have to distinguish itself
215
in some way. One way would be to use the Open vSwitch ``sandbox''
216
environment already used in the advanced tutorial. The sandbox does
217
not require any real network or even supervisor privilege on the
218
machine where it runs, and thus it is easy to use with hardly any
219
up-front setup, so it is a gentle way to get started.
221
FlowVisor via patch ports
222
-------------------------
224
FlowVisor is a proxy that sits between OpenFlow controllers and a
225
switch. It divides up switch resources, allowing each controller to
226
control a ``slice'' of the network. For example, it can break up a
227
network based on VLAN, allowing different controllers to handle
228
packets with different VLANs.
230
It seems that Open vSwitch has features that allow it to implement at
231
least simple forms of FlowVisor control without any need for
232
FlowVisor. Consider an Open vSwitch instance with three bridges.
233
Bridge br0 has physical ports eth0 and eth1. Bridge v9 has no
234
physical ports, but it has two ``patch ports'' that connect it to
235
br0. Bridge v11 has the same setup. Flows in br0 match packets
236
received on vlan 9, strip the vlan header, and direct them to the
237
appropriate patch port leading to v9. Additional flows in br0 match
238
packets received from v9, attach a VLAN 9 tag to them, and direct them
239
out eth0 or eth1 as appropriate. Other flows in br0 treat packets on
240
VLAN 11 similarly. Controllers attached to bridge v9 or v11 may thus
241
work as if they had full control of a network.
243
It seems to me that this is a good example of the power of OpenFlow
244
and Open vSwitch. The point of this project is to explain how to do
245
this, with detailed examples, in case someone finds it handy and to
246
open eyes toward the generality of Open vSwitch usefulness.
251
The Open vSwitch website has a few ``cookbook'' entries that
252
describe how to use Open vSwitch in a few scenarios. There are only a
253
few of these and all of them are dated. It would be a good idea to
254
come up with ideas for some more and write them. These could be added
255
to the Open vSwitch website or the source tree or somewhere else.
260
Record a demo of Open vSwitch functionality in use (or something else
261
relevant) and post it to youtube or another video site so that we can
262
link to it from openvswitch.org.
268
If you plan to contribute code for a feature, please let everyone know
269
on ovs-dev before you start work. This will help avoid duplicating
272
Please consider the following:
274
* Testing. Please test your code.
276
* Unit tests. Please consider writing some. The tests directory
277
has many examples that you can use as a starting point.
279
* ovs-ofctl. If you add a feature that is useful for some
280
ovs-ofctl command then you should add support for it there.
282
* Documentation. If you add a user-visible feature, then you
283
should document it in the appropriate manpage and mention it in
286
* Coding style (see the CodingStyle file at the top of the source
289
* The patch submission guidelines (see CONTRIBUTING). I
290
recommend using "git send-email", which automatically follows a
291
lot of those guidelines.
297
Please report problems to bugs@openvswitch.org.
added
removed
TODO
