Oko: Extending Open vSwitch with Stateful Filters

Abstract : With the Software-Defined Networking paradigm, software switches emerged as the new edge of datacenter networks. The widely adopted Open vSwitch implements the OpenFlow forwarding model; its simple match-action abstraction eases network management, while providing enough flexibility to define complex forwarding pipelines. OpenFlow, however, cannot express the many packets processing algorithms required for traffic measurement, network security, or congestion diagnosis, as it lacks a persistent state and basic arithmetic and logic operations. This paper presents Oko, an extension of Open vSwitch that enables runtime integration of stateful filtering and monitoring functionalities based on Berkeley Packet Filter (BPF) programs into the OpenFlow pipeline. BPF programs attached to OpenFlow rules act as intelligent filters over packets, while leaving the packets unmodified. This approach enables the transparent extension of Open vSwitch’s flow caching architecture, retaining its high-performance benefits. Furthermore, the use of BPF allows for safe runtime extension and prevention of switch failures due to faulty programs. We compare our implementation based on Open vSwitchDPDK to existing approaches with comparable fault isolation properties and measure a near 2x improvement of performance.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-01939857
Contributor : Jérôme François <>
Submitted on : Thursday, November 29, 2018 - 6:50:29 PM
Last modification on : Thursday, February 7, 2019 - 4:56:11 PM

File

oko.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01939857, version 1

Collections

Citation

Paul Chaignon, Kahina Lazri, Jerome Francois, Thibault Delmas, Olivier Festor. Oko: Extending Open vSwitch with Stateful Filters. SOSR 2018 - ACM Symposium on SDN Research, Mar 2018, Los Angeles, United States. pp.1-13. ⟨hal-01939857⟩

Share

Metrics

Record views

113

Files downloads

287